Sync from SUSE:SLFO:Main cyrus-sasl revision cf2af506abea13b7736177506d3a9e02

This commit is contained in:
Adrian Schröter 2024-05-03 11:57:49 +02:00
commit 7fa07e59c1
20 changed files with 4558 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

7
README.Source Normal file
View File

@ -0,0 +1,7 @@
Because of potential legal risk we have removed the
directory "dlcompat-20010505/" from the source tarball
If you want to see the original sources you can download
them from:
ftp://ftp.cyrusimap.org/cyrus-sasl

6
_multibuild Normal file
View File

@ -0,0 +1,6 @@
<multibuild>
<package>cyrus-sasl-bdb</package>
<package>cyrus-sasl-saslauthd</package>
<package>cyrus-sasl-saslauthd-bdb</package>
</multibuild>

12
baselibs.conf Normal file
View File

@ -0,0 +1,12 @@
libsasl2-3
cyrus-sasl
cyrus-sasl-devel
requires -cyrus-sasl-<targettype>
requires "libsasl2-3-<targettype> = <version>"
cyrus-sasl-crammd5
cyrus-sasl-digestmd5
cyrus-sasl-gssapi
cyrus-sasl-otp
cyrus-sasl-plain
cyrus-sasl-sqlauxprop
cyrus-sasl-ldap-auxprop

BIN
cyrus-sasl-2.1.28.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

872
cyrus-sasl-bdb.changes Normal file
View File

@ -0,0 +1,872 @@
-------------------------------------------------------------------
Mon Nov 6 09:03:23 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Fix build with RPM 4.19: unnumbered patches are no longer
supported.
-------------------------------------------------------------------
Thu May 4 11:21:19 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Add _multibuild to define 2nd spec file as additional flavor.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Mon Jan 23 20:35:54 UTC 2023 - Dirk Müller <dmueller@suse.com>
- drop optional opie dependency
-------------------------------------------------------------------
Wed Dec 7 11:15:12 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
- Do not set directories inside doc/ mode 644; otherwise the
directories are set 644 as well, which means no files inside are
accessible. This resulted in the past in doc/ actually not being
added to the devel package.
-------------------------------------------------------------------
Wed Mar 9 08:39:23 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.1.28 (bsc#1196036, CVE-2022-24407):
* https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
- drop cyrus-sasl-bug587.patch (upstream)
-------------------------------------------------------------------
Mon Jan 31 10:03:15 UTC 2022 - Dirk Müller <dmueller@suse.com>
- cyrus-sasl: prevent fail of %pre when berkely db utils are
not installed (seems like we want to use this only for upgrade
so no Prereq added)
- move license to licensedir
- remove use of RPM_BUILD_ROOT
- minimal spec cleanups
- avoid bashisms
-------------------------------------------------------------------
Thu Jan 13 14:58:15 UTC 2022 - Peter Varkoly <varkoly@suse.com>
- postfix: sasl authentication with password fails (bsc#1194265)
Add config parameter --with-dblib=gdbm
- Avoid converting of /etc/sasldb2 by every update. Convert
/etc/sasldb2 only if it is a Berkeley DB
-------------------------------------------------------------------
Thu Feb 25 18:03:26 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- Fix build: Do not build libsasl2-3 in the bdb package. This will
not be linked to berkely db. libsasl2-3 is now defined as
%BuildRequires and %Requires
-------------------------------------------------------------------
Fri Jan 8 11:32:42 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root
due to insecure tmp file usage. (bsc#1180669)
Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary
files.
-------------------------------------------------------------------
Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly <varkoly@suse.com>
- Remove Berkeley DB dependency (JIRA#SLE-12190)
The packages cyrus-sasl and cyrus-sasl-saslauthd are built
without Berkely DB support. gdbm will be used instead of BDB.
The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
with Berkely DB support.
- Update to 2.1.27
* Added support for OpenSSL 1.1
* Added support for lmdb
* Lots of build fixes
* Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
* DIGEST-MD5 plugin:
Fixed memory leaks
Fixed a segfault when looking for non-existent reauth cache
Prevent client from going from step 3 back to step 2
Allow cmusaslsecretDIGEST-MD5 property to be disabled
* GSSAPI plugin:
Added support for retrieving negotiated SSF
Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
Properly compute maxbufsize AFTER security layers have been set
* SCRAM plugin:
Added support for SCRAM-SHA-256
* LOGIN plugin:
Dont prompt client for password until requested by server
* NTLM plugin:
Fixed crash due to uninitialized HMAC context
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- bsc#983938 `After=syslog.target` left-overs in several unit files
- added patches:
fix_libpq-fe_include.diff for fixing including libpq-fe.h
- removed patches obsoleted by upstream changes:
* shared_link_on_ppc.patch
* cyrus-sasl-2.1.27-openssl-1.1.0.patch
* 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* 0003-Check-return-error-from-gss_wrap_size_limit.patch
* 0004-Add-support-for-retrieving-the-mech_ssf.patch
* 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
* cyrus-sasl-fix-logging-in-gssapi.patch
-------------------------------------------------------------------
Thu Feb 6 17:50:21 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
* Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
* Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
* Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
-------------------------------------------------------------------
Thu Nov 28 20:07:43 UTC 2019 - Michael Ströder <michael@stroeder.com>
- added backport-patch cyrus-sasl-bug587.patch which fixes
off-by-one error in _sasl_add_string function
(see CVE-2019-19906 bsc#1159635)
-------------------------------------------------------------------
Mon Feb 4 15:13:25 UTC 2019 - Peter Varkoly <varkoly@suse.com>
- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1"
By server context the connection will be sent to the log function.
Client content does not have log level information. I.e. there is no
way to stop DEBUG level logs nece I've removed it.
* add cyrus-sasl-fix-logging-in-gssapi.patch
-------------------------------------------------------------------
Mon Sep 4 10:01:17 UTC 2017 - vcizek@suse.com
- OpenSSL 1.1 support (bsc#1055463)
* add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora
-------------------------------------------------------------------
Wed Mar 22 09:56:37 UTC 2017 - michael@stroeder.com
- added cyrus-sasl-issue-402.patch to fix
SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402
(see https://github.com/cyrusimap/cyrus-sasl/issues/402)
-------------------------------------------------------------------
Tue Mar 7 11:31:23 UTC 2017 - varkoly@suse.com
- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5
-------------------------------------------------------------------
Wed Dec 9 20:15:40 UTC 2015 - bwiedemann@suse.com
- really use SASLAUTHD_PARAMS variable (bnc#938657)
-------------------------------------------------------------------
Tue Jan 6 19:02:33 UTC 2015 - varkoly@suse.com
- bnc#908883 cyrus-sasl-scram refers to wrong RFC
-------------------------------------------------------------------
Thu Nov 27 09:08:36 UTC 2014 - jengelh@inai.de
- Make sure /usr/sbin/rcsaslauthd exists
-------------------------------------------------------------------
Tue Sep 23 13:57:46 UTC 2014 - varkoly@suse.com
- bnc#897837 saslauthd package has no config
-------------------------------------------------------------------
Tue Jul 29 23:31:35 UTC 2014 - sfalken@opensuse.org
- Changed --with-saslauthd=/var/run/sasl2 in %build to /run/sasl2 to clear rpmlint check failure
-------------------------------------------------------------------
Sat Jul 19 12:54:50 UTC 2014 - p.drouand@gmail.com
- Remove insserv dependency; it's unneeded with systemd' systems
- Remove insserv and fillup dependency in cyrus-sasl package; there
is neither sysconfig or init file
-------------------------------------------------------------------
Fri Jun 13 11:03:45 UTC 2014 - ckornacker@suse.com
- Revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9
cyrus-sasl-revert_gssapi_flags.patch (bnc#775279)
-------------------------------------------------------------------
Tue Apr 1 10:32:37 UTC 2014 - varkoly@suse.com
- bnc#871183 - cyrus-sasl-saslauthd service file is missing parameter 'Restart=always'
-------------------------------------------------------------------
Sat Nov 2 20:47:58 UTC 2013 - jengelh@inai.de
- Implement shlib packaging guidelines: make subpackage libsasl2-3.
(All other .so files are _server_ plugins AFAICS, loaded via
dlopen.)
- Ensure directories are owned by packages and thus get torn down
on package removal
-------------------------------------------------------------------
Sat Oct 5 19:10:55 UTC 2013 - tchvatal@suse.com
- Put back the .so files to sasl auth packages from devel file.
The .so files are read by some application instead of full path
so in order for auth to work this files must be available
-------------------------------------------------------------------
Sun Sep 29 08:11:05 UTC 2013 - tittiatcoke@gmail.com
- Add patch fix-sasl-header.diff to resolve build issues that
are failing due to typedef 'sasl_malloc_t' is initialized.
(see gentoo#458870, fedora#906519)
-------------------------------------------------------------------
Wed Sep 11 07:16:23 UTC 2013 - jcnengel@gmail.com
- Removed server side service to comply with Factory rules
-------------------------------------------------------------------
Tue Sep 3 22:07:15 UTC 2013 - jcnengel@gmail.com
- Update to 2.1.26
* Modernize SASL malloc/realloc callback prototypes
* Added sasl_config_done() to plug a memory leak when using an application specific config file
* Fixed PLAIN/LOGIN authentication failure when using saslauthd with no auxprop plugins (bug # 3590).
* unlock the mutex in sasl_dispose if the context was freed by another thread
* MINGW32 compatibility patches
* Fixed broken logic in get_fqhostname() when abort_if_no_fqdn is 0
* Fixed some memory leaks in libsasl
- GSSAPI plugin:
+ Fixed a segfault in gssapi.c introduced in 2.1.25.
+ Code refactoring
+ Added support for GSS-SPNEGO SASL mechanism (Unix only), which is also HTTP capable
- GS2 plugin:
+ Updated GS2 plugin not to lose minor GSS-API status codes on errors
- DIGEST-MD5 plugin:
+ Correctly send "stale" directive to prevent clients from (re)promtping for password
+ Better handling of HTTP reauthentication cases
+ fixed some memory leaks
- SASLDB plugin:
+ Added support for BerkleyDB 5.X or later
- OTP plugin:
+ Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications
- SRP plugin:
+ Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications
- saslauthd:
+ auth_rimap.c: qstring incorrectly appending the closing double quote, which might be causing crashes
+ auth_rimap.c: read the whole IMAP greeting
+ better error reporting from some drivers
+ fixed some memory leaks
- New BuildRequires for pkgconfig since pkgconfig file is generated
- Removed patches that do no longer apply
* cyrus-sasl-gcc4.patch (integrated upstream)
* cyrus-sasl-gs2-not-overwrite-minor-error-code.dif (integrated upstream)
* gssapi-null-deref.dif (integrated upstream)
* Fix-abort_if_no_fqdn-behavior.patch (integrated upstream)
* cyrus-sasl-db6.diff (integrated upstream)
- Move *.so files into devel package
-------------------------------------------------------------------
Fri Jul 26 13:09:51 UTC 2013 - obs@botter.cc
- Fix for bnc#827230 and #784705, fix patch as described in
#827230, typo in patch from request 112480 (remove rpath,
Apr 4 2012), preventing sql auxprop plugin to work
-------------------------------------------------------------------
Fri Jun 14 00:41:55 UTC 2013 - jengelh@inai.de
- Add cyrus-sasl-db6.diff to fix compile abort with db >= 5
- Simpler delete of .la files with find
-------------------------------------------------------------------
Mon Aug 13 07:55:11 UTC 2012 - rhafer@suse.de
- Include fix for Cyrus SASL Bug#3589: When abort_if_no_fqdn is 0,
a getaddrinfo failure should be ignored, as long as gethostname()
succeeded. (bnc#771983)
-------------------------------------------------------------------
Wed May 9 21:47:48 UTC 2012 - crrodriguez@opensuse.org
- Ensure libraries and tools are built with LFS and include
config.h in all C files.
-------------------------------------------------------------------
Wed Apr 4 14:13:36 UTC 2012 - dvaleev@suse.com
- remove rpath
-------------------------------------------------------------------
Wed Jan 18 13:06:00 UTC 2012 - aj@suse.de
- Move some doc files to devel package and to cyrus-sasl-saslauthd.
-------------------------------------------------------------------
Fri Nov 25 10:05:58 UTC 2011 - rhafer@suse.de
- Removed debug printfs from cyrus-sasl.dif, added by accident
- Updated cyrus-sasl-gs2-not-overwrite-minor-error-code.dif with
latest upstream improvements
-------------------------------------------------------------------
Wed Nov 16 09:22:32 UTC 2011 - rhafer@suse.de
- Update to 2.1.25:
* Added support for channel bindings
* Added support for ordering SASL mechanisms by strength (on
the client side), or using the "client_mech_list" option.
* Allow DIGEST-MD5 plugin to be used for client-side and
server-side HTTP Digest, including running over non-persistent
connections (RFC 2617)
* New SASL plugins: SCRAM and GS2
* Fixed a crash caused by aborted SASL authentication
and initiation of another one using the same SASL context.
* Various improvements to DIGEST-MD5 to improve interoperability
with some slightly broken clients
- cleanup
* removed old dependencies still related to cyrus-sasl2
* plugins now depend on the exact cyrus-sasl version
* use autoreconf instead of calling all tools manually
-------------------------------------------------------------------
Fri Sep 30 20:07:52 UTC 2011 - coolo@suse.com
- add libtool as buildrequire to make the spec file more reliable
-------------------------------------------------------------------
Sun Sep 18 00:16:04 UTC 2011 - jengelh@medozas.de
- Remove redundant tags/sections from specfile
-------------------------------------------------------------------
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
- use %_smp_mflags
-------------------------------------------------------------------
Mon Jun 7 06:15:02 UTC 2010 - coolo@novell.com
- add dependency to avoid broken parallel make
-------------------------------------------------------------------
Mon May 10 12:53:14 UTC 2010 - rhafer@novell.com
- Fixed attributes of /var/run/sasl2 in filelist
-------------------------------------------------------------------
Wed Apr 28 09:24:11 UTC 2010 - rhafer@novell.com
- Removed the /var/run/sasl2 directory from cyrus-sasl.spec.
It will now be created on demand by the saslauthd init script.
- Adjusted init script headers to silence rpmlint warning/errors.
-------------------------------------------------------------------
Mon Dec 14 17:15:20 CET 2009 - jengelh@medozas.de
- add baselibs.conf as a source
-------------------------------------------------------------------
Mon Nov 23 10:57:47 UTC 2009 - rhafer@novell.com
- Fixed linker arguments for ldap- and sql-auxprop plugins
(bnc#555568)
-------------------------------------------------------------------
Mon Jul 20 16:20:35 CEST 2009 - coolo@novell.com
- build against krb5-mini to avoid build cycle
-------------------------------------------------------------------
Fri May 15 14:23:03 CEST 2009 - rhafer@novell.com
- Update to 2.1.23, the only change is a fix for a potential buffer
overflow in sasl_encode64() (bnc#499104, CVE-2009-0688)
- Imported some automake/libtool fixes from upstream cvs
-------------------------------------------------------------------
Mon Mar 2 21:28:09 CET 2009 - crrodriguez@suse.de
- fix build with GCC 4.4
- remove all "la" files
-------------------------------------------------------------------
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)
-------------------------------------------------------------------
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
-------------------------------------------------------------------
Mon Aug 18 10:32:31 CEST 2008 - rhafer@suse.de
- Fixed init-scripts Required-Stop Tags
-------------------------------------------------------------------
Tue Jul 29 15:15:25 CEST 2008 - rhafer@suse.de
- Enhance sysconfig file and init script to allow to pass arbitrary
parameters to saslauthd (bnc#397808)
- Fixed description of the SASLAUTHD_THREADS sysconfig option.
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
-------------------------------------------------------------------
Fri Mar 28 09:45:45 CET 2008 - rhafer@suse.de
- Moved "Version:" up to the top to make versioned
Obsoletes/Requires work correctly.
-------------------------------------------------------------------
Wed Mar 26 16:06:15 CET 2008 - rhafer@suse.de
- Enabled NTLM authentication plugin (bnc#343665), created new
subpackage cyrus-sasl-ntlm
- Replaced %run_ldconfig macro as suggested by rpmlint
- Replaced unversioned Obsoltes/Provides with versioned ones
- Removed unneeded Split-Provides
-------------------------------------------------------------------
Fri Oct 26 16:40:22 CEST 2007 - rhafer@suse.de
- Fixed some RPMLINT complaints
- re-enabled accidently disabled "kerberos5" authmech for saslauthd
(Bug #335754)
-------------------------------------------------------------------
Tue Mar 20 10:13:29 CET 2007 - rhafer@suse.de
- Add SASLAUTHD_THREADS to /etc/sysconfig/saslauthd to be able to
set the number of threads that saslauthd should spawn
(Bug #199114)
-------------------------------------------------------------------
Fri Oct 27 13:20:59 CEST 2006 - rhafer@suse.de
- Use /etc/sasl2/ as directory for config files of services
%{_libdir} can still be used for backwards compatibilty
(Bug #206414)
-------------------------------------------------------------------
Mon Sep 25 16:21:55 CEST 2006 - rhafer@suse.de
- Remove unneeded automake/autoheader calls
-------------------------------------------------------------------
Mon Sep 11 12:56:51 CEST 2006 - rhafer@suse.de
- Build -sqlauxprop from cyrus-sasl-saslauthd.spec to reduce
BuildRequires of cyrus-sasl.spec
- Removed unneeded openldap2 from BuildRequires of
cyrus-sasl-saslauthd
-------------------------------------------------------------------
Tue Aug 29 12:47:43 CEST 2006 - rhafer@suse.de
- Enabled the ldapdb auxprop plugin and created new subpackage
cyrus-sasl-ldap-auxprop for it (Bug #201478)
-------------------------------------------------------------------
Fri Aug 25 14:47:35 CEST 2006 - rhafer@suse.de
- remove saslauthd man-page from cyrus-sasl package to solve
confict with -saslauthd subpackage (Bug #200490)
-------------------------------------------------------------------
Fri Jun 2 11:33:04 CEST 2006 - rhafer@suse.de
- updated to 2.1.22
* new pluginviewer utility for reporting information about client
and server side authentication plugins and auxprop plugins
(e.g. supported features, methods, etc.).
* Added support for HTTP POST password validation in saslauthd
- rename SuSE.tar.gz to cyrus-sasl-rc.tar.gz to avoid name
collision with other packages in src.rpm (Bug #98188)
- include "crypt.h" in auth_shadow.c to avoid possible crash in
saslauthd (Bug #179621)
-------------------------------------------------------------------
Mon Apr 3 15:10:49 CEST 2006 - rhafer@suse.de
- remove dlcompat-20010505 from tarball because of legal risk and
documented this in README.Source (Bug: #161390)
- added check for dlcompat-20010505 to the spec file
-------------------------------------------------------------------
Wed Jan 25 21:30:05 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Wed Nov 23 13:48:56 CET 2005 - choeger@suse.de
- Bugfix ID#134491, cyrus-sasl-sqlauxprop is not linked against any database
-------------------------------------------------------------------
Mon Sep 26 01:46:48 CEST 2005 - ro@suse.de
- added LDAP_DEPRECATED to CFLAGS
-------------------------------------------------------------------
Wed Jul 13 17:07:50 CEST 2005 - choeger@suse.de
- use /dev/urandom instead of /dev/random, see
http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/POP3DevRandomIssue
for an explanation
- removed the useless .la files from rpm
-------------------------------------------------------------------
Tue May 17 18:42:14 CEST 2005 - choeger@suse.de
- update to version 2.1.21
-------------------------------------------------------------------
Mon Mar 14 19:46:51 CET 2005 - choeger@suse.de
- now also build the sql auxprop plugin; created new subpackage
cyrus-sasl-sqlauxprop
-------------------------------------------------------------------
Fri Feb 25 17:24:12 CET 2005 - uli@suse.de
- better GCC4 fix
-------------------------------------------------------------------
Fri Feb 25 14:40:12 CET 2005 - uli@suse.de
- fixed to build with GCC4
-------------------------------------------------------------------
Tue Nov 2 20:47:23 CET 2004 - mmj@suse.de
- Get rid of .cvsignore files
- Don't remove buildroot before install
-------------------------------------------------------------------
Mon Oct 25 11:47:36 CEST 2004 - choeger@suse.de
- update to version 2.1.20
-------------------------------------------------------------------
Wed Oct 6 15:00:16 CEST 2004 - choeger@suse.de
- Bugfix ID#46847 - VUL-0: SASL environment variable local root
-------------------------------------------------------------------
Mon Sep 20 15:54:37 CEST 2004 - choeger@suse.de
- package binaries of sample-client and -server instead of
shell wrappers (which do not work)
-------------------------------------------------------------------
Fri Sep 17 11:20:28 CEST 2004 - choeger@suse.de
- removed saslauthd from cyrus-sasl requires, as it is only
needed on a "server" side and also not in every case (buildin
mechanisms as CRAM- or DIGEST-MD5 do not need it)
- added split-provides for saslauthd
-------------------------------------------------------------------
Mon Sep 6 13:37:56 CEST 2004 - choeger@suse.de
- added testsaslauthd to filelist
- removed saslauthd and insserv makros from cyrus-sasl.spec
-------------------------------------------------------------------
Fri Sep 3 13:14:02 CEST 2004 - choeger@suse.de
- splitted up cyrus-sasl-saslauthd.spec, to resolve the cyclic
dependency openldap2 <-> cyrus-sasl with saslauthd having
LDAP support
-------------------------------------------------------------------
Tue Aug 31 11:55:28 CEST 2004 - choeger@suse.de
- removed update messages and implemented "split-provides"
instead
-------------------------------------------------------------------
Tue Aug 31 10:12:22 CEST 2004 - choeger@suse.de
- added LDAP support for saslauthd, Bugzilla ID#44051
-------------------------------------------------------------------
Mon Aug 30 13:54:01 CEST 2004 - choeger@suse.de
- Bugfix Bugzilla ID#44346 - still using /var/adm/notify
now using new update messages mechanism
- added sample/client sample/server to file list
-------------------------------------------------------------------
Thu Jul 15 13:50:15 CEST 2004 - choeger@suse.de
- update to version 2.1.19
-------------------------------------------------------------------
Tue Jun 15 11:30:48 CEST 2004 - choeger@suse.de
- bugfix id#39245 - cyrus-sasl includes straycat man page
-------------------------------------------------------------------
Fri Mar 12 17:57:06 CET 2004 - choeger@suse.de
- update to version 2.1.18 (Bugfix Release)
-------------------------------------------------------------------
Tue Jan 27 15:39:57 CET 2004 - choeger@suse.de
- Bugfix ID#34159 - cyrus-sasl: world-writeable rpath
-------------------------------------------------------------------
Thu Jan 22 12:28:34 CET 2004 - choeger@suse.de
- Bugfix Bugzilla ID#34019, notice users about the fact, that
cyrus-sasl has been splitted into subpackages
-------------------------------------------------------------------
Fri Jan 16 13:08:08 CET 2004 - kukuk@suse.de
- Add pam-devel to neededforbuild
-------------------------------------------------------------------
Tue Dec 2 10:11:37 CET 2003 - choeger@suse.de
- update to version 2.1.17
-------------------------------------------------------------------
Fri Oct 31 16:59:33 CET 2003 - choeger@suse.de
- Don't build as root
-------------------------------------------------------------------
Fri Oct 17 22:23:19 CEST 2003 - kukuk@suse.de
- Remove unused des from neededforbuild
-------------------------------------------------------------------
Tue Sep 16 13:13:09 CEST 2003 - kukuk@suse.de
- Add missing Provides [Bug #31005]
-------------------------------------------------------------------
Mon Sep 1 13:26:43 CEST 2003 - choeger@suse.de
- removed "-u root" from startproc as it always failes
- removed link to doc/components.html from doc/index.html as
components.html does not exist (Bugzilla ID#29253)
-------------------------------------------------------------------
Thu Aug 14 18:48:47 CEST 2003 - choeger@suse.de
- Bugfix Bugzilla ID#28932:
missing activation metadata in sysconfig template
-------------------------------------------------------------------
Wed Jul 30 13:27:05 CEST 2003 - choeger@suse.de
- new macros for stop/restart of services on rpm update/removal
-------------------------------------------------------------------
Tue Jul 15 18:52:11 CEST 2003 - choeger@suse.de
- update to version 2.1.15
-------------------------------------------------------------------
Mon Jun 30 18:04:22 CEST 2003 - choeger@suse.de
- update to version 2.1.14
-------------------------------------------------------------------
Wed Jun 18 12:03:48 CEST 2003 - ro@suse.de
- use kerberos-devel-packages in neededforbuild
-------------------------------------------------------------------
Fri Jun 13 10:25:14 CEST 2003 - kukuk@suse.de
- Add missing directory to filelist
-------------------------------------------------------------------
Fri May 9 09:54:05 CEST 2003 - choeger@suse.de
- use -ldb instead of -ldb-x.y to manually link the
dbconverter
-------------------------------------------------------------------
Tue May 6 14:37:14 CEST 2003 - choeger@suse.de
- update to version 2.1.13
-------------------------------------------------------------------
Tue Apr 15 08:50:41 CEST 2003 - ro@suse.de
- added krb4-lib,krb4-devel to neededforbuild
-------------------------------------------------------------------
Mon Apr 7 14:56:11 CEST 2003 - choeger@suse.de
- renamed to cyrus-sasl
- splitted libraries for the following auth methods into seperate
packages:
- crammd5
- digestmd5
- otp
- plain
this is to prevent from annoying warnings about missing proper
setup of mechanisms we don't use
-------------------------------------------------------------------
Thu Mar 6 18:19:30 CET 2003 - choeger@suse.de
- ever used dbconverter-2? Well it is just a shell script
which uses the damn compiled source tree... :-(
manually building dbconverter to let users convert their
/etc/sasldb from v1 to v2 using /usr/sbin/dbconverter
-------------------------------------------------------------------
Thu Mar 6 17:34:18 CET 2003 - choeger@suse.de
- as cyrus-sasl is dropped now:
provide cyrus-sasl-*, obsolete cyrus-sasl-*
(Bugzilla ID# 24762)
-------------------------------------------------------------------
Tue Feb 4 10:48:37 CET 2003 - choeger@suse.de
- update to cyrus-sasl-2.1.12, bug-fix release.
This release addresses a few minor build and distribution
related issues
-------------------------------------------------------------------
Mon Feb 3 10:54:48 CET 2003 - choeger@suse.de
- update to cyrus-sasl-2.1.11, bug-fix release.
It addresses a number of issues in the build system, a
memory leak in the doors IPC method for saslauthd, and fixes the NTLM
server side support to only require one of the LM or NT methods.
-------------------------------------------------------------------
Thu Jan 23 11:03:56 CET 2003 - choeger@suse.de
- don't use new libtool macros as cyrus-sasl2 seems to not
work when using them.
- added patch to compile shared libraries on ppc
-------------------------------------------------------------------
Wed Jan 15 09:21:28 CET 2003 - kukuk@suse.de
- Remove openldap2 from needed for build
-------------------------------------------------------------------
Tue Jan 14 11:18:35 CET 2003 - choeger@suse.de
- do not build the static library anymore
-------------------------------------------------------------------
Wed Dec 11 13:15:29 CET 2002 - choeger@suse.de
- added sysconfig metadata to sysconfig templates
-------------------------------------------------------------------
Tue Dec 10 09:46:44 CET 2002 - choeger@suse.de
- update to version 2.1.10
This version corrects a number of DIGEST-MD5
interoperability issues, as well as corrects some potential buffer
overflows.
-------------------------------------------------------------------
Thu Oct 31 00:23:42 CET 2002 - ro@suse.de
- make it build again
-------------------------------------------------------------------
Tue Oct 29 15:13:35 CET 2002 - ro@suse.de
- remove own libtool macros
-------------------------------------------------------------------
Thu Oct 24 10:42:11 CEST 2002 - choeger@suse.de
- update to latest version 2.1.9
-------------------------------------------------------------------
Thu Sep 12 14:52:42 CEST 2002 - choeger@suse.de
- Bugfix Bugzilla ID#19383: cyrus-sasl-devel should conflict
with cyrus-sasl2-devel, because they contain files with the
same name
-------------------------------------------------------------------
Mon Aug 19 18:48:02 CEST 2002 - rhafer@suse.de
- enabled building of the static libsasl.a. It is needed for
cyrus-imap to be usable with nss_ldap (which is linked against
cyrus-sasl1)
-------------------------------------------------------------------
Mon Aug 12 11:04:01 CEST 2002 - choeger@suse.de
- update to version 2.1.7
-------------------------------------------------------------------
Thu Aug 8 10:31:06 CEST 2002 - choeger@suse.de
- added .la files to the sasl2 plugin directory
([lt_]dlopen seems to need that)
-------------------------------------------------------------------
Mon Aug 5 17:07:37 CEST 2002 - choeger@suse.de
- added Prereq
-------------------------------------------------------------------
Sat Jul 27 18:09:53 CEST 2002 - adrian@suse.de
- add %run_ldconfig
-------------------------------------------------------------------
Wed Jul 17 10:08:45 CEST 2002 - choeger@suse.de
- update to version 2.1.6
-------------------------------------------------------------------
Wed Jun 19 18:25:16 CEST 2002 - choeger@suse.de
- also install dbconverter-2 to be able to migrate from
cyrus-sasl(1)
-------------------------------------------------------------------
Tue Jun 18 16:21:06 CEST 2002 - choeger@suse.de
- /var/run/sasl2 must be 755 to let non root daemons
connect to unix socket
-------------------------------------------------------------------
Tue Jun 18 16:09:08 CEST 2002 - choeger@suse.de
- added initscript and sysconfig file for saslauthd
- added docs
-------------------------------------------------------------------
Tue Jun 18 12:34:35 CEST 2002 - rhafer@suse.de
- added opie to needforbuild
- should build on ppc64 and s390x now
-------------------------------------------------------------------
Mon Jun 17 20:37:14 CEST 2002 - rhafer@suse.de
- additional autoconf related patches, that were missing at first
check in
-------------------------------------------------------------------
Mon Jun 17 18:12:24 CEST 2002 - rhafer@suse.de
- Initial checkin of cyrus-sasl-2.1.5

255
cyrus-sasl-bdb.spec Normal file
View File

@ -0,0 +1,255 @@
#
# spec file for package cyrus-sasl-bdb
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cyrus-sasl-bdb
%define lname libsasl2-3
Version: 2.1.28
Release: 0
URL: https://github.com/cyrusimap/cyrus-sasl
Summary: Implementation of Cyrus SASL API
License: BSD-4-Clause
Group: Productivity/Networking/Other
Source: https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-%{version}/cyrus-sasl-%{version}.tar.gz
Source1: cyrus-sasl-rc.tar.bz2
Source2: README.Source
Source3: baselibs.conf
Patch0: cyrus-sasl.dif
Patch5: cyrus-sasl-no_rpath.patch
Patch6: cyrus-sasl-lfs.patch
Patch7: fix_libpq-fe_include.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: libsasl2-3
BuildRequires: db-devel
BuildRequires: krb5-mini-devel
BuildRequires: libsasl2-3
BuildRequires: libtool
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
%ifarch ppc64
# bug437293
Obsoletes: cyrus-sasl-64bit
%endif
Conflicts: cyrus-sasl
%description
This is the Cyrus SASL API. It can be used on the client or server side
to provide authentication. See RFC 2222 for more information.
%package gssapi
Summary: Plugin for the GSSAPI SASL mechanism
Group: Productivity/Networking/Other
Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-gssapi
%description gssapi
This is the Cyrus SASL API implementation. It can be used on the client
or server side to provide authentication. See RFC 2222 for more
information.
%package crammd5
Summary: Plugin for the CRAMMD5 SASL mechanism
Group: Productivity/Networking/Other
Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-crammd5
%description crammd5
This is the Cyrus SASL API implementation. It can be used on the client
or server side to provide authentication. See RFC 2222 for more
information.
%package digestmd5
Summary: Plugin for the DIGESTMD5 SASL mechanism
Group: Productivity/Networking/Other
Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-digestmd5
%description digestmd5
This is the Cyrus SASL API implementation. It can be used on the client
or server side to provide authentication. See RFC 2222 for more
information.
%package otp
Summary: Plugin for the OTP SASL mechanism
Group: Productivity/Networking/Other
Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-otp
%description otp
This is the Cyrus SASL API implementation. It can be used on the client
or server side to provide authentication. See RFC 2222 for more
information.
%package plain
Summary: Plugin for the PLAIN SASL mechanism
Group: Productivity/Networking/Other
Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-plain
%description plain
This is the Cyrus SASL API implementation. It can be used on the client
or server side to provide authentication. See RFC 2222 for more
information.
%package ntlm
Summary: Plugin for the NTLM SASL mechanism
Group: Productivity/Networking/Other
Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-ntlm
%description ntlm
This is the Cyrus SASL API. It can be used on the client or server side
to provide authentication. See RFC 2222 for more information.
%package gs2
Summary: Plugin for the GS2 SASL mechanism
Group: Productivity/Networking/Other
Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-gs2
%description gs2
This is the Cyrus SASL API implementation. It can be used on the client
or server side to provide authentication. See RFC 2222 for more
information.
%package scram
Summary: Plugin for the SCRAM SASL mechanism
Group: Productivity/Networking/Other
Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-scram
%description scram
This is the Cyrus SASL API implementation. It can be used on the client
or server side to provide authentication. See RFC 5802 for more
information.
%package devel
# bug437293
%ifarch ppc64
Obsoletes: cyrus-sasl-devel-64bit
%endif
#
Summary: Cyrus SASL API Implementation, Libraries and Header Files
Group: Development/Libraries/C and C++
Requires: %lname = %version
Requires: glibc-devel
Conflicts: cyrus-sasl-devel
%description devel
This is the Cyrus SASL API. It can be used on the client or server side
to provide authentication. See RFC 2222 for more information.
%prep
%setup -q -n cyrus-sasl-%{version} -a 1
if [ -e %{_builddir}/cyrus-sasl-%{version}/dlcompat-*/ ]
then
echo "dlcompat contains potential legal risks."
rm -rf %{_builddir}/cyrus-sasl-%{version}/dlcompat-*
fi
%patch0
%patch5 -p1
%patch6 -p1
%patch7 -p1
%build
find . -name "*.cvsignore" -exec rm -fv "{}" "+"
autoreconf -f
export CFLAGS="%optflags -fno-strict-aliasing"
%configure --with-pic \
--with-plugindir=%{_libdir}/sasl2 \
--with-configdir=/etc/sasl2/:%{_libdir}/sasl2 \
--with-saslauthd=/run/sasl2/ \
--enable-pam \
--enable-sample \
--enable-login \
--enable-gssapi \
--enable-ntlm \
--enable-krb4=no \
--enable-sql=no \
--with-devrandom=/dev/urandom
%{__make} %{?_smp_mflags} sasldir=%{_libdir}/sasl2
%install
make DESTDIR=$RPM_BUILD_ROOT sasldir=%{_libdir}/sasl2 install
mkdir -p $RPM_BUILD_ROOT/usr/bin
mkdir -p $RPM_BUILD_ROOT/etc/sasl2
install -m 755 sample/.libs/client $RPM_BUILD_ROOT/usr/bin/cyrus_sasl_sample_client
install -m 755 sample/.libs/server $RPM_BUILD_ROOT/usr/bin/cyrus_sasl_sample_server
find doc -type f -exec chmod 0644 {} \;
rm -f doc/Makefile*
rm -f $RPM_BUILD_ROOT/%{_mandir}/cat?/*
rm -f $RPM_BUILD_ROOT/%{_mandir}/man8/saslauthd*
rm -f $RPM_BUILD_ROOT/%{_mandir}/man8/testsaslauthd*
rm -f $RPM_BUILD_ROOT/usr/sbin/saslauthd
rm -f $RPM_BUILD_ROOT/usr/sbin/testsaslauthd
rm -r $RPM_BUILD_ROOT%{_libdir}/libsasl2.so.3*
find "%buildroot" -type f -name "*.la" -print -delete
%files
%license COPYING
%dir %{_libdir}/sasl2
%{_libdir}/sasl2/libanonymous.so*
%{_libdir}/sasl2/liblogin.so*
%{_libdir}/sasl2/libsasldb.so*
%dir /etc/sasl2/
/usr/sbin/*
/usr/bin/*
%doc %{_mandir}/man3/sasl.*.gz
%doc %{_mandir}/man8/*.gz
%files gssapi
%dir %_libdir/sasl2/
%{_libdir}/sasl2/libgssapiv2.so*
%files crammd5
%dir %_libdir/sasl2/
%{_libdir}/sasl2/libcrammd5.so*
%files digestmd5
%dir %_libdir/sasl2/
%{_libdir}/sasl2/libdigestmd5.so*
%files otp
%dir %_libdir/sasl2/
%{_libdir}/sasl2/libotp.so*
%files plain
%dir %_libdir/sasl2/
%{_libdir}/sasl2/libplain.so*
%files ntlm
%dir %_libdir/sasl2/
%{_libdir}/sasl2/libntlm.so*
%files gs2
%dir %_libdir/sasl2/
%{_libdir}/sasl2/libgs2.so*
%files scram
%dir %_libdir/sasl2/
%{_libdir}/sasl2/libscram.so*
%files devel
%license COPYING
%doc AUTHORS ChangeLog README doc
%_includedir/sasl/
%doc %{_mandir}/man3/sasl_*.gz
%{_libdir}/libsasl2.so
%{_libdir}/pkgconfig/*
%changelog

13
cyrus-sasl-lfs.patch Normal file
View File

@ -0,0 +1,13 @@
--- cyrus-sasl-2.1.27.orig/configure.ac 2018-10-09 16:58:04.000000000 +0200
+++ cyrus-sasl-2.1.27/configure.ac 2018-11-17 13:05:26.475631124 +0100
@@ -95,7 +95,9 @@
enable_obsolete_digest_attr=$enableval,
enable_obsolete_digest_attr=yes)
-AC_PROG_CC
+AC_PROG_CC_STDC
+AC_USE_SYSTEM_EXTENSIONS
+AC_SYS_LARGEFILE
AX_PROG_CC_FOR_BUILD
AC_PROG_CPP
AC_PROG_AWK

21
cyrus-sasl-no_rpath.patch Normal file
View File

@ -0,0 +1,21 @@
Index: cyrus-sasl-2.1.26/m4/cyrus.m4
===================================================================
--- cyrus-sasl-2.1.26.orig/m4/cyrus.m4
+++ cyrus-sasl-2.1.26/m4/cyrus.m4
@@ -32,14 +32,5 @@ AC_DEFUN([CMU_ADD_LIBPATH_TO], [
dnl runpath initialization
AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [
# CMU GUESS RUNPATH SWITCH
- AC_CACHE_CHECK(for runpath switch, andrew_cv_runpath_switch, [
- # first, try -R
- SAVE_LDFLAGS="${LDFLAGS}"
- LDFLAGS="-R /usr/lib"
- AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [
-# LDFLAGS="-Wl,-rpath,/usr/lib"
- AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"],
- [andrew_cv_runpath_switch="none"])
- ])
- LDFLAGS="${SAVE_LDFLAGS}"
- ])])
+ andrew_cv_runpath_switch="none"
+])

BIN
cyrus-sasl-rc.tar.bz2 (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -0,0 +1,872 @@
-------------------------------------------------------------------
Mon Nov 6 09:03:23 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Fix build with RPM 4.19: unnumbered patches are no longer
supported.
-------------------------------------------------------------------
Thu May 4 11:21:19 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Add _multibuild to define 2nd spec file as additional flavor.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Mon Jan 23 20:35:54 UTC 2023 - Dirk Müller <dmueller@suse.com>
- drop optional opie dependency
-------------------------------------------------------------------
Wed Dec 7 11:15:12 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
- Do not set directories inside doc/ mode 644; otherwise the
directories are set 644 as well, which means no files inside are
accessible. This resulted in the past in doc/ actually not being
added to the devel package.
-------------------------------------------------------------------
Wed Mar 9 08:39:23 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.1.28 (bsc#1196036, CVE-2022-24407):
* https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
- drop cyrus-sasl-bug587.patch (upstream)
-------------------------------------------------------------------
Mon Jan 31 10:03:15 UTC 2022 - Dirk Müller <dmueller@suse.com>
- cyrus-sasl: prevent fail of %pre when berkely db utils are
not installed (seems like we want to use this only for upgrade
so no Prereq added)
- move license to licensedir
- remove use of RPM_BUILD_ROOT
- minimal spec cleanups
- avoid bashisms
-------------------------------------------------------------------
Thu Jan 13 14:58:15 UTC 2022 - Peter Varkoly <varkoly@suse.com>
- postfix: sasl authentication with password fails (bsc#1194265)
Add config parameter --with-dblib=gdbm
- Avoid converting of /etc/sasldb2 by every update. Convert
/etc/sasldb2 only if it is a Berkeley DB
-------------------------------------------------------------------
Thu Feb 25 18:03:26 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- Fix build: Do not build libsasl2-3 in the bdb package. This will
not be linked to berkely db. libsasl2-3 is now defined as
%BuildRequires and %Requires
-------------------------------------------------------------------
Fri Jan 8 11:32:42 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root
due to insecure tmp file usage. (bsc#1180669)
Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary
files.
-------------------------------------------------------------------
Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly <varkoly@suse.com>
- Remove Berkeley DB dependency (JIRA#SLE-12190)
The packages cyrus-sasl and cyrus-sasl-saslauthd are built
without Berkely DB support. gdbm will be used instead of BDB.
The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
with Berkely DB support.
- Update to 2.1.27
* Added support for OpenSSL 1.1
* Added support for lmdb
* Lots of build fixes
* Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
* DIGEST-MD5 plugin:
Fixed memory leaks
Fixed a segfault when looking for non-existent reauth cache
Prevent client from going from step 3 back to step 2
Allow cmusaslsecretDIGEST-MD5 property to be disabled
* GSSAPI plugin:
Added support for retrieving negotiated SSF
Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
Properly compute maxbufsize AFTER security layers have been set
* SCRAM plugin:
Added support for SCRAM-SHA-256
* LOGIN plugin:
Dont prompt client for password until requested by server
* NTLM plugin:
Fixed crash due to uninitialized HMAC context
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- bsc#983938 `After=syslog.target` left-overs in several unit files
- added patches:
fix_libpq-fe_include.diff for fixing including libpq-fe.h
- removed patches obsoleted by upstream changes:
* shared_link_on_ppc.patch
* cyrus-sasl-2.1.27-openssl-1.1.0.patch
* 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* 0003-Check-return-error-from-gss_wrap_size_limit.patch
* 0004-Add-support-for-retrieving-the-mech_ssf.patch
* 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
* cyrus-sasl-fix-logging-in-gssapi.patch
-------------------------------------------------------------------
Thu Feb 6 17:50:21 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
* Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
* Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
* Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
-------------------------------------------------------------------
Thu Nov 28 20:07:43 UTC 2019 - Michael Ströder <michael@stroeder.com>
- added backport-patch cyrus-sasl-bug587.patch which fixes
off-by-one error in _sasl_add_string function
(see CVE-2019-19906 bsc#1159635)
-------------------------------------------------------------------
Mon Feb 4 15:13:25 UTC 2019 - Peter Varkoly <varkoly@suse.com>
- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1"
By server context the connection will be sent to the log function.
Client content does not have log level information. I.e. there is no
way to stop DEBUG level logs nece I've removed it.
* add cyrus-sasl-fix-logging-in-gssapi.patch
-------------------------------------------------------------------
Mon Sep 4 10:01:17 UTC 2017 - vcizek@suse.com
- OpenSSL 1.1 support (bsc#1055463)
* add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora
-------------------------------------------------------------------
Wed Mar 22 09:56:37 UTC 2017 - michael@stroeder.com
- added cyrus-sasl-issue-402.patch to fix
SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402
(see https://github.com/cyrusimap/cyrus-sasl/issues/402)
-------------------------------------------------------------------
Tue Mar 7 11:31:23 UTC 2017 - varkoly@suse.com
- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5
-------------------------------------------------------------------
Wed Dec 9 20:15:40 UTC 2015 - bwiedemann@suse.com
- really use SASLAUTHD_PARAMS variable (bnc#938657)
-------------------------------------------------------------------
Tue Jan 6 19:02:33 UTC 2015 - varkoly@suse.com
- bnc#908883 cyrus-sasl-scram refers to wrong RFC
-------------------------------------------------------------------
Thu Nov 27 09:08:36 UTC 2014 - jengelh@inai.de
- Make sure /usr/sbin/rcsaslauthd exists
-------------------------------------------------------------------
Tue Sep 23 13:57:46 UTC 2014 - varkoly@suse.com
- bnc#897837 saslauthd package has no config
-------------------------------------------------------------------
Tue Jul 29 23:31:35 UTC 2014 - sfalken@opensuse.org
- Changed --with-saslauthd=/var/run/sasl2 in %build to /run/sasl2 to clear rpmlint check failure
-------------------------------------------------------------------
Sat Jul 19 12:54:50 UTC 2014 - p.drouand@gmail.com
- Remove insserv dependency; it's unneeded with systemd' systems
- Remove insserv and fillup dependency in cyrus-sasl package; there
is neither sysconfig or init file
-------------------------------------------------------------------
Fri Jun 13 11:03:45 UTC 2014 - ckornacker@suse.com
- Revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9
cyrus-sasl-revert_gssapi_flags.patch (bnc#775279)
-------------------------------------------------------------------
Tue Apr 1 10:32:37 UTC 2014 - varkoly@suse.com
- bnc#871183 - cyrus-sasl-saslauthd service file is missing parameter 'Restart=always'
-------------------------------------------------------------------
Sat Nov 2 20:47:58 UTC 2013 - jengelh@inai.de
- Implement shlib packaging guidelines: make subpackage libsasl2-3.
(All other .so files are _server_ plugins AFAICS, loaded via
dlopen.)
- Ensure directories are owned by packages and thus get torn down
on package removal
-------------------------------------------------------------------
Sat Oct 5 19:10:55 UTC 2013 - tchvatal@suse.com
- Put back the .so files to sasl auth packages from devel file.
The .so files are read by some application instead of full path
so in order for auth to work this files must be available
-------------------------------------------------------------------
Sun Sep 29 08:11:05 UTC 2013 - tittiatcoke@gmail.com
- Add patch fix-sasl-header.diff to resolve build issues that
are failing due to typedef 'sasl_malloc_t' is initialized.
(see gentoo#458870, fedora#906519)
-------------------------------------------------------------------
Wed Sep 11 07:16:23 UTC 2013 - jcnengel@gmail.com
- Removed server side service to comply with Factory rules
-------------------------------------------------------------------
Tue Sep 3 22:07:15 UTC 2013 - jcnengel@gmail.com
- Update to 2.1.26
* Modernize SASL malloc/realloc callback prototypes
* Added sasl_config_done() to plug a memory leak when using an application specific config file
* Fixed PLAIN/LOGIN authentication failure when using saslauthd with no auxprop plugins (bug # 3590).
* unlock the mutex in sasl_dispose if the context was freed by another thread
* MINGW32 compatibility patches
* Fixed broken logic in get_fqhostname() when abort_if_no_fqdn is 0
* Fixed some memory leaks in libsasl
- GSSAPI plugin:
+ Fixed a segfault in gssapi.c introduced in 2.1.25.
+ Code refactoring
+ Added support for GSS-SPNEGO SASL mechanism (Unix only), which is also HTTP capable
- GS2 plugin:
+ Updated GS2 plugin not to lose minor GSS-API status codes on errors
- DIGEST-MD5 plugin:
+ Correctly send "stale" directive to prevent clients from (re)promtping for password
+ Better handling of HTTP reauthentication cases
+ fixed some memory leaks
- SASLDB plugin:
+ Added support for BerkleyDB 5.X or later
- OTP plugin:
+ Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications
- SRP plugin:
+ Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications
- saslauthd:
+ auth_rimap.c: qstring incorrectly appending the closing double quote, which might be causing crashes
+ auth_rimap.c: read the whole IMAP greeting
+ better error reporting from some drivers
+ fixed some memory leaks
- New BuildRequires for pkgconfig since pkgconfig file is generated
- Removed patches that do no longer apply
* cyrus-sasl-gcc4.patch (integrated upstream)
* cyrus-sasl-gs2-not-overwrite-minor-error-code.dif (integrated upstream)
* gssapi-null-deref.dif (integrated upstream)
* Fix-abort_if_no_fqdn-behavior.patch (integrated upstream)
* cyrus-sasl-db6.diff (integrated upstream)
- Move *.so files into devel package
-------------------------------------------------------------------
Fri Jul 26 13:09:51 UTC 2013 - obs@botter.cc
- Fix for bnc#827230 and #784705, fix patch as described in
#827230, typo in patch from request 112480 (remove rpath,
Apr 4 2012), preventing sql auxprop plugin to work
-------------------------------------------------------------------
Fri Jun 14 00:41:55 UTC 2013 - jengelh@inai.de
- Add cyrus-sasl-db6.diff to fix compile abort with db >= 5
- Simpler delete of .la files with find
-------------------------------------------------------------------
Mon Aug 13 07:55:11 UTC 2012 - rhafer@suse.de
- Include fix for Cyrus SASL Bug#3589: When abort_if_no_fqdn is 0,
a getaddrinfo failure should be ignored, as long as gethostname()
succeeded. (bnc#771983)
-------------------------------------------------------------------
Wed May 9 21:47:48 UTC 2012 - crrodriguez@opensuse.org
- Ensure libraries and tools are built with LFS and include
config.h in all C files.
-------------------------------------------------------------------
Wed Apr 4 14:13:36 UTC 2012 - dvaleev@suse.com
- remove rpath
-------------------------------------------------------------------
Wed Jan 18 13:06:00 UTC 2012 - aj@suse.de
- Move some doc files to devel package and to cyrus-sasl-saslauthd.
-------------------------------------------------------------------
Fri Nov 25 10:05:58 UTC 2011 - rhafer@suse.de
- Removed debug printfs from cyrus-sasl.dif, added by accident
- Updated cyrus-sasl-gs2-not-overwrite-minor-error-code.dif with
latest upstream improvements
-------------------------------------------------------------------
Wed Nov 16 09:22:32 UTC 2011 - rhafer@suse.de
- Update to 2.1.25:
* Added support for channel bindings
* Added support for ordering SASL mechanisms by strength (on
the client side), or using the "client_mech_list" option.
* Allow DIGEST-MD5 plugin to be used for client-side and
server-side HTTP Digest, including running over non-persistent
connections (RFC 2617)
* New SASL plugins: SCRAM and GS2
* Fixed a crash caused by aborted SASL authentication
and initiation of another one using the same SASL context.
* Various improvements to DIGEST-MD5 to improve interoperability
with some slightly broken clients
- cleanup
* removed old dependencies still related to cyrus-sasl2
* plugins now depend on the exact cyrus-sasl version
* use autoreconf instead of calling all tools manually
-------------------------------------------------------------------
Fri Sep 30 20:07:52 UTC 2011 - coolo@suse.com
- add libtool as buildrequire to make the spec file more reliable
-------------------------------------------------------------------
Sun Sep 18 00:16:04 UTC 2011 - jengelh@medozas.de
- Remove redundant tags/sections from specfile
-------------------------------------------------------------------
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
- use %_smp_mflags
-------------------------------------------------------------------
Mon Jun 7 06:15:02 UTC 2010 - coolo@novell.com
- add dependency to avoid broken parallel make
-------------------------------------------------------------------
Mon May 10 12:53:14 UTC 2010 - rhafer@novell.com
- Fixed attributes of /var/run/sasl2 in filelist
-------------------------------------------------------------------
Wed Apr 28 09:24:11 UTC 2010 - rhafer@novell.com
- Removed the /var/run/sasl2 directory from cyrus-sasl.spec.
It will now be created on demand by the saslauthd init script.
- Adjusted init script headers to silence rpmlint warning/errors.
-------------------------------------------------------------------
Mon Dec 14 17:15:20 CET 2009 - jengelh@medozas.de
- add baselibs.conf as a source
-------------------------------------------------------------------
Mon Nov 23 10:57:47 UTC 2009 - rhafer@novell.com
- Fixed linker arguments for ldap- and sql-auxprop plugins
(bnc#555568)
-------------------------------------------------------------------
Mon Jul 20 16:20:35 CEST 2009 - coolo@novell.com
- build against krb5-mini to avoid build cycle
-------------------------------------------------------------------
Fri May 15 14:23:03 CEST 2009 - rhafer@novell.com
- Update to 2.1.23, the only change is a fix for a potential buffer
overflow in sasl_encode64() (bnc#499104, CVE-2009-0688)
- Imported some automake/libtool fixes from upstream cvs
-------------------------------------------------------------------
Mon Mar 2 21:28:09 CET 2009 - crrodriguez@suse.de
- fix build with GCC 4.4
- remove all "la" files
-------------------------------------------------------------------
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)
-------------------------------------------------------------------
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
-------------------------------------------------------------------
Mon Aug 18 10:32:31 CEST 2008 - rhafer@suse.de
- Fixed init-scripts Required-Stop Tags
-------------------------------------------------------------------
Tue Jul 29 15:15:25 CEST 2008 - rhafer@suse.de
- Enhance sysconfig file and init script to allow to pass arbitrary
parameters to saslauthd (bnc#397808)
- Fixed description of the SASLAUTHD_THREADS sysconfig option.
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
-------------------------------------------------------------------
Fri Mar 28 09:45:45 CET 2008 - rhafer@suse.de
- Moved "Version:" up to the top to make versioned
Obsoletes/Requires work correctly.
-------------------------------------------------------------------
Wed Mar 26 16:06:15 CET 2008 - rhafer@suse.de
- Enabled NTLM authentication plugin (bnc#343665), created new
subpackage cyrus-sasl-ntlm
- Replaced %run_ldconfig macro as suggested by rpmlint
- Replaced unversioned Obsoltes/Provides with versioned ones
- Removed unneeded Split-Provides
-------------------------------------------------------------------
Fri Oct 26 16:40:22 CEST 2007 - rhafer@suse.de
- Fixed some RPMLINT complaints
- re-enabled accidently disabled "kerberos5" authmech for saslauthd
(Bug #335754)
-------------------------------------------------------------------
Tue Mar 20 10:13:29 CET 2007 - rhafer@suse.de
- Add SASLAUTHD_THREADS to /etc/sysconfig/saslauthd to be able to
set the number of threads that saslauthd should spawn
(Bug #199114)
-------------------------------------------------------------------
Fri Oct 27 13:20:59 CEST 2006 - rhafer@suse.de
- Use /etc/sasl2/ as directory for config files of services
%{_libdir} can still be used for backwards compatibilty
(Bug #206414)
-------------------------------------------------------------------
Mon Sep 25 16:21:55 CEST 2006 - rhafer@suse.de
- Remove unneeded automake/autoheader calls
-------------------------------------------------------------------
Mon Sep 11 12:56:51 CEST 2006 - rhafer@suse.de
- Build -sqlauxprop from cyrus-sasl-saslauthd.spec to reduce
BuildRequires of cyrus-sasl.spec
- Removed unneeded openldap2 from BuildRequires of
cyrus-sasl-saslauthd
-------------------------------------------------------------------
Tue Aug 29 12:47:43 CEST 2006 - rhafer@suse.de
- Enabled the ldapdb auxprop plugin and created new subpackage
cyrus-sasl-ldap-auxprop for it (Bug #201478)
-------------------------------------------------------------------
Fri Aug 25 14:47:35 CEST 2006 - rhafer@suse.de
- remove saslauthd man-page from cyrus-sasl package to solve
confict with -saslauthd subpackage (Bug #200490)
-------------------------------------------------------------------
Fri Jun 2 11:33:04 CEST 2006 - rhafer@suse.de
- updated to 2.1.22
* new pluginviewer utility for reporting information about client
and server side authentication plugins and auxprop plugins
(e.g. supported features, methods, etc.).
* Added support for HTTP POST password validation in saslauthd
- rename SuSE.tar.gz to cyrus-sasl-rc.tar.gz to avoid name
collision with other packages in src.rpm (Bug #98188)
- include "crypt.h" in auth_shadow.c to avoid possible crash in
saslauthd (Bug #179621)
-------------------------------------------------------------------
Mon Apr 3 15:10:49 CEST 2006 - rhafer@suse.de
- remove dlcompat-20010505 from tarball because of legal risk and
documented this in README.Source (Bug: #161390)
- added check for dlcompat-20010505 to the spec file
-------------------------------------------------------------------
Wed Jan 25 21:30:05 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Wed Nov 23 13:48:56 CET 2005 - choeger@suse.de
- Bugfix ID#134491, cyrus-sasl-sqlauxprop is not linked against any database
-------------------------------------------------------------------
Mon Sep 26 01:46:48 CEST 2005 - ro@suse.de
- added LDAP_DEPRECATED to CFLAGS
-------------------------------------------------------------------
Wed Jul 13 17:07:50 CEST 2005 - choeger@suse.de
- use /dev/urandom instead of /dev/random, see
http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/POP3DevRandomIssue
for an explanation
- removed the useless .la files from rpm
-------------------------------------------------------------------
Tue May 17 18:42:14 CEST 2005 - choeger@suse.de
- update to version 2.1.21
-------------------------------------------------------------------
Mon Mar 14 19:46:51 CET 2005 - choeger@suse.de
- now also build the sql auxprop plugin; created new subpackage
cyrus-sasl-sqlauxprop
-------------------------------------------------------------------
Fri Feb 25 17:24:12 CET 2005 - uli@suse.de
- better GCC4 fix
-------------------------------------------------------------------
Fri Feb 25 14:40:12 CET 2005 - uli@suse.de
- fixed to build with GCC4
-------------------------------------------------------------------
Tue Nov 2 20:47:23 CET 2004 - mmj@suse.de
- Get rid of .cvsignore files