Merge pull request #1605 from flatcar-linux/tormath1/cyrus-sasl

dev-libs/cyrus-sasl: sync with `::gentoo`

sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/Manifest

@@ -1 +1,2 @@
+DIST cyrus-sasl-2.1.27-r6-patches.tar.bz2 5169 BLAKE2B 43a2f0db4a8589ec1cde7807b31a93459eacb04d27ba36751a69dd5f4e669d1b28342194b0e1a5382e281a52a35e88168877b54065cfba01b9bd33e87fbd23f1 SHA512 41c4ca7c8f7b79e03faf5d826a6ff0ed398137239b93fb0046ccbf385f6ddeab2b9fb2f51d7a263dc74626e5fdbefb28615a1ee22aabe57ed57f10a52d382797
 DIST cyrus-sasl-2.1.27.tar.gz 4111249 BLAKE2B 82c9acce8534521ce5c5806f093e927f1854b4bc4b83ea7db1b32ceaa811adc1a5b6fc16d03233d729194cd603836f6e58de67f915abab2cb74561a80d03f5a8 SHA512 d11549a99b3b06af79fc62d5478dba3305d7e7cc0824f4b91f0d2638daafbe940623eab235f85af9be38dcf5d42fc131db531c177040a85187aee5096b8df63b

sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r6.ebuild

@@ -1,22 +1,23 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
 
 TMPFILES_OPTIONAL=1
-inherit eutils flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd tmpfiles
+inherit edos2unix flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd toolchain-funcs tmpfiles
 
 SASLAUTHD_CONF_VER="2.1.26"
-
+MY_PATCH_VER="${PN}-2.1.27-r6-patches"
 DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)"
 HOMEPAGE="https://www.cyrusimap.org/sasl/"
 #SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz"
 SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz"
+SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${MY_PATCH_VER}.tar.bz2"
 
 LICENSE="BSD-with-attribution"
 SLOT="2"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="authdaemond berkdb gdbm kerberos ldapdb libressl openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="authdaemond berkdb gdbm kerberos ldapdb openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom"
 
 CDEPEND="
 	net-mail/mailbase
@@ -31,8 +32,7 @@ CDEPEND="
 	postgres? ( dev-db/postgresql:* )
 	sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] )
 	ssl? (
-		!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
-		libressl? ( dev-libs/libressl:=[${MULTILIB_USEDEP}] )
+		>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
 	)
 	java? ( >=virtual/jdk-1.6:= )"
 
@@ -49,17 +49,13 @@ MULTILIB_WRAPPED_HEADERS=(
 )
 
 PATCHES=(
-	"${FILESDIR}/${PN}-2.1.27-avoid_pic_overwrite.patch"
-	"${FILESDIR}/${PN}-2.1.27-autotools_fixes.patch"
-	"${FILESDIR}/${PN}-2.1.27-as_needed.patch"
-	"${FILESDIR}/${PN}-2.1.25-auxprop.patch"
-	"${FILESDIR}/${PN}-2.1.27-gss_c_nt_hostbased_service.patch"
-	"${FILESDIR}/${PN}-2.1.26-missing-size_t.patch"
-	"${FILESDIR}/${PN}-2.1.27-doc_build_fix.patch"
-	"${FILESDIR}/${PN}-2.1.27-memmem.patch"
-	"${FILESDIR}/${PN}-2.1.27-CVE-2019-19906.patch"
-	# Flatcar:
-	"${FILESDIR}/${PN}-2.1.27-fix-cross-compiling.patch"
+	"${WORKDIR}"/${MY_PATCH_VER}/
+
+	# flatcar changes: cross compile patch from upstream
+	# generate between commit: b672dbec3cf11857421af526546b1c459adc02cd..6fa9efaa08555d12bf82dea39ef8f1ce533f3ef6
+	# these commits are going to be released in 2.1.28
+	"${FILESDIR}"/enable_cross_builds_with_SPNEGO_detection.patch
+
 )
 
 pkg_setup() {
@@ -84,23 +80,28 @@ src_prepare() {
 		configure.ac || die
 
 	eautoreconf
+
+	export CC_FOR_BUILD="$(tc-getBUILD_CC)"
 }
 
 src_configure() {
 	append-flags -fno-strict-aliasing
+
 	if [[ ${CHOST} == *-solaris* ]] ; then
 		# getpassphrase is defined in /usr/include/stdlib.h
 		append-cppflags -DHAVE_GETPASSPHRASE
 	else
 		# this horrendously breaks things on Solaris
 		append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED
+		# replaces BSD_SOURCE (bug #579218)
+		append-cppflags -D_DEFAULT_SOURCE
 	fi
 
 	multilib-minimal_src_configure
 }
 
 multilib_src_configure() {
-	# Java support.
+	# Java support
 	multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}"
 
 	local myeconfargs=(
@@ -162,6 +163,10 @@ multilib_src_configure() {
 		myeconfargs+=( --with-dblib=none )
 	fi
 
+	# flatcar change - set gssapi_supports_spnego to 'yes'
+	# otherwise it fails to configure for cross compilation
+	myeconfargs+=(ac_cv_gssapi_supports_spnego=yes)
+
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
 }
 
@@ -194,7 +199,6 @@ multilib_src_install() {
 			rm -rf "${ED}/usr/$(get_libdir)/java" || die
 			docinto "java"
 			dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/*
-			dodir "/usr/share/doc/${PF}/java/Test"
 			insinto "/usr/share/doc/${PF}/java/Test"
 			doins "${S}"/java/Test/*.java
 		fi
@@ -219,7 +223,9 @@ multilib_src_install_all() {
 	docinto html
 	dodoc doc/html/*.html
 
-	newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd
+	if use pam; then
+		newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd
+	fi
 
 	newinitd "${FILESDIR}/pwcheck.rc6" pwcheck
 	systemd_dounit "${FILESDIR}/pwcheck.service"
@@ -238,6 +244,8 @@ multilib_src_install_all() {
 }
 
 pkg_postinst() {
+	tmpfiles_process ${PN}.conf
+
 	# Generate an empty sasldb2 with correct permissions.
 	if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then
 		einfo "Generating an empty sasldb2 with correct permissions ..."

sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-fix-cross-compiling.patch

@@ -1,40 +0,0 @@
---- cyrus-sasl-2.1.27/m4/sasl2.m4
-+++ cyrus-sasl-2.1.27/m4/sasl2.m4
-@@ -311,36 +311,7 @@ if test "$gssapi" != no; then
-                     [AC_DEFINE(HAVE_GSS_C_SEC_CONTEXT_SASL_SSF,,
-                                [Define if your GSSAPI implementation defines GSS_C_SEC_CONTEXT_SASL_SSF])])
-   fi
--  cmu_save_LIBS="$LIBS"
--  LIBS="$LIBS $GSSAPIBASE_LIBS"
--
--  AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
--  AC_TRY_RUN([
--#ifdef HAVE_GSSAPI_H
--#include <gssapi.h>
--#else
--#include <gssapi/gssapi.h>
--#endif
--
--int main(void)
--{
--    gss_OID_desc spnego_oid = { 6, (void *) "\x2b\x06\x01\x05\x05\x02" };
--    gss_OID_set mech_set;
--    OM_uint32 min_stat;
--    int have_spnego = 0;
--                                                                               
--    if (gss_indicate_mechs(&min_stat, &mech_set) == GSS_S_COMPLETE) {
--	gss_test_oid_set_member(&min_stat, &spnego_oid, mech_set, &have_spnego);
--	gss_release_oid_set(&min_stat, &mech_set);
--    }
--
--    return (!have_spnego);  // 0 = success, 1 = failure
--}
--],	
--	[ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
--	AC_MSG_RESULT(yes) ],
--	AC_MSG_RESULT(no))
--  LIBS="$cmu_save_LIBS"
-+  AC_DEFINE(HAVE_GSS_SPNEGO,,[1])
- 
- else
-   AC_MSG_RESULT([disabled])

sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-slibtool.patch

@@ -0,0 +1,18 @@
+https://github.com/cyrusimap/cyrus-sasl/pull/623
+https://bugs.gentoo.org/775875
+
+From 5b8075eeba8d0334573689450b07610c176a2618 Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Wed, 9 Sep 2020 07:29:38 -0700
+Subject: [PATCH] common: Define the missing crypto_compat_version version.
+
+--- a/common/Makefile.am
++++ b/common/Makefile.am
+@@ -46,6 +46,7 @@
+ # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning>
+ # CURRENT:REVISION:AGE
+ plugin_common_version = 3:0:0
++crypto_compat_version = 0:0:0
+ 
+ AM_CPPFLAGS=-fPIC -I$(top_srcdir)/include -I$(top_builddir)/include
+ 

sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/enable_cross_builds_with_SPNEGO_detection.patch

@@ -0,0 +1,59 @@
+diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
+index 56e0504a..098c853a 100644
+--- a/m4/sasl2.m4
++++ b/m4/sasl2.m4
+@@ -287,6 +287,19 @@ if test "$gssapi" != no; then
+   AC_CHECK_FUNCS(gss_oid_equal)
+   LIBS="$cmu_save_LIBS"
+ 
++  cmu_save_LIBS="$LIBS"
++  LIBS="$LIBS $GSSAPIBASE_LIBS"
++  if test "$ac_cv_header_gssapi_gssapi_krb5_h" = "yes"; then
++    AC_CHECK_DECL(GSS_KRB5_CRED_NO_CI_FLAGS_X,
++                  [AC_DEFINE(HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X,1,
++                             [Define if your GSSAPI implementation supports GSS_KRB5_CRED_NO_CI_FLAGS_X])],,
++                  [
++                    AC_INCLUDES_DEFAULT
++                    #include <gssapi/gssapi_krb5.h>
++                    ])
++  fi
++  LIBS="$cmu_save_LIBS"
++
+   cmu_save_LIBS="$LIBS"
+   LIBS="$LIBS $GSSAPIBASE_LIBS"
+   AC_CHECK_FUNCS(gss_get_name_attribute)
+@@ -311,11 +324,12 @@ if test "$gssapi" != no; then
+                     [AC_DEFINE(HAVE_GSS_C_SEC_CONTEXT_SASL_SSF,,
+                                [Define if your GSSAPI implementation defines GSS_C_SEC_CONTEXT_SASL_SSF])])
+   fi
+-  cmu_save_LIBS="$LIBS"
+-  LIBS="$LIBS $GSSAPIBASE_LIBS"
++  LIBS="$cmu_save_LIBS"
+ 
+-  AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
+-  AC_TRY_RUN([
++  AC_CACHE_CHECK([for SPNEGO support in GSSAPI libraries],[ac_cv_gssapi_supports_spnego],[
++    cmu_save_LIBS="$LIBS"
++    LIBS="$LIBS $GSSAPIBASE_LIBS"
++    AC_TRY_RUN([
+ #ifdef HAVE_GSSAPI_H
+ #include <gssapi.h>
+ #else
+@@ -336,11 +350,12 @@ int main(void)
+ 
+     return (!have_spnego);  // 0 = success, 1 = failure
+ }
+-],	
+-	[ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
+-	AC_MSG_RESULT(yes) ],
+-	AC_MSG_RESULT(no))
+-  LIBS="$cmu_save_LIBS"
++],[ac_cv_gssapi_supports_spnego=yes],[ac_cv_gssapi_supports_spnego=no])
++    LIBS="$cmu_save_LIBS"
++  ])
++  AS_IF([test "$ac_cv_gssapi_supports_spnego" = yes],[
++    AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
++  ])
+ 
+ else
+   AC_MSG_RESULT([disabled])

sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/metadata.xml

@@ -1,15 +1,19 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-<!-- maintainer-needed -->
-<use>
-  <flag name="authdaemond">Add Courier-IMAP authdaemond unix socket
-    support (<pkg>net-mail/courier-imap</pkg>, <pkg>mail-mta/courier</pkg>)
-    </flag>
-  <flag name="openldap">Add ldap support for saslauthd</flag>
-  <flag name="ldapdb">Enable ldapdb plugin</flag>
-  <flag name="sample">Enable sample client and server</flag>
-  <flag name="srp">Enable SRP authentication</flag>
-  <flag name="urandom">Use /dev/urandom instead of /dev/random</flag>
-</use>
+	<!-- maintainer-needed -->
+	<use>
+		<flag name="authdaemond">
+			Add Courier-IMAP authdaemond unix socket
+			support (<pkg>net-mail/courier-imap</pkg>, <pkg>mail-mta/courier</pkg>)
+		</flag>
+		<flag name="openldap">Add ldap support for saslauthd</flag>
+		<flag name="ldapdb">Enable ldapdb plugin</flag>
+		<flag name="sample">Enable sample client and server</flag>
+		<flag name="srp">Enable SRP authentication</flag>
+		<flag name="urandom">Use /dev/urandom instead of /dev/random</flag>
+	</use>
+	<upstream>
+		<remote-id type="github">cyrusimap/cyrus-imapd</remote-id>
+	</upstream>
 </pkgmetadata>