diff --git a/0003-Prevent-double-free-of-RC4-context.patch b/0003-Prevent-double-free-of-RC4-context.patch deleted file mode 100644 index 3e1e3384c4bbaff867c3e7dba9eb01570228ce35..0000000000000000000000000000000000000000 --- a/0003-Prevent-double-free-of-RC4-context.patch +++ /dev/null @@ -1,34 +0,0 @@ -From ca6c587cc9da51235b125a97e841fa786aaad7ff Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Tue, 16 Apr 2019 10:18:43 -0400 -Subject: [PATCH 3/3] Prevent double free of RC4 context - -Signed-off-by: Simo Sorce ---- - plugins/digestmd5.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c -index f184c16..df35093 100644 ---- a/plugins/digestmd5.c -+++ b/plugins/digestmd5.c -@@ -1224,8 +1224,14 @@ static void free_rc4(context_t *text) - { - /* free rc4 context structures */ - -- if(text->cipher_enc_context) text->utils->free(text->cipher_enc_context); -- if(text->cipher_dec_context) text->utils->free(text->cipher_dec_context); -+ if (text->cipher_enc_context) { -+ text->utils->free(text->cipher_enc_context); -+ text->cipher_enc_context = NULL; -+ } -+ if (text->cipher_dec_context) { -+ text->utils->free(text->cipher_dec_context); -+ text->cipher_dec_context = NULL; -+ } - } - - static int init_rc4(context_t *text, --- -2.7.4 - diff --git a/backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch b/backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch deleted file mode 100644 index 87c77b5404b55f3a26b930476f9eaf2fbe7191c5..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 9eff746c9daecbcc0041b09a5a51ba30738cdcbc Mon Sep 17 00:00:00 2001 -From: Klaus Espenlaub -Date: Tue, 8 Feb 2022 20:34:40 +0000 -Subject: [PATCH] CVE-2022-24407 Escape password for SQL insert/update - commands. - -Signed-off-by: Klaus Espenlaub ---- - plugins/sql.c | 26 +++++++++++++++++++++++--- - 1 file changed, 23 insertions(+), 3 deletions(-) - -diff --git a/plugins/sql.c b/plugins/sql.c -index 31b54a7..6ac81c2 100644 ---- a/plugins/sql.c -+++ b/plugins/sql.c -@@ -1151,6 +1151,7 @@ static int sql_auxprop_store(void *glob_context, - char *statement = NULL; - char *escap_userid = NULL; - char *escap_realm = NULL; -+ char *escap_passwd = NULL; - const char *cmd; - - sql_settings_t *settings; -@@ -1222,6 +1223,11 @@ static int sql_auxprop_store(void *glob_context, - "Unable to begin transaction\n"); - } - for (cur = to_store; ret == SASL_OK && cur->name; cur++) { -+ /* Free the buffer, current content is from previous loop. */ -+ if (escap_passwd) { -+ sparams->utils->free(escap_passwd); -+ escap_passwd = NULL; -+ } - - if (cur->name[0] == '*') { - continue; -@@ -1243,19 +1249,32 @@ static int sql_auxprop_store(void *glob_context, - } - sparams->utils->free(statement); - -+ if (cur->values[0]) { -+ escap_passwd = (char *)sparams->utils->malloc(strlen(cur->values[0])*2+1); -+ if (!escap_passwd) { -+ ret = SASL_NOMEM; -+ break; -+ } -+ settings->sql_engine->sql_escape_str(escap_passwd, cur->values[0]); -+ } -+ - /* create a statement that we will use */ - statement = sql_create_statement(cmd, cur->name, escap_userid, - escap_realm, -- cur->values && cur->values[0] ? -- cur->values[0] : SQL_NULL_VALUE, -+ escap_passwd ? -+ escap_passwd : SQL_NULL_VALUE, - sparams->utils); -+ if (!statement) { -+ ret = SASL_NOMEM; -+ break; -+ } - - { - char *log_statement = - sql_create_statement(cmd, cur->name, - escap_userid, - escap_realm, -- cur->values && cur->values[0] ? -+ escap_passwd ? - "" : SQL_NULL_VALUE, - sparams->utils); - sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG, -@@ -1288,6 +1307,7 @@ static int sql_auxprop_store(void *glob_context, - done: - if (escap_userid) sparams->utils->free(escap_userid); - if (escap_realm) sparams->utils->free(escap_realm); -+ if (escap_passwd) sparams->utils->free(escap_passwd); - if (conn) settings->sql_engine->sql_close(conn); - if (userid) sparams->utils->free(userid); - if (realm) sparams->utils->free(realm); --- -1.8.3.1 - diff --git a/backport-Fix-earlier-554-commit-to-use-fetch_errno-instead-of.patch b/backport-Fix-earlier-554-commit-to-use-fetch_errno-instead-of.patch new file mode 100644 index 0000000000000000000000000000000000000000..7c733d7b25287b52b1ae9c4243bed08b9216ae65 --- /dev/null +++ b/backport-Fix-earlier-554-commit-to-use-fetch_errno-instead-of.patch @@ -0,0 +1,27 @@ +From 92be047033d56c29473223c44985592b1290a701 Mon Sep 17 00:00:00 2001 +From: Quanah Gibson-Mount +Date: Tue, 3 May 2022 16:31:37 +0000 +Subject: [PATCH] Fix earlier #554 commit to use fetch_errno instead of + gdbm_errno + +Signed-off-by: Quanah Gibson-Mount +--- + sasldb/db_gdbm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c +index 5f658ce2..59e8fd74 100644 +--- a/sasldb/db_gdbm.c ++++ b/sasldb/db_gdbm.c +@@ -119,7 +119,7 @@ int _sasldb_getdata(const sasl_utils_t *utils, + } else { + utils->seterror(conn, 0, + "Couldn't fetch entry from %s: gdbm_errno=%d", +- path, gdbm_errno); ++ path, fetch_errno); + result = SASL_FAIL; + } + goto cleanup; +-- +2.27.0 + diff --git a/backport-configure-fix-check-for-dlsym-underscore.patch b/backport-configure-fix-check-for-dlsym-underscore.patch deleted file mode 100644 index 23f15b54ebfda14c2f1d1edbb03030d7e440e7dd..0000000000000000000000000000000000000000 --- a/backport-configure-fix-check-for-dlsym-underscore.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 999255e05719f61bdbce8125be2ee774493aa64a Mon Sep 17 00:00:00 2001 -From: Ignacio Casal Quinteiro -Date: Wed, 3 Mar 2021 09:18:09 +0100 -Subject: [PATCH] configure: fix check for dlsym underscore - -The exit function requires to include stdlib otherwise -this will fail on new versions of MacOS - -Signed-off-by: Ignacio Casal Quinteiro ---- - configure.ac | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/configure.ac b/configure.ac -index a106d35..f3e5ddc 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -216,6 +216,7 @@ if test $sasl_cv_uscore = yes; then - AC_CACHE_VAL(sasl_cv_dlsym_adds_uscore,AC_TRY_RUN( [ - #include - #include -+#include - void foo() { int i=0;} - int main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY); - if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo"); --- -1.8.3.1 - diff --git a/backport-configure.ac-avoid-side-effects-in-AC_CACHE_VAL.patch b/backport-configure.ac-avoid-side-effects-in-AC_CACHE_VAL.patch deleted file mode 100644 index afc2cafec9136339a8a368c525a6d173926a6082..0000000000000000000000000000000000000000 --- a/backport-configure.ac-avoid-side-effects-in-AC_CACHE_VAL.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 15cbc14aeb4b754b1b3db65f7c892c7deabaab41 Mon Sep 17 00:00:00 2001 -From: Pavel Raiskup -Date: Thu, 1 Apr 2021 17:17:52 +0200 -Subject: [PATCH] configure.ac: avoid side-effects in AC_CACHE_VAL - -In the COMMANDS-TO-SET-IT argument, per Autoconf docs: -https://www.gnu.org/software/autoconf/manual/autoconf-2.63/html_node/Caching-Results.html - -Signed-off-by: Pavel Raiskup ---- - configure.ac | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index f3e5ddc..79c93c8 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -221,11 +221,14 @@ void foo() { int i=0;} - int main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY); - if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo"); - if(ptr1 && !ptr2) exit(0); } exit(1); } --], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no -- AC_DEFINE(DLSYM_NEEDS_UNDERSCORE, [], [Do we need a leading _ for dlsym?]), -+], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no, - AC_MSG_WARN(cross-compiler, we'll do our best))) - LIBS="$cmu_save_LIBS" - AC_MSG_RESULT($sasl_cv_dlsym_adds_uscore) -+ -+ if test "$sasl_cv_dlsym_adds_uscore" = no; then -+ AC_DEFINE(DLSYM_NEEDS_UNDERSCORE, [], [Do we need a leading _ for dlsym?]) -+ fi - fi - fi - --- -1.8.3.1 - diff --git a/backport-configure.ac-properly-quote-macro-arguments.patch b/backport-configure.ac-properly-quote-macro-arguments.patch deleted file mode 100644 index 91643485e56fc82a8792358d39325e695f7a089f..0000000000000000000000000000000000000000 --- a/backport-configure.ac-properly-quote-macro-arguments.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 5664c3f535289ce9efb513a2897991b5c436bb44 Mon Sep 17 00:00:00 2001 -From: Pavel Raiskup -Date: Thu, 1 Apr 2021 17:26:28 +0200 -Subject: [PATCH] configure.ac: properly quote macro arguments - -Autoconf 2.70+ is more picky about the quotation (even though with -previous versions the arguments should have been quoted, too). When we -don't quote macros inside the AC_CACHE_VAL macro - some of the Autoconf -initialization is wrongly ordered in ./configure script and we keep -seeing bugs like: - - ./configure: line 2165: ac_fn_c_try_run: command not found - -Original report: https://bugzilla.redhat.com/1943013 - -Signed-off-by: Pavel Raiskup ---- - configure.ac | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 79c93c8..aa0dc38 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -213,7 +213,8 @@ if test $sasl_cv_uscore = yes; then - AC_MSG_CHECKING(whether dlsym adds the underscore for us) - cmu_save_LIBS="$LIBS" - LIBS="$LIBS $SASL_DL_LIB" -- AC_CACHE_VAL(sasl_cv_dlsym_adds_uscore,AC_TRY_RUN( [ -+ AC_CACHE_VAL([sasl_cv_dlsym_adds_uscore], -+ [AC_TRY_RUN([ - #include - #include - #include -@@ -221,8 +222,8 @@ void foo() { int i=0;} - int main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY); - if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo"); - if(ptr1 && !ptr2) exit(0); } exit(1); } --], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no, -- AC_MSG_WARN(cross-compiler, we'll do our best))) -+], [sasl_cv_dlsym_adds_uscore=yes], [sasl_cv_dlsym_adds_uscore=no], -+ [AC_MSG_WARN(cross-compiler, we'll do our best)])]) - LIBS="$cmu_save_LIBS" - AC_MSG_RESULT($sasl_cv_dlsym_adds_uscore) - --- -1.8.3.1 - diff --git a/backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch b/backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch deleted file mode 100644 index 63f63ef710d9dd66ff4e22a8914318f5c472eced..0000000000000000000000000000000000000000 --- a/backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch +++ /dev/null @@ -1,32 +0,0 @@ -From af48f6fec9a7b6374d4153c5db894d4a1f349645 Mon Sep 17 00:00:00 2001 -From: Jonas Jelten -Date: Sat, 2 Feb 2019 20:53:37 +0100 -Subject: [PATCH] db_gdbm: fix gdbm_errno overlay from gdbm_close - -`gdbm_close` also sets gdbm_errno since version 1.17. -This leads to a problem in `libsasl` as the `gdbm_close` incovation overlays -the `gdbm_errno` value which is then later used for the error handling. ---- - sasldb/db_gdbm.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c -index ee56a6b..c908808 100644 ---- a/sasldb/db_gdbm.c -+++ b/sasldb/db_gdbm.c -@@ -107,9 +107,11 @@ int _sasldb_getdata(const sasl_utils_t *utils, - gkey.dptr = key; - gkey.dsize = key_len; - gvalue = gdbm_fetch(db, gkey); -+ int fetch_errno = gdbm_errno; -+ - gdbm_close(db); - if (! gvalue.dptr) { -- if (gdbm_errno == GDBM_ITEM_NOT_FOUND) { -+ if (fetch_errno == GDBM_ITEM_NOT_FOUND) { - utils->seterror(conn, SASL_NOLOG, - "user: %s@%s property: %s not found in %s", - authid, realm, propName, path); --- -1.8.3.1 - diff --git a/cyrus-sasl-2.1.27.tar.gz b/cyrus-sasl-2.1.28.tar.gz similarity index 36% rename from cyrus-sasl-2.1.27.tar.gz rename to cyrus-sasl-2.1.28.tar.gz index 98151191857452f5d99a531ef01add6440b89487..f2ab8947193388ec442cf557dfb00c0965bec458 100644 Binary files a/cyrus-sasl-2.1.27.tar.gz and b/cyrus-sasl-2.1.28.tar.gz differ diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec index f5a87e6295889f6de1074adb4b4fa5835a1c6861..55e80dad820d44e309b8194f88a4b8d2fa5a09ac 100644 --- a/cyrus-sasl.spec +++ b/cyrus-sasl.spec @@ -5,23 +5,17 @@ %global bootstrap_cyrus_sasl 0 Name: cyrus-sasl -Version: 2.1.27 -Release: 15 +Version: 2.1.28 +Release: 1 Summary: The Cyrus SASL API Implementation License: BSD with advertising URL: https://www.cyrusimap.org/sasl/ -Source0: https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-2.1.27/cyrus-sasl-2.1.27.tar.gz +Source0: https://github.com/cyrusimap/cyrus-sasl/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz Source1: saslauthd.service Source2: saslauthd.sysconfig -Patch0: 0003-Prevent-double-free-of-RC4-context.patch -Patch1: fix-CVE-2019-19906.patch -Patch2: backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch -Patch3: backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch -Patch4: backport-configure-fix-check-for-dlsym-underscore.patch -Patch5: backport-configure.ac-avoid-side-effects-in-AC_CACHE_VAL.patch -Patch6: backport-configure.ac-properly-quote-macro-arguments.patch +Patch1: backport-Fix-earlier-554-commit-to-use-fetch_errno-instead-of.patch BuildRequires: autoconf, automake, libtool, gdbm-devel, groff BuildRequires: krb5-devel >= 1.2.2, openssl-devel, pam-devel, pkgconfig @@ -264,6 +258,9 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir} %changelog +* Tue Oct 25 2022 yixiangzhike - 2.1.28-1 +- update to 2.1.28 + * Tue Sep 20 2022 yixiangzhike - 2.1.27-15 - saslauthd always restart with 1s diff --git a/fix-CVE-2019-19906.patch b/fix-CVE-2019-19906.patch deleted file mode 100644 index 09f3a1d10f9e81abd84f685ccf05d08b696be617..0000000000000000000000000000000000000000 --- a/fix-CVE-2019-19906.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 58aa420b5a0f5e7e5e88f2228f318fb12da5bb13 Mon Sep 17 00:00:00 2001 -From: guoxiaoqi2 -Date: Tue, 21 Jan 2020 17:59:49 -0500 -Subject: [PATCH] fix CVE-2019-19906 - -Signed-off-by: guoxiaoqi2 ---- - lib/common.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/common.c b/lib/common.c -index 305311d..445c5d5 100644 ---- a/lib/common.c -+++ b/lib/common.c -@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen, - - if (add==NULL) add = "(null)"; - -- addlen=strlen(add); /* only compute once */ -+ addlen=strlen(add)+1; /* only compute once */ - if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK) - return SASL_NOMEM; - --- -1.8.3.1 -