pool/cyrus-sasl
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 875610 from network

Browse Source 
- Fix build: Do not build libsasl2-3 in the bdb package. This will
  not be linked to berkely db. libsasl2-3 is now defined as
  %BuildRequires and %Requires

  The packages cyrus-sasl and cyrus-sasl-saslauthd are built
  The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
  The packages cyrus-sasl and cyrus-sasl-saslauthd are built
  The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root
  due to insecure tmp file usage. (bsc#1180669)
  Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary
  files.

  The packages cyrus-sasl and cyrus-sasl-saslauthd are built
  The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built

OBS-URL: https://build.opensuse.org/request/show/875610
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cyrus-sasl?expand=0&rev=61
This commit is contained in:
Richard Brown 2021-03-02 11:26:35 +00:00 committed by Git OBS Bridge
commit 67f4ad1df8
7 changed files with 39 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cyrus-sasl-bdb.changes
View File

@ -1,10 +1,17 @@
-------------------------------------------------------------------
Thu Feb 25 18:03:26 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- Fix build: Do not build libsasl2-3 in the bdb package. This will
not be linked to berkely db. libsasl2-3 is now defined as
%BuildRequires and %Requires
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly <varkoly@suse.com> Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly <varkoly@suse.com>
- Remove Berkeley DB dependency (JIRA#SLE-12190) - Remove Berkeley DB dependency (JIRA#SLE-12190)
The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build The packages cyrus-sasl and cyrus-sasl-saslauthd are built
without Berkely DB support. gdbm will be used instead of BDB. without Berkely DB support. gdbm will be used instead of BDB.
The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
with Berkely DB support. with Berkely DB support.
- Update to 2.1.27 - Update to 2.1.27
* Added support for OpenSSL 1.1 * Added support for OpenSSL 1.1

20
cyrus-sasl-bdb.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package cyrus-sasl-bdb # spec file for package cyrus-sasl-bdb
# #
# Copyright (c) 2020 SUSE LLC # Copyright (c) 2021 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -36,8 +36,10 @@ Patch5: cyrus-sasl-no_rpath.patch
Patch6: cyrus-sasl-lfs.patch Patch6: cyrus-sasl-lfs.patch
Patch7: fix_libpq-fe_include.diff Patch7: fix_libpq-fe_include.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: libsasl2-3
BuildRequires: db-devel BuildRequires: db-devel
BuildRequires: krb5-mini-devel BuildRequires: krb5-mini-devel
BuildRequires: libsasl2-3
BuildRequires: libtool BuildRequires: libtool
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: opie BuildRequires: opie
@ -52,49 +54,49 @@ Conflicts: cyrus-sasl
%package gssapi %package gssapi
Summary: Plugin for the GSSAPI SASL mechanism Summary: Plugin for the GSSAPI SASL mechanism
Group: Productivity/Networking/Other Group: Productivity/Networking/Other
Requires: cyrus-sasl = %{version} Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-gssapi Conflicts: cyrus-sasl-gssapi
%package crammd5 %package crammd5
Summary: Plugin for the CRAMMD5 SASL mechanism Summary: Plugin for the CRAMMD5 SASL mechanism
Group: Productivity/Networking/Other Group: Productivity/Networking/Other
Requires: cyrus-sasl = %{version} Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-crammd5 Conflicts: cyrus-sasl-crammd5
%package digestmd5 %package digestmd5
Summary: Plugin for the DIGESTMD5 SASL mechanism Summary: Plugin for the DIGESTMD5 SASL mechanism
Group: Productivity/Networking/Other Group: Productivity/Networking/Other
Requires: cyrus-sasl = %{version} Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-digestmd5 Conflicts: cyrus-sasl-digestmd5
%package otp %package otp
Summary: Plugin for the OTP SASL mechanism Summary: Plugin for the OTP SASL mechanism
Group: Productivity/Networking/Other Group: Productivity/Networking/Other
Requires: cyrus-sasl = %{version} Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-otp Conflicts: cyrus-sasl-otp
%package plain %package plain
Summary: Plugin for the PLAIN SASL mechanism Summary: Plugin for the PLAIN SASL mechanism
Group: Productivity/Networking/Other Group: Productivity/Networking/Other
Requires: cyrus-sasl = %{version} Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-plain Conflicts: cyrus-sasl-plain
%package ntlm %package ntlm
Summary: Plugin for the NTLM SASL mechanism Summary: Plugin for the NTLM SASL mechanism
Group: Productivity/Networking/Other Group: Productivity/Networking/Other
Requires: cyrus-sasl = %{version} Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-ntlm Conflicts: cyrus-sasl-ntlm
%package gs2 %package gs2
Summary: Plugin for the GS2 SASL mechanism Summary: Plugin for the GS2 SASL mechanism
Group: Productivity/Networking/Other Group: Productivity/Networking/Other
Requires: cyrus-sasl = %{version} Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-gs2 Conflicts: cyrus-sasl-gs2
%package scram %package scram
Summary: Plugin for the SCRAM SASL mechanism Summary: Plugin for the SCRAM SASL mechanism
Group: Productivity/Networking/Other Group: Productivity/Networking/Other
Requires: cyrus-sasl = %{version} Requires: cyrus-sasl-bdb = %{version}
Conflicts: cyrus-sasl-scram Conflicts: cyrus-sasl-scram
%package devel %package devel

4
cyrus-sasl-saslauthd-bdb.changes
View File

@ -2,9 +2,9 @@
Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly <varkoly@suse.com> Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly <varkoly@suse.com>
- Remove Berkeley DB dependency (JIRA#SLE-12190) - Remove Berkeley DB dependency (JIRA#SLE-12190)
The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build The packages cyrus-sasl and cyrus-sasl-saslauthd are built
without Berkely DB support. gdbm will be used instead of BDB. without Berkely DB support. gdbm will be used instead of BDB.
The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
with Berkely DB support. with Berkely DB support.
- Update to 2.1.27 - Update to 2.1.27
* Added support for OpenSSL 1.1 * Added support for OpenSSL 1.1

2
cyrus-sasl-saslauthd-bdb.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package cyrus-sasl-saslauthd-bdb # spec file for package cyrus-sasl-saslauthd-bdb
# #
# Copyright (c) 2020 SUSE LLC # Copyright (c) 2021 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed

2
cyrus-sasl-saslauthd.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package cyrus-sasl-saslauthd # spec file for package cyrus-sasl-saslauthd
# #
# Copyright (c) 2020 SUSE LLC # Copyright (c) 2021 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed

12
cyrus-sasl.changes
View File

@ -1,10 +1,18 @@
-------------------------------------------------------------------
Fri Jan 8 11:32:42 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root
due to insecure tmp file usage. (bsc#1180669)
Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary
files.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly <varkoly@suse.com> Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly <varkoly@suse.com>
- Remove Berkeley DB dependency (JIRA#SLE-12190) - Remove Berkeley DB dependency (JIRA#SLE-12190)
The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build The packages cyrus-sasl and cyrus-sasl-saslauthd are built
without Berkely DB support. gdbm will be used instead of BDB. without Berkely DB support. gdbm will be used instead of BDB.
The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
with Berkely DB support. with Berkely DB support.
- Update to 2.1.27 - Update to 2.1.27
* Added support for OpenSSL 1.1 * Added support for OpenSSL 1.1

9
cyrus-sasl.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package cyrus-sasl # spec file for package cyrus-sasl
# #
# Copyright (c) 2020 SUSE LLC # Copyright (c) 2021 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -112,7 +112,6 @@ Conflicts: cyrus-sasl-devel-bdb
%package -n libsasl2-3 %package -n libsasl2-3
Summary: Simple Authentication and Security Layer (SASL) library Summary: Simple Authentication and Security Layer (SASL) library
Group: System/Libraries Group: System/Libraries
Conflicts: libsasl2-3-bdb
%description %description
This is the Cyrus SASL API. It can be used on the client or server side This is the Cyrus SASL API. It can be used on the client or server side
@ -218,7 +217,7 @@ find "%buildroot" -type f -name "*.la" -print -delete
#Convert password file from berkely into gdbm #Convert password file from berkely into gdbm
#In %pre the existing file will be dumped out #In %pre the existing file will be dumped out
if [ -e /etc/sasldb2 ]; then if [ -e /etc/sasldb2 ]; then
cat <<EOF > /tmp/saslpw.awk cat <<EOF > /var/adm/update-scripts/saslpw.awk
{ {
split(\$0,b,/\\\00/) split(\$0,b,/\\\00/)
if( b[3] == "userPassword" ) { if( b[3] == "userPassword" ) {
@ -233,7 +232,8 @@ cat <<EOF > /tmp/saslpw.awk
} }
} }
EOF EOF
db_dump -p /etc/sasldb2 | gawk -f /tmp/saslpw.awk > /var/adm/update-scripts/saslpwd db_dump -p /etc/sasldb2 | gawk -f /var/adm/update-scripts/saslpw.awk > /var/adm/update-scripts/saslpwd
rm -f /var/adm/update-scripts/saslpw.awk
mv /etc/sasldb2 /etc/sasldb2-back mv /etc/sasldb2 /etc/sasldb2-back
fi fi
@ -241,6 +241,7 @@ fi
if [ -e /var/adm/update-scripts/saslpwd ]; then if [ -e /var/adm/update-scripts/saslpwd ]; then
chmod 755 /var/adm/update-scripts/saslpwd chmod 755 /var/adm/update-scripts/saslpwd
/var/adm/update-scripts/saslpwd /var/adm/update-scripts/saslpwd
rm -f /var/adm/update-scripts/saslpwd
fi fi
%post -n %lname -p /sbin/ldconfig %post -n %lname -p /sbin/ldconfig