mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-05-08 22:06:43 +02:00
main/cyrus-sasl: security upgrade to 2.1.28 (CVE-2022-24407)
(cherry picked from commit b7d6b4cc1a52b5cc58188c27cff7f47f40a0c95f)
This commit is contained in:
J0WI
Natanael Copa
parent
7b889b7851
commit
aa3b424a53
@ -1,8 +1,8 @@
|
||||
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
|
||||
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
|
||||
pkgname=cyrus-sasl
|
||||
pkgver=2.1.27
|
||||
pkgrel=12
|
||||
pkgver=2.1.28
|
||||
pkgrel=0
|
||||
pkgdesc="Cyrus Simple Authentication Service Layer (SASL)"
|
||||
url="https://www.cyrusimap.org/sasl/"
|
||||
arch="all"
|
||||
@ -35,18 +35,12 @@ makedepends="
|
||||
libtool
|
||||
"
|
||||
source="https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-$pkgver/cyrus-sasl-$pkgver.tar.gz
|
||||
cyrus-sasl-2.1.27-as_needed.patch
|
||||
cyrus-sasl-2.1.27-avoid_pic_overwrite.patch
|
||||
cyrus-sasl-2.1.27-dbm-errno.patch
|
||||
cyrus-sasl-2.1.27-doc_build_fix.patch
|
||||
cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch
|
||||
CVE-2019-19906.patch
|
||||
fix-saslauthd-man-page.patch
|
||||
autoconf-270.patch
|
||||
saslauthd.initd
|
||||
"
|
||||
|
||||
# secfixes:
|
||||
# 2.1.28-r0:
|
||||
# - CVE-2022-24407
|
||||
# 2.1.27-r5:
|
||||
# - CVE-2019-19906
|
||||
# 2.1.26-r7:
|
||||
@ -123,14 +117,6 @@ libsasl() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
d11549a99b3b06af79fc62d5478dba3305d7e7cc0824f4b91f0d2638daafbe940623eab235f85af9be38dcf5d42fc131db531c177040a85187aee5096b8df63b cyrus-sasl-2.1.27.tar.gz
|
||||
9eefa6d45e3dd9157a5672909acdd88f0ae35e76d64c3723890a474bbb05b22499cfadb0c077924d27f34da3710b2b700094dd7d5704050138c08dabcefdde94 cyrus-sasl-2.1.27-as_needed.patch
|
||||
4ca601839b023ef790e48dae567ffbbd57c632384c980946639ec7437ad23874961451718569455e6e25afaeff1728ecbc71a8686f6b43246f83465f95a2c904 cyrus-sasl-2.1.27-avoid_pic_overwrite.patch
|
||||
d7dfdf520d16a79f265708d1c6938bd24bd26b9a0ff9b7fcbfc95c494af7f44220080bd3f79d0486bb6fc30b4a9a269adb7836bc593eacca99a1ef549ce58a9e cyrus-sasl-2.1.27-dbm-errno.patch
|
||||
6d723e7ec2c431b45c011b887187b6a670dbe646aa4c39d38171047ab23db529c30c433f8d4dd624181917c5ce4e5271f86e35e2644ede1c40dfb09cb67dccde cyrus-sasl-2.1.27-doc_build_fix.patch
|
||||
fca4f2b7e427c7613f71daa4a31772c33c8c0fe9d7f85b57b85da71bc5a88a18fc52f7caea463188b4addd31cd041d5349af689d5face2cc45fb50c700a8afd7 cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch
|
||||
c39efd87dc9c883d3b07474197f6835fbd32f23baa1f5cd04b25a0473639f847321c40f232e390d4dc9d9ee189dbd177c05d3d1461af4d28a48a4827abc5d9b8 CVE-2019-19906.patch
|
||||
ce4ce9ac1fbca22b545996796101d7712dcc6a9d5b375fc2fbab5e7c6b937ac335b36b9a734c64cab552e2b806433f088683239ae30b82bfff3783bd1bb5b627 fix-saslauthd-man-page.patch
|
||||
587c8af4e1327c76d73feb15d67e8b5b4f60f15b33bc9e8c6b3cccf9de4532d8ed6dbd5c7e70223312edae662bffc8dfc94ba85b9984d2ef461c3a9e86b84ddd autoconf-270.patch
|
||||
db15af9079758a9f385457a79390c8a7cd7ea666573dace8bf4fb01bb4b49037538d67285727d6a70ad799d2e2318f265c9372e2427de9371d626a1959dd6f78 cyrus-sasl-2.1.28.tar.gz
|
||||
f76bfb61567172428cdbc1ed900d5e0b6e66afc38118db6ba0e2fd8ba01956ad896e56463b2249bdc46d8725384f1b975a2af3601c0735327d3f8bc26ce1ed75 saslauthd.initd
|
||||
"
|
||||
|
||||
@ -1,15 +0,0 @@
|
||||
https://github.com/cyrusimap/cyrus-sasl/issues/587
|
||||
|
||||
diff --git a/lib/common.c b/lib/common.c
|
||||
index bc3bf1df..9969d6aa 100644
|
||||
--- a/lib/common.c
|
||||
+++ b/lib/common.c
|
||||
@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
|
||||
|
||||
if (add==NULL) add = "(null)";
|
||||
|
||||
- addlen=strlen(add); /* only compute once */
|
||||
+ addlen=strlen(add)+1; /* only compute once */
|
||||
if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
|
||||
return SASL_NOMEM;
|
||||
|
||||
@ -1,75 +0,0 @@
|
||||
From 3b0149cf3d235247b051b7cb7663bc3dadbb999b Mon Sep 17 00:00:00 2001
|
||||
From: Pavel Raiskup <praiskup@redhat.com>
|
||||
Date: Thu, 1 Apr 2021 17:17:52 +0200
|
||||
Subject: [PATCH] configure.ac: avoid side-effects in AC_CACHE_VAL
|
||||
|
||||
In the COMMANDS-TO-SET-IT argument, per Autoconf docs:
|
||||
https://www.gnu.org/software/autoconf/manual/autoconf-2.63/html_node/Caching-Results.html
|
||||
---
|
||||
configure.ac | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index a106d35e..d333496d 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -220,11 +220,14 @@ void foo() { int i=0;}
|
||||
int main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY);
|
||||
if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo");
|
||||
if(ptr1 && !ptr2) exit(0); } exit(1); }
|
||||
-], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no
|
||||
- AC_DEFINE(DLSYM_NEEDS_UNDERSCORE, [], [Do we need a leading _ for dlsym?]),
|
||||
+], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no,
|
||||
AC_MSG_WARN(cross-compiler, we'll do our best)))
|
||||
LIBS="$cmu_save_LIBS"
|
||||
AC_MSG_RESULT($sasl_cv_dlsym_adds_uscore)
|
||||
+
|
||||
+ if test "$sasl_cv_dlsym_adds_uscore" = no; then
|
||||
+ AC_DEFINE(DLSYM_NEEDS_UNDERSCORE, [], [Do we need a leading _ for dlsym?])
|
||||
+ fi
|
||||
fi
|
||||
fi
|
||||
|
||||
From d3bcaf62f6213e7635e9c4a574f39a831e333980 Mon Sep 17 00:00:00 2001
|
||||
From: Pavel Raiskup <praiskup@redhat.com>
|
||||
Date: Thu, 1 Apr 2021 17:26:28 +0200
|
||||
Subject: [PATCH] configure.ac: properly quote macro arguments
|
||||
|
||||
Autoconf 2.70+ is more picky about the quotation (even though with
|
||||
previous versions the arguments should have been quoted, too). When we
|
||||
don't quote macros inside the AC_CACHE_VAL macro - some of the Autoconf
|
||||
initialization is wrongly ordered in ./configure script and we keep
|
||||
seeing bugs like:
|
||||
|
||||
./configure: line 2165: ac_fn_c_try_run: command not found
|
||||
|
||||
Original report: https://bugzilla.redhat.com/1943013
|
||||
---
|
||||
configure.ac | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index d333496d..7281cba0 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -213,15 +213,16 @@ if test $sasl_cv_uscore = yes; then
|
||||
AC_MSG_CHECKING(whether dlsym adds the underscore for us)
|
||||
cmu_save_LIBS="$LIBS"
|
||||
LIBS="$LIBS $SASL_DL_LIB"
|
||||
- AC_CACHE_VAL(sasl_cv_dlsym_adds_uscore,AC_TRY_RUN( [
|
||||
+ AC_CACHE_VAL([sasl_cv_dlsym_adds_uscore],
|
||||
+ [AC_TRY_RUN([
|
||||
#include <dlfcn.h>
|
||||
#include <stdio.h>
|
||||
void foo() { int i=0;}
|
||||
int main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY);
|
||||
if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo");
|
||||
if(ptr1 && !ptr2) exit(0); } exit(1); }
|
||||
-], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no,
|
||||
- AC_MSG_WARN(cross-compiler, we'll do our best)))
|
||||
+], [sasl_cv_dlsym_adds_uscore=yes], [sasl_cv_dlsym_adds_uscore=no],
|
||||
+ [AC_MSG_WARN(cross-compiler, we'll do our best)])])
|
||||
LIBS="$cmu_save_LIBS"
|
||||
AC_MSG_RESULT($sasl_cv_dlsym_adds_uscore)
|
||||
|
||||
|
||||
@ -1,25 +0,0 @@
|
||||
Author: Matthias Klose <doko@ubuntu.com>
|
||||
Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
|
||||
it.
|
||||
--- cyrus-sasl-2.1.27/saslauthd/Makefile.am
|
||||
+++ cyrus-sasl-2.1.27/saslauthd/Makefile.am
|
||||
@@ -25,7 +25,7 @@
|
||||
saslauthd_DEPENDENCIES = saslauthd-main.o $(LTLIBOBJS_FULL)
|
||||
saslauthd_LDADD = @SASL_KRB_LIB@ \
|
||||
@GSSAPIBASE_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
|
||||
- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
|
||||
+ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
|
||||
|
||||
testsaslauthd_SOURCES = testsaslauthd.c utils.c
|
||||
testsaslauthd_LDADD = @LIB_SOCKET@
|
||||
--- cyrus-sasl-2.1.27/sasldb/Makefile.am
|
||||
+++ cyrus-sasl-2.1.27/sasldb/Makefile.am
|
||||
@@ -54,6 +54,6 @@
|
||||
|
||||
libsasldb_la_SOURCES = allockey.c sasldb.h
|
||||
EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
|
||||
-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
|
||||
-libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
|
||||
+libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
|
||||
+libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
|
||||
libsasldb_la_LDFLAGS = -no-undefined
|
||||
@ -1,17 +0,0 @@
|
||||
Author: Fabian Fagerholm <fabbe@debian.org>
|
||||
Description: This patch makes sure the non-PIC version of libsasldb.a, which
|
||||
is created out of non-PIC objects, is not going to overwrite the PIC version,
|
||||
which is created out of PIC objects. The PIC version is placed in .libs, and
|
||||
the non-PIC version in the current directory. This ensures that both non-PIC
|
||||
and PIC versions are available in the correct locations.
|
||||
--- cyrus-sasl-2.1.27/lib/Makefile.am
|
||||
+++ cyrus-sasl-2.1.27/lib/Makefile.am
|
||||
@@ -98,7 +98,7 @@
|
||||
|
||||
libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS)
|
||||
@echo adding static plugins and dependencies
|
||||
- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS)
|
||||
+ $(AR) cru $@ $(SASL_STATIC_OBJS)
|
||||
@for i in ./libsasl2.la ../common/libplugin_common.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
|
||||
if test ! -f $$i; then continue; fi; . $$i; \
|
||||
for j in $$dependency_libs foo; do \
|
||||
@ -1,29 +0,0 @@
|
||||
From af48f6fec9a7b6374d4153c5db894d4a1f349645 Mon Sep 17 00:00:00 2001
|
||||
From: Jonas Jelten <jj@sft.mx>
|
||||
Date: Sat, 2 Feb 2019 20:53:37 +0100
|
||||
Subject: [PATCH] db_gdbm: fix gdbm_errno overlay from gdbm_close
|
||||
|
||||
`gdbm_close` also sets gdbm_errno since version 1.17.
|
||||
This leads to a problem in `libsasl` as the `gdbm_close` incovation overlays
|
||||
the `gdbm_errno` value which is then later used for the error handling.
|
||||
---
|
||||
sasldb/db_gdbm.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c
|
||||
index ee56a6bf..c908808e 100644
|
||||
--- a/sasldb/db_gdbm.c
|
||||
+++ b/sasldb/db_gdbm.c
|
||||
@@ -107,9 +107,11 @@ int _sasldb_getdata(const sasl_utils_t *utils,
|
||||
gkey.dptr = key;
|
||||
gkey.dsize = key_len;
|
||||
gvalue = gdbm_fetch(db, gkey);
|
||||
+ int fetch_errno = gdbm_errno;
|
||||
+
|
||||
gdbm_close(db);
|
||||
if (! gvalue.dptr) {
|
||||
- if (gdbm_errno == GDBM_ITEM_NOT_FOUND) {
|
||||
+ if (fetch_errno == GDBM_ITEM_NOT_FOUND) {
|
||||
utils->seterror(conn, SASL_NOLOG,
|
||||
"user: %s@%s property: %s not found in %s",
|
||||
authid, realm, propName, path);
|
||||
@ -1,11 +0,0 @@
|
||||
--- cyrus-sasl-2.1.27/docsrc/exts/sphinxlocal/writers/manpage.py
|
||||
+++ cyrus-sasl-2.1.27/docsrc/exts/sphinxlocal/writers/manpage.py
|
||||
@@ -23,7 +23,7 @@
|
||||
from sphinx import addnodes
|
||||
from sphinx.locale import admonitionlabels, _
|
||||
from sphinx.util.osutil import ustrftime
|
||||
-from sphinx.util.compat import docutils_version
|
||||
+#from sphinx.util.compat import docutils_version
|
||||
|
||||
class CyrusManualPageWriter(ManualPageWriter):
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
Gentoo bug #389349
|
||||
--- cyrus-sasl-2.1.27/m4/sasl2.m4
|
||||
+++ cyrus-sasl-2.1.27/m4/sasl2.m4
|
||||
@@ -220,7 +220,11 @@
|
||||
[AC_WARN([Cybersafe define not found])])
|
||||
|
||||
elif test "$ac_cv_header_gssapi_h" = "yes"; then
|
||||
- AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi.h,
|
||||
+ AC_EGREP_CPP(hostbased_service_gss_nt_yes, gssapi.h,
|
||||
+ [#include <gssapi.h>
|
||||
+ #ifdef GSS_C_NT_HOSTBASED_SERVICE
|
||||
+ hostbased_service_gss_nt_yes
|
||||
+ #endif],
|
||||
[AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,,
|
||||
[Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE])])
|
||||
elif test "$ac_cv_header_gssapi_gssapi_h"; then
|
||||
@ -1,31 +0,0 @@
|
||||
Fixes https://gitlab.alpinelinux.org/alpine/aports/-/issues/12342
|
||||
|
||||
See: https://github.com/cyrusimap/cyrus-sasl/pull/569
|
||||
|
||||
diff -upr cyrus-sasl-2.1.27.orig/saslauthd/Makefile.am cyrus-sasl-2.1.27/saslauthd/Makefile.am
|
||||
--- cyrus-sasl-2.1.27.orig/saslauthd/Makefile.am 2021-01-23 12:19:13.058918319 +0100
|
||||
+++ cyrus-sasl-2.1.27/saslauthd/Makefile.am 2021-01-23 12:20:07.132516526 +0100
|
||||
@@ -32,20 +32,15 @@ testsaslauthd_LDADD = @LIB_SOCKET@
|
||||
|
||||
saslcache_SOURCES = saslcache.c
|
||||
|
||||
-EXTRA_DIST = saslauthd.8 saslauthd.mdoc include \
|
||||
+EXTRA_DIST = saslauthd.mdoc include \
|
||||
getnameinfo.c getaddrinfo.c LDAP_SASLAUTHD
|
||||
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_builddir)/common -I$(top_srcdir)/common
|
||||
DEFS = @DEFS@ -DSASLAUTHD_CONF_FILE_DEFAULT=\"@sysconfdir@/saslauthd.conf\" -I. -I$(srcdir) -I..
|
||||
|
||||
|
||||
-dist-hook: saslauthd.8
|
||||
-
|
||||
-saslauthd.8: saslauthd.mdoc
|
||||
- nroff -mdoc $(srcdir)/saslauthd.mdoc > $(srcdir)/saslauthd.8
|
||||
-
|
||||
-install-data-local: saslauthd.8
|
||||
+install-data-local: saslauthd.mdoc
|
||||
$(mkinstalldirs) $(DESTDIR)$(mandir)/man8
|
||||
- $(INSTALL_DATA) $(srcdir)/saslauthd.8 $(DESTDIR)$(mandir)/man8/saslauthd.8
|
||||
+ $(INSTALL_DATA) $(srcdir)/saslauthd.mdoc $(DESTDIR)$(mandir)/man8/saslauthd.8
|
||||
|
||||
uninstall-local:
|
||||
-rm -rf $(DESTDIR)$(mandir)/man8/saslauthd.8
|
||||
Loading…
x
Reference in New Issue
Block a user