[Lunar-commits] <moonbase-other> cyrus-sasl: version bumped and module rewrite
Stefan Wold
ratler at lunar-linux.org
Sun Nov 3 11:54:39 CET 2013
commit 478e6a3f443d36e4b6bb81f0d6f36f228df462af
Author: Stefan Wold <ratler at lunar-linux.org>
Date: Sun, 27 Oct 2013 05:12:53 -0700
URL: https://github.com/lunar-linux/moonbase-other/commit/478e6a3f443d36e4b6bb81f0d6f36f228df462af
cyrus-sasl: version bumped and module rewrite
- Should work fine with kerberos agai
- Security patches added
- Other fixes
- systemd support added
---
crypto/cyrus-sasl/BUILD | +76/-38
crypto/cyrus-sasl/DEPENDS | +7/-11
crypto/cyrus-sasl/DETAILS | +45/-12
crypto/cyrus-sasl/POST_INSTALL | +5/-0
crypto/cyrus-sasl/PRE_BUILD | +21/-0
crypto/cyrus-sasl/config.d/saslauthd | +1/-0
crypto/cyrus-sasl/init.d/saslauthd | +2/-2
crypto/cyrus-sasl/systemd.d/saslauthd.service | +11/-0
crypto/cyrus-sasl/tmpfiles.d/saslauthd.conf | +1/-0
9 files changed, 169 insertions(+), 63 deletions(-)
--- a/crypto/cyrus-sasl/BUILD
+++ b/crypto/cyrus-sasl/BUILD
@@ -1,38 +1,76 @@
-(
-
- patch_it $SOURCE_CACHE/$SOURCE3 1 &&
- patch_it $SOURCE_CACHE/$SOURCE4 1 &&
-
- # the patch REQUIRES -lcrypt but we might want to disable PAM:
- if echo $OPTS | grep -q with-pam ; then
- sedit "s/@LIBS@/@LIBS@ -lpam -lcrypt/" */Makefile.in
- else
- sedit "s/@LIBS@/@LIBS@ -lcrypt/" */Makefile.in
- fi &&
-
- # default enabled modules in configure : checkapop, cram, digest, otp, gssapi, plain, anon
- OPTS=$OPTS" --enable-login \
- --disable-otp \
- --disable-anon \
- --with-pwcheck=/var/lib/sasl \
- --with-dbpath=/var/lib/sasl/sasl.db \
- --with-config=/etc/sasl2 \
- --with-plugindir=/usr/lib/sasl2 \
- --enable-sample \
- --with-gnu-ld \
- --with-saslauthd=/var/lib/sasl " &&
-
- default_config &&
- mkdir -p /var/lib/sasl/ &&
- default_make &&
-
- if [ ! -d /etc/sasl2 ]; then
- mkdir -p /etc/sasl2
- fi &&
-
- if [ ! -e /etc/sasl2/smtpd.conf ] ; then
- install $SOURCE_CACHE/$SOURCE2 /etc/sasl2/smtpd.conf.gz &&
- gunzip /etc/sasl2/smtpd.conf.gz
- fi
-
-) > $C_FIFO 2>&1
+export CFLAGS+=" -fPIC"
+
+OPTS+=" --disable-static \
+ --disable-krb4 \
+ --disable-srp \
+ --disable-srp-setpass \
+ --disable-cmulocal \
+ --enable-login \
+ --enable-ntlm \
+ --enable-otp \
+ --enable-auth-sasldb \
+ --without-sqlite \
+ --with-devrandom=/dev/urandom \
+ --with-dbpath=/var/lib/sasl/sasl.db \
+ --with-pwcheck=/var/run/saslauthd \
+ --with-saslauthd=/var/run/saslauthd \
+ --with-configdir=/etc/sasl2 \
+ --with-plugindir=/usr/lib/sasl2"
+
+if module_installed Linux-PAM; then
+ OPTS+=" --with-pam"
+else
+ OPTS+=" --without-pam"
+fi &&
+
+# Enable sql if any of the following databases is a dependency
+if in_depends $MODULE sqlite || in_depends $MODULE postgresql || in_depends $MODULE %MYSQL; then
+ OPTS+=" --enable-sql"
+else
+ OPTS+=" --disable-sql"
+fi &&
+
+# gdbm first if both gdbm and db was enabled
+if in_depends $MODULE gdbm; then
+ OPTS+=" --with-dblib=gdbm"
+elif in_depends $MODULE db; then
+ OPTS+=" --with-dblib=berkeley"
+else
+ OPTS+=" --with-dblib=none"
+fi &&
+
+# Autoconf stuff
+rm -f config/config.guess config/config.sub &&
+rm -f config/ltconfig config/ltmain.sh config/libtool.m4 &&
+rm -fr autom4te.cache &&
+libtoolize -c &&
+aclocal -I config -I cmulocal &&
+automake -a -c &&
+autoheader &&
+autoconf &&
+
+pushd saslauthd &&
+rm -f config/config.guess config/config.sub &&
+rm -f config/ltconfig config/ltmain.sh config/libtool.m4 &&
+rm -fr autom4te.cache &&
+libtoolize -c &&
+aclocal -I config -I ../cmulocal -I ../config &&
+automake -a -c &&
+autoheader &&
+autoconf &&
+popd &&
+
+default_build &&
+
+if [ ! -d /var/lib/sasl ]; then
+ mkdir -p /var/lib/sasl
+fi &&
+
+if [ ! -d /etc/sasl2 ]; then
+ mkdir -p /etc/sasl2
+fi &&
+
+if [ ! -e /etc/sasl2/smtpd.conf ] ; then
+ echo "pwcheck_method: sasldb" > /etc/sasl2/smtpd.conf
+fi
+
--- a/crypto/cyrus-sasl/DEPENDS
+++ b/crypto/cyrus-sasl/DEPENDS
@@ -1,11 +1,7 @@
-depends openssl
-
-optional_depends Linux-PAM "--with-pam" "--without-pam" "for PAM authentication"
-optional_depends db "" "" "for Brekley DB support"
-optional_depends gdbm "" "--without-gdbm" "for gdbm support"
-optional_depends mysql "--enable-sql --with-mysql" "--without-mysql" "for mysql support"
-optional_depends postgresql "--enable-sql --with-pgsql" "--without-pgsql" "for postgreSQL support"
-
-# The current version of heimdal has dropped gssapi/gssapi_ext.h which is needed by this version of
-# cyrus-sasl. So for now say no to heimdal.
-optional_depends heimdal "--enable-gssapi=/usr/include/gssapi --disable-krb4" "--disable-gssapi" "for GSSAPI support"
+optional_depends openssl "--with-openssl" "--without-openssl --without-des" "for SSL support"
+optional_depends gdbm "--with-gdbm" "--without-gdbm" "for gdbm support"
+optional_depends db "" "" "for Berkley DB support"
+optional_depends %MYSQL "--with-mysql" "--without-mysql" "for mysql/mariadb support"
+optional_depends postgresql "--with-pgsql" "--without-pgsql" "for postgreSQL support"
+optional_depends sqlite "--with-sqlite3" "--without-sqlite3" "for SQLite3 support"
+optional_depends heimdal "--enable-gssapi --with-gss_impl=heimdal --enable-gss_mutexes" "--disable-gssapi" "for GSSAPI support"
--- a/crypto/cyrus-sasl/DETAILS
+++ b/crypto/cyrus-sasl/DETAILS
@@ -1,23 +1,56 @@
MODULE=cyrus-sasl
- VERSION=2.1.25
+ VERSION=2.1.26
SOURCE=$MODULE-$VERSION.tar.gz
- SOURCE2=cyrus-sasl-smtpd.conf.gz
- SOURCE3=cyrus-sasl-encrypt_pwd.patch.bz2
- SOURCE4=cyrus-sasl-2.1.25-fixes-1.patch.bz2
- SOURCE_URL=ftp://ftp.andrew.cmu.edu/pub/cyrus-mail
- SOURCE_VFY=sha1:b6c34426012d9b5d448d5646cbecd818a5eeacbf
+ SOURCE2=$MODULE-2.1.25-sasldb_al.patch
+ SOURCE3=$MODULE-2.1.25-saslauthd_libtool.patch
+ SOURCE4=$MODULE-2.1.25-avoid_pic_overwrite.patch
+ SOURCE5=$MODULE-2.1.25-autotools_fixes.patch
+ SOURCE6=$MODULE-2.1.25-as_needed.patch
+ SOURCE7=$MODULE-2.1.25-missing_header.patch
+ SOURCE8=$MODULE-2.1.25-fix_heimdal.patch
+ SOURCE9=$MODULE-2.1.25-auxprop.patch
+ SOURCE10=$MODULE-2.1.23-gss_c_nt_hostbased_service.patch
+ SOURCE11=$MODULE-2.1.25-service_keytabs.patch
+ SOURCE12=$MODULE-2.1.26-missing-size_t.patch
+ SOURCE13=$MODULE-2.1.26-CVE-2013-4122.patch
+ SOURCE14=$MODULE-2.1.26-send-imap-logout.patch
+ SOURCE15=$MODULE-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch
+ SOURCE_URL=ftp://ftp.cyrusimap.org/cyrus-sasl
SOURCE2_URL=$PATCH_URL
SOURCE3_URL=$PATCH_URL
SOURCE4_URL=$PATCH_URL
- SOURCE2_VFY=sha1:660dd84785ea6e02ef8a5aa3d02ac5c752867555
- SOURCE3_VFY=sha1:732d0f36597703802118e3d1144aa93b1ecc1340
- SOURCE4_VFY=sha1:b6d20448798e253125ba8b0e93e55ba27564f278
- WEB_SITE=http://asg.web.cmu.edu/sasl
+ SOURCE5_URL=$PATCH_URL
+ SOURCE6_URL=$PATCH_URL
+ SOURCE7_URL=$PATCH_URL
+ SOURCE8_URL=$PATCH_URL
+ SOURCE9_URL=$PATCH_URL
+ SOURCE10_URL=$PATCH_URL
+ SOURCE11_URL=$PATCH_URL
+ SOURCE12_URL=$PATCH_URL
+ SOURCE13_URL=$PATCH_URL
+ SOURCE14_URL=$PATCH_URL
+ SOURCE15_URL=$PATCH_URL
+ SOURCE_VFY=sha1:d6669fb91434192529bd13ee95737a8a5040241c
+ SOURCE2_VFY=sha1:b91ef007fa622870e13291409da55ff6ef0187b0
+ SOURCE3_VFY=sha1:9ea91b135d50ab752bf857576dab263dc9115f1d
+ SOURCE4_VFY=sha1:40189113b15a04ace16805b413b73d0a097556ea
+ SOURCE5_VFY=sha1:f38fd73e69f0a4814ef284dbdca879ea5c1d468e
+ SOURCE6_VFY=sha1:53d74861066548994c226c2bab18b5eb458bed7b
+ SOURCE7_VFY=sha1:87140ffd2df25bcaf44709be40bcccfc1abcd143
+ SOURCE8_VFY=sha1:11c1553122ec6c146d0712ccd4c93b450c56fb4e
+ SOURCE9_VFY=sha1:902a219a3f6f55601b9437e772534cafd53266b6
+ SOURCE10_VFY=sha1:9077cad924c696e267563576326186725c13cc20
+ SOURCE11_VFY=sha1:a1dbad20f28c54f853af9c4af7e3523c9ceba92c
+ SOURCE12_VFY=sha1:133b9170b85a273ac3d1532239697c3e16f63ad2
+ SOURCE13_VFY=sha1:4a4ae789b93a822a78ec282264ac99e997256e2b
+ SOURCE14_VFY=sha1:f6c860d83965e6ad79a5617161fa8beb1b1117f6
+ SOURCE15_VFY=sha1:156db810db237210d5c6d25e5824a088b4bc72cb
+ WEB_SITE=http://cyrusimap.web.cmu.edu/
ENTERED=20020826
- UPDATED=20111116
+ UPDATED=20131027
SHORT="Simple Authentication and Security Layer"
-
PSAFE=no
+
cat << EOF
SASL is the Simple Authentication and Security Layer
This is the Cyrus SASL API implentation. It can be used on the client
--- /dev/null
+++ b/crypto/cyrus-sasl/POST_INSTALL
@@ -0,0 +1,5 @@
+if (in_depends $MODULE gdbm || in_depends $MODULE db) && [ ! -f "/var/lib/sasl/sasl.db" ]; then
+ message "Generating an empty sasl2 db..."
+ echo "p" | saslpasswd2 -f /var/lib/sasl/sasl.db -p login &&
+ chmod 0640 /var/lib/sasl/sasl.db
+fi
--- /dev/null
+++ b/crypto/cyrus-sasl/PRE_BUILD
@@ -0,0 +1,21 @@
+default_pre_build &&
+
+patch_it $SOURCE2 1 &&
+patch_it $SOURCE3 1 &&
+patch_it $SOURCE4 1 &&
+patch_it $SOURCE5 1 &&
+patch_it $SOURCE6 1 &&
+patch_it $SOURCE7 0 &&
+patch_it $SOURCE8 0 &&
+patch_it $SOURCE9 1 &&
+patch_it $SOURCE10 0 &&
+patch_it $SOURCE11 0 &&
+patch_it $SOURCE12 0 &&
+patch_it $SOURCE13 1 &&
+patch_it $SOURCE14 1 &&
+patch_it $SOURCE15 1 &&
+
+# Remove solaris gcc switch -R or gcc >=4.6 bails out
+sedit '/LIB_SQLITE.*-R/s; -R[^"]*;;g' configure.in &&
+
+sedit 's;AM_CONFIG_HEADER;AC_CONFIG_HEADERS;g' configure.in
--- /dev/null
+++ b/crypto/cyrus-sasl/config.d/saslauthd
@@ -0,0 +1 @@
+SASLAUTHD_OPTIONS="-a pam"
--- a/crypto/cyrus-sasl/init.d/saslauthd
+++ b/crypto/cyrus-sasl/init.d/saslauthd
@@ -8,12 +8,12 @@ if [ ! -d /var/state/saslauthd ]; then
mkdir -p /var/state/saslauthd || exit 0
fi
-[ -f /etc/sasl2/config ] && . /etc/sasl2/config
+[ -f /etc/config.d/saslauthd ] && . /etc/config.d/saslauthd
start()
{
echo -n "Starting SASL Auth Daemon: "
- saslauthd $SASL_OPTIONS &&
+ saslauthd $SASLAUTHD_OPTIONS &&
echo -e $RESULT_OK ||
(echo -e $RESULT_FAIL; return 1)
}
--- /dev/null
+++ b/crypto/cyrus-sasl/systemd.d/saslauthd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Cyrus SASL authentication daemon
+
+[Service]
+Type=forking
+EnvironmentFile=/etc/config.d/saslauthd
+ExecStart=/usr/sbin/saslauthd $SASLAUTHD_OPTIONS
+PIDFile=/run/saslauthd/saslauthd.pid
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+++ b/crypto/cyrus-sasl/tmpfiles.d/saslauthd.conf
@@ -0,0 +1 @@
+d /run/saslauthd 0755 root root - -
More information about the Lunar-commits
mailing list