diff options
| author |   Eray Aslan <eras@gentoo.org> | 2014-05-15 05:45:32 +0000 |
|---|---|---|
| committer | Eray Aslan <eras@gentoo.org> | 2014-05-15 05:45:32 +0000 |
| commit | 3cdfef6fa681959d63163ab3b73f3dd58e4b14da (patch) | |
| tree | cd04a1a8f309713a941c2cd0feab92126292302e /dev-libs/cyrus-sasl | |
| parent | Version bump. (diff) | |
| download | gentoo-2-3cdfef6fa681959d63163ab3b73f3dd58e4b14da.tar.gz gentoo-2-3cdfef6fa681959d63163ab3b73f3dd58e4b14da.tar.bz2 gentoo-2-3cdfef6fa681959d63163ab3b73f3dd58e4b14da.zip | |
Fix authentication loop - bug #510320
(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0x77F1F175586A3B1F)
Diffstat (limited to 'dev-libs/cyrus-sasl')
| -rw-r--r-- | dev-libs/cyrus-sasl/ChangeLog | 8 | ||||
| -rw-r--r-- | dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r5.ebuild | 227 | ||||
| -rw-r--r-- | dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch | 90 |
3 files changed, 324 insertions, 1 deletions
diff --git a/dev-libs/cyrus-sasl/ChangeLog b/dev-libs/cyrus-sasl/ChangeLog index 91281a93490f..c9b24ec5bac9 100644 --- a/dev-libs/cyrus-sasl/ChangeLog +++ b/dev-libs/cyrus-sasl/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for dev-libs/cyrus-sasl # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/ChangeLog,v 1.297 2014/02/24 05:29:54 patrick Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/ChangeLog,v 1.298 2014/05/15 05:45:32 eras Exp $ + +*cyrus-sasl-2.1.26-r5 (15 May 2014) + + 15 May 2014; Eray Aslan <eras@gentoo.org> +cyrus-sasl-2.1.26-r5.ebuild, + +files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch: + Fix authentication loop - bug #510320 *cyrus-sasl-2.1.26-r4 (24 Feb 2014) diff --git a/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r5.ebuild b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r5.ebuild new file mode 100644 index 000000000000..a0a5393a1b5d --- /dev/null +++ b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r5.ebuild @@ -0,0 +1,227 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r5.ebuild,v 1.1 2014/05/15 05:45:32 eras Exp $ + +EAPI=5 + +inherit eutils flag-o-matic multilib autotools pam java-pkg-opt-2 db-use systemd + +SASLAUTHD_CONF_VER="2.1.26" + +DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)." +HOMEPAGE="http://cyrusimap.web.cmu.edu/" +SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz" + +LICENSE="BSD-with-attribution" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" +IUSE="authdaemond berkdb gdbm kerberos ldapdb openldap mysql pam postgres sample sqlite +srp ssl static-libs urandom" + +DEPEND="net-mail/mailbase + authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) ) + berkdb? ( >=sys-libs/db-3.2 ) + gdbm? ( >=sys-libs/gdbm-1.8.0 ) + kerberos? ( virtual/krb5 ) + openldap? ( net-nds/openldap ) + mysql? ( virtual/mysql ) + pam? ( virtual/pam ) + postgres? ( dev-db/postgresql-base ) + sqlite? ( dev-db/sqlite:3 ) + ssl? ( dev-libs/openssl ) + java? ( >=virtual/jdk-1.4 )" +RDEPEND="${DEPEND}" + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_prepare() { + epatch "${FILESDIR}"/${PN}-2.1.25-sasldb_al.patch + epatch "${FILESDIR}"/${PN}-2.1.25-saslauthd_libtool.patch + epatch "${FILESDIR}"/${PN}-2.1.25-avoid_pic_overwrite.patch + epatch "${FILESDIR}"/${PN}-2.1.25-autotools_fixes.patch + epatch "${FILESDIR}"/${PN}-2.1.25-as_needed.patch + epatch "${FILESDIR}"/${PN}-2.1.25-missing_header.patch + epatch "${FILESDIR}"/${PN}-2.1.25-fix_heimdal.patch + epatch "${FILESDIR}"/${PN}-2.1.25-auxprop.patch + epatch "${FILESDIR}"/${PN}-2.1.23-gss_c_nt_hostbased_service.patch + epatch "${FILESDIR}"/${PN}-2.1.25-service_keytabs.patch + epatch "${FILESDIR}"/${PN}-2.1.26-missing-size_t.patch + epatch "${FILESDIR}"/${PN}-2.1.26-CVE-2013-4122.patch + epatch "${FILESDIR}"/${PN}-2.1.26-send-imap-logout.patch + epatch "${FILESDIR}"/${PN}-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch + epatch "${FILESDIR}"/${PN}-2.1.26-fix_dovecot_authentication.patch + + # Get rid of the -R switch (runpath_switch for Sun) + # >=gcc-4.6 errors out with unknown option + sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \ + configure.in || die + + # Use plugindir for sasldir + sed -i '/^sasldir =/s:=.*:= $(plugindir):' \ + "${S}"/plugins/Makefile.{am,in} || die "sed failed" + + # #486740 #468556 + sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \ + -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ + configure.in || die + sed -i -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ + saslauthd/configure.in || die + + eautoreconf +} + +src_configure() { + append-flags -fno-strict-aliasing + append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED + + # Java support. + use java && export JAVAC="${JAVAC} ${JAVACFLAGS}" + + local myconf + + # Add authdaemond support (bug #56523). + if use authdaemond ; then + myconf="${myconf} --with-authdaemond=/var/lib/courier/authdaemon/socket" + fi + + # Fix for bug #59634. + if ! use ssl ; then + myconf="${myconf} --without-des" + fi + + if use mysql || use postgres || use sqlite ; then + myconf="${myconf} --enable-sql" + else + myconf="${myconf} --disable-sql" + fi + + # Default to GDBM if both 'gdbm' and 'berkdb' are present. + if use gdbm ; then + einfo "Building with GNU DB as database backend for your SASLdb" + myconf="${myconf} --with-dblib=gdbm" + elif use berkdb ; then + einfo "Building with BerkeleyDB as database backend for your SASLdb" + myconf="${myconf} --with-dblib=berkeley --with-bdb-incdir=$(db_includedir)" + else + einfo "Building without SASLdb support" + myconf="${myconf} --with-dblib=none" + fi + + # Use /dev/urandom instead of /dev/random (bug #46038). + if use urandom ; then + myconf="${myconf} --with-devrandom=/dev/urandom" + fi + + econf \ + --enable-login \ + --enable-ntlm \ + --enable-auth-sasldb \ + --disable-cmulocal \ + --disable-krb4 \ + --enable-otp \ + --without-sqlite \ + --with-saslauthd=/run/saslauthd \ + --with-pwcheck=/run/saslauthd \ + --with-configdir=/etc/sasl2 \ + --with-plugindir=/usr/$(get_libdir)/sasl2 \ + --with-dbpath=/etc/sasl2/sasldb2 \ + $(use_with ssl openssl) \ + $(use_with pam) \ + $(use_with openldap ldap) \ + $(use_enable ldapdb) \ + $(use_enable sample) \ + $(use_enable kerberos gssapi) \ + $(use_enable java) \ + $(use_with java javahome ${JAVA_HOME}) \ + $(use_with mysql) \ + $(use_with postgres pgsql) \ + $(use_with sqlite sqlite3 /usr/$(get_libdir)) \ + $(use_enable srp) \ + $(use_enable static-libs static) \ + ${myconf} +} + +src_compile() { + emake + + # Default location for java classes breaks OpenOffice (bug #60769). + # Thanks to axxo@gentoo.org for the solution. + cd "${S}" + if use java ; then + jar -cvf ${PN}.jar -C java $(find java -name "*.class") + fi +} + +src_install() { + emake DESTDIR="${D}" install + keepdir /etc/sasl2 + + if use sample ; then + docinto sample + dodoc sample/*.c + exeinto /usr/share/doc/${P}/sample + doexe sample/client sample/server + fi + + # Default location for java classes breaks OpenOffice (bug #60769). + if use java ; then + java-pkg_dojar ${PN}.jar + java-pkg_regso "${D}/usr/$(get_libdir)/libjavasasl.so" + # hackish, don't wanna dig through makefile + rm -Rf "${D}/usr/$(get_libdir)/java" + docinto "java" + dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/* + dodir "/usr/share/doc/${PF}/java/Test" + insinto "/usr/share/doc/${PF}/java/Test" + doins "${S}"/java/Test/*.java + fi + + docinto "" + dodoc AUTHORS ChangeLog NEWS README doc/TODO doc/*.txt + newdoc pwcheck/README README.pwcheck + dohtml doc/*.html + + docinto "saslauthd" + dodoc saslauthd/{AUTHORS,ChangeLog,LDAP_SASLAUTHD,NEWS,README} + + newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd + + newinitd "${FILESDIR}/pwcheck.rc6" pwcheck + systemd_dounit "${FILESDIR}/pwcheck.service" + + newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd + newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd + systemd_dounit "${FILESDIR}/saslauthd.service" + systemd_dotmpfilesd "${FILESDIR}/${PN}.conf" + + newsbin "${S}/saslauthd/testsaslauthd" testsaslauthd + + use static-libs || find "${D}"/usr/lib*/sasl2 -name 'lib*.la' -delete +} + +pkg_postinst () { + # Generate an empty sasldb2 with correct permissions. + if ( use berkdb || use gdbm ) && [[ ! -f "${ROOT}/etc/sasl2/sasldb2" ]] ; then + einfo "Generating an empty sasldb2 with correct permissions ..." + echo "p" | "${ROOT}/usr/sbin/saslpasswd2" -f "${ROOT}/etc/sasl2/sasldb2" -p login \ + || die "Failed to generate sasldb2" + "${ROOT}/usr/sbin/saslpasswd2" -f "${ROOT}/etc/sasl2/sasldb2" -d login \ + || die "Failed to delete temp user" + chown root:mail "${ROOT}/etc/sasl2/sasldb2" \ + || die "Failed to chown ${ROOT}/etc/sasl2/sasldb2" + chmod 0640 "${ROOT}/etc/sasl2/sasldb2" \ + || die "Failed to chmod ${ROOT}/etc/sasl2/sasldb2" + fi + + if use authdaemond ; then + elog "You need to add a user running a service using Courier's" + elog "authdaemon to the 'mail' group. For example, do:" + elog " gpasswd -a postfix mail" + elog "to add the 'postfix' user to the 'mail' group." + fi + + elog "pwcheck and saslauthd home directories have moved to:" + elog " /run/saslauthd, using tmpfiles.d" +} diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch new file mode 100644 index 000000000000..46bbdd1ca1a0 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch @@ -0,0 +1,90 @@ +Bug #510320 +--- saslauthd/auth_rimap.c 2012-10-12 14:05:48.000000000 +0000 ++++ saslauthd/auth_rimap.c 2014-05-15 05:23:02.000000000 +0000 +@@ -371,7 +371,7 @@ + if ( rc>0 ) { + /* check if there is more to read */ + fd_set perm; +- int fds, ret; ++ int fds, ret, loopc; + struct timeval timeout; + + FD_ZERO(&perm); +@@ -380,6 +380,7 @@ + + timeout.tv_sec = 1; + timeout.tv_usec = 0; ++ loopc = 0; + while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { + if ( FD_ISSET(s, &perm) ) { + ret = read(s, rbuf+rc, sizeof(rbuf)-rc); +@@ -387,6 +388,14 @@ + rc = ret; + break; + } else { ++ if (ret == 0) { ++ loopc += 1; ++ } else { ++ loopc = 0; ++ } ++ if (loopc > sizeof(rbuf)) { // arbitrary chosen value ++ break; ++ } + rc += ret; + } + } +@@ -484,7 +493,7 @@ + if ( rc>0 ) { + /* check if there is more to read */ + fd_set perm; +- int fds, ret; ++ int fds, ret, loopc; + struct timeval timeout; + + FD_ZERO(&perm); +@@ -493,6 +502,7 @@ + + timeout.tv_sec = 1; + timeout.tv_usec = 0; ++ loopc = 0; + while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { + if ( FD_ISSET(s, &perm) ) { + ret = read(s, rbuf+rc, sizeof(rbuf)-rc); +@@ -500,6 +510,14 @@ + rc = ret; + break; + } else { ++ if (ret == 0) { ++ loopc += 1; ++ } else { ++ loopc = 0; ++ } ++ if (loopc > sizeof(rbuf)) { // arbitrary chosen value ++ break; ++ } + rc += ret; + } + } +--- lib/checkpw.c 2012-01-27 23:31:36.000000000 +0000 ++++ lib/checkpw.c 2014-05-15 05:19:35.000000000 +0000 +@@ -587,16 +587,14 @@ + /* Timeout. */ + errno = ETIMEDOUT; + return -1; +- case +1: +- if (FD_ISSET(fd, &rfds)) { +- /* Success, file descriptor is readable. */ +- return 0; +- } +- return -1; + case -1: + if (errno == EINTR || errno == EAGAIN) + continue; + default: ++ if (FD_ISSET(fd, &rfds)) { ++ /* Success, file descriptor is readable. */ ++ return 0; ++ } + /* Error catch-all. */ + return -1; + } |