From 7727932905046b76c24ec87858f467da57ff8705 Mon Sep 17 00:00:00 2001
From: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Date: Tue, 1 Feb 2022 16:37:03 +0100
Subject: [PATCH 1/2] dev-libs/cyrus-sasl: sync with `::gentoo`

Commit-Ref: c64e42b0da7ce4c4189c8868ce0a5170f044468f

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
---
 .../dev-libs/cyrus-sasl/Manifest              |   1 +
 ...-r3.ebuild => cyrus-sasl-2.1.27-r4.ebuild} |  29 +-
 .../cyrus-sasl/cyrus-sasl-2.1.27-r6.ebuild    | 260 ++++++++++++++++++
 ...yrus-sasl-2.1.27-fix-cross-compiling.patch |  40 ---
 .../files/cyrus-sasl-2.1.27-slibtool.patch    |  18 ++
 .../dev-libs/cyrus-sasl/metadata.xml          |  28 +-
 6 files changed, 312 insertions(+), 64 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/{cyrus-sasl-2.1.27-r3.ebuild => cyrus-sasl-2.1.27-r4.ebuild} (90%)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r6.ebuild
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-fix-cross-compiling.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-slibtool.patch

diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/Manifest b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/Manifest
index 843afea7db..da2a2265fd 100644
--- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/Manifest
@@ -1 +1,2 @@
+DIST cyrus-sasl-2.1.27-r6-patches.tar.bz2 5169 BLAKE2B 43a2f0db4a8589ec1cde7807b31a93459eacb04d27ba36751a69dd5f4e669d1b28342194b0e1a5382e281a52a35e88168877b54065cfba01b9bd33e87fbd23f1 SHA512 41c4ca7c8f7b79e03faf5d826a6ff0ed398137239b93fb0046ccbf385f6ddeab2b9fb2f51d7a263dc74626e5fdbefb28615a1ee22aabe57ed57f10a52d382797
 DIST cyrus-sasl-2.1.27.tar.gz 4111249 BLAKE2B 82c9acce8534521ce5c5806f093e927f1854b4bc4b83ea7db1b32ceaa811adc1a5b6fc16d03233d729194cd603836f6e58de67f915abab2cb74561a80d03f5a8 SHA512 d11549a99b3b06af79fc62d5478dba3305d7e7cc0824f4b91f0d2638daafbe940623eab235f85af9be38dcf5d42fc131db531c177040a85187aee5096b8df63b
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r4.ebuild
similarity index 90%
rename from sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild
rename to sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r4.ebuild
index 2501feed45..670450a576 100644
--- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r4.ebuild
@@ -1,10 +1,9 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
 
-TMPFILES_OPTIONAL=1
-inherit eutils flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd tmpfiles
+inherit edos2unix flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd toolchain-funcs tmpfiles
 
 SASLAUTHD_CONF_VER="2.1.26"
 
@@ -15,8 +14,8 @@ SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz"
 
 LICENSE="BSD-with-attribution"
 SLOT="2"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="authdaemond berkdb gdbm kerberos ldapdb libressl openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="authdaemond berkdb gdbm kerberos ldapdb openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom"
 
 CDEPEND="
 	net-mail/mailbase
@@ -31,8 +30,7 @@ CDEPEND="
 	postgres? ( dev-db/postgresql:* )
 	sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] )
 	ssl? (
-		!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
-		libressl? ( dev-libs/libressl:=[${MULTILIB_USEDEP}] )
+		>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
 	)
 	java? ( >=virtual/jdk-1.6:= )"
 
@@ -58,8 +56,7 @@ PATCHES=(
 	"${FILESDIR}/${PN}-2.1.27-doc_build_fix.patch"
 	"${FILESDIR}/${PN}-2.1.27-memmem.patch"
 	"${FILESDIR}/${PN}-2.1.27-CVE-2019-19906.patch"
-	# Flatcar:
-	"${FILESDIR}/${PN}-2.1.27-fix-cross-compiling.patch"
+	"${FILESDIR}/${PN}-2.1.27-slibtool.patch"
 )
 
 pkg_setup() {
@@ -84,23 +81,28 @@ src_prepare() {
 		configure.ac || die
 
 	eautoreconf
+
+	export CC_FOR_BUILD="$(tc-getBUILD_CC)"
 }
 
 src_configure() {
 	append-flags -fno-strict-aliasing
+
 	if [[ ${CHOST} == *-solaris* ]] ; then
 		# getpassphrase is defined in /usr/include/stdlib.h
 		append-cppflags -DHAVE_GETPASSPHRASE
 	else
 		# this horrendously breaks things on Solaris
 		append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED
+		# replaces BSD_SOURCE (bug #579218)
+		append-cppflags -D_DEFAULT_SOURCE
 	fi
 
 	multilib-minimal_src_configure
 }
 
 multilib_src_configure() {
-	# Java support.
+	# Java support
 	multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}"
 
 	local myeconfargs=(
@@ -194,7 +196,6 @@ multilib_src_install() {
 			rm -rf "${ED}/usr/$(get_libdir)/java" || die
 			docinto "java"
 			dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/*
-			dodir "/usr/share/doc/${PF}/java/Test"
 			insinto "/usr/share/doc/${PF}/java/Test"
 			doins "${S}"/java/Test/*.java
 		fi
@@ -219,7 +220,9 @@ multilib_src_install_all() {
 	docinto html
 	dodoc doc/html/*.html
 
-	newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd
+	if use pam; then
+		newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd
+	fi
 
 	newinitd "${FILESDIR}/pwcheck.rc6" pwcheck
 	systemd_dounit "${FILESDIR}/pwcheck.service"
@@ -238,6 +241,8 @@ multilib_src_install_all() {
 }
 
 pkg_postinst() {
+	tmpfiles_process ${PN}.conf
+
 	# Generate an empty sasldb2 with correct permissions.
 	if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then
 		einfo "Generating an empty sasldb2 with correct permissions ..."
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r6.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r6.ebuild
new file mode 100644
index 0000000000..99c0c56d88
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r6.ebuild
@@ -0,0 +1,260 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit edos2unix flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd toolchain-funcs tmpfiles
+
+SASLAUTHD_CONF_VER="2.1.26"
+MY_PATCH_VER="${PN}-2.1.27-r6-patches"
+DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)"
+HOMEPAGE="https://www.cyrusimap.org/sasl/"
+#SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz"
+SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz"
+SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${MY_PATCH_VER}.tar.bz2"
+
+LICENSE="BSD-with-attribution"
+SLOT="2"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="authdaemond berkdb gdbm kerberos ldapdb openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom"
+
+CDEPEND="
+	net-mail/mailbase
+	virtual/libcrypt:=
+	authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) )
+	berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
+	gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] )
+	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+	openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
+	mysql? ( dev-db/mysql-connector-c:0=[${MULTILIB_USEDEP}] )
+	pam? ( >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] )
+	postgres? ( dev-db/postgresql:* )
+	sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] )
+	ssl? (
+		>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
+	)
+	java? ( >=virtual/jdk-1.6:= )"
+
+REQUIRED_USE="ldapdb? ( openldap )"
+
+RDEPEND="
+	${CDEPEND}
+	selinux? ( sec-policy/selinux-sasl )"
+
+DEPEND="${CDEPEND}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/sasl/md5global.h
+)
+
+PATCHES=(
+	"${WORKDIR}"/${MY_PATCH_VER}/
+)
+
+pkg_setup() {
+	java-pkg-opt-2_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	# Get rid of the -R switch (runpath_switch for Sun)
+	# >=gcc-4.6 errors out with unknown option
+	sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \
+		configure.ac || die
+
+	# Use plugindir for sasldir
+	sed -i '/^sasldir =/s:=.*:= $(plugindir):' \
+		"${S}"/plugins/Makefile.{am,in} || die "sed failed"
+
+	# #486740 #468556
+	sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \
+		-e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \
+		configure.ac || die
+
+	eautoreconf
+
+	export CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	if [[ ${CHOST} == *-solaris* ]] ; then
+		# getpassphrase is defined in /usr/include/stdlib.h
+		append-cppflags -DHAVE_GETPASSPHRASE
+	else
+		# this horrendously breaks things on Solaris
+		append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED
+		# replaces BSD_SOURCE (bug #579218)
+		append-cppflags -D_DEFAULT_SOURCE
+	fi
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	# Java support
+	multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}"
+
+	local myeconfargs=(
+		--enable-login
+		--enable-ntlm
+		--enable-auth-sasldb
+		--disable-cmulocal
+		--disable-krb4
+		--disable-macos-framework
+		--enable-otp
+		--without-sqlite
+		--with-saslauthd="${EPREFIX}"/run/saslauthd
+		--with-pwcheck="${EPREFIX}"/run/saslauthd
+		--with-configdir="${EPREFIX}"/etc/sasl2
+		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sasl2
+		--with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2
+		--with-sphinx-build=no
+		$(use_with ssl openssl)
+		$(use_with pam)
+		$(use_with openldap ldap)
+		$(use_enable ldapdb)
+		$(multilib_native_use_enable sample)
+		$(use_enable kerberos gssapi)
+		$(multilib_native_use_enable java)
+		$(multilib_native_use_with mysql mysql "${EPREFIX}"/usr)
+		$(multilib_native_use_with postgres pgsql "${EPREFIX}"/usr/$(get_libdir)/postgresql)
+		$(use_with sqlite sqlite3 "${EPREFIX}"/usr/$(get_libdir))
+		$(use_enable srp)
+		$(use_enable static-libs static)
+
+		# Add authdaemond support (bug #56523).
+		$(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '')
+
+		# Fix for bug #59634.
+		$(usex ssl '' --without-des)
+
+		# Use /dev/urandom instead of /dev/random (bug #46038).
+		$(usex urandom --with-devrandom=/dev/urandom '')
+	)
+
+	if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then
+		myeconfargs+=( --enable-sql )
+	else
+		myeconfargs+=( --disable-sql )
+	fi
+
+	# Default to GDBM if both 'gdbm' and 'berkdb' are present.
+	if use gdbm ; then
+		einfo "Building with GNU DB as database backend for your SASLdb"
+		myeconfargs+=( --with-dblib=gdbm )
+	elif use berkdb ; then
+		einfo "Building with BerkeleyDB as database backend for your SASLdb"
+		myeconfargs+=(
+			--with-dblib=berkeley
+			--with-bdb-incdir="$(db_includedir)"
+		)
+	else
+		einfo "Building without SASLdb support"
+		myeconfargs+=( --with-dblib=none )
+	fi
+
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake
+
+	# Default location for java classes breaks OpenOffice (bug #60769).
+	# Thanks to axxo@gentoo.org for the solution.
+	if multilib_is_native_abi && use java ; then
+		jar -cvf ${PN}.jar -C java $(find java -name "*.class")
+	fi
+}
+
+multilib_src_install() {
+	default
+
+	if multilib_is_native_abi; then
+		if use sample ; then
+			docinto sample
+			dodoc "${S}"/sample/*.c
+			exeinto /usr/share/doc/${P}/sample
+			doexe sample/client sample/server
+		fi
+
+		# Default location for java classes breaks OpenOffice (bug #60769).
+		if use java; then
+			java-pkg_dojar ${PN}.jar
+			java-pkg_regso "${ED}/usr/$(get_libdir)/libjavasasl$(get_libname)"
+			# hackish, don't wanna dig through makefile
+			rm -rf "${ED}/usr/$(get_libdir)/java" || die
+			docinto "java"
+			dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/*
+			insinto "/usr/share/doc/${PF}/java/Test"
+			doins "${S}"/java/Test/*.java
+		fi
+
+		dosbin saslauthd/testsaslauthd
+	fi
+}
+
+multilib_src_install_all() {
+	doman man/*
+
+	keepdir /etc/sasl2
+
+	# Reset docinto to default value (#674296)
+	docinto
+	dodoc AUTHORS ChangeLog doc/legacy/TODO
+	newdoc pwcheck/README README.pwcheck
+
+	newdoc docsrc/sasl/release-notes/$(ver_cut 1-2)/index.rst release-notes
+	edos2unix "${ED}/usr/share/doc/${PF}/release-notes"
+
+	docinto html
+	dodoc doc/html/*.html
+
+	if use pam; then
+		newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd
+	fi
+
+	newinitd "${FILESDIR}/pwcheck.rc6" pwcheck
+	systemd_dounit "${FILESDIR}/pwcheck.service"
+
+	newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd
+	newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd
+	systemd_dounit "${FILESDIR}/saslauthd.service"
+	dotmpfiles "${FILESDIR}/${PN}.conf"
+
+	# The get_modname bit is important: do not remove the .la files on
+	# platforms where the lib isn't called .so for cyrus searches the .la to
+	# figure out what the name is supposed to be instead
+	if ! use static-libs && [[ $(get_modname) == .so ]] ; then
+		find "${ED}" -name "*.la" -delete || die
+	fi
+}
+
+pkg_postinst() {
+	tmpfiles_process ${PN}.conf
+
+	# Generate an empty sasldb2 with correct permissions.
+	if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then
+		einfo "Generating an empty sasldb2 with correct permissions ..."
+		echo "p" | "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -p login \
+			|| die "Failed to generate sasldb2"
+		"${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -d login \
+			|| die "Failed to delete temp user"
+		chown root:mail "${EROOT}/etc/sasl2/sasldb2" \
+			|| die "Failed to chown ${EROOT}/etc/sasl2/sasldb2"
+		chmod 0640 "${EROOT}/etc/sasl2/sasldb2" \
+			|| die "Failed to chmod ${EROOT}/etc/sasl2/sasldb2"
+	fi
+
+	if use authdaemond ; then
+		elog "You need to add a user running a service using Courier's"
+		elog "authdaemon to the 'mail' group. For example, do:"
+		elog "	gpasswd -a postfix mail"
+		elog "to add the 'postfix' user to the 'mail' group."
+	fi
+
+	elog "pwcheck and saslauthd home directories have moved to:"
+	elog "  /run/saslauthd, using tmpfiles.d"
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-fix-cross-compiling.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-fix-cross-compiling.patch
deleted file mode 100644
index 86fbcad2e4..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-fix-cross-compiling.patch
+++ /dev/null
@@ -1,40 +0,0 @@
---- cyrus-sasl-2.1.27/m4/sasl2.m4
-+++ cyrus-sasl-2.1.27/m4/sasl2.m4
-@@ -311,36 +311,7 @@ if test "$gssapi" != no; then
-                     [AC_DEFINE(HAVE_GSS_C_SEC_CONTEXT_SASL_SSF,,
-                                [Define if your GSSAPI implementation defines GSS_C_SEC_CONTEXT_SASL_SSF])])
-   fi
--  cmu_save_LIBS="$LIBS"
--  LIBS="$LIBS $GSSAPIBASE_LIBS"
--
--  AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
--  AC_TRY_RUN([
--#ifdef HAVE_GSSAPI_H
--#include <gssapi.h>
--#else
--#include <gssapi/gssapi.h>
--#endif
--
--int main(void)
--{
--    gss_OID_desc spnego_oid = { 6, (void *) "\x2b\x06\x01\x05\x05\x02" };
--    gss_OID_set mech_set;
--    OM_uint32 min_stat;
--    int have_spnego = 0;
--                                                                               
--    if (gss_indicate_mechs(&min_stat, &mech_set) == GSS_S_COMPLETE) {
--	gss_test_oid_set_member(&min_stat, &spnego_oid, mech_set, &have_spnego);
--	gss_release_oid_set(&min_stat, &mech_set);
--    }
--
--    return (!have_spnego);  // 0 = success, 1 = failure
--}
--],	
--	[ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
--	AC_MSG_RESULT(yes) ],
--	AC_MSG_RESULT(no))
--  LIBS="$cmu_save_LIBS"
-+  AC_DEFINE(HAVE_GSS_SPNEGO,,[1])
- 
- else
-   AC_MSG_RESULT([disabled])
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-slibtool.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-slibtool.patch
new file mode 100644
index 0000000000..81198cb87f
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-slibtool.patch
@@ -0,0 +1,18 @@
+https://github.com/cyrusimap/cyrus-sasl/pull/623
+https://bugs.gentoo.org/775875
+
+From 5b8075eeba8d0334573689450b07610c176a2618 Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Wed, 9 Sep 2020 07:29:38 -0700
+Subject: [PATCH] common: Define the missing crypto_compat_version version.
+
+--- a/common/Makefile.am
++++ b/common/Makefile.am
+@@ -46,6 +46,7 @@
+ # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning>
+ # CURRENT:REVISION:AGE
+ plugin_common_version = 3:0:0
++crypto_compat_version = 0:0:0
+ 
+ AM_CPPFLAGS=-fPIC -I$(top_srcdir)/include -I$(top_builddir)/include
+ 
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/metadata.xml b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/metadata.xml
index bcabb66dbd..c1d8ef119d 100644
--- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/metadata.xml
@@ -1,15 +1,19 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-<!-- maintainer-needed -->
-<use>
-  <flag name="authdaemond">Add Courier-IMAP authdaemond unix socket
-    support (<pkg>net-mail/courier-imap</pkg>, <pkg>mail-mta/courier</pkg>)
-    </flag>
-  <flag name="openldap">Add ldap support for saslauthd</flag>
-  <flag name="ldapdb">Enable ldapdb plugin</flag>
-  <flag name="sample">Enable sample client and server</flag>
-  <flag name="srp">Enable SRP authentication</flag>
-  <flag name="urandom">Use /dev/urandom instead of /dev/random</flag>
-</use>
+	<!-- maintainer-needed -->
+	<use>
+		<flag name="authdaemond">
+			Add Courier-IMAP authdaemond unix socket
+			support (<pkg>net-mail/courier-imap</pkg>, <pkg>mail-mta/courier</pkg>)
+		</flag>
+		<flag name="openldap">Add ldap support for saslauthd</flag>
+		<flag name="ldapdb">Enable ldapdb plugin</flag>
+		<flag name="sample">Enable sample client and server</flag>
+		<flag name="srp">Enable SRP authentication</flag>
+		<flag name="urandom">Use /dev/urandom instead of /dev/random</flag>
+	</use>
+	<upstream>
+		<remote-id type="github">cyrusimap/cyrus-imapd</remote-id>
+	</upstream>
 </pkgmetadata>

From fcd640e6f089489692ce51bdcebaea9453dc3272 Mon Sep 17 00:00:00 2001
From: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Date: Tue, 1 Feb 2022 16:43:42 +0100
Subject: [PATCH 2/2] dev-libs/cyrus-sasl: apply flatcar patches

- remove unecessary ebuild
- apply cross compiling patch

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
---
 .../cyrus-sasl/cyrus-sasl-2.1.27-r4.ebuild    | 268 ------------------
 .../cyrus-sasl/cyrus-sasl-2.1.27-r6.ebuild    |  11 +
 ...e_cross_builds_with_SPNEGO_detection.patch |  59 ++++
 3 files changed, 70 insertions(+), 268 deletions(-)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r4.ebuild
 create mode 100644 sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/enable_cross_builds_with_SPNEGO_detection.patch

diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r4.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r4.ebuild
deleted file mode 100644
index 670450a576..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r4.ebuild
+++ /dev/null
@@ -1,268 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit edos2unix flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd toolchain-funcs tmpfiles
-
-SASLAUTHD_CONF_VER="2.1.26"
-
-DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)"
-HOMEPAGE="https://www.cyrusimap.org/sasl/"
-#SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz"
-SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz"
-
-LICENSE="BSD-with-attribution"
-SLOT="2"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="authdaemond berkdb gdbm kerberos ldapdb openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom"
-
-CDEPEND="
-	net-mail/mailbase
-	virtual/libcrypt:=
-	authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) )
-	berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
-	gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] )
-	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
-	openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
-	mysql? ( dev-db/mysql-connector-c:0=[${MULTILIB_USEDEP}] )
-	pam? ( >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] )
-	postgres? ( dev-db/postgresql:* )
-	sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] )
-	ssl? (
-		>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
-	)
-	java? ( >=virtual/jdk-1.6:= )"
-
-REQUIRED_USE="ldapdb? ( openldap )"
-
-RDEPEND="
-	${CDEPEND}
-	selinux? ( sec-policy/selinux-sasl )"
-
-DEPEND="${CDEPEND}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/sasl/md5global.h
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-2.1.27-avoid_pic_overwrite.patch"
-	"${FILESDIR}/${PN}-2.1.27-autotools_fixes.patch"
-	"${FILESDIR}/${PN}-2.1.27-as_needed.patch"
-	"${FILESDIR}/${PN}-2.1.25-auxprop.patch"
-	"${FILESDIR}/${PN}-2.1.27-gss_c_nt_hostbased_service.patch"
-	"${FILESDIR}/${PN}-2.1.26-missing-size_t.patch"
-	"${FILESDIR}/${PN}-2.1.27-doc_build_fix.patch"
-	"${FILESDIR}/${PN}-2.1.27-memmem.patch"
-	"${FILESDIR}/${PN}-2.1.27-CVE-2019-19906.patch"
-	"${FILESDIR}/${PN}-2.1.27-slibtool.patch"
-)
-
-pkg_setup() {
-	java-pkg-opt-2_pkg_setup
-}
-
-src_prepare() {
-	default
-
-	# Get rid of the -R switch (runpath_switch for Sun)
-	# >=gcc-4.6 errors out with unknown option
-	sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \
-		configure.ac || die
-
-	# Use plugindir for sasldir
-	sed -i '/^sasldir =/s:=.*:= $(plugindir):' \
-		"${S}"/plugins/Makefile.{am,in} || die "sed failed"
-
-	# #486740 #468556
-	sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \
-		-e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \
-		configure.ac || die
-
-	eautoreconf
-
-	export CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_configure() {
-	append-flags -fno-strict-aliasing
-
-	if [[ ${CHOST} == *-solaris* ]] ; then
-		# getpassphrase is defined in /usr/include/stdlib.h
-		append-cppflags -DHAVE_GETPASSPHRASE
-	else
-		# this horrendously breaks things on Solaris
-		append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED
-		# replaces BSD_SOURCE (bug #579218)
-		append-cppflags -D_DEFAULT_SOURCE
-	fi
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	# Java support
-	multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}"
-
-	local myeconfargs=(
-		--enable-login
-		--enable-ntlm
-		--enable-auth-sasldb
-		--disable-cmulocal
-		--disable-krb4
-		--disable-macos-framework
-		--enable-otp
-		--without-sqlite
-		--with-saslauthd="${EPREFIX}"/run/saslauthd
-		--with-pwcheck="${EPREFIX}"/run/saslauthd
-		--with-configdir="${EPREFIX}"/etc/sasl2
-		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sasl2
-		--with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2
-		--with-sphinx-build=no
-		$(use_with ssl openssl)
-		$(use_with pam)
-		$(use_with openldap ldap)
-		$(use_enable ldapdb)
-		$(multilib_native_use_enable sample)
-		$(use_enable kerberos gssapi)
-		$(multilib_native_use_enable java)
-		$(multilib_native_use_with mysql mysql "${EPREFIX}"/usr)
-		$(multilib_native_use_with postgres pgsql "${EPREFIX}"/usr/$(get_libdir)/postgresql)
-		$(use_with sqlite sqlite3 "${EPREFIX}"/usr/$(get_libdir))
-		$(use_enable srp)
-		$(use_enable static-libs static)
-
-		# Add authdaemond support (bug #56523).
-		$(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '')
-
-		# Fix for bug #59634.
-		$(usex ssl '' --without-des)
-
-		# Use /dev/urandom instead of /dev/random (bug #46038).
-		$(usex urandom --with-devrandom=/dev/urandom '')
-	)
-
-	if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then
-		myeconfargs+=( --enable-sql )
-	else
-		myeconfargs+=( --disable-sql )
-	fi
-
-	# Default to GDBM if both 'gdbm' and 'berkdb' are present.
-	if use gdbm ; then
-		einfo "Building with GNU DB as database backend for your SASLdb"
-		myeconfargs+=( --with-dblib=gdbm )
-	elif use berkdb ; then
-		einfo "Building with BerkeleyDB as database backend for your SASLdb"
-		myeconfargs+=(
-			--with-dblib=berkeley
-			--with-bdb-incdir="$(db_includedir)"
-		)
-	else
-		einfo "Building without SASLdb support"
-		myeconfargs+=( --with-dblib=none )
-	fi
-
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake
-
-	# Default location for java classes breaks OpenOffice (bug #60769).
-	# Thanks to axxo@gentoo.org for the solution.
-	if multilib_is_native_abi && use java ; then
-		jar -cvf ${PN}.jar -C java $(find java -name "*.class")
-	fi
-}
-
-multilib_src_install() {
-	default
-
-	if multilib_is_native_abi; then
-		if use sample ; then
-			docinto sample
-			dodoc "${S}"/sample/*.c
-			exeinto /usr/share/doc/${P}/sample
-			doexe sample/client sample/server
-		fi
-
-		# Default location for java classes breaks OpenOffice (bug #60769).
-		if use java; then
-			java-pkg_dojar ${PN}.jar
-			java-pkg_regso "${ED}/usr/$(get_libdir)/libjavasasl$(get_libname)"
-			# hackish, don't wanna dig through makefile
-			rm -rf "${ED}/usr/$(get_libdir)/java" || die
-			docinto "java"
-			dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/*
-			insinto "/usr/share/doc/${PF}/java/Test"
-			doins "${S}"/java/Test/*.java
-		fi
-
-		dosbin saslauthd/testsaslauthd
-	fi
-}
-
-multilib_src_install_all() {
-	doman man/*
-
-	keepdir /etc/sasl2
-
-	# Reset docinto to default value (#674296)
-	docinto
-	dodoc AUTHORS ChangeLog doc/legacy/TODO
-	newdoc pwcheck/README README.pwcheck
-
-	newdoc docsrc/sasl/release-notes/$(ver_cut 1-2)/index.rst release-notes
-	edos2unix "${ED}/usr/share/doc/${PF}/release-notes"
-
-	docinto html
-	dodoc doc/html/*.html
-
-	if use pam; then
-		newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd
-	fi
-
-	newinitd "${FILESDIR}/pwcheck.rc6" pwcheck
-	systemd_dounit "${FILESDIR}/pwcheck.service"
-
-	newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd
-	newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd
-	systemd_dounit "${FILESDIR}/saslauthd.service"
-	dotmpfiles "${FILESDIR}/${PN}.conf"
-
-	# The get_modname bit is important: do not remove the .la files on
-	# platforms where the lib isn't called .so for cyrus searches the .la to
-	# figure out what the name is supposed to be instead
-	if ! use static-libs && [[ $(get_modname) == .so ]] ; then
-		find "${ED}" -name "*.la" -delete || die
-	fi
-}
-
-pkg_postinst() {
-	tmpfiles_process ${PN}.conf
-
-	# Generate an empty sasldb2 with correct permissions.
-	if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then
-		einfo "Generating an empty sasldb2 with correct permissions ..."
-		echo "p" | "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -p login \
-			|| die "Failed to generate sasldb2"
-		"${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -d login \
-			|| die "Failed to delete temp user"
-		chown root:mail "${EROOT}/etc/sasl2/sasldb2" \
-			|| die "Failed to chown ${EROOT}/etc/sasl2/sasldb2"
-		chmod 0640 "${EROOT}/etc/sasl2/sasldb2" \
-			|| die "Failed to chmod ${EROOT}/etc/sasl2/sasldb2"
-	fi
-
-	if use authdaemond ; then
-		elog "You need to add a user running a service using Courier's"
-		elog "authdaemon to the 'mail' group. For example, do:"
-		elog "	gpasswd -a postfix mail"
-		elog "to add the 'postfix' user to the 'mail' group."
-	fi
-
-	elog "pwcheck and saslauthd home directories have moved to:"
-	elog "  /run/saslauthd, using tmpfiles.d"
-}
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r6.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r6.ebuild
index 99c0c56d88..b3c89f5b84 100644
--- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r6.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r6.ebuild
@@ -3,6 +3,7 @@
 
 EAPI=7
 
+TMPFILES_OPTIONAL=1
 inherit edos2unix flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd toolchain-funcs tmpfiles
 
 SASLAUTHD_CONF_VER="2.1.26"
@@ -49,6 +50,12 @@ MULTILIB_WRAPPED_HEADERS=(
 
 PATCHES=(
 	"${WORKDIR}"/${MY_PATCH_VER}/
+
+	# flatcar changes: cross compile patch from upstream
+	# generate between commit: b672dbec3cf11857421af526546b1c459adc02cd..6fa9efaa08555d12bf82dea39ef8f1ce533f3ef6
+	# these commits are going to be released in 2.1.28
+	"${FILESDIR}"/enable_cross_builds_with_SPNEGO_detection.patch
+
 )
 
 pkg_setup() {
@@ -156,6 +163,10 @@ multilib_src_configure() {
 		myeconfargs+=( --with-dblib=none )
 	fi
 
+	# flatcar change - set gssapi_supports_spnego to 'yes'
+	# otherwise it fails to configure for cross compilation
+	myeconfargs+=(ac_cv_gssapi_supports_spnego=yes)
+
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
 }
 
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/enable_cross_builds_with_SPNEGO_detection.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/enable_cross_builds_with_SPNEGO_detection.patch
new file mode 100644
index 0000000000..809b2e81a7
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/enable_cross_builds_with_SPNEGO_detection.patch
@@ -0,0 +1,59 @@
+diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
+index 56e0504a..098c853a 100644
+--- a/m4/sasl2.m4
++++ b/m4/sasl2.m4
+@@ -287,6 +287,19 @@ if test "$gssapi" != no; then
+   AC_CHECK_FUNCS(gss_oid_equal)
+   LIBS="$cmu_save_LIBS"
+ 
++  cmu_save_LIBS="$LIBS"
++  LIBS="$LIBS $GSSAPIBASE_LIBS"
++  if test "$ac_cv_header_gssapi_gssapi_krb5_h" = "yes"; then
++    AC_CHECK_DECL(GSS_KRB5_CRED_NO_CI_FLAGS_X,
++                  [AC_DEFINE(HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X,1,
++                             [Define if your GSSAPI implementation supports GSS_KRB5_CRED_NO_CI_FLAGS_X])],,
++                  [
++                    AC_INCLUDES_DEFAULT
++                    #include <gssapi/gssapi_krb5.h>
++                    ])
++  fi
++  LIBS="$cmu_save_LIBS"
++
+   cmu_save_LIBS="$LIBS"
+   LIBS="$LIBS $GSSAPIBASE_LIBS"
+   AC_CHECK_FUNCS(gss_get_name_attribute)
+@@ -311,11 +324,12 @@ if test "$gssapi" != no; then
+                     [AC_DEFINE(HAVE_GSS_C_SEC_CONTEXT_SASL_SSF,,
+                                [Define if your GSSAPI implementation defines GSS_C_SEC_CONTEXT_SASL_SSF])])
+   fi
+-  cmu_save_LIBS="$LIBS"
+-  LIBS="$LIBS $GSSAPIBASE_LIBS"
++  LIBS="$cmu_save_LIBS"
+ 
+-  AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
+-  AC_TRY_RUN([
++  AC_CACHE_CHECK([for SPNEGO support in GSSAPI libraries],[ac_cv_gssapi_supports_spnego],[
++    cmu_save_LIBS="$LIBS"
++    LIBS="$LIBS $GSSAPIBASE_LIBS"
++    AC_TRY_RUN([
+ #ifdef HAVE_GSSAPI_H
+ #include <gssapi.h>
+ #else
+@@ -336,11 +350,12 @@ int main(void)
+ 
+     return (!have_spnego);  // 0 = success, 1 = failure
+ }
+-],	
+-	[ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
+-	AC_MSG_RESULT(yes) ],
+-	AC_MSG_RESULT(no))
+-  LIBS="$cmu_save_LIBS"
++],[ac_cv_gssapi_supports_spnego=yes],[ac_cv_gssapi_supports_spnego=no])
++    LIBS="$cmu_save_LIBS"
++  ])
++  AS_IF([test "$ac_cv_gssapi_supports_spnego" = yes],[
++    AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
++  ])
+ 
+ else
+   AC_MSG_RESULT([disabled])