From 1284bc3de0afe0e58f991b731bacf2a050868fb0ab9711677e8f424cd5d797a8 Mon Sep 17 00:00:00 2001 From: Peter Varkoly Date: Tue, 15 Dec 2020 10:40:10 +0000 Subject: [PATCH] Accepting request 854346 from home:varkoly:branches:network MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Remove Berkeley DB dependency (JIRA#SLE-12190) The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build without Berkely DB support. gdbm will be used instead of BDB. The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build with Berkely DB support. - Update to 2.1.27 * Added support for OpenSSL 1.1 * Added support for lmdb * Lots of build fixes * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech * DIGEST-MD5 plugin: Fixed memory leaks Fixed a segfault when looking for non-existent reauth cache Prevent client from going from step 3 back to step 2 Allow cmusaslsecretDIGEST-MD5 property to be disabled * GSSAPI plugin: Added support for retrieving negotiated SSF Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF Properly compute maxbufsize AFTER security layers have been set * SCRAM plugin: Added support for SCRAM-SHA-256 * LOGIN plugin: Don’t prompt client for password until requested by server * NTLM plugin: Fixed crash due to uninitialized HMAC context - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - bsc#983938 `After=syslog.target` left-overs in several unit files - added patches: fix_libpq-fe_include.diff for fixing including libpq-fe.h OBS-URL: https://build.opensuse.org/request/show/854346 OBS-URL: https://build.opensuse.org/package/show/network/cyrus-sasl?expand=0&rev=82 --- cyrus-sasl-bdb.changes | 806 +++++++++++++++++++++++++++++++ cyrus-sasl-bdb.spec | 274 +++++++++++ cyrus-sasl-saslauthd-bdb.changes | 806 +++++++++++++++++++++++++++++++ cyrus-sasl-saslauthd-bdb.spec | 174 +++++++ cyrus-sasl-saslauthd.changes | 100 ++-- cyrus-sasl-saslauthd.spec | 4 +- cyrus-sasl.changes | 69 ++- cyrus-sasl.spec | 4 +- pre_checkin.sh | 5 + 9 files changed, 2173 insertions(+), 69 deletions(-) create mode 100644 cyrus-sasl-bdb.changes create mode 100644 cyrus-sasl-bdb.spec create mode 100644 cyrus-sasl-saslauthd-bdb.changes create mode 100644 cyrus-sasl-saslauthd-bdb.spec diff --git a/cyrus-sasl-bdb.changes b/cyrus-sasl-bdb.changes new file mode 100644 index 0000000..f963525 --- /dev/null +++ b/cyrus-sasl-bdb.changes @@ -0,0 +1,806 @@ +------------------------------------------------------------------- +Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly + +- Remove Berkeley DB dependency (JIRA#SLE-12190) + The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build + without Berkely DB support. gdbm will be used instead of BDB. + The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build + with Berkely DB support. +- Update to 2.1.27 + * Added support for OpenSSL 1.1 + * Added support for lmdb + * Lots of build fixes + * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech + * DIGEST-MD5 plugin: + Fixed memory leaks + Fixed a segfault when looking for non-existent reauth cache + Prevent client from going from step 3 back to step 2 + Allow cmusaslsecretDIGEST-MD5 property to be disabled + * GSSAPI plugin: + Added support for retrieving negotiated SSF + Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF + Properly compute maxbufsize AFTER security layers have been set + * SCRAM plugin: + Added support for SCRAM-SHA-256 + * LOGIN plugin: + Don’t prompt client for password until requested by server + * NTLM plugin: + Fixed crash due to uninitialized HMAC context +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) +- bsc#983938 `After=syslog.target` left-overs in several unit files +- added patches: + fix_libpq-fe_include.diff for fixing including libpq-fe.h + +- removed patches obsoleted by upstream changes: + * shared_link_on_ppc.patch + * cyrus-sasl-2.1.27-openssl-1.1.0.patch + * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * 0003-Check-return-error-from-gss_wrap_size_limit.patch + * 0004-Add-support-for-retrieving-the-mech_ssf.patch + * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + * cyrus-sasl-fix-logging-in-gssapi.patch + +------------------------------------------------------------------- +Thu Feb 6 17:50:21 UTC 2020 - Samuel Cabrero + +- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) + * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch + * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch +- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) + * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + +------------------------------------------------------------------- +Thu Nov 28 20:07:43 UTC 2019 - Michael Ströder + +- added backport-patch cyrus-sasl-bug587.patch which fixes + off-by-one error in _sasl_add_string function + (see CVE-2019-19906 bsc#1159635) + +------------------------------------------------------------------- +Mon Feb 4 15:13:25 UTC 2019 - Peter Varkoly + +- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1" + By server context the connection will be sent to the log function. + Client content does not have log level information. I.e. there is no + way to stop DEBUG level logs nece I've removed it. + * add cyrus-sasl-fix-logging-in-gssapi.patch + +------------------------------------------------------------------- +Mon Sep 4 10:01:17 UTC 2017 - vcizek@suse.com + +- OpenSSL 1.1 support (bsc#1055463) + * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora + +------------------------------------------------------------------- +Wed Mar 22 09:56:37 UTC 2017 - michael@stroeder.com + +- added cyrus-sasl-issue-402.patch to fix + SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402 + (see https://github.com/cyrusimap/cyrus-sasl/issues/402) + +------------------------------------------------------------------- +Tue Mar 7 11:31:23 UTC 2017 - varkoly@suse.com + +- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5 + +------------------------------------------------------------------- +Wed Dec 9 20:15:40 UTC 2015 - bwiedemann@suse.com + +- really use SASLAUTHD_PARAMS variable (bnc#938657) + +------------------------------------------------------------------- +Tue Jan 6 19:02:33 UTC 2015 - varkoly@suse.com + +- bnc#908883 cyrus-sasl-scram refers to wrong RFC + +------------------------------------------------------------------- +Thu Nov 27 09:08:36 UTC 2014 - jengelh@inai.de + +- Make sure /usr/sbin/rcsaslauthd exists + +------------------------------------------------------------------- +Tue Sep 23 13:57:46 UTC 2014 - varkoly@suse.com + +- bnc#897837 saslauthd package has no config + +------------------------------------------------------------------- +Tue Jul 29 23:31:35 UTC 2014 - sfalken@opensuse.org + +- Changed --with-saslauthd=/var/run/sasl2 in %build to /run/sasl2 to clear rpmlint check failure + +------------------------------------------------------------------- +Sat Jul 19 12:54:50 UTC 2014 - p.drouand@gmail.com + +- Remove insserv dependency; it's unneeded with systemd' systems +- Remove insserv and fillup dependency in cyrus-sasl package; there + is neither sysconfig or init file + +------------------------------------------------------------------- +Fri Jun 13 11:03:45 UTC 2014 - ckornacker@suse.com + +- Revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9 + cyrus-sasl-revert_gssapi_flags.patch (bnc#775279) + +------------------------------------------------------------------- +Tue Apr 1 10:32:37 UTC 2014 - varkoly@suse.com + +- bnc#871183 - cyrus-sasl-saslauthd service file is missing parameter 'Restart=always' + +------------------------------------------------------------------- +Sat Nov 2 20:47:58 UTC 2013 - jengelh@inai.de + +- Implement shlib packaging guidelines: make subpackage libsasl2-3. + (All other .so files are _server_ plugins AFAICS, loaded via + dlopen.) +- Ensure directories are owned by packages and thus get torn down + on package removal + +------------------------------------------------------------------- +Sat Oct 5 19:10:55 UTC 2013 - tchvatal@suse.com + +- Put back the .so files to sasl auth packages from devel file. + The .so files are read by some application instead of full path + so in order for auth to work this files must be available + +------------------------------------------------------------------- +Sun Sep 29 08:11:05 UTC 2013 - tittiatcoke@gmail.com + +- Add patch fix-sasl-header.diff to resolve build issues that + are failing due to typedef 'sasl_malloc_t' is initialized. + (see gentoo#458870, fedora#906519) + +------------------------------------------------------------------- +Wed Sep 11 07:16:23 UTC 2013 - jcnengel@gmail.com + +- Removed server side service to comply with Factory rules + +------------------------------------------------------------------- +Tue Sep 3 22:07:15 UTC 2013 - jcnengel@gmail.com + +- Update to 2.1.26 + * Modernize SASL malloc/realloc callback prototypes + * Added sasl_config_done() to plug a memory leak when using an application specific config file + * Fixed PLAIN/LOGIN authentication failure when using saslauthd with no auxprop plugins (bug # 3590). + * unlock the mutex in sasl_dispose if the context was freed by another thread + * MINGW32 compatibility patches + * Fixed broken logic in get_fqhostname() when abort_if_no_fqdn is 0 + * Fixed some memory leaks in libsasl + - GSSAPI plugin: + + Fixed a segfault in gssapi.c introduced in 2.1.25. + + Code refactoring + + Added support for GSS-SPNEGO SASL mechanism (Unix only), which is also HTTP capable + - GS2 plugin: + + Updated GS2 plugin not to lose minor GSS-API status codes on errors + - DIGEST-MD5 plugin: + + Correctly send "stale" directive to prevent clients from (re)promtping for password + + Better handling of HTTP reauthentication cases + + fixed some memory leaks + - SASLDB plugin: + + Added support for BerkleyDB 5.X or later + - OTP plugin: + + Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications + - SRP plugin: + + Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications + - saslauthd: + + auth_rimap.c: qstring incorrectly appending the closing double quote, which might be causing crashes + + auth_rimap.c: read the whole IMAP greeting + + better error reporting from some drivers + + fixed some memory leaks +- New BuildRequires for pkgconfig since pkgconfig file is generated +- Removed patches that do no longer apply + * cyrus-sasl-gcc4.patch (integrated upstream) + * cyrus-sasl-gs2-not-overwrite-minor-error-code.dif (integrated upstream) + * gssapi-null-deref.dif (integrated upstream) + * Fix-abort_if_no_fqdn-behavior.patch (integrated upstream) + * cyrus-sasl-db6.diff (integrated upstream) +- Move *.so files into devel package + +------------------------------------------------------------------- +Fri Jul 26 13:09:51 UTC 2013 - obs@botter.cc + +- Fix for bnc#827230 and #784705, fix patch as described in + #827230, typo in patch from request 112480 (remove rpath, + Apr 4 2012), preventing sql auxprop plugin to work + +------------------------------------------------------------------- +Fri Jun 14 00:41:55 UTC 2013 - jengelh@inai.de + +- Add cyrus-sasl-db6.diff to fix compile abort with db >= 5 +- Simpler delete of .la files with find + +------------------------------------------------------------------- +Mon Aug 13 07:55:11 UTC 2012 - rhafer@suse.de + +- Include fix for Cyrus SASL Bug#3589: When abort_if_no_fqdn is 0, + a getaddrinfo failure should be ignored, as long as gethostname() + succeeded. (bnc#771983) + +------------------------------------------------------------------- +Wed May 9 21:47:48 UTC 2012 - crrodriguez@opensuse.org + +- Ensure libraries and tools are built with LFS and include + config.h in all C files. + +------------------------------------------------------------------- +Wed Apr 4 14:13:36 UTC 2012 - dvaleev@suse.com + +- remove rpath + +------------------------------------------------------------------- +Wed Jan 18 13:06:00 UTC 2012 - aj@suse.de + +- Move some doc files to devel package and to cyrus-sasl-saslauthd. + +------------------------------------------------------------------- +Fri Nov 25 10:05:58 UTC 2011 - rhafer@suse.de + +- Removed debug printfs from cyrus-sasl.dif, added by accident +- Updated cyrus-sasl-gs2-not-overwrite-minor-error-code.dif with + latest upstream improvements + +------------------------------------------------------------------- +Wed Nov 16 09:22:32 UTC 2011 - rhafer@suse.de + +- Update to 2.1.25: + * Added support for channel bindings + * Added support for ordering SASL mechanisms by strength (on + the client side), or using the "client_mech_list" option. + * Allow DIGEST-MD5 plugin to be used for client-side and + server-side HTTP Digest, including running over non-persistent + connections (RFC 2617) + * New SASL plugins: SCRAM and GS2 + * Fixed a crash caused by aborted SASL authentication + and initiation of another one using the same SASL context. + * Various improvements to DIGEST-MD5 to improve interoperability + with some slightly broken clients +- cleanup + * removed old dependencies still related to cyrus-sasl2 + * plugins now depend on the exact cyrus-sasl version + * use autoreconf instead of calling all tools manually + +------------------------------------------------------------------- +Fri Sep 30 20:07:52 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Sun Sep 18 00:16:04 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon Jun 7 06:15:02 UTC 2010 - coolo@novell.com + +- add dependency to avoid broken parallel make + +------------------------------------------------------------------- +Mon May 10 12:53:14 UTC 2010 - rhafer@novell.com + +- Fixed attributes of /var/run/sasl2 in filelist + +------------------------------------------------------------------- +Wed Apr 28 09:24:11 UTC 2010 - rhafer@novell.com + +- Removed the /var/run/sasl2 directory from cyrus-sasl.spec. + It will now be created on demand by the saslauthd init script. +- Adjusted init script headers to silence rpmlint warning/errors. + +------------------------------------------------------------------- +Mon Dec 14 17:15:20 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Mon Nov 23 10:57:47 UTC 2009 - rhafer@novell.com + +- Fixed linker arguments for ldap- and sql-auxprop plugins + (bnc#555568) + +------------------------------------------------------------------- +Mon Jul 20 16:20:35 CEST 2009 - coolo@novell.com + +- build against krb5-mini to avoid build cycle + +------------------------------------------------------------------- +Fri May 15 14:23:03 CEST 2009 - rhafer@novell.com + +- Update to 2.1.23, the only change is a fix for a potential buffer + overflow in sasl_encode64() (bnc#499104, CVE-2009-0688) +- Imported some automake/libtool fixes from upstream cvs + +------------------------------------------------------------------- +Mon Mar 2 21:28:09 CET 2009 - crrodriguez@suse.de + +- fix build with GCC 4.4 +- remove all "la" files + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Oct 30 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Mon Aug 18 10:32:31 CEST 2008 - rhafer@suse.de + +- Fixed init-scripts Required-Stop Tags + +------------------------------------------------------------------- +Tue Jul 29 15:15:25 CEST 2008 - rhafer@suse.de + +- Enhance sysconfig file and init script to allow to pass arbitrary + parameters to saslauthd (bnc#397808) +- Fixed description of the SASLAUTHD_THREADS sysconfig option. + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Mar 28 09:45:45 CET 2008 - rhafer@suse.de + +- Moved "Version:" up to the top to make versioned + Obsoletes/Requires work correctly. + +------------------------------------------------------------------- +Wed Mar 26 16:06:15 CET 2008 - rhafer@suse.de + +- Enabled NTLM authentication plugin (bnc#343665), created new + subpackage cyrus-sasl-ntlm +- Replaced %run_ldconfig macro as suggested by rpmlint +- Replaced unversioned Obsoltes/Provides with versioned ones +- Removed unneeded Split-Provides + +------------------------------------------------------------------- +Fri Oct 26 16:40:22 CEST 2007 - rhafer@suse.de + +- Fixed some RPMLINT complaints +- re-enabled accidently disabled "kerberos5" authmech for saslauthd + (Bug #335754) + +------------------------------------------------------------------- +Tue Mar 20 10:13:29 CET 2007 - rhafer@suse.de + +- Add SASLAUTHD_THREADS to /etc/sysconfig/saslauthd to be able to + set the number of threads that saslauthd should spawn + (Bug #199114) + +------------------------------------------------------------------- +Fri Oct 27 13:20:59 CEST 2006 - rhafer@suse.de + +- Use /etc/sasl2/ as directory for config files of services + %{_libdir} can still be used for backwards compatibilty + (Bug #206414) + +------------------------------------------------------------------- +Mon Sep 25 16:21:55 CEST 2006 - rhafer@suse.de + +- Remove unneeded automake/autoheader calls + +------------------------------------------------------------------- +Mon Sep 11 12:56:51 CEST 2006 - rhafer@suse.de + +- Build -sqlauxprop from cyrus-sasl-saslauthd.spec to reduce + BuildRequires of cyrus-sasl.spec +- Removed unneeded openldap2 from BuildRequires of + cyrus-sasl-saslauthd + +------------------------------------------------------------------- +Tue Aug 29 12:47:43 CEST 2006 - rhafer@suse.de + +- Enabled the ldapdb auxprop plugin and created new subpackage + cyrus-sasl-ldap-auxprop for it (Bug #201478) + +------------------------------------------------------------------- +Fri Aug 25 14:47:35 CEST 2006 - rhafer@suse.de + +- remove saslauthd man-page from cyrus-sasl package to solve + confict with -saslauthd subpackage (Bug #200490) + +------------------------------------------------------------------- +Fri Jun 2 11:33:04 CEST 2006 - rhafer@suse.de + +- updated to 2.1.22 + * new pluginviewer utility for reporting information about client + and server side authentication plugins and auxprop plugins + (e.g. supported features, methods, etc.). + * Added support for HTTP POST password validation in saslauthd +- rename SuSE.tar.gz to cyrus-sasl-rc.tar.gz to avoid name + collision with other packages in src.rpm (Bug #98188) +- include "crypt.h" in auth_shadow.c to avoid possible crash in + saslauthd (Bug #179621) + +------------------------------------------------------------------- +Mon Apr 3 15:10:49 CEST 2006 - rhafer@suse.de + +- remove dlcompat-20010505 from tarball because of legal risk and + documented this in README.Source (Bug: #161390) +- added check for dlcompat-20010505 to the spec file + +------------------------------------------------------------------- +Wed Jan 25 21:30:05 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Nov 23 13:48:56 CET 2005 - choeger@suse.de + +- Bugfix ID#134491, cyrus-sasl-sqlauxprop is not linked against any database + +------------------------------------------------------------------- +Mon Sep 26 01:46:48 CEST 2005 - ro@suse.de + +- added LDAP_DEPRECATED to CFLAGS + +------------------------------------------------------------------- +Wed Jul 13 17:07:50 CEST 2005 - choeger@suse.de + +- use /dev/urandom instead of /dev/random, see + http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/POP3DevRandomIssue + for an explanation +- removed the useless .la files from rpm + +------------------------------------------------------------------- +Tue May 17 18:42:14 CEST 2005 - choeger@suse.de + +- update to version 2.1.21 + +------------------------------------------------------------------- +Mon Mar 14 19:46:51 CET 2005 - choeger@suse.de + +- now also build the sql auxprop plugin; created new subpackage + cyrus-sasl-sqlauxprop + +------------------------------------------------------------------- +Fri Feb 25 17:24:12 CET 2005 - uli@suse.de + +- better GCC4 fix + +------------------------------------------------------------------- +Fri Feb 25 14:40:12 CET 2005 - uli@suse.de + +- fixed to build with GCC4 + +------------------------------------------------------------------- +Tue Nov 2 20:47:23 CET 2004 - mmj@suse.de + +- Get rid of .cvsignore files +- Don't remove buildroot before install + +------------------------------------------------------------------- +Mon Oct 25 11:47:36 CEST 2004 - choeger@suse.de + +- update to version 2.1.20 + +------------------------------------------------------------------- +Wed Oct 6 15:00:16 CEST 2004 - choeger@suse.de + +- Bugfix ID#46847 - VUL-0: SASL environment variable local root + +------------------------------------------------------------------- +Mon Sep 20 15:54:37 CEST 2004 - choeger@suse.de + +- package binaries of sample-client and -server instead of + shell wrappers (which do not work) + +------------------------------------------------------------------- +Fri Sep 17 11:20:28 CEST 2004 - choeger@suse.de + +- removed saslauthd from cyrus-sasl requires, as it is only + needed on a "server" side and also not in every case (buildin + mechanisms as CRAM- or DIGEST-MD5 do not need it) +- added split-provides for saslauthd + +------------------------------------------------------------------- +Mon Sep 6 13:37:56 CEST 2004 - choeger@suse.de + +- added testsaslauthd to filelist +- removed saslauthd and insserv makros from cyrus-sasl.spec + +------------------------------------------------------------------- +Fri Sep 3 13:14:02 CEST 2004 - choeger@suse.de + +- splitted up cyrus-sasl-saslauthd.spec, to resolve the cyclic + dependency openldap2 <-> cyrus-sasl with saslauthd having + LDAP support + +------------------------------------------------------------------- +Tue Aug 31 11:55:28 CEST 2004 - choeger@suse.de + +- removed update messages and implemented "split-provides" + instead + +------------------------------------------------------------------- +Tue Aug 31 10:12:22 CEST 2004 - choeger@suse.de + +- added LDAP support for saslauthd, Bugzilla ID#44051 + +------------------------------------------------------------------- +Mon Aug 30 13:54:01 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#44346 - still using /var/adm/notify + now using new update messages mechanism +- added sample/client sample/server to file list + +------------------------------------------------------------------- +Thu Jul 15 13:50:15 CEST 2004 - choeger@suse.de + +- update to version 2.1.19 + +------------------------------------------------------------------- +Tue Jun 15 11:30:48 CEST 2004 - choeger@suse.de + +- bugfix id#39245 - cyrus-sasl includes straycat man page + +------------------------------------------------------------------- +Fri Mar 12 17:57:06 CET 2004 - choeger@suse.de + +- update to version 2.1.18 (Bugfix Release) + +------------------------------------------------------------------- +Tue Jan 27 15:39:57 CET 2004 - choeger@suse.de + +- Bugfix ID#34159 - cyrus-sasl: world-writeable rpath + +------------------------------------------------------------------- +Thu Jan 22 12:28:34 CET 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#34019, notice users about the fact, that + cyrus-sasl has been splitted into subpackages + +------------------------------------------------------------------- +Fri Jan 16 13:08:08 CET 2004 - kukuk@suse.de + +- Add pam-devel to neededforbuild + +------------------------------------------------------------------- +Tue Dec 2 10:11:37 CET 2003 - choeger@suse.de + +- update to version 2.1.17 + +------------------------------------------------------------------- +Fri Oct 31 16:59:33 CET 2003 - choeger@suse.de + +- Don't build as root + +------------------------------------------------------------------- +Fri Oct 17 22:23:19 CEST 2003 - kukuk@suse.de + +- Remove unused des from neededforbuild + +------------------------------------------------------------------- +Tue Sep 16 13:13:09 CEST 2003 - kukuk@suse.de + +- Add missing Provides [Bug #31005] + +------------------------------------------------------------------- +Mon Sep 1 13:26:43 CEST 2003 - choeger@suse.de + +- removed "-u root" from startproc as it always failes +- removed link to doc/components.html from doc/index.html as + components.html does not exist (Bugzilla ID#29253) + +------------------------------------------------------------------- +Thu Aug 14 18:48:47 CEST 2003 - choeger@suse.de + +- Bugfix Bugzilla ID#28932: + missing activation metadata in sysconfig template + +------------------------------------------------------------------- +Wed Jul 30 13:27:05 CEST 2003 - choeger@suse.de + +- new macros for stop/restart of services on rpm update/removal + +------------------------------------------------------------------- +Tue Jul 15 18:52:11 CEST 2003 - choeger@suse.de + +- update to version 2.1.15 + +------------------------------------------------------------------- +Mon Jun 30 18:04:22 CEST 2003 - choeger@suse.de + +- update to version 2.1.14 + +------------------------------------------------------------------- +Wed Jun 18 12:03:48 CEST 2003 - ro@suse.de + +- use kerberos-devel-packages in neededforbuild + +------------------------------------------------------------------- +Fri Jun 13 10:25:14 CEST 2003 - kukuk@suse.de + +- Add missing directory to filelist + +------------------------------------------------------------------- +Fri May 9 09:54:05 CEST 2003 - choeger@suse.de + +- use -ldb instead of -ldb-x.y to manually link the + dbconverter + +------------------------------------------------------------------- +Tue May 6 14:37:14 CEST 2003 - choeger@suse.de + +- update to version 2.1.13 + +------------------------------------------------------------------- +Tue Apr 15 08:50:41 CEST 2003 - ro@suse.de + +- added krb4-lib,krb4-devel to neededforbuild + +------------------------------------------------------------------- +Mon Apr 7 14:56:11 CEST 2003 - choeger@suse.de + +- renamed to cyrus-sasl +- splitted libraries for the following auth methods into seperate + packages: + - crammd5 + - digestmd5 + - otp + - plain + this is to prevent from annoying warnings about missing proper + setup of mechanisms we don't use + +------------------------------------------------------------------- +Thu Mar 6 18:19:30 CET 2003 - choeger@suse.de + +- ever used dbconverter-2? Well it is just a shell script + which uses the damn compiled source tree... :-( + manually building dbconverter to let users convert their + /etc/sasldb from v1 to v2 using /usr/sbin/dbconverter + +------------------------------------------------------------------- +Thu Mar 6 17:34:18 CET 2003 - choeger@suse.de + +- as cyrus-sasl is dropped now: + provide cyrus-sasl-*, obsolete cyrus-sasl-* + (Bugzilla ID# 24762) + +------------------------------------------------------------------- +Tue Feb 4 10:48:37 CET 2003 - choeger@suse.de + +- update to cyrus-sasl-2.1.12, bug-fix release. + This release addresses a few minor build and distribution + related issues + +------------------------------------------------------------------- +Mon Feb 3 10:54:48 CET 2003 - choeger@suse.de + +- update to cyrus-sasl-2.1.11, bug-fix release. + It addresses a number of issues in the build system, a + memory leak in the doors IPC method for saslauthd, and fixes the NTLM + server side support to only require one of the LM or NT methods. + +------------------------------------------------------------------- +Thu Jan 23 11:03:56 CET 2003 - choeger@suse.de + +- don't use new libtool macros as cyrus-sasl2 seems to not + work when using them. +- added patch to compile shared libraries on ppc + +------------------------------------------------------------------- +Wed Jan 15 09:21:28 CET 2003 - kukuk@suse.de + +- Remove openldap2 from needed for build + +------------------------------------------------------------------- +Tue Jan 14 11:18:35 CET 2003 - choeger@suse.de + +- do not build the static library anymore + +------------------------------------------------------------------- +Wed Dec 11 13:15:29 CET 2002 - choeger@suse.de + +- added sysconfig metadata to sysconfig templates + +------------------------------------------------------------------- +Tue Dec 10 09:46:44 CET 2002 - choeger@suse.de + +- update to version 2.1.10 + This version corrects a number of DIGEST-MD5 + interoperability issues, as well as corrects some potential buffer + overflows. + +------------------------------------------------------------------- +Thu Oct 31 00:23:42 CET 2002 - ro@suse.de + +- make it build again + +------------------------------------------------------------------- +Tue Oct 29 15:13:35 CET 2002 - ro@suse.de + +- remove own libtool macros + +------------------------------------------------------------------- +Thu Oct 24 10:42:11 CEST 2002 - choeger@suse.de + +- update to latest version 2.1.9 + +------------------------------------------------------------------- +Thu Sep 12 14:52:42 CEST 2002 - choeger@suse.de + +- Bugfix Bugzilla ID#19383: cyrus-sasl-devel should conflict + with cyrus-sasl2-devel, because they contain files with the + same name + +------------------------------------------------------------------- +Mon Aug 19 18:48:02 CEST 2002 - rhafer@suse.de + +- enabled building of the static libsasl.a. It is needed for + cyrus-imap to be usable with nss_ldap (which is linked against + cyrus-sasl1) + +------------------------------------------------------------------- +Mon Aug 12 11:04:01 CEST 2002 - choeger@suse.de + +- update to version 2.1.7 + +------------------------------------------------------------------- +Thu Aug 8 10:31:06 CEST 2002 - choeger@suse.de + +- added .la files to the sasl2 plugin directory + ([lt_]dlopen seems to need that) + +------------------------------------------------------------------- +Mon Aug 5 17:07:37 CEST 2002 - choeger@suse.de + +- added Prereq + +------------------------------------------------------------------- +Sat Jul 27 18:09:53 CEST 2002 - adrian@suse.de + +- add %run_ldconfig + +------------------------------------------------------------------- +Wed Jul 17 10:08:45 CEST 2002 - choeger@suse.de + +- update to version 2.1.6 + +------------------------------------------------------------------- +Wed Jun 19 18:25:16 CEST 2002 - choeger@suse.de + +- also install dbconverter-2 to be able to migrate from + cyrus-sasl(1) + +------------------------------------------------------------------- +Tue Jun 18 16:21:06 CEST 2002 - choeger@suse.de + +- /var/run/sasl2 must be 755 to let non root daemons + connect to unix socket + +------------------------------------------------------------------- +Tue Jun 18 16:09:08 CEST 2002 - choeger@suse.de + +- added initscript and sysconfig file for saslauthd +- added docs + +------------------------------------------------------------------- +Tue Jun 18 12:34:35 CEST 2002 - rhafer@suse.de + +- added opie to needforbuild +- should build on ppc64 and s390x now + +------------------------------------------------------------------- +Mon Jun 17 20:37:14 CEST 2002 - rhafer@suse.de + +- additional autoconf related patches, that were missing at first + check in + +------------------------------------------------------------------- +Mon Jun 17 18:12:24 CEST 2002 - rhafer@suse.de + +- Initial checkin of cyrus-sasl-2.1.5 + diff --git a/cyrus-sasl-bdb.spec b/cyrus-sasl-bdb.spec new file mode 100644 index 0000000..2e30cf1 --- /dev/null +++ b/cyrus-sasl-bdb.spec @@ -0,0 +1,274 @@ +# +# spec file for package cyrus-sasl-bdb +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: cyrus-sasl-bdb +%define lname libsasl2-3 +Version: 2.1.27 +Release: 0 +URL: http://asg.web.cmu.edu/sasl/ +Summary: Implementation of Cyrus SASL API +License: BSD-4-Clause +Group: Productivity/Networking/Other + +Source: cyrus-sasl-%{version}.tar.gz +Source1: cyrus-sasl-rc.tar.bz2 +Source2: README.Source +Source3: baselibs.conf +Patch: cyrus-sasl.dif +# see https://github.com/cyrusimap/cyrus-sasl/issues/587 +Patch1: cyrus-sasl-bug587.patch +Patch5: cyrus-sasl-no_rpath.patch +Patch6: cyrus-sasl-lfs.patch +Patch7: fix_libpq-fe_include.diff +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: db-devel +BuildRequires: krb5-mini-devel +BuildRequires: libtool +BuildRequires: openssl-devel +BuildRequires: opie +BuildRequires: pam-devel +BuildRequires: pkg-config +%ifarch ppc64 +# bug437293 +Obsoletes: cyrus-sasl-64bit +%endif + +%package gssapi +Summary: Plugin for the GSSAPI SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl = %{version} + +%package crammd5 +Summary: Plugin for the CRAMMD5 SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl = %{version} + +%package digestmd5 +Summary: Plugin for the DIGESTMD5 SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl = %{version} + +%package otp +Summary: Plugin for the OTP SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl = %{version} + +%package plain +Summary: Plugin for the PLAIN SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl = %{version} + +%package ntlm +Summary: Plugin for the NTLM SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl = %{version} + +%package gs2 +Summary: Plugin for the GS2 SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl = %{version} + +%package scram +Summary: Plugin for the SCRAM SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl = %{version} + +%package devel +# bug437293 +%ifarch ppc64 +Obsoletes: cyrus-sasl-devel-64bit +%endif +# +Summary: Cyrus SASL API Implementation, Libraries and Header Files +Group: Development/Libraries/C and C++ +Requires: %lname = %version +Requires: glibc-devel + +%package -n libsasl2-3 +Summary: Simple Authentication and Security Layer (SASL) library +Group: System/Libraries + +%description +This is the Cyrus SASL API. It can be used on the client or server side +to provide authentication. See RFC 2222 for more information. + +%description gssapi +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%description devel +This is the Cyrus SASL API. It can be used on the client or server side +to provide authentication. See RFC 2222 for more information. + +%description digestmd5 +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%description crammd5 +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%description otp +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%description plain +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%description ntlm +This is the Cyrus SASL API. It can be used on the client or server side +to provide authentication. See RFC 2222 for more information. + +%description gs2 +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%description scram +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 5802 for more +information. + +%description -n libsasl2-3 +Simple Authentication and Security Layer (SASL) is a framework for +authentication and data security in Internet protocols. + +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%prep +%setup -q -n cyrus-sasl-%{version} -a 1 +if [ -e %{_builddir}/cyrus-sasl-%{version}/dlcompat-*/ ] +then + echo "dlcompat contains potential legal risks." + rm -rf %{_builddir}/cyrus-sasl-%{version}/dlcompat-* +fi +%patch +%patch1 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 + +%build +find . -name "*.cvsignore" -exec rm -fv "{}" "+" +autoreconf -f +export CFLAGS="%optflags -fno-strict-aliasing" +%configure --with-pic \ + --with-plugindir=%{_libdir}/sasl2 \ + --with-configdir=/etc/sasl2/:%{_libdir}/sasl2 \ + --with-saslauthd=/run/sasl2/ \ + --enable-pam \ + --enable-sample \ + --enable-login \ + --enable-gssapi \ + --enable-ntlm \ + --enable-krb4=no \ + --enable-sql=no \ + --with-devrandom=/dev/urandom +%{__make} %{?_smp_mflags} sasldir=%{_libdir}/sasl2 + +%install +make DESTDIR=$RPM_BUILD_ROOT sasldir=%{_libdir}/sasl2 install +mkdir -p $RPM_BUILD_ROOT/usr/bin +mkdir -p $RPM_BUILD_ROOT/etc/sasl2 +install -m 755 sample/.libs/client $RPM_BUILD_ROOT/usr/bin/cyrus_sasl_sample_client +install -m 755 sample/.libs/server $RPM_BUILD_ROOT/usr/bin/cyrus_sasl_sample_server +chmod 0644 doc/* +rm -f doc/Makefile* +rm -f $RPM_BUILD_ROOT/%{_mandir}/cat?/* +rm -f $RPM_BUILD_ROOT/%{_mandir}/man8/saslauthd* +rm -f $RPM_BUILD_ROOT/usr/sbin/saslauthd +rm -f $RPM_BUILD_ROOT/usr/sbin/testsaslauthd +find "%buildroot" -type f -name "*.la" -print -delete + +%post -n %lname -p /sbin/ldconfig +%postun -n %lname -p /sbin/ldconfig + +%files -n %lname +%defattr(-,root,root) +%{_libdir}/libsasl2.so.3* + +%files +%defattr(-,root,root) +%dir %{_libdir}/sasl2 +%{_libdir}/sasl2/libanonymous.so* +%{_libdir}/sasl2/liblogin.so* +%{_libdir}/sasl2/libsasldb.so* +%dir /etc/sasl2/ +/usr/sbin/* +/usr/bin/* +%doc %{_mandir}/man3/sasl.*.gz +%doc %{_mandir}/man8/*.gz +%doc COPYING + +%files gssapi +%defattr(-,root,root) +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libgssapiv2.so* + +%files crammd5 +%defattr(-,root,root) +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libcrammd5.so* + +%files digestmd5 +%defattr(-,root,root) +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libdigestmd5.so* + +%files otp +%defattr(-,root,root) +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libotp.so* + +%files plain +%defattr(-,root,root) +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libplain.so* + +%files ntlm +%defattr(-,root,root) +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libntlm.so* + +%files gs2 +%defattr(-,root,root) +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libgs2.so* + +%files scram +%defattr(-,root,root) +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libscram.so* + +%files devel +%defattr(-,root,root) +%doc AUTHORS COPYING ChangeLog README doc +%_includedir/sasl/ +%doc %{_mandir}/man3/sasl_*.gz +%{_libdir}/libsasl2.so +%{_libdir}/pkgconfig/* + +%changelog diff --git a/cyrus-sasl-saslauthd-bdb.changes b/cyrus-sasl-saslauthd-bdb.changes new file mode 100644 index 0000000..f963525 --- /dev/null +++ b/cyrus-sasl-saslauthd-bdb.changes @@ -0,0 +1,806 @@ +------------------------------------------------------------------- +Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly + +- Remove Berkeley DB dependency (JIRA#SLE-12190) + The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build + without Berkely DB support. gdbm will be used instead of BDB. + The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build + with Berkely DB support. +- Update to 2.1.27 + * Added support for OpenSSL 1.1 + * Added support for lmdb + * Lots of build fixes + * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech + * DIGEST-MD5 plugin: + Fixed memory leaks + Fixed a segfault when looking for non-existent reauth cache + Prevent client from going from step 3 back to step 2 + Allow cmusaslsecretDIGEST-MD5 property to be disabled + * GSSAPI plugin: + Added support for retrieving negotiated SSF + Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF + Properly compute maxbufsize AFTER security layers have been set + * SCRAM plugin: + Added support for SCRAM-SHA-256 + * LOGIN plugin: + Don’t prompt client for password until requested by server + * NTLM plugin: + Fixed crash due to uninitialized HMAC context +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) +- bsc#983938 `After=syslog.target` left-overs in several unit files +- added patches: + fix_libpq-fe_include.diff for fixing including libpq-fe.h + +- removed patches obsoleted by upstream changes: + * shared_link_on_ppc.patch + * cyrus-sasl-2.1.27-openssl-1.1.0.patch + * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * 0003-Check-return-error-from-gss_wrap_size_limit.patch + * 0004-Add-support-for-retrieving-the-mech_ssf.patch + * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + * cyrus-sasl-fix-logging-in-gssapi.patch + +------------------------------------------------------------------- +Thu Feb 6 17:50:21 UTC 2020 - Samuel Cabrero + +- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) + * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch + * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch +- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) + * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + +------------------------------------------------------------------- +Thu Nov 28 20:07:43 UTC 2019 - Michael Ströder + +- added backport-patch cyrus-sasl-bug587.patch which fixes + off-by-one error in _sasl_add_string function + (see CVE-2019-19906 bsc#1159635) + +------------------------------------------------------------------- +Mon Feb 4 15:13:25 UTC 2019 - Peter Varkoly + +- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1" + By server context the connection will be sent to the log function. + Client content does not have log level information. I.e. there is no + way to stop DEBUG level logs nece I've removed it. + * add cyrus-sasl-fix-logging-in-gssapi.patch + +------------------------------------------------------------------- +Mon Sep 4 10:01:17 UTC 2017 - vcizek@suse.com + +- OpenSSL 1.1 support (bsc#1055463) + * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora + +------------------------------------------------------------------- +Wed Mar 22 09:56:37 UTC 2017 - michael@stroeder.com + +- added cyrus-sasl-issue-402.patch to fix + SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402 + (see https://github.com/cyrusimap/cyrus-sasl/issues/402) + +------------------------------------------------------------------- +Tue Mar 7 11:31:23 UTC 2017 - varkoly@suse.com + +- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5 + +------------------------------------------------------------------- +Wed Dec 9 20:15:40 UTC 2015 - bwiedemann@suse.com + +- really use SASLAUTHD_PARAMS variable (bnc#938657) + +------------------------------------------------------------------- +Tue Jan 6 19:02:33 UTC 2015 - varkoly@suse.com + +- bnc#908883 cyrus-sasl-scram refers to wrong RFC + +------------------------------------------------------------------- +Thu Nov 27 09:08:36 UTC 2014 - jengelh@inai.de + +- Make sure /usr/sbin/rcsaslauthd exists + +------------------------------------------------------------------- +Tue Sep 23 13:57:46 UTC 2014 - varkoly@suse.com + +- bnc#897837 saslauthd package has no config + +------------------------------------------------------------------- +Tue Jul 29 23:31:35 UTC 2014 - sfalken@opensuse.org + +- Changed --with-saslauthd=/var/run/sasl2 in %build to /run/sasl2 to clear rpmlint check failure + +------------------------------------------------------------------- +Sat Jul 19 12:54:50 UTC 2014 - p.drouand@gmail.com + +- Remove insserv dependency; it's unneeded with systemd' systems +- Remove insserv and fillup dependency in cyrus-sasl package; there + is neither sysconfig or init file + +------------------------------------------------------------------- +Fri Jun 13 11:03:45 UTC 2014 - ckornacker@suse.com + +- Revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9 + cyrus-sasl-revert_gssapi_flags.patch (bnc#775279) + +------------------------------------------------------------------- +Tue Apr 1 10:32:37 UTC 2014 - varkoly@suse.com + +- bnc#871183 - cyrus-sasl-saslauthd service file is missing parameter 'Restart=always' + +------------------------------------------------------------------- +Sat Nov 2 20:47:58 UTC 2013 - jengelh@inai.de + +- Implement shlib packaging guidelines: make subpackage libsasl2-3. + (All other .so files are _server_ plugins AFAICS, loaded via + dlopen.) +- Ensure directories are owned by packages and thus get torn down + on package removal + +------------------------------------------------------------------- +Sat Oct 5 19:10:55 UTC 2013 - tchvatal@suse.com + +- Put back the .so files to sasl auth packages from devel file. + The .so files are read by some application instead of full path + so in order for auth to work this files must be available + +------------------------------------------------------------------- +Sun Sep 29 08:11:05 UTC 2013 - tittiatcoke@gmail.com + +- Add patch fix-sasl-header.diff to resolve build issues that + are failing due to typedef 'sasl_malloc_t' is initialized. + (see gentoo#458870, fedora#906519) + +------------------------------------------------------------------- +Wed Sep 11 07:16:23 UTC 2013 - jcnengel@gmail.com + +- Removed server side service to comply with Factory rules + +------------------------------------------------------------------- +Tue Sep 3 22:07:15 UTC 2013 - jcnengel@gmail.com + +- Update to 2.1.26 + * Modernize SASL malloc/realloc callback prototypes + * Added sasl_config_done() to plug a memory leak when using an application specific config file + * Fixed PLAIN/LOGIN authentication failure when using saslauthd with no auxprop plugins (bug # 3590). + * unlock the mutex in sasl_dispose if the context was freed by another thread + * MINGW32 compatibility patches + * Fixed broken logic in get_fqhostname() when abort_if_no_fqdn is 0 + * Fixed some memory leaks in libsasl + - GSSAPI plugin: + + Fixed a segfault in gssapi.c introduced in 2.1.25. + + Code refactoring + + Added support for GSS-SPNEGO SASL mechanism (Unix only), which is also HTTP capable + - GS2 plugin: + + Updated GS2 plugin not to lose minor GSS-API status codes on errors + - DIGEST-MD5 plugin: + + Correctly send "stale" directive to prevent clients from (re)promtping for password + + Better handling of HTTP reauthentication cases + + fixed some memory leaks + - SASLDB plugin: + + Added support for BerkleyDB 5.X or later + - OTP plugin: + + Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications + - SRP plugin: + + Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications + - saslauthd: + + auth_rimap.c: qstring incorrectly appending the closing double quote, which might be causing crashes + + auth_rimap.c: read the whole IMAP greeting + + better error reporting from some drivers + + fixed some memory leaks +- New BuildRequires for pkgconfig since pkgconfig file is generated +- Removed patches that do no longer apply + * cyrus-sasl-gcc4.patch (integrated upstream) + * cyrus-sasl-gs2-not-overwrite-minor-error-code.dif (integrated upstream) + * gssapi-null-deref.dif (integrated upstream) + * Fix-abort_if_no_fqdn-behavior.patch (integrated upstream) + * cyrus-sasl-db6.diff (integrated upstream) +- Move *.so files into devel package + +------------------------------------------------------------------- +Fri Jul 26 13:09:51 UTC 2013 - obs@botter.cc + +- Fix for bnc#827230 and #784705, fix patch as described in + #827230, typo in patch from request 112480 (remove rpath, + Apr 4 2012), preventing sql auxprop plugin to work + +------------------------------------------------------------------- +Fri Jun 14 00:41:55 UTC 2013 - jengelh@inai.de + +- Add cyrus-sasl-db6.diff to fix compile abort with db >= 5 +- Simpler delete of .la files with find + +------------------------------------------------------------------- +Mon Aug 13 07:55:11 UTC 2012 - rhafer@suse.de + +- Include fix for Cyrus SASL Bug#3589: When abort_if_no_fqdn is 0, + a getaddrinfo failure should be ignored, as long as gethostname() + succeeded. (bnc#771983) + +------------------------------------------------------------------- +Wed May 9 21:47:48 UTC 2012 - crrodriguez@opensuse.org + +- Ensure libraries and tools are built with LFS and include + config.h in all C files. + +------------------------------------------------------------------- +Wed Apr 4 14:13:36 UTC 2012 - dvaleev@suse.com + +- remove rpath + +------------------------------------------------------------------- +Wed Jan 18 13:06:00 UTC 2012 - aj@suse.de + +- Move some doc files to devel package and to cyrus-sasl-saslauthd. + +------------------------------------------------------------------- +Fri Nov 25 10:05:58 UTC 2011 - rhafer@suse.de + +- Removed debug printfs from cyrus-sasl.dif, added by accident +- Updated cyrus-sasl-gs2-not-overwrite-minor-error-code.dif with + latest upstream improvements + +------------------------------------------------------------------- +Wed Nov 16 09:22:32 UTC 2011 - rhafer@suse.de + +- Update to 2.1.25: + * Added support for channel bindings + * Added support for ordering SASL mechanisms by strength (on + the client side), or using the "client_mech_list" option. + * Allow DIGEST-MD5 plugin to be used for client-side and + server-side HTTP Digest, including running over non-persistent + connections (RFC 2617) + * New SASL plugins: SCRAM and GS2 + * Fixed a crash caused by aborted SASL authentication + and initiation of another one using the same SASL context. + * Various improvements to DIGEST-MD5 to improve interoperability + with some slightly broken clients +- cleanup + * removed old dependencies still related to cyrus-sasl2 + * plugins now depend on the exact cyrus-sasl version + * use autoreconf instead of calling all tools manually + +------------------------------------------------------------------- +Fri Sep 30 20:07:52 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Sun Sep 18 00:16:04 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon Jun 7 06:15:02 UTC 2010 - coolo@novell.com + +- add dependency to avoid broken parallel make + +------------------------------------------------------------------- +Mon May 10 12:53:14 UTC 2010 - rhafer@novell.com + +- Fixed attributes of /var/run/sasl2 in filelist + +------------------------------------------------------------------- +Wed Apr 28 09:24:11 UTC 2010 - rhafer@novell.com + +- Removed the /var/run/sasl2 directory from cyrus-sasl.spec. + It will now be created on demand by the saslauthd init script. +- Adjusted init script headers to silence rpmlint warning/errors. + +------------------------------------------------------------------- +Mon Dec 14 17:15:20 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Mon Nov 23 10:57:47 UTC 2009 - rhafer@novell.com + +- Fixed linker arguments for ldap- and sql-auxprop plugins + (bnc#555568) + +------------------------------------------------------------------- +Mon Jul 20 16:20:35 CEST 2009 - coolo@novell.com + +- build against krb5-mini to avoid build cycle + +------------------------------------------------------------------- +Fri May 15 14:23:03 CEST 2009 - rhafer@novell.com + +- Update to 2.1.23, the only change is a fix for a potential buffer + overflow in sasl_encode64() (bnc#499104, CVE-2009-0688) +- Imported some automake/libtool fixes from upstream cvs + +------------------------------------------------------------------- +Mon Mar 2 21:28:09 CET 2009 - crrodriguez@suse.de + +- fix build with GCC 4.4 +- remove all "la" files + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Oct 30 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Mon Aug 18 10:32:31 CEST 2008 - rhafer@suse.de + +- Fixed init-scripts Required-Stop Tags + +------------------------------------------------------------------- +Tue Jul 29 15:15:25 CEST 2008 - rhafer@suse.de + +- Enhance sysconfig file and init script to allow to pass arbitrary + parameters to saslauthd (bnc#397808) +- Fixed description of the SASLAUTHD_THREADS sysconfig option. + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Mar 28 09:45:45 CET 2008 - rhafer@suse.de + +- Moved "Version:" up to the top to make versioned + Obsoletes/Requires work correctly. + +------------------------------------------------------------------- +Wed Mar 26 16:06:15 CET 2008 - rhafer@suse.de + +- Enabled NTLM authentication plugin (bnc#343665), created new + subpackage cyrus-sasl-ntlm +- Replaced %run_ldconfig macro as suggested by rpmlint +- Replaced unversioned Obsoltes/Provides with versioned ones +- Removed unneeded Split-Provides + +------------------------------------------------------------------- +Fri Oct 26 16:40:22 CEST 2007 - rhafer@suse.de + +- Fixed some RPMLINT complaints +- re-enabled accidently disabled "kerberos5" authmech for saslauthd + (Bug #335754) + +------------------------------------------------------------------- +Tue Mar 20 10:13:29 CET 2007 - rhafer@suse.de + +- Add SASLAUTHD_THREADS to /etc/sysconfig/saslauthd to be able to + set the number of threads that saslauthd should spawn + (Bug #199114) + +------------------------------------------------------------------- +Fri Oct 27 13:20:59 CEST 2006 - rhafer@suse.de + +- Use /etc/sasl2/ as directory for config files of services + %{_libdir} can still be used for backwards compatibilty + (Bug #206414) + +------------------------------------------------------------------- +Mon Sep 25 16:21:55 CEST 2006 - rhafer@suse.de + +- Remove unneeded automake/autoheader calls + +------------------------------------------------------------------- +Mon Sep 11 12:56:51 CEST 2006 - rhafer@suse.de + +- Build -sqlauxprop from cyrus-sasl-saslauthd.spec to reduce + BuildRequires of cyrus-sasl.spec +- Removed unneeded openldap2 from BuildRequires of + cyrus-sasl-saslauthd + +------------------------------------------------------------------- +Tue Aug 29 12:47:43 CEST 2006 - rhafer@suse.de + +- Enabled the ldapdb auxprop plugin and created new subpackage + cyrus-sasl-ldap-auxprop for it (Bug #201478) + +------------------------------------------------------------------- +Fri Aug 25 14:47:35 CEST 2006 - rhafer@suse.de + +- remove saslauthd man-page from cyrus-sasl package to solve + confict with -saslauthd subpackage (Bug #200490) + +------------------------------------------------------------------- +Fri Jun 2 11:33:04 CEST 2006 - rhafer@suse.de + +- updated to 2.1.22 + * new pluginviewer utility for reporting information about client + and server side authentication plugins and auxprop plugins + (e.g. supported features, methods, etc.). + * Added support for HTTP POST password validation in saslauthd +- rename SuSE.tar.gz to cyrus-sasl-rc.tar.gz to avoid name + collision with other packages in src.rpm (Bug #98188) +- include "crypt.h" in auth_shadow.c to avoid possible crash in + saslauthd (Bug #179621) + +------------------------------------------------------------------- +Mon Apr 3 15:10:49 CEST 2006 - rhafer@suse.de + +- remove dlcompat-20010505 from tarball because of legal risk and + documented this in README.Source (Bug: #161390) +- added check for dlcompat-20010505 to the spec file + +------------------------------------------------------------------- +Wed Jan 25 21:30:05 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Nov 23 13:48:56 CET 2005 - choeger@suse.de + +- Bugfix ID#134491, cyrus-sasl-sqlauxprop is not linked against any database + +------------------------------------------------------------------- +Mon Sep 26 01:46:48 CEST 2005 - ro@suse.de + +- added LDAP_DEPRECATED to CFLAGS + +------------------------------------------------------------------- +Wed Jul 13 17:07:50 CEST 2005 - choeger@suse.de + +- use /dev/urandom instead of /dev/random, see + http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/POP3DevRandomIssue + for an explanation +- removed the useless .la files from rpm + +------------------------------------------------------------------- +Tue May 17 18:42:14 CEST 2005 - choeger@suse.de + +- update to version 2.1.21 + +------------------------------------------------------------------- +Mon Mar 14 19:46:51 CET 2005 - choeger@suse.de + +- now also build the sql auxprop plugin; created new subpackage + cyrus-sasl-sqlauxprop + +------------------------------------------------------------------- +Fri Feb 25 17:24:12 CET 2005 - uli@suse.de + +- better GCC4 fix + +------------------------------------------------------------------- +Fri Feb 25 14:40:12 CET 2005 - uli@suse.de + +- fixed to build with GCC4 + +------------------------------------------------------------------- +Tue Nov 2 20:47:23 CET 2004 - mmj@suse.de + +- Get rid of .cvsignore files +- Don't remove buildroot before install + +------------------------------------------------------------------- +Mon Oct 25 11:47:36 CEST 2004 - choeger@suse.de + +- update to version 2.1.20 + +------------------------------------------------------------------- +Wed Oct 6 15:00:16 CEST 2004 - choeger@suse.de + +- Bugfix ID#46847 - VUL-0: SASL environment variable local root + +------------------------------------------------------------------- +Mon Sep 20 15:54:37 CEST 2004 - choeger@suse.de + +- package binaries of sample-client and -server instead of + shell wrappers (which do not work) + +------------------------------------------------------------------- +Fri Sep 17 11:20:28 CEST 2004 - choeger@suse.de + +- removed saslauthd from cyrus-sasl requires, as it is only + needed on a "server" side and also not in every case (buildin + mechanisms as CRAM- or DIGEST-MD5 do not need it) +- added split-provides for saslauthd + +------------------------------------------------------------------- +Mon Sep 6 13:37:56 CEST 2004 - choeger@suse.de + +- added testsaslauthd to filelist +- removed saslauthd and insserv makros from cyrus-sasl.spec + +------------------------------------------------------------------- +Fri Sep 3 13:14:02 CEST 2004 - choeger@suse.de + +- splitted up cyrus-sasl-saslauthd.spec, to resolve the cyclic + dependency openldap2 <-> cyrus-sasl with saslauthd having + LDAP support + +------------------------------------------------------------------- +Tue Aug 31 11:55:28 CEST 2004 - choeger@suse.de + +- removed update messages and implemented "split-provides" + instead + +------------------------------------------------------------------- +Tue Aug 31 10:12:22 CEST 2004 - choeger@suse.de + +- added LDAP support for saslauthd, Bugzilla ID#44051 + +------------------------------------------------------------------- +Mon Aug 30 13:54:01 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#44346 - still using /var/adm/notify + now using new update messages mechanism +- added sample/client sample/server to file list + +------------------------------------------------------------------- +Thu Jul 15 13:50:15 CEST 2004 - choeger@suse.de + +- update to version 2.1.19 + +------------------------------------------------------------------- +Tue Jun 15 11:30:48 CEST 2004 - choeger@suse.de + +- bugfix id#39245 - cyrus-sasl includes straycat man page + +------------------------------------------------------------------- +Fri Mar 12 17:57:06 CET 2004 - choeger@suse.de + +- update to version 2.1.18 (Bugfix Release) + +------------------------------------------------------------------- +Tue Jan 27 15:39:57 CET 2004 - choeger@suse.de + +- Bugfix ID#34159 - cyrus-sasl: world-writeable rpath + +------------------------------------------------------------------- +Thu Jan 22 12:28:34 CET 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#34019, notice users about the fact, that + cyrus-sasl has been splitted into subpackages + +------------------------------------------------------------------- +Fri Jan 16 13:08:08 CET 2004 - kukuk@suse.de + +- Add pam-devel to neededforbuild + +------------------------------------------------------------------- +Tue Dec 2 10:11:37 CET 2003 - choeger@suse.de + +- update to version 2.1.17 + +------------------------------------------------------------------- +Fri Oct 31 16:59:33 CET 2003 - choeger@suse.de + +- Don't build as root + +------------------------------------------------------------------- +Fri Oct 17 22:23:19 CEST 2003 - kukuk@suse.de + +- Remove unused des from neededforbuild + +------------------------------------------------------------------- +Tue Sep 16 13:13:09 CEST 2003 - kukuk@suse.de + +- Add missing Provides [Bug #31005] + +------------------------------------------------------------------- +Mon Sep 1 13:26:43 CEST 2003 - choeger@suse.de + +- removed "-u root" from startproc as it always failes +- removed link to doc/components.html from doc/index.html as + components.html does not exist (Bugzilla ID#29253) + +------------------------------------------------------------------- +Thu Aug 14 18:48:47 CEST 2003 - choeger@suse.de + +- Bugfix Bugzilla ID#28932: + missing activation metadata in sysconfig template + +------------------------------------------------------------------- +Wed Jul 30 13:27:05 CEST 2003 - choeger@suse.de + +- new macros for stop/restart of services on rpm update/removal + +------------------------------------------------------------------- +Tue Jul 15 18:52:11 CEST 2003 - choeger@suse.de + +- update to version 2.1.15 + +------------------------------------------------------------------- +Mon Jun 30 18:04:22 CEST 2003 - choeger@suse.de + +- update to version 2.1.14 + +------------------------------------------------------------------- +Wed Jun 18 12:03:48 CEST 2003 - ro@suse.de + +- use kerberos-devel-packages in neededforbuild + +------------------------------------------------------------------- +Fri Jun 13 10:25:14 CEST 2003 - kukuk@suse.de + +- Add missing directory to filelist + +------------------------------------------------------------------- +Fri May 9 09:54:05 CEST 2003 - choeger@suse.de + +- use -ldb instead of -ldb-x.y to manually link the + dbconverter + +------------------------------------------------------------------- +Tue May 6 14:37:14 CEST 2003 - choeger@suse.de + +- update to version 2.1.13 + +------------------------------------------------------------------- +Tue Apr 15 08:50:41 CEST 2003 - ro@suse.de + +- added krb4-lib,krb4-devel to neededforbuild + +------------------------------------------------------------------- +Mon Apr 7 14:56:11 CEST 2003 - choeger@suse.de + +- renamed to cyrus-sasl +- splitted libraries for the following auth methods into seperate + packages: + - crammd5 + - digestmd5 + - otp + - plain + this is to prevent from annoying warnings about missing proper + setup of mechanisms we don't use + +------------------------------------------------------------------- +Thu Mar 6 18:19:30 CET 2003 - choeger@suse.de + +- ever used dbconverter-2? Well it is just a shell script + which uses the damn compiled source tree... :-( + manually building dbconverter to let users convert their + /etc/sasldb from v1 to v2 using /usr/sbin/dbconverter + +------------------------------------------------------------------- +Thu Mar 6 17:34:18 CET 2003 - choeger@suse.de + +- as cyrus-sasl is dropped now: + provide cyrus-sasl-*, obsolete cyrus-sasl-* + (Bugzilla ID# 24762) + +------------------------------------------------------------------- +Tue Feb 4 10:48:37 CET 2003 - choeger@suse.de + +- update to cyrus-sasl-2.1.12, bug-fix release. + This release addresses a few minor build and distribution + related issues + +------------------------------------------------------------------- +Mon Feb 3 10:54:48 CET 2003 - choeger@suse.de + +- update to cyrus-sasl-2.1.11, bug-fix release. + It addresses a number of issues in the build system, a + memory leak in the doors IPC method for saslauthd, and fixes the NTLM + server side support to only require one of the LM or NT methods. + +------------------------------------------------------------------- +Thu Jan 23 11:03:56 CET 2003 - choeger@suse.de + +- don't use new libtool macros as cyrus-sasl2 seems to not + work when using them. +- added patch to compile shared libraries on ppc + +------------------------------------------------------------------- +Wed Jan 15 09:21:28 CET 2003 - kukuk@suse.de + +- Remove openldap2 from needed for build + +------------------------------------------------------------------- +Tue Jan 14 11:18:35 CET 2003 - choeger@suse.de + +- do not build the static library anymore + +------------------------------------------------------------------- +Wed Dec 11 13:15:29 CET 2002 - choeger@suse.de + +- added sysconfig metadata to sysconfig templates + +------------------------------------------------------------------- +Tue Dec 10 09:46:44 CET 2002 - choeger@suse.de + +- update to version 2.1.10 + This version corrects a number of DIGEST-MD5 + interoperability issues, as well as corrects some potential buffer + overflows. + +------------------------------------------------------------------- +Thu Oct 31 00:23:42 CET 2002 - ro@suse.de + +- make it build again + +------------------------------------------------------------------- +Tue Oct 29 15:13:35 CET 2002 - ro@suse.de + +- remove own libtool macros + +------------------------------------------------------------------- +Thu Oct 24 10:42:11 CEST 2002 - choeger@suse.de + +- update to latest version 2.1.9 + +------------------------------------------------------------------- +Thu Sep 12 14:52:42 CEST 2002 - choeger@suse.de + +- Bugfix Bugzilla ID#19383: cyrus-sasl-devel should conflict + with cyrus-sasl2-devel, because they contain files with the + same name + +------------------------------------------------------------------- +Mon Aug 19 18:48:02 CEST 2002 - rhafer@suse.de + +- enabled building of the static libsasl.a. It is needed for + cyrus-imap to be usable with nss_ldap (which is linked against + cyrus-sasl1) + +------------------------------------------------------------------- +Mon Aug 12 11:04:01 CEST 2002 - choeger@suse.de + +- update to version 2.1.7 + +------------------------------------------------------------------- +Thu Aug 8 10:31:06 CEST 2002 - choeger@suse.de + +- added .la files to the sasl2 plugin directory + ([lt_]dlopen seems to need that) + +------------------------------------------------------------------- +Mon Aug 5 17:07:37 CEST 2002 - choeger@suse.de + +- added Prereq + +------------------------------------------------------------------- +Sat Jul 27 18:09:53 CEST 2002 - adrian@suse.de + +- add %run_ldconfig + +------------------------------------------------------------------- +Wed Jul 17 10:08:45 CEST 2002 - choeger@suse.de + +- update to version 2.1.6 + +------------------------------------------------------------------- +Wed Jun 19 18:25:16 CEST 2002 - choeger@suse.de + +- also install dbconverter-2 to be able to migrate from + cyrus-sasl(1) + +------------------------------------------------------------------- +Tue Jun 18 16:21:06 CEST 2002 - choeger@suse.de + +- /var/run/sasl2 must be 755 to let non root daemons + connect to unix socket + +------------------------------------------------------------------- +Tue Jun 18 16:09:08 CEST 2002 - choeger@suse.de + +- added initscript and sysconfig file for saslauthd +- added docs + +------------------------------------------------------------------- +Tue Jun 18 12:34:35 CEST 2002 - rhafer@suse.de + +- added opie to needforbuild +- should build on ppc64 and s390x now + +------------------------------------------------------------------- +Mon Jun 17 20:37:14 CEST 2002 - rhafer@suse.de + +- additional autoconf related patches, that were missing at first + check in + +------------------------------------------------------------------- +Mon Jun 17 18:12:24 CEST 2002 - rhafer@suse.de + +- Initial checkin of cyrus-sasl-2.1.5 + diff --git a/cyrus-sasl-saslauthd-bdb.spec b/cyrus-sasl-saslauthd-bdb.spec new file mode 100644 index 0000000..1fe6be6 --- /dev/null +++ b/cyrus-sasl-saslauthd-bdb.spec @@ -0,0 +1,174 @@ +# +# spec file for package cyrus-sasl-saslauthd-bdb +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif + +Name: cyrus-sasl-saslauthd-bdb +Version: 2.1.27 +Release: 0 +Summary: The SASL Authentication Server +License: BSD-4-Clause +Group: Productivity/Networking/Other +URL: http://asg.web.cmu.edu/sasl/ + +Source: cyrus-sasl-%{version}.tar.gz +Source1: cyrus-sasl-rc.tar.bz2 +Source2: README.Source +Source3: baselibs.conf +Source4: saslauthd.service + +Patch: cyrus-sasl.dif +# see https://github.com/cyrusimap/cyrus-sasl/issues/587 +Patch1: cyrus-sasl-bug587.patch +Patch5: cyrus-sasl-no_rpath.patch +Patch6: cyrus-sasl-lfs.patch +Patch7: fix_libpq-fe_include.diff +PreReq: %fillup_prereq +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: db-devel +BuildRequires: krb5-devel +BuildRequires: libtool +BuildRequires: mysql-devel +BuildRequires: openldap2-devel +BuildRequires: opie +BuildRequires: pam-devel +BuildRequires: postgresql-devel +BuildRequires: pkgconfig(systemd) +%{?systemd_requires} + +%description +This daemon is required when using cyrus-sasl in server software that +should authenticate with PAM, for example. + +%package -n cyrus-sasl-ldap-auxprop +Summary: The cyrus-sasl LDAP auxprop plugin +Group: Productivity/Networking/Other +Requires: cyrus-sasl = %{version} + +%description -n cyrus-sasl-ldap-auxprop +The LDAP auxprop plugin allows for tighter application/directory +integration. + +%package -n cyrus-sasl-sqlauxprop +Summary: SQL auxprop plugin for cyrus-sasl +Group: Development/Libraries/C and C++ +Requires: cyrus-sasl = %{version} + +%description -n cyrus-sasl-sqlauxprop +The SQL auxprop plugin supports PostgreSQL and MySQL + +%prep +%setup -n cyrus-sasl-%{version} -a 1 +%patch +%patch1 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 + +%build +find . -name "*.cvsignore" -exec rm -fv "{}" "+" +autoreconf -f +export CFLAGS="-fno-strict-aliasing $RPM_OPT_FLAGS -DLDAP_DEPRECATED" +%configure --with-plugindir=%{_libdir}/sasl2 \ + --with-configdir=/etc/sasl2/:%{_libdir}/sasl2 \ + --with-saslauthd=/run/sasl2/ \ + --enable-checkapop=no \ + --enable-cram=no \ + --enable-digest=no \ + --enable-otp=no \ + --enable-srp=no \ + --enable-plain=no \ + --enable-anon=no \ + --enable-ntlm=no \ + --enable-passdss=no \ + --enable-sample=no \ + --enable-login=no \ + --enable-gssapi=yes \ + --enable-gs2=no \ + --enable-scram=no \ + --enable-krb4=no \ + --enable-sql \ + --with-mysql=/usr/include/mysql \ + --with-pgsql=/usr/include/pgsql \ + --enable-ldapdb=yes \ + --with-pam \ + --with-ldap +make sasldir=%{_libdir}/sasl2 %{?_smp_mflags} + +%install +cd plugins +make DESTDIR=$RPM_BUILD_ROOT sasldir=%{_libdir}/sasl2 install +cd .. +cd saslauthd +make DESTDIR=$RPM_BUILD_ROOT sasldir=%{_libdir}/sasl2 install +ln -s service "%buildroot/%_sbindir/rcsaslauthd" +install -m 755 -d $RPM_BUILD_ROOT/run/sasl2 +mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8 +install -m 644 saslauthd.mdoc $RPM_BUILD_ROOT/%{_mandir}/man8/saslauthd.8 +mkdir -p $RPM_BUILD_ROOT/usr/bin +install -m 755 testsaslauthd $RPM_BUILD_ROOT/usr/bin/testsaslauthd +cd - +mkdir -p $RPM_BUILD_ROOT/sbin +install -D -m 644 SuSE/sysconfig.saslauthd $RPM_BUILD_ROOT%{_fillupdir}/sysconfig.saslauthd +rm -f $RPM_BUILD_ROOT/%{_mandir}/cat?/* +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libsasldb* +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libldapdb.la +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libsql.la +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libgs2.* +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libgssapiv2.* + +mkdir -p $RPM_BUILD_ROOT/%{_unitdir} +install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir} + +%pre +%service_add_pre saslauthd.service + +%preun +%service_del_preun saslauthd.service + +%postun +%service_del_postun saslauthd.service + +%post +%{fillup_only -n saslauthd} +%service_add_post saslauthd.service + +%files +%defattr(-,root,root) +%{_fillupdir}/sysconfig.saslauthd +%{_unitdir}/saslauthd.service +%dir %attr(0755, root, root) %ghost /run/sasl2 +/usr/sbin/* +/usr/bin/* +%doc %{_mandir}/man8/*.gz +%doc saslauthd/COPYING saslauthd/ChangeLog saslauthd/LDAP_SASLAUTHD + +%files -n cyrus-sasl-sqlauxprop +%defattr(-,root,root) +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libsql.so* + +%files -n cyrus-sasl-ldap-auxprop +%defattr(-,root,root) +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libldapdb.so* + +%changelog diff --git a/cyrus-sasl-saslauthd.changes b/cyrus-sasl-saslauthd.changes index ce41c34..f963525 100644 --- a/cyrus-sasl-saslauthd.changes +++ b/cyrus-sasl-saslauthd.changes @@ -1,51 +1,71 @@ ------------------------------------------------------------------- -Thu Dec 19 20:11:24 UTC 2019 - Michael Ströder +Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly + +- Remove Berkeley DB dependency (JIRA#SLE-12190) + The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build + without Berkely DB support. gdbm will be used instead of BDB. + The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build + with Berkely DB support. +- Update to 2.1.27 + * Added support for OpenSSL 1.1 + * Added support for lmdb + * Lots of build fixes + * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech + * DIGEST-MD5 plugin: + Fixed memory leaks + Fixed a segfault when looking for non-existent reauth cache + Prevent client from going from step 3 back to step 2 + Allow cmusaslsecretDIGEST-MD5 property to be disabled + * GSSAPI plugin: + Added support for retrieving negotiated SSF + Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF + Properly compute maxbufsize AFTER security layers have been set + * SCRAM plugin: + Added support for SCRAM-SHA-256 + * LOGIN plugin: + Don’t prompt client for password until requested by server + * NTLM plugin: + Fixed crash due to uninitialized HMAC context +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) +- bsc#983938 `After=syslog.target` left-overs in several unit files +- added patches: + fix_libpq-fe_include.diff for fixing including libpq-fe.h + +- removed patches obsoleted by upstream changes: + * shared_link_on_ppc.patch + * cyrus-sasl-2.1.27-openssl-1.1.0.patch + * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * 0003-Check-return-error-from-gss_wrap_size_limit.patch + * 0004-Add-support-for-retrieving-the-mech_ssf.patch + * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + * cyrus-sasl-fix-logging-in-gssapi.patch + +------------------------------------------------------------------- +Thu Feb 6 17:50:21 UTC 2020 - Samuel Cabrero + +- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) + * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch + * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch +- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) + * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + +------------------------------------------------------------------- +Thu Nov 28 20:07:43 UTC 2019 - Michael Ströder - added backport-patch cyrus-sasl-bug587.patch which fixes off-by-one error in _sasl_add_string function (see CVE-2019-19906 bsc#1159635) ------------------------------------------------------------------- -Sat Nov 17 10:14:14 UTC 2018 - Michael Ströder +Mon Feb 4 15:13:25 UTC 2019 - Peter Varkoly -- removed patches obsoleted by upstream changes: - * shared_link_on_ppc.patch - * fix-sasl-header.diff - * cyrus-sasl-revert_gssapi_flags.patch - * cyrus-sasl-issue-402.patch - * cyrus-sasl-2.1.27-openssl-1.1.0.patch -- replaced cumlocal/ with m4/ in patches -- added fix_libpq-fe_include.diff for fixing including libpq-fe.h -- Update to 2.1.27 - * cache.c: - Don’t use cached credentials if timeout has expired - Fixed debug logging output - * ipc_doors.c: - Fixed potential DoS attack (from Oracle) - * ipc_unix.c: - Prevent premature closing of socket - * auth_rimap.c: - Added support LOGOUT command - Added support for unsolicited CAPABILITY responses in LOGIN reply - Properly detect end of responses (don’t needlessly wait) - Properly handle backslash in passwords - * auth_httpform: - Fix off-by-one error in string termination - Added support for 204 success response - * auth_krb5.c: - Added krb5_conv_krb4_instance option - Added more verbose error logging - -------------------------------------------------------------------- -Tue Feb 13 08:59:21 UTC 2018 - varkoly@suse.com - -- bsc#983938 `After=syslog.target` left-overs in several unit files - -------------------------------------------------------------------- -Thu Nov 23 13:38:18 UTC 2017 - rbrown@suse.com - -- Replace references to /var/adm/fillup-templates with new - %_fillupdir macro (boo#1069468) +- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1" + By server context the connection will be sent to the log function. + Client content does not have log level information. I.e. there is no + way to stop DEBUG level logs nece I've removed it. + * add cyrus-sasl-fix-logging-in-gssapi.patch ------------------------------------------------------------------- Mon Sep 4 10:01:17 UTC 2017 - vcizek@suse.com diff --git a/cyrus-sasl-saslauthd.spec b/cyrus-sasl-saslauthd.spec index de2dfd8..1e7ed2f 100644 --- a/cyrus-sasl-saslauthd.spec +++ b/cyrus-sasl-saslauthd.spec @@ -29,7 +29,7 @@ License: BSD-4-Clause Group: Productivity/Networking/Other URL: http://asg.web.cmu.edu/sasl/ -Source: ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-%{version}.tar.gz +Source: cyrus-sasl-%{version}.tar.gz Source1: cyrus-sasl-rc.tar.bz2 Source2: README.Source Source3: baselibs.conf @@ -43,7 +43,7 @@ Patch6: cyrus-sasl-lfs.patch Patch7: fix_libpq-fe_include.diff PreReq: %fillup_prereq BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: db-devel +BuildRequires: gdbm-devel BuildRequires: krb5-devel BuildRequires: libtool BuildRequires: mysql-devel diff --git a/cyrus-sasl.changes b/cyrus-sasl.changes index dbfd28d..f963525 100644 --- a/cyrus-sasl.changes +++ b/cyrus-sasl.changes @@ -1,21 +1,11 @@ ------------------------------------------------------------------- -Thu Nov 28 20:07:43 UTC 2019 - Michael Ströder +Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly -- added backport-patch cyrus-sasl-bug587.patch which fixes - off-by-one error in _sasl_add_string function - (see CVE-2019-19906 bsc#1159635) - -------------------------------------------------------------------- -Sat Nov 17 10:14:14 UTC 2018 - Michael Ströder - -- removed patches obsoleted by upstream changes: - * shared_link_on_ppc.patch - * fix-sasl-header.diff - * cyrus-sasl-revert_gssapi_flags.patch - * cyrus-sasl-issue-402.patch - * cyrus-sasl-2.1.27-openssl-1.1.0.patch -- replaced cumlocal/ with m4/ in patches -- added fix_libpq-fe_include.diff for fixing including libpq-fe.h +- Remove Berkeley DB dependency (JIRA#SLE-12190) + The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build + without Berkely DB support. gdbm will be used instead of BDB. + The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build + with Berkely DB support. - Update to 2.1.27 * Added support for OpenSSL 1.1 * Added support for lmdb @@ -36,17 +26,46 @@ Sat Nov 17 10:14:14 UTC 2018 - Michael Ströder Don’t prompt client for password until requested by server * NTLM plugin: Fixed crash due to uninitialized HMAC context - -------------------------------------------------------------------- -Tue Feb 13 08:59:21 UTC 2018 - varkoly@suse.com - -- bsc#983938 `After=syslog.target` left-overs in several unit files - -------------------------------------------------------------------- -Thu Nov 23 13:38:18 UTC 2017 - rbrown@suse.com - - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) +- bsc#983938 `After=syslog.target` left-overs in several unit files +- added patches: + fix_libpq-fe_include.diff for fixing including libpq-fe.h + +- removed patches obsoleted by upstream changes: + * shared_link_on_ppc.patch + * cyrus-sasl-2.1.27-openssl-1.1.0.patch + * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * 0003-Check-return-error-from-gss_wrap_size_limit.patch + * 0004-Add-support-for-retrieving-the-mech_ssf.patch + * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + * cyrus-sasl-fix-logging-in-gssapi.patch + +------------------------------------------------------------------- +Thu Feb 6 17:50:21 UTC 2020 - Samuel Cabrero + +- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) + * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch + * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch +- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) + * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + +------------------------------------------------------------------- +Thu Nov 28 20:07:43 UTC 2019 - Michael Ströder + +- added backport-patch cyrus-sasl-bug587.patch which fixes + off-by-one error in _sasl_add_string function + (see CVE-2019-19906 bsc#1159635) + +------------------------------------------------------------------- +Mon Feb 4 15:13:25 UTC 2019 - Peter Varkoly + +- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1" + By server context the connection will be sent to the log function. + Client content does not have log level information. I.e. there is no + way to stop DEBUG level logs nece I've removed it. + * add cyrus-sasl-fix-logging-in-gssapi.patch ------------------------------------------------------------------- Mon Sep 4 10:01:17 UTC 2017 - vcizek@suse.com diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec index b7f64fe..3221159 100644 --- a/cyrus-sasl.spec +++ b/cyrus-sasl.spec @@ -25,7 +25,7 @@ Summary: Implementation of Cyrus SASL API License: BSD-4-Clause Group: Productivity/Networking/Other -Source: ftp://ftp.cyrusimap.org/%{name}/%{name}-%{version}.tar.gz +Source: %{name}-%{version}.tar.gz Source1: cyrus-sasl-rc.tar.bz2 Source2: README.Source Source3: baselibs.conf @@ -36,7 +36,7 @@ Patch5: cyrus-sasl-no_rpath.patch Patch6: cyrus-sasl-lfs.patch Patch7: fix_libpq-fe_include.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: db-devel +BuildRequires: gdbm-devel BuildRequires: krb5-mini-devel BuildRequires: libtool BuildRequires: openssl-devel diff --git a/pre_checkin.sh b/pre_checkin.sh index c9b89d8..d963b27 100644 --- a/pre_checkin.sh +++ b/pre_checkin.sh @@ -3,6 +3,11 @@ echo -n "Generating cyrus-sasl-saslauthd " cp cyrus-sasl.changes cyrus-sasl-saslauthd.changes +cp cyrus-sasl.changes cyrus-sasl-saslauthd.changes +cp cyrus-sasl.changes cyrus-sasl-bdb.changes +cp cyrus-sasl.changes cyrus-sasl-saslauthd-bdb.changes SASLVERSION=$(awk '/^Version/ {print $2; exit;} {next;};' < cyrus-sasl.spec) perl -pi -e "s/^Version:.*/Version: $SASLVERSION/" cyrus-sasl-saslauthd.spec +perl -pi -e "s/^Version:.*/Version: $SASLVERSION/" cyrus-sasl-bdb.spec +perl -pi -e "s/^Version:.*/Version: $SASLVERSION/" cyrus-sasl-saslauthd-bdb.spec echo "Done."