[Lunar-commits] <moonbase-other> cyrus-sasl: version bumped and module rewrite

Stefan Wold ratler at lunar-linux.org
Sun Nov 3 11:54:39 CET 2013


commit 478e6a3f443d36e4b6bb81f0d6f36f228df462af
Author: Stefan Wold <ratler at lunar-linux.org>
Date: Sun, 27 Oct 2013 05:12:53 -0700
URL: https://github.com/lunar-linux/moonbase-other/commit/478e6a3f443d36e4b6bb81f0d6f36f228df462af

cyrus-sasl: version bumped and module rewrite

- Should work fine with kerberos agai
- Security patches added
- Other fixes
- systemd support added
---
  crypto/cyrus-sasl/BUILD                       | +76/-38   
  crypto/cyrus-sasl/DEPENDS                     | +7/-11    
  crypto/cyrus-sasl/DETAILS                     | +45/-12   
  crypto/cyrus-sasl/POST_INSTALL                | +5/-0     
  crypto/cyrus-sasl/PRE_BUILD                   | +21/-0    
  crypto/cyrus-sasl/config.d/saslauthd          | +1/-0     
  crypto/cyrus-sasl/init.d/saslauthd            | +2/-2     
  crypto/cyrus-sasl/systemd.d/saslauthd.service | +11/-0    
  crypto/cyrus-sasl/tmpfiles.d/saslauthd.conf   | +1/-0     
  9 files changed, 169 insertions(+), 63 deletions(-)

--- a/crypto/cyrus-sasl/BUILD
+++ b/crypto/cyrus-sasl/BUILD
@@ -1,38 +1,76 @@
-(
-
-  patch_it $SOURCE_CACHE/$SOURCE3 1 &&
-  patch_it $SOURCE_CACHE/$SOURCE4 1 &&
-
-  # the patch REQUIRES -lcrypt but we might want to disable PAM:
-  if echo $OPTS | grep -q with-pam ; then
-    sedit "s/@LIBS@/@LIBS@ -lpam -lcrypt/" */Makefile.in
-  else
-    sedit "s/@LIBS@/@LIBS@ -lcrypt/" */Makefile.in
-  fi  &&
-
-  # default enabled modules in configure : checkapop, cram, digest, otp, gssapi, plain, anon
-  OPTS=$OPTS" --enable-login                       \
-              --disable-otp                        \
-              --disable-anon                       \
-              --with-pwcheck=/var/lib/sasl         \
-              --with-dbpath=/var/lib/sasl/sasl.db  \
-              --with-config=/etc/sasl2             \
-              --with-plugindir=/usr/lib/sasl2      \
-              --enable-sample                      \
-              --with-gnu-ld                        \
-              --with-saslauthd=/var/lib/sasl "    &&
-
-  default_config           &&
-  mkdir -p /var/lib/sasl/  &&
-  default_make             &&
-
-  if [ ! -d /etc/sasl2 ]; then
-          mkdir -p /etc/sasl2
-  fi  &&
-
-  if [ ! -e /etc/sasl2/smtpd.conf ] ; then
-    install $SOURCE_CACHE/$SOURCE2 /etc/sasl2/smtpd.conf.gz  &&
-    gunzip /etc/sasl2/smtpd.conf.gz
-  fi
-
-) > $C_FIFO 2>&1
+export CFLAGS+=" -fPIC"
+  
+OPTS+=" --disable-static \
+        --disable-krb4 \
+        --disable-srp \
+        --disable-srp-setpass \
+        --disable-cmulocal \
+        --enable-login \
+        --enable-ntlm \
+        --enable-otp \
+        --enable-auth-sasldb \
+        --without-sqlite \
+        --with-devrandom=/dev/urandom \
+        --with-dbpath=/var/lib/sasl/sasl.db  \
+        --with-pwcheck=/var/run/saslauthd \
+        --with-saslauthd=/var/run/saslauthd \
+        --with-configdir=/etc/sasl2 \
+        --with-plugindir=/usr/lib/sasl2"
+
+if module_installed Linux-PAM; then
+  OPTS+=" --with-pam"
+else
+  OPTS+=" --without-pam"
+fi &&
+
+# Enable sql if any of the following databases is a dependency
+if in_depends $MODULE sqlite || in_depends $MODULE postgresql || in_depends $MODULE %MYSQL; then
+  OPTS+=" --enable-sql"
+else
+  OPTS+=" --disable-sql"
+fi &&
+
+# gdbm first if both gdbm and db was enabled
+if in_depends $MODULE gdbm; then
+  OPTS+=" --with-dblib=gdbm"
+elif in_depends $MODULE db; then
+  OPTS+=" --with-dblib=berkeley"
+else
+  OPTS+=" --with-dblib=none"
+fi &&
+
+# Autoconf stuff
+rm -f config/config.guess config/config.sub &&
+rm -f config/ltconfig config/ltmain.sh config/libtool.m4 &&
+rm -fr autom4te.cache &&
+libtoolize -c &&
+aclocal -I config -I cmulocal &&
+automake -a -c &&
+autoheader &&
+autoconf &&
+
+pushd saslauthd &&
+rm -f config/config.guess config/config.sub &&
+rm -f config/ltconfig config/ltmain.sh config/libtool.m4 &&
+rm -fr autom4te.cache &&
+libtoolize -c &&
+aclocal -I config -I ../cmulocal -I ../config &&
+automake -a -c &&
+autoheader &&
+autoconf &&
+popd &&
+
+default_build &&
+
+if [ ! -d /var/lib/sasl ]; then
+  mkdir -p /var/lib/sasl
+fi &&
+
+if [ ! -d /etc/sasl2 ]; then
+  mkdir -p /etc/sasl2
+fi &&
+
+if [ ! -e /etc/sasl2/smtpd.conf ] ; then
+  echo "pwcheck_method: sasldb" > /etc/sasl2/smtpd.conf
+fi
+
--- a/crypto/cyrus-sasl/DEPENDS
+++ b/crypto/cyrus-sasl/DEPENDS
@@ -1,11 +1,7 @@
-depends openssl
-
-optional_depends Linux-PAM  "--with-pam" "--without-pam"    "for PAM authentication"
-optional_depends db         ""           ""                 "for Brekley DB support"
-optional_depends gdbm       ""           "--without-gdbm"   "for gdbm support"
-optional_depends mysql      "--enable-sql --with-mysql"  "--without-mysql" "for mysql support"
-optional_depends postgresql "--enable-sql --with-pgsql"  "--without-pgsql" "for postgreSQL support"
-
-# The current version of heimdal has dropped gssapi/gssapi_ext.h which is needed by this version of
-# cyrus-sasl. So for now say no to heimdal.
-optional_depends heimdal    "--enable-gssapi=/usr/include/gssapi --disable-krb4" "--disable-gssapi" "for GSSAPI support"
+optional_depends openssl    "--with-openssl" "--without-openssl --without-des" "for SSL support"
+optional_depends gdbm "--with-gdbm" "--without-gdbm" "for gdbm support"
+optional_depends db "" ""  "for Berkley DB support"
+optional_depends %MYSQL "--with-mysql" "--without-mysql" "for mysql/mariadb support"
+optional_depends postgresql "--with-pgsql" "--without-pgsql" "for postgreSQL support"
+optional_depends sqlite "--with-sqlite3" "--without-sqlite3" "for SQLite3 support"
+optional_depends heimdal "--enable-gssapi --with-gss_impl=heimdal --enable-gss_mutexes" "--disable-gssapi" "for GSSAPI support"
--- a/crypto/cyrus-sasl/DETAILS
+++ b/crypto/cyrus-sasl/DETAILS
@@ -1,23 +1,56 @@
           MODULE=cyrus-sasl
-         VERSION=2.1.25
+         VERSION=2.1.26
           SOURCE=$MODULE-$VERSION.tar.gz
-         SOURCE2=cyrus-sasl-smtpd.conf.gz
-         SOURCE3=cyrus-sasl-encrypt_pwd.patch.bz2
-         SOURCE4=cyrus-sasl-2.1.25-fixes-1.patch.bz2
-      SOURCE_URL=ftp://ftp.andrew.cmu.edu/pub/cyrus-mail
-      SOURCE_VFY=sha1:b6c34426012d9b5d448d5646cbecd818a5eeacbf
+         SOURCE2=$MODULE-2.1.25-sasldb_al.patch
+         SOURCE3=$MODULE-2.1.25-saslauthd_libtool.patch
+         SOURCE4=$MODULE-2.1.25-avoid_pic_overwrite.patch
+         SOURCE5=$MODULE-2.1.25-autotools_fixes.patch
+         SOURCE6=$MODULE-2.1.25-as_needed.patch
+         SOURCE7=$MODULE-2.1.25-missing_header.patch
+         SOURCE8=$MODULE-2.1.25-fix_heimdal.patch
+         SOURCE9=$MODULE-2.1.25-auxprop.patch
+        SOURCE10=$MODULE-2.1.23-gss_c_nt_hostbased_service.patch
+        SOURCE11=$MODULE-2.1.25-service_keytabs.patch
+        SOURCE12=$MODULE-2.1.26-missing-size_t.patch
+        SOURCE13=$MODULE-2.1.26-CVE-2013-4122.patch
+        SOURCE14=$MODULE-2.1.26-send-imap-logout.patch
+        SOURCE15=$MODULE-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch
+      SOURCE_URL=ftp://ftp.cyrusimap.org/cyrus-sasl
      SOURCE2_URL=$PATCH_URL
      SOURCE3_URL=$PATCH_URL
      SOURCE4_URL=$PATCH_URL
-     SOURCE2_VFY=sha1:660dd84785ea6e02ef8a5aa3d02ac5c752867555
-     SOURCE3_VFY=sha1:732d0f36597703802118e3d1144aa93b1ecc1340
-     SOURCE4_VFY=sha1:b6d20448798e253125ba8b0e93e55ba27564f278
-        WEB_SITE=http://asg.web.cmu.edu/sasl
+     SOURCE5_URL=$PATCH_URL
+     SOURCE6_URL=$PATCH_URL
+     SOURCE7_URL=$PATCH_URL
+     SOURCE8_URL=$PATCH_URL
+     SOURCE9_URL=$PATCH_URL
+    SOURCE10_URL=$PATCH_URL
+    SOURCE11_URL=$PATCH_URL
+    SOURCE12_URL=$PATCH_URL
+    SOURCE13_URL=$PATCH_URL
+    SOURCE14_URL=$PATCH_URL
+    SOURCE15_URL=$PATCH_URL
+      SOURCE_VFY=sha1:d6669fb91434192529bd13ee95737a8a5040241c
+     SOURCE2_VFY=sha1:b91ef007fa622870e13291409da55ff6ef0187b0
+     SOURCE3_VFY=sha1:9ea91b135d50ab752bf857576dab263dc9115f1d
+     SOURCE4_VFY=sha1:40189113b15a04ace16805b413b73d0a097556ea
+     SOURCE5_VFY=sha1:f38fd73e69f0a4814ef284dbdca879ea5c1d468e
+     SOURCE6_VFY=sha1:53d74861066548994c226c2bab18b5eb458bed7b
+     SOURCE7_VFY=sha1:87140ffd2df25bcaf44709be40bcccfc1abcd143
+     SOURCE8_VFY=sha1:11c1553122ec6c146d0712ccd4c93b450c56fb4e
+     SOURCE9_VFY=sha1:902a219a3f6f55601b9437e772534cafd53266b6
+    SOURCE10_VFY=sha1:9077cad924c696e267563576326186725c13cc20
+    SOURCE11_VFY=sha1:a1dbad20f28c54f853af9c4af7e3523c9ceba92c
+    SOURCE12_VFY=sha1:133b9170b85a273ac3d1532239697c3e16f63ad2
+    SOURCE13_VFY=sha1:4a4ae789b93a822a78ec282264ac99e997256e2b
+    SOURCE14_VFY=sha1:f6c860d83965e6ad79a5617161fa8beb1b1117f6
+    SOURCE15_VFY=sha1:156db810db237210d5c6d25e5824a088b4bc72cb
+         WEB_SITE=http://cyrusimap.web.cmu.edu/
          ENTERED=20020826
-         UPDATED=20111116
+         UPDATED=20131027
         SHORT="Simple Authentication and Security Layer"
-
 PSAFE=no
+
 cat << EOF
 SASL is the Simple Authentication and Security Layer
 This is the Cyrus SASL API implentation. It can be used on the client
--- /dev/null
+++ b/crypto/cyrus-sasl/POST_INSTALL
@@ -0,0 +1,5 @@
+if (in_depends $MODULE gdbm || in_depends $MODULE db) && [ ! -f "/var/lib/sasl/sasl.db" ]; then
+  message "Generating an empty sasl2 db..."
+  echo "p" | saslpasswd2 -f /var/lib/sasl/sasl.db -p login &&
+  chmod 0640 /var/lib/sasl/sasl.db
+fi
--- /dev/null
+++ b/crypto/cyrus-sasl/PRE_BUILD
@@ -0,0 +1,21 @@
+default_pre_build &&
+
+patch_it $SOURCE2 1 &&
+patch_it $SOURCE3 1 &&
+patch_it $SOURCE4 1 &&
+patch_it $SOURCE5 1 &&
+patch_it $SOURCE6 1 &&
+patch_it $SOURCE7 0 &&
+patch_it $SOURCE8 0 &&
+patch_it $SOURCE9 1 &&
+patch_it $SOURCE10 0 &&
+patch_it $SOURCE11 0 &&
+patch_it $SOURCE12 0 &&
+patch_it $SOURCE13 1 &&
+patch_it $SOURCE14 1 &&
+patch_it $SOURCE15 1 &&
+
+# Remove solaris gcc switch -R or gcc >=4.6 bails out
+sedit '/LIB_SQLITE.*-R/s; -R[^"]*;;g' configure.in &&
+
+sedit 's;AM_CONFIG_HEADER;AC_CONFIG_HEADERS;g' configure.in
--- /dev/null
+++ b/crypto/cyrus-sasl/config.d/saslauthd
@@ -0,0 +1 @@
+SASLAUTHD_OPTIONS="-a pam"
--- a/crypto/cyrus-sasl/init.d/saslauthd
+++ b/crypto/cyrus-sasl/init.d/saslauthd
@@ -8,12 +8,12 @@ if [ ! -d /var/state/saslauthd ]; then
     mkdir -p /var/state/saslauthd || exit 0
 fi
 
-[ -f /etc/sasl2/config ] && . /etc/sasl2/config
+[ -f /etc/config.d/saslauthd ] && . /etc/config.d/saslauthd
 
 start()
 {
     echo -n "Starting SASL Auth Daemon: "
-    saslauthd $SASL_OPTIONS &&
+    saslauthd $SASLAUTHD_OPTIONS &&
     echo -e $RESULT_OK ||
     (echo -e $RESULT_FAIL; return 1)
 }
--- /dev/null
+++ b/crypto/cyrus-sasl/systemd.d/saslauthd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Cyrus SASL authentication daemon
+
+[Service]
+Type=forking
+EnvironmentFile=/etc/config.d/saslauthd
+ExecStart=/usr/sbin/saslauthd $SASLAUTHD_OPTIONS
+PIDFile=/run/saslauthd/saslauthd.pid
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+++ b/crypto/cyrus-sasl/tmpfiles.d/saslauthd.conf
@@ -0,0 +1 @@
+d /run/saslauthd 0755 root root - -




More information about the Lunar-commits mailing list