diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/ChangeLog b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/ChangeLog deleted file mode 100644 index fe8c058d47..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/ChangeLog +++ /dev/null @@ -1,73 +0,0 @@ -# ChangeLog for app-crypt/trousers -# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# (auto-generated from git log) - -*trousers-0.3.13 (09 Aug 2015) -*trousers-0.3.10-r1 (09 Aug 2015) - - 09 Aug 2015; Robin H. Johnson +files/61-trousers.rules, - +files/tcsd.confd, +files/tcsd.initd, +files/tcsd.service, - +files/trousers-0.3.13-nouseradd.patch, - +files/trousers-0.3.5-nouseradd.patch, +metadata.xml, - +trousers-0.3.10-r1.ebuild, +trousers-0.3.13.ebuild: - proj/gentoo: Initial commit - - This commit represents a new era for Gentoo: - Storing the gentoo-x86 tree in Git, as converted from CVS. - - This commit is the start of the NEW history. - Any historical data is intended to be grafted onto this point. - - Creation process: - 1. Take final CVS checkout snapshot - 2. Remove ALL ChangeLog* files - 3. Transform all Manifests to thin - 4. Remove empty Manifests - 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ - 5.1. Do not touch files with -kb/-ko keyword flags. - - Signed-off-by: Robin H. Johnson - X-Thanks: Alec Warner - did the GSoC 2006 migration - tests - X-Thanks: Robin H. Johnson - infra guy, herding this - project - X-Thanks: Nguyen Thai Ngoc Duy - Former Gentoo - developer, wrote Git features for the migration - X-Thanks: Brian Harring - wrote much python to improve - cvs2svn - X-Thanks: Rich Freeman - validation scripts - X-Thanks: Patrick Lauer - Gentoo dev, running new 2014 - work in migration - X-Thanks: Michał Górny - scripts, QA, nagging - X-Thanks: All of other Gentoo developers - many ideas and lots of paint on - the bikeshed - - 24 Aug 2015; Justin Lecher metadata.xml: - Use https by default - - Convert all URLs for sites supporting encrypted connections from http to - https - - Signed-off-by: Justin Lecher - - 24 Aug 2015; Mike Gilbert metadata.xml: - Revert DOCTYPE SYSTEM https changes in metadata.xml - - repoman does not yet accept the https version. - This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450. - - Bug: https://bugs.gentoo.org/552720 - - 12 Sep 2015; Alon Bar-Lev - +files/trousers-0.3.13-build.patch, trousers-0.3.13.ebuild: - fix gcc5 issue - - Bug: 560202 - - Package-Manager: portage-2.2.20.1 - -*trousers-0.3.13-r1 (05 Oct 2015) - - 05 Oct 2015; Julian Ospald +trousers-0.3.13-r1.ebuild: - add libressl support - diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/ChangeLog-2015 b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/ChangeLog-2015 deleted file mode 100644 index db225f69a9..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/ChangeLog-2015 +++ /dev/null @@ -1,270 +0,0 @@ -# ChangeLog for app-crypt/trousers -# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/trousers/ChangeLog,v 1.58 2015/06/09 09:35:46 jlec Exp $ - - 09 Jun 2015; Justin Lecher metadata.xml: - Updating remote-id in metadata.xml - - 27 Apr 2015; Alon Bar-Lev trousers-0.3.13.ebuild: - autoreconf, bug#547654, thanks to Martin Dummer - -*trousers-0.3.13 (08 Apr 2015) - - 08 Apr 2015; Alon Bar-Lev - +files/trousers-0.3.13-nouseradd.patch, +trousers-0.3.13.ebuild: - Version bump, bug#545882, thanks to Kristian - - 12 Nov 2014; Anthony G. Basile - trousers-0.3.10-r1.ebuild: - Keyworded on ~ppc ~ppc64, bug #458196 - - 02 Nov 2014; Sven Vermeulen trousers-0.3.10-r1.ebuild: - Remove sec-policy/selinux-* dependency from DEPEND but keep in RDEPEND (bug - #527698) - - 03 Aug 2014; trousers-0.3.10-r1.ebuild: - arm64, stable - - 28 Jul 2014; Alon Bar-Lev -trousers-0.3.10.ebuild: - Cleanup - - 27 Jul 2014; Mikle Kolyada trousers-0.3.10-r1.ebuild: - amd64 stable wrt bug #516844 - - 27 Jul 2014; Markus Meier trousers-0.3.10-r1.ebuild: - arm stable, bug #516844 - - 26 Jul 2014; Pawel Hajdan jr - trousers-0.3.10-r1.ebuild: - x86 stable wrt bug #516844 - - 15 Jul 2014; Alon Bar-Lev -trousers-0.3.6-r1.ebuild, - -trousers-0.3.6.ebuild: - cleanup - - 04 Jul 2014; Sven Vermeulen trousers-0.3.10-r1.ebuild, - trousers-0.3.10.ebuild, trousers-0.3.6-r1.ebuild, trousers-0.3.6.ebuild: - Adding USE=selinux dependency to selinux-tcsd on trousers package - - 10 Jun 2014; Mike Frysinger trousers-0.3.10-r1.ebuild, - trousers-0.3.10.ebuild: - Add arm64/m68k/s390/sh love. - -*trousers-0.3.10-r1 (24 May 2014) - - 24 May 2014; Pacho Ramos +files/tcsd.service, - +trousers-0.3.10-r1.ebuild: - Add unit file (#510822 by Salah Coronya), fix license (#425894 by Ian - Stakenvicius), use readme.gentoo.eclass. - - 09 Jun 2013; Mike Frysinger metadata.xml: - Add upstream CPE tag (security info) from ChromiumOS. - - 13 Jan 2013; Markus Meier trousers-0.3.10.ebuild: - arm stable, bug #450184 - - 13 Jan 2013; Agostino Sarubbo trousers-0.3.10.ebuild: - Stable for x86, wrt bug #450184 - - 13 Jan 2013; Agostino Sarubbo trousers-0.3.10.ebuild: - Stable for amd64, wrt bug #450184 - - 11 Dec 2012; Ian Stakenvicius trousers-0.3.6-r1.ebuild, - trousers-0.3.10.ebuild: - converted rules installations to use udev.eclass for recent ebuilds - - 11 Dec 2012; Ian Stakenvicius trousers-0.3.6-r1.ebuild: - virtualized references to sys-fs/udev - - 16 Nov 2012; Samuli Suominen trousers-0.3.10.ebuild: - Use udev.eclass and remove unnecessary file libtspi.la to avoid - dependency_libs content leading to overlinking without -Wl,--as-needed (or - the new gold linker in binutils) - -*trousers-0.3.10 (16 Nov 2012) - - 16 Nov 2012; Patrick Lauer +trousers-0.3.10.ebuild: - Bump - - 10 Sep 2012; Mike Frysinger trousers-0.3.6-r1.ebuild: - Drop -m64 hardcode. - - 08 Sep 2012; Tim Harder metadata.xml: - Remove redundant maintainer from metadata. - -*trousers-0.3.6-r1 (11 Aug 2012) - - 11 Aug 2012; Samuli Suominen - +trousers-0.3.6-r1.ebuild: - Query udevdir value from udev.pc pkg-config file instead of using /etc/udev - which is reserved for user defined rules. - - 31 May 2012; Zac Medico trousers-0.3.6.ebuild: - inherit user for enewgroup and enewuser - - 14 May 2012; Mike Frysinger trousers-0.3.6.ebuild: - Add arm love for ChromiumOS. - - 03 May 2012; Jeff Horelick trousers-0.3.6.ebuild: - dev-util/pkgconfig -> virtual/pkgconfig - - 20 Aug 2011; Sven Wegener files/tcsd.initd: - Switch from --chuid to --user. - - 22 Mar 2011; Arfrever Frehtes Taifersar Arahesis - -trousers-0.3.5.ebuild: - Delete. - - 21 Mar 2011; Thomas Kahle trousers-0.3.6.ebuild: - x86 stable per bug 357181 - - 04 Mar 2011; Markos Chandras trousers-0.3.6.ebuild: - Stable on amd64 wrt bug #357181 - -*trousers-0.3.6 (06 Aug 2010) - - 06 Aug 2010; Robin H. Johnson - +files/61-trousers.rules, -files/trousers-0.2.3-nouseradd.patch, - -trousers-0.3.2.1-r1.ebuild, trousers-0.3.5.ebuild, - +trousers-0.3.6.ebuild: - Bug #329451: version bump. Bug #330287: setup for USE=gtk, but disable for - now as USE=gtk does not even build for me, due to missing support.h. Bug - #232190: include udev rules. - -*trousers-0.3.5 (27 Jun 2010) - - 27 Jun 2010; Arfrever Frehtes Taifersar Arahesis - -trousers-0.3.1.ebuild, -files/trousers-0.3.1-gcc43.patch, - -files/trousers-0.3.1-qa.patch, -trousers-0.3.2.ebuild, - -trousers-0.3.2.1.ebuild, +trousers-0.3.5.ebuild, - +files/trousers-0.3.5-nouseradd.patch: - Version bump (bug #325533). Fix building with >=sys-devel/autoconf-2.64 - (bug #282345). - -*trousers-0.3.2.1-r1 (06 Sep 2009) - - 06 Sep 2009; Mike Auty +trousers-0.3.2.1-r1.ebuild: - Add in kernel config existence checks (bug 283320). - -*trousers-0.3.2.1 (06 Sep 2009) - - 06 Sep 2009; Arfrever Frehtes Taifersar Arahesis - +trousers-0.3.2.1.ebuild: - Version bump (bug #283081). - -*trousers-0.3.2 (22 Aug 2009) - - 22 Aug 2009; Arfrever Frehtes Taifersar Arahesis - +trousers-0.3.2.ebuild: - Version bump (bug #280788). - - 29 Mar 2009; Arfrever Frehtes Taifersar Arahesis - trousers-0.3.1.ebuild: - Add ~amd64 keyword. - - 22 Mar 2009; Arfrever Frehtes Taifersar Arahesis - trousers-0.3.1.ebuild: - Don't use -Werror (bug #260873). - - 20 Feb 2009; Daniel Black trousers-0.3.1.ebuild: - app-crypt/tpm-module being purged - - 23 Jul 2008; Peter Alfredsen - files/trousers-0.2.3-nouseradd.patch, +files/trousers-0.3.1-gcc43.patch, - trousers-0.3.1.ebuild: - Fix for gcc-4.3, tidy up ebuild. Bug #232521. Thanks to Shvetsov Alexey - - - 07 Jun 2008; Diego Pettenò trousers-0.3.1.ebuild: - Remove unused inherits that were used to patch and re-autotools before. - - 24 Nov 2007; Alon Bar-Lev - +files/trousers-0.3.1-qa.patch, trousers-0.3.1.ebuild: - Fix 64bit issue, bug#200218, thanks to dev-zero - -*trousers-0.3.1 (10 Nov 2007) - - 10 Nov 2007; Alon Bar-Lev - -files/trousers-0.2.1-nouseradd.patch, -files/trousers-0.2.3-ldadd.patch, - -files/trousers-0.2.6-as-needed.patch, -trousers-0.2.1.ebuild, - -trousers-0.2.3.ebuild, -trousers-0.2.5.ebuild, -trousers-0.2.6.ebuild, - -trousers-0.2.8.ebuild, +trousers-0.3.1.ebuild: - Version bump, cleanup - - 24 Jan 2007; Marius Mauch trousers-0.2.1.ebuild, - trousers-0.2.3.ebuild, trousers-0.2.5.ebuild, trousers-0.2.6.ebuild, - trousers-0.2.8.ebuild: - Replacing einfo with elog - - 12 Jan 2007; Alon Bar-Lev trousers-0.2.8.ebuild: - Remove WANT_AUTO* - -*trousers-0.2.8 (06 Jan 2007) - - 06 Jan 2007; Alon Bar-Lev +trousers-0.2.8.ebuild: - Version bump - -*trousers-0.2.6 (06 May 2006) - - 06 May 2006; Daniel Black - +files/trousers-0.2.6-as-needed.patch, +trousers-0.2.6.ebuild: - version bump - - 27 Apr 2006; Alec Warner files/digest-trousers-0.2.1, - files/digest-trousers-0.2.3, Manifest: - Fixing duff SHA256 digests: Bug # 131293 - -*trousers-0.2.5 (02 Feb 2006) - - 02 Feb 2006; Daniel Black +trousers-0.2.5.ebuild: - version bump - -*trousers-0.2.3 (17 Sep 2005) - - 17 Sep 2005; Daniel Black - -files/trousers-0.2.0-nouseradd.patch, +files/trousers-0.2.3-ldadd.patch, - +files/trousers-0.2.3-nouseradd.patch, -trousers-0.1.11-r1.ebuild, - -trousers-0.2.0.ebuild, +trousers-0.2.3.ebuild: - version bump. remove old versions - inspiried by bug #105799 thanks to Felix - Dorner - - 23 Aug 2005; Daniel Black - trousers-0.1.11-r1.ebuild, trousers-0.2.0.ebuild, trousers-0.2.1.ebuild: - QA fix removing /bin/false from enewuser - bug #103421 - -*trousers-0.2.1 (30 Jul 2005) - - 30 Jul 2005; Daniel Black - +files/trousers-0.2.1-nouseradd.patch, +trousers-0.2.1.ebuild: - version bump - -*trousers-0.2.0 (06 Jul 2005) - - 06 Jul 2005; Daniel Black - +files/trousers-0.2.0-nouseradd.patch, +trousers-0.2.0.ebuild: - version bump. tpm udev is now part of udev-060 - - 23 Jun 2005; Daniel Black - trousers-0.1.11-r1.ebuild: - udev fix thanks to latexer - -*trousers-0.1.11-r1 (23 Jun 2005) - - 23 Jun 2005; Daniel Black - -files/0.1.7-makefile-statedir.patch, files/tcsd.initd, - -trousers-0.1.7.ebuild, -trousers-0.1.11.ebuild, - +trousers-0.1.11-r1.ebuild: - added udev permissions. Added tpm-emulator as optional dependancy. script - file fixes and old version cleanout - -*trousers-0.1.11 (19 Jun 2005) - - 19 Jun 2005; Daniel Black +files/tcsd.confd, - +files/tcsd.initd, +trousers-0.1.11.ebuild: - Version bump as per bug #95764. Thankyou TGL - -*trousers-0.1.7 (06 Feb 2005) - - 06 Feb 2005; Daniel Black +metadata.xml, - +files/0.1.7-makefile-statedir.patch, +trousers-0.1.7.ebuild: - Initial import diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/Manifest b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/Manifest index eb09192abf..bbdd682524 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/Manifest @@ -1,15 +1 @@ -AUX 61-trousers.rules 96 SHA256 8f25b51dca45b75caa85a00ef476fb40c09d6cc82e2351cb7af24ebc805dd949 SHA512 83fa5b8666bcb0111f69456e6b9ea73eca2e1933e44bf7b705ff4d3c7b63a63ae4d0a1c30b0a00ebe6a8b4206ed7df80abca8503ace1c795119213f3546e9307 WHIRLPOOL a6ff89249a9ea7d5a7d308f0446e304b4429992bd51953e4dbe1a87731c7b8c824b1d158fc1f734965c082508b1ed334ff4303bf610228228c858e29cfe71664 -AUX tcsd.confd 372 SHA256 5a1f9150ce0d8cc3e9e80971e073ee0b1db018ec3af6809087a7c626b9ffa327 SHA512 1e33f521156d55ff450907e01a7c60750e2880520700de1e8fb42ed03d5a16a20332f6f437f2cc7ed155f65b9306bf2d670f46c4b7055d4c9248beaeb06f8a75 WHIRLPOOL d94c3719b438c2758d97f00dab463b9b76b0fc2d9329dcc9cd8867150a7f5351379254868165df8e19ef33ae0e9d6ab333706952dcabaf0da18833750c35f42e -AUX tcsd.initd 849 SHA256 29c36bdcedb580a878fbc599f12dea559438abea2b033d8e1664d7accf863dfb SHA512 f2a389f3e59a6e455aca8555cf022479fc5212f08c67901ce2db86f42ef34be3564c6b209eddc4f29869a72cefcdbae431b63a7c669d57f1a26ed21a60ef5e43 WHIRLPOOL 4acbfa2278553b97e4ce180eb903bce64334aea487515487f5c358ff8f0fb38c723aa3c8ed7b16497bdb3dc0d838c60529b70292a2db92444753dbdefc3aa8ff -AUX tcsd.service 131 SHA256 704dbb2b06a3e357fe2363d2cc88632ccd18dcdf14dc7640cd67272df5a52ade SHA512 e516bde8ce45fe4ad687aaaabae475da9c20a9fbd8ebee736d09ceb6efa597efb6f3bb99840a4c0d2c9eb77c2824df6ee45985b46dc8cf924b4eed67eeec1468 WHIRLPOOL 851f6ef31d93a7fd119cc4bc70c28410539fb572158e8238b72ea177e5a75e2a48382807ac14203eb48a21e5432c5c0c35cf25619557d9ba741328f3f79ebfc0 -AUX trousers-0.3.13-build.patch 2019 SHA256 0217b7f1178f880df4a3493a758b0a4b2462a7420d882b6634e531dec17081d7 SHA512 6877f7298ae03d3a3214da37591f889a382a380c39f36e287a9a2edbec78d44ff5032ef75b3c6b114c6755f0f924c8e1a1a4a3b0577e7168ac42dc8c1cc8983a WHIRLPOOL bd722f960f61efcb834232c5b746dc94f94971f1c1f220c6685faea662c1f07f34e12dfb46ba534d55b2530add31dd1b90b1a10b7c407a0e6633c1c8004802ca -AUX trousers-0.3.13-nouseradd.patch 606 SHA256 af43a38991c10db8a817faaa4ff244f3600c90a10e26a0232e7668f15f84e911 SHA512 a6c9074e535429f09ce5e850d943378348b54bed479b7fef0fff7bb18ab2547421407900aa35533749a764275a241ddbd083c4e2f3d6a9ad6f9b1d40d090f783 WHIRLPOOL 2ca8c22aa11aee2f06ce0dfc7c2d035b10724999302818461e72ed9fc29d813112dd52ac80ac7c1027b301f7bdcffe085537dfbf05affebf3ca96992026ae11b -AUX trousers-0.3.5-nouseradd.patch 439 SHA256 927040d4ef30657717a75318320330f12364a624e0ce6f0d2e6a25c53e5ba11b SHA512 d5f218fb2cd50e81eed2fc3fb48c613f33e17be9be39368e6d0aef5cd2237ef4505736bebc00b30e3133cab81ac2551edbdb8d83aaab0614cbc1747b34bff806 WHIRLPOOL eb01c789159dab0b662065ce155e27f7dbbb5bf5a41c470598be08dcb41fafd77c242c77618f2c118d943b716dea95934bed19c7fd5634442a9b17bd74a943dd -DIST trousers-0.3.10.tar.gz 1658652 SHA256 eb9569de5c66d9698f6c3303de03777b95ec72827f68b7744454bfa9227bc530 SHA512 1835246f846d20bc1b2731d68440a9ca45865fcd52ad847d95485e4b126fae8bec09feaad559c27d83e243d92b8adc3a67934bff2034b318df075842fe9df4f0 WHIRLPOOL 7a27ef57b0038178cbf384c9fdec2d2e3e58dbeb5e5bc1503d2a7058a8312df54fa72b87968554631e4b5e483ae5e8c5e0a2367346bf3ae001b523a507ceff40 -DIST trousers-0.3.13.tar.gz 1371901 SHA256 bb908e4a3c88a17b247a4fc8e0fff3419d8a13170fe7bdfbe0e2c5c082a276d3 SHA512 c54407e538712f738b593707ffc6d617348d73de91dfddd9057273c2fcec26e5738e89db005d36d52596630a9d583f7fcb8cc388f597da6212891e2d79dce699 WHIRLPOOL 8099d2f01b1c64b2e92c78130c9f66766f9054a1ab557f0d6da149ca4869c9fed7ee3a26454ab50bd67069d30c758ccabb450dead1d9100ffacac9f596f6d46b -EBUILD trousers-0.3.10-r1.ebuild 3013 SHA256 73c0a2afc4805c780cd0731245d598845d442bc1a97698256b64a4fbc12f61df SHA512 f931504f773f87e5a0c04da8ad448bdcd8b1e96b0e14e89f64a7a24eb1cdbcbc3d193ea2fcb30d087f52d960082499a1c6c0ebeb49ce417f8f2b40f6d1a4c308 WHIRLPOOL a57cc01db3c3a83786eb0d090fbb0dae89d6ab02f92536ec63ac6e5334ec08bd31b0a81a8a8afb9be79feccdc032ff7d989617f340bdeab45e319d91cf86895a -EBUILD trousers-0.3.13-r1.ebuild 3072 SHA256 5afead3b02b9d82a013c707b1bc291eecafff21aa21f5ea37d44b6ff53158d20 SHA512 a5c7c6aaf4fc314c759c4d9f41fb4306afb5fe4b81f15b1c4365fc20c06b56924dda58530755af41e9f00e44c1ee0c862a7dfcabfab1befcd799e72b59a9c55b WHIRLPOOL d9bb612fcd59740044246536514b05cdddb531a5956cf5fb1a539d792c6b64c6d68270c0ccc1a637d7e1bf36670ffef6fa3f2cee28fd7054989ebcbf87342a64 -EBUILD trousers-0.3.13.ebuild 3014 SHA256 bcc9bc1a88a921aadd99ceff2faa1bcf546ea0f6d0975a861ace608c50cb6466 SHA512 aa1a2df2870ee4f97dc4c7ae7be5d6fd251b64ee3953de0666bb0352b5737e2131e9d1136abc765a464b61f39116af605e05036f4fab2195c42579737a902389 WHIRLPOOL a3b9be24f7b35545f53622e1febf8ad95512389396cdef93434399b10685242dc48a6ded3146fa1b14bddcefd515149642365912eb337daa4b4cfbc5848980c6 -MISC ChangeLog 2606 SHA256 8d69ebaf89dbfaa941f7dcf3d978118d638902c3f5fa35e245bbe4a74f391e26 SHA512 f2db096cca06d241f8bdbd34e8439e5787e30e2761ea494270156ac8287b4d93267060f9b793a6f5ab5a9c1fa9ae0435c19e40b4b7b930df9f8dbc381912c4be WHIRLPOOL 279dc5ea5b5a298403538274f5eb1d767e339693f530655647615981a6a8363a4329b491f4f8ad2d67bcdc4e80f34ed0b30515213ad42c358bb912cfe0a45046 -MISC ChangeLog-2015 9637 SHA256 08e62c19dc835915e45e8fa120f7945bbaa3dbeb464ef8dba9b106cc3a9d2e15 SHA512 415e7e6bb7d24c1da939867b751187f96eec3fe10d47c8003d2160644815dd72f07cc278dba6807f7403c2edff166f8db5e6e3c4b5d23153f060210063fa07d8 WHIRLPOOL c5f9422ed04064397d28ac87fe9eb93cc3f669a6384170d95015492b07614e61222e03f064acc36aae0fa4f63741107743f942277fb9743ed9a4dfcd49d54daf -MISC metadata.xml 304 SHA256 98852de410f67541dd320cd2feadb413638dd95470141127fc00c6a538bdf36e SHA512 54c86a65d6d04953bbe3f47e9d5d32a7304e792f8211335b1065c3bb2618be5762ff38d34515af483c634572a7c48e7bc1f0200785c6924b46afd9b6d9abbb45 WHIRLPOOL f50232e16a0368f3bfa79a724310df879b329a6bbe54ed969039bc221b1d76b250811ebc1cc612f4425c3a665e2d50da895fc99e946226ee6d65b31ed8130719 +DIST trousers-0.3.14.tar.gz 1378438 BLAKE2B 3dc2824fa2ca1b1f1181f98d59e85276e7d38af4bfc07ee8246431d9ccb300a8e0820b318643d4cf5d757d2a49492c8686e2fe9de03484263d2189d4bbaa32d0 SHA512 bf87f00329cf1d76a12cf6b6181fa22f90e76af3c5786e6e2db98438d2d3f0c0e05364374664173f45e3a2f6c0e2364948d0b958a7845cb23fcb340150cd9b21 diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/system.data b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/system.data index 8fa48a533f..b498fd495d 100644 Binary files a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/system.data and b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/system.data differ diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.confd b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.confd new file mode 100644 index 0000000000..78bedb9fda --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.confd @@ -0,0 +1,9 @@ +# /etc/conf.d/tscd + +# Configuration file for the TrouSerS' TCS daemon (tcsd) init script +# Have a look on /etc/tcsd.conf too, there is more to configure there. + +# TPM_MODULES: name of the module(s) that should be loaded. You only need to +# set this if your driver is not compiled in kernel and is not already loaded +# on boot. (default: unset) +#TPM_MODULES="tpm_atmel" diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.initd b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.initd new file mode 100644 index 0000000000..c9c050cb06 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.initd @@ -0,0 +1,38 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + use logger + need net +} + +checkconfig() { + local mod + if [ -n "${TPM_MODULES}" ] ; then + for mod in ${TPM_MODULES} ; do + lsmod | grep -q "^${mod}\b" \ + || modprobe ${mod} &>/dev/null \ + || ewarn "Failed to load module ${mod}" + done + # Should we sleep or something to wait for device creation? + fi + if [ ! -c /dev/tpm ] && [ ! -c /dev/tpm0 ] ; then + eerror "No TPM device found!" + return 1 + fi + return 0 +} + +start() { + ebegin "Starting TrouSerS' TCS daemon (tcsd)" + checkconfig || eend $? + start-stop-daemon --start --user tss --exec /usr/sbin/tcsd + eend $? +} + +stop() { + ebegin "Stopping TrouSerS' TCS daemon (tcsd)" + start-stop-daemon --stop --quiet --exec /usr/sbin/tcsd --user tss + eend $? +} diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tmpfiles.d/trousers.conf b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tmpfiles.d/trousers.conf index 302dbf929f..c1c39895e7 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tmpfiles.d/trousers.conf +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tmpfiles.d/trousers.conf @@ -1,3 +1,3 @@ d /var/lib/tpm 0755 tss tss - - C /etc/tcsd.conf 0600 tss tss - /usr/share/trousers/tcsd.conf -C /var/lib/tpm/system.data 0600 tss tss - /usr/share/trousers/system.data \ No newline at end of file +C /var/lib/tpm/system.data 0600 tss tss - /usr/share/trousers/system.data diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.13-build.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.13-build.patch deleted file mode 100644 index 4e0e60e977..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.13-build.patch +++ /dev/null @@ -1,77 +0,0 @@ ---- a/src/include/tcsps.h -+++ b/src/include/tcsps.h -@@ -23,13 +23,8 @@ int get_file(); - int put_file(int); - void close_file(int); - void ps_destroy(); --#ifdef SOLARIS --TSS_RESULT read_data(int, void *, UINT32); --TSS_RESULT write_data(int, void *, UINT32); --#else --inline TSS_RESULT read_data(int, void *, UINT32); --inline TSS_RESULT write_data(int, void *, UINT32); --#endif -+TSS_RESULT read_data(int, void *, UINT32); -+TSS_RESULT write_data(int, void *, UINT32); - int write_key_init(int, UINT32, UINT32, UINT32); - TSS_RESULT cache_key(UINT32, UINT16, TSS_UUID *, TSS_UUID *, UINT16, UINT32, UINT32); - TSS_RESULT UnloadBlob_KEY_PS(UINT16 *, BYTE *, TSS_KEY *); ---- a/src/include/tspps.h -+++ b/src/include/tspps.h -@@ -18,8 +18,8 @@ - - TSS_RESULT get_file(int *); - int put_file(int); --inline TSS_RESULT read_data(int, void *, UINT32); --inline TSS_RESULT write_data(int, void *, UINT32); -+TSS_RESULT read_data(int, void *, UINT32); -+TSS_RESULT write_data(int, void *, UINT32); - UINT32 psfile_get_num_keys(int); - TSS_RESULT psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *); - TSS_RESULT psfile_remove_key_by_uuid(int, TSS_UUID *); ---- a/src/tcs/ps/ps_utils.c -+++ b/src/tcs/ps/ps_utils.c -@@ -42,11 +42,7 @@ - struct key_disk_cache *key_disk_cache_head = NULL; - - --#ifdef SOLARIS - TSS_RESULT --#else --inline TSS_RESULT --#endif - read_data(int fd, void *data, UINT32 size) - { - int rc; -@@ -64,11 +60,7 @@ read_data(int fd, void *data, UINT32 size) - } - - --#ifdef SOLARIS - TSS_RESULT --#else --inline TSS_RESULT --#endif - write_data(int fd, void *data, UINT32 size) - { - int rc; ---- a/src/tspi/ps/ps_utils.c -+++ b/src/tspi/ps/ps_utils.c -@@ -22,7 +22,7 @@ - #include "tspps.h" - #include "tsplog.h" - --inline TSS_RESULT -+TSS_RESULT - read_data(int fd, void *data, UINT32 size) - { - int rc; -@@ -39,7 +39,7 @@ read_data(int fd, void *data, UINT32 size) - return TSS_SUCCESS; - } - --inline TSS_RESULT -+TSS_RESULT - write_data(int fd, void *data, UINT32 size) - { - int rc; diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-Makefile.am-Mark-tddl.a-nodist.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-Makefile.am-Mark-tddl.a-nodist.patch new file mode 100644 index 0000000000..f777b629ce --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-Makefile.am-Mark-tddl.a-nodist.patch @@ -0,0 +1,25 @@ +From 5b1dbb5f8eada9002ec10f4ebc0bc418272e58b2 Mon Sep 17 00:00:00 2001 +From: Salah Coronya +Date: Sun, 7 Jun 2020 12:34:03 -0500 +Subject: [PATCH] src/tddl/Makefile.am: Mark tddl.a nodist + +This makes tddl.a nodist like the others, so it is not installed + +Signed-off-by: Salah Coronya +--- + src/tddl/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tddl/Makefile.am b/src/tddl/Makefile.am +index 607eb8e..2cd599b 100644 +--- a/src/tddl/Makefile.am ++++ b/src/tddl/Makefile.am +@@ -1,4 +1,4 @@ +-lib_LIBRARIES=libtddl.a ++noinst_LIBRARIES=libtddl.a + + libtddl_a_SOURCES=tddl.c + libtddl_a_CFLAGS=-DAPPID=\"TCSD\ TDDL\" -I${top_srcdir}/src/include -fPIE -DPIE +-- +2.26.2 + diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-fno-common.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-fno-common.patch new file mode 100644 index 0000000000..5046bc7088 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-fno-common.patch @@ -0,0 +1,15 @@ +diff --git a/src/include/tcsd.h b/src/include/tcsd.h +index 5b9462b..05bae97 100644 +--- a/src/include/tcsd.h ++++ b/src/include/tcsd.h +@@ -166,8 +166,8 @@ void thread_signal_init(); + + /* signal handling */ + #ifndef __APPLE__ +-struct sigaction tcsd_sa_int; +-struct sigaction tcsd_sa_chld; ++extern struct sigaction tcsd_sa_int; ++extern struct sigaction tcsd_sa_chld; + #endif + + #endif diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-libressl.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-libressl.patch new file mode 100644 index 0000000000..9ee7c167e2 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-libressl.patch @@ -0,0 +1,28 @@ +From b8b1cda430270f03dc556cf9cf7d2fd478101525 Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev +Date: Wed, 7 Dec 2016 09:36:34 +0200 +Subject: [PATCH] tspi: support libressl + +Bug: https://sourceforge.net/p/trousers/bugs/222/ + +Signed-off-by: Alon Bar-Lev +--- + src/trspi/crypto/openssl/rsa.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/trspi/crypto/openssl/rsa.c b/src/trspi/crypto/openssl/rsa.c +index 2b1205f..3e56015 100644 +--- a/src/trspi/crypto/openssl/rsa.c ++++ b/src/trspi/crypto/openssl/rsa.c +@@ -38,7 +38,7 @@ + #define DEBUG_print_openssl_errors() + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100001L ++#if OPENSSL_VERSION_NUMBER < 0x10100001L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) + static int + RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) + { +-- +2.7.3 + diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.5-nouseradd.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.5-nouseradd.patch deleted file mode 100644 index 32114134da..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.5-nouseradd.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- dist/Makefile.am -+++ dist/Makefile.am -@@ -6,8 +6,6 @@ - /bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf - - install-exec-hook: -- /usr/sbin/groupadd tss || true -- /usr/sbin/useradd -r tss -g tss || true - /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi' - /bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true - /bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/metadata.xml index e47fe20d59..643c6bf8c7 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/metadata.xml @@ -1,9 +1,16 @@ - crypto - - cpe:/a:debian:trousers - trousers - + + salah.coronya@gmail.com + Salah Coronya + + + proxy-maint@gentoo.org + Proxy Maintainers + + + cpe:/a:debian:trousers + trousers + diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/trousers-0.3.13-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/trousers-0.3.13-r2.ebuild deleted file mode 100644 index c36ac19bc4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/trousers-0.3.13-r2.ebuild +++ /dev/null @@ -1,111 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 - -inherit autotools eutils linux-info readme.gentoo systemd user udev - -#MY_P="${PN}-${PV%.*}-${PV##*.}" - -DESCRIPTION="An open-source TCG Software Stack (TSS) v1.1 implementation" -HOMEPAGE="http://trousers.sf.net" -SRC_URI="mirror://sourceforge/trousers/${P}.tar.gz" - -LICENSE="CPL-1.0 GPL-2" -SLOT="0" -KEYWORDS="amd64 arm arm64 ~m68k ~ppc ~ppc64 ~s390 ~sh ~x86" -IUSE="doc libressl selinux" # gtk - -# gtk support presently does NOT compile. -# gtk? ( >=x11-libs/gtk+-2 ) - -CDEPEND=">=dev-libs/glib-2 - !libressl? ( >=dev-libs/openssl-0.9.7:0 ) - libressl? ( dev-libs/libressl ) -" -DEPEND="${CDEPEND} - virtual/pkgconfig" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-tcsd )" -# S="${WORKDIR}/${P}git" - -DOCS="AUTHORS ChangeLog NICETOHAVES README TODO" - -DOC_CONTENTS=" - If you have problems starting tcsd, please check permissions and - ownership on /dev/tpm* and ~tss/system.data -" - -pkg_setup() { - # Check for driver (not sure it can be an rdep, because ot depends on the - # version of virtual/linux-sources... Is that supported by portage?) - linux-info_pkg_setup - local tpm_kernel_version tpm_kernel_present tpm_module - kernel_is ge 2 6 12 && tpm_kernel_version="yes" - if linux_config_exists; then - linux_chkconfig_present TCG_TPM && tpm_kernel_present="yes" - else - ewarn "No kernel configuration could be found." - fi - has_version app-crypt/tpm-emulator && tpm_module="yes" - if [[ -n "${tpm_kernel_present}" ]]; then - einfo "Good, you seem to have in-kernel TPM support." - elif [[ -n "${tpm_module}" ]]; then - einfo "Good, you seem to have TPM support with the external module." - if [[ -n "${tpm_kernel_version}" ]]; then - elog - elog "Note that since you have a >=2.6.12 kernel, you could use" - elog "the in-kernel driver instead of (CONFIG_TCG_TPM)." - fi - elif [[ -n "${tpm_kernel_version}" ]]; then - eerror - eerror "To use this package, you will have to activate TPM support" - eerror "in your kernel configuration. That's at least CONFIG_TCG_TPM," - eerror "plus probably a chip specific driver (like CONFIG_TCG_ATMEL)." - eerror - else - eerror - eerror "To use this package, you should install a TPM driver." - eerror "You can have the following options:" - eerror " - install app-crypt/tpm-emulator" - eerror " - switch to a >=2.6.12 kernel and compile the kernel module" - eerror - fi - - # New user/group for the daemon - enewgroup tss - enewuser tss -1 -1 /var/lib/tpm tss -} - -src_prepare() { - epatch "${FILESDIR}"/${P}-nouseradd.patch - epatch "${FILESDIR}"/${P}-build.patch - mv configure.in configure.ac || die - eautoreconf -} - -src_configure() { - # econf --with-gui=$(usex gtk gtk openssl) - econf --with-gui=openssl -} - -src_install() { - keepdir /var/lib/tpm - default - use doc && dodoc doc/* - fowners tss:tss /etc/tcsd.conf - systemd_dounit "${FILESDIR}"/tcsd.service - systemd_enable_service multi-user.target tcsd.service - udev_dorules "${FILESDIR}"/61-trousers.rules - fowners tss:tss /var/lib/tpm - prune_libtool_files - readme.gentoo_create_doc - insinto /usr/share/trousers/ - doins "${FILESDIR}"/system.data - # stash a copy of the config so we can restore it from tmpfiles - doins "${D}"/etc/tcsd.conf - fowners tss:tss /usr/share/trousers/system.data - fowners tss:tss /usr/share/trousers/tcsd.conf - systemd_dotmpfilesd "${FILESDIR}"/tmpfiles.d/trousers.conf -} diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/trousers-0.3.14-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/trousers-0.3.14-r2.ebuild new file mode 100644 index 0000000000..153aeb169c --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/trousers-0.3.14-r2.ebuild @@ -0,0 +1,88 @@ +# Flatcar modifications: +# - added "Flatcar:" customizations +# - added condition to files/tcsd.service +# - created files/tmpfiles.d/trousers.conf +# - created files/system.data +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools linux-info readme.gentoo-r1 systemd udev + +DESCRIPTION="An open-source TCG Software Stack (TSS) v1.1 implementation" +HOMEPAGE="http://trousers.sf.net" +SRC_URI="mirror://sourceforge/trousers/${PN}/${P}.tar.gz" + +LICENSE="CPL-1.0 GPL-2" +SLOT="0" +KEYWORDS="amd64 arm arm64 ~m68k ~ppc ppc64 ~s390 x86" +IUSE="doc libressl selinux" # gtk + +# gtk support presently does NOT compile. +# gtk? ( >=x11-libs/gtk+-2 ) + +DEPEND="acct-group/tss + acct-user/tss + >=dev-libs/glib-2 + !libressl? ( >=dev-libs/openssl-0.9.7:0= ) + libressl? ( dev-libs/libressl:0= )" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-tcsd )" +BDEPEND="virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}/${PN}-0.3.13-nouseradd.patch" + "${FILESDIR}/${P}-libressl.patch" + "${FILESDIR}/${P}-fno-common.patch" + "${FILESDIR}/${P}-Makefile.am-Mark-tddl.a-nodist.patch" +) + +DOCS="AUTHORS ChangeLog NICETOHAVES README TODO" + +DOC_CONTENTS=" + If you have problems starting tcsd, please check permissions and + ownership on /dev/tpm* and ~tss/system.data +" +S="${WORKDIR}" + +CONFIG_CHECK="~TCG_TPM" + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # econf --with-gui=$(usex gtk gtk openssl) + econf --with-gui=openssl +} + +src_install() { + default + find "${D}" -name '*.la' -delete || die + + keepdir /var/lib/tpm + use doc && dodoc doc/* + # Flatcar: + # (removed newinitd and newconfd) + fowners tss:tss /etc/tcsd.conf + + systemd_dounit "${FILESDIR}"/tcsd.service + + # Flatcar: + systemd_enable_service multi-user.target tcsd.service + + udev_dorules "${FILESDIR}"/61-trousers.rules + fowners tss:tss /var/lib/tpm + readme.gentoo_create_doc + + # Flatcar: + insinto /usr/share/trousers/ + doins "${FILESDIR}"/system.data + # stash a copy of the config so we can restore it from tmpfiles + doins "${D}"/etc/tcsd.conf + fowners tss:tss /usr/share/trousers/system.data + fowners tss:tss /usr/share/trousers/tcsd.conf + systemd_dotmpfilesd "${FILESDIR}"/tmpfiles.d/trousers.conf +} diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/ChangeLog b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/ChangeLog deleted file mode 100644 index 2017fd62b3..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/ChangeLog +++ /dev/null @@ -1,117 +0,0 @@ -# ChangeLog for dev-libs/cyrus-sasl -# Copyright 1999-2016 Gentoo Foundation; Distributed under the GPL v2 -# (auto-generated from git log) - -*cyrus-sasl-2.1.26-r9 (09 Aug 2015) - - 09 Aug 2015; Robin H. Johnson - +cyrus-sasl-2.1.26-r9.ebuild, - +files/cyrus-sasl-0001_versioned_symbols.patch, - +files/cyrus-sasl-0002_testsuite.patch, - +files/cyrus-sasl-0006_library_mutexes.patch, - +files/cyrus-sasl-0008_one_time_sasl_set_alloc.patch, - +files/cyrus-sasl-0010_maintainer_mode.patch, - +files/cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch, - +files/cyrus-sasl-0012_xopen_crypt_prototype.patch, - +files/cyrus-sasl-0014_avoid_pic_overwrite.patch, - +files/cyrus-sasl-0016_pid_file_lock_creation_mask.patch, - +files/cyrus-sasl-0026_drop_krb5support_dependency.patch, - +files/cyrus-sasl-2.1.17-pgsql-include.patch, - +files/cyrus-sasl-2.1.19-checkpw.c.patch, - +files/cyrus-sasl-2.1.21-keytab.patch, - +files/cyrus-sasl-2.1.22-as-needed.patch, - +files/cyrus-sasl-2.1.22-crypt.patch, +files/cyrus-sasl-2.1.22-gcc44.patch, - +files/cyrus-sasl-2.1.22-qa.patch, +files/cyrus-sasl-2.1.23+db-5.0.patch, - +files/cyrus-sasl-2.1.23-CVE-2013-4122.patch, - +files/cyrus-sasl-2.1.23-authd-fix.patch, - +files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch, - +files/cyrus-sasl-2.1.23-rimap-loop.patch, - +files/cyrus-sasl-2.1.25-as_needed.patch, - +files/cyrus-sasl-2.1.25-autotools_fixes.patch, - +files/cyrus-sasl-2.1.25-auxprop.patch, - +files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch, - +files/cyrus-sasl-2.1.25-fix_heimdal.patch, - +files/cyrus-sasl-2.1.25-missing_header.patch, - +files/cyrus-sasl-2.1.25-saslauthd_libtool.patch, - +files/cyrus-sasl-2.1.25-sasldb_al.patch, - +files/cyrus-sasl-2.1.25-service_keytabs.patch, - +files/cyrus-sasl-2.1.26-CVE-2013-4122.patch, - +files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch, - +files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch, - +files/cyrus-sasl-2.1.26-missing-size_t.patch, - +files/cyrus-sasl-2.1.26-send-imap-logout.patch, +files/cyrus-sasl.conf, - +files/java.README.gentoo, +files/pwcheck.rc6, +files/pwcheck.service, - +files/saslauthd-2.1.21.conf, +files/saslauthd-2.1.26.conf, - +files/saslauthd.pam-include, +files/saslauthd.service, - +files/saslauthd2.rc6, +files/saslauthd2.rc7, +metadata.xml: - proj/gentoo: Initial commit - - This commit represents a new era for Gentoo: - Storing the gentoo-x86 tree in Git, as converted from CVS. - - This commit is the start of the NEW history. - Any historical data is intended to be grafted onto this point. - - Creation process: - 1. Take final CVS checkout snapshot - 2. Remove ALL ChangeLog* files - 3. Transform all Manifests to thin - 4. Remove empty Manifests - 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ - 5.1. Do not touch files with -kb/-ko keyword flags. - - Signed-off-by: Robin H. Johnson - X-Thanks: Alec Warner - did the GSoC 2006 migration - tests - X-Thanks: Robin H. Johnson - infra guy, herding this - project - X-Thanks: Nguyen Thai Ngoc Duy - Former Gentoo - developer, wrote Git features for the migration - X-Thanks: Brian Harring - wrote much python to improve - cvs2svn - X-Thanks: Rich Freeman - validation scripts - X-Thanks: Patrick Lauer - Gentoo dev, running new 2014 - work in migration - X-Thanks: Michał Górny - scripts, QA, nagging - X-Thanks: All of other Gentoo developers - many ideas and lots of paint on - the bikeshed - - 24 Aug 2015; Justin Lecher metadata.xml: - Use https by default - - Convert all URLs for sites supporting encrypted connections from http to - https - - Signed-off-by: Justin Lecher - - 24 Aug 2015; Mike Gilbert metadata.xml: - Revert DOCTYPE SYSTEM https changes in metadata.xml - - repoman does not yet accept the https version. - This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450. - - Bug: https://bugs.gentoo.org/552720 - -*cyrus-sasl-2.1.26-r10 (20 Sep 2015) - - 20 Sep 2015; Julian Ospald - +cyrus-sasl-2.1.26-r10.ebuild: - add libressl support - - 24 Jan 2016; Michał Górny metadata.xml: - Unify quoting in metadata.xml files for machine processing - - Force unified quoting in all metadata.xml files since lxml does not - preserve original use of single and double quotes. Ensuring unified - quoting before the process allows distinguishing the GLEP 67-related - metadata.xml changes from unrelated quoting changes. - - 24 Jan 2016; Michał Górny metadata.xml: - Replace all herds with appropriate projects (GLEP 67) - - Replace all uses of herd with appropriate project maintainers, or no - maintainers in case of herds requested to be disbanded. - - 24 Jan 2016; Michał Górny metadata.xml: - Set appropriate maintainer types in metadata.xml (GLEP 67) - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/ChangeLog-2015 b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/ChangeLog-2015 deleted file mode 100644 index c90e2146e2..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/ChangeLog-2015 +++ /dev/null @@ -1,1434 +0,0 @@ -# ChangeLog for dev-libs/cyrus-sasl -# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/ChangeLog,v 1.321 2015/06/23 00:26:44 patrick Exp $ - - 23 Jun 2015; Patrick Lauer metadata.xml: - Remove unneeded useflag description from metadata.xml - - 22 Jun 2015; Manuel Rüger -cyrus-sasl-2.1.23-r7.ebuild: - Remove old. - - 06 Jun 2015; Jason Zaman cyrus-sasl-2.1.26-r9.ebuild: - RDEP on selinux policy, bug 543568 - - 10 Apr 2015; Eray Aslan -cyrus-sasl-2.1.26-r3.ebuild, - -cyrus-sasl-2.1.26-r4.ebuild, -cyrus-sasl-2.1.26-r5.ebuild, - -cyrus-sasl-2.1.26-r7.ebuild, -cyrus-sasl-2.1.26-r8.ebuild, - -files/cyrus-sasl-2.1.22-db4.patch, - -files/cyrus-sasl-2.1.25-get_fqhostname.patch, - -files/cyrus-sasl-2.1.25-gssapi.patch, - -files/cyrus-sasl-2.1.25-lib_before_plugin.patch: - Remove old - - 09 Apr 2015; Anthony G. Basile - cyrus-sasl-2.1.26-r9.ebuild: - Stable on ppc64. Bug #519646. - - 21 Mar 2015; Justin Lecher cyrus-sasl-2.1.23-r7.ebuild: - use dosbin instead of exeinto /usr/sbin/ && doexe - - 02 Mar 2015; Yixun Lan cyrus-sasl-2.1.26-r9.ebuild: - add arm64 support, tested on A53 board - - 02 Mar 2015; Agostino Sarubbo cyrus-sasl-2.1.26-r9.ebuild: - Stable for ppc, wrt bug #519646 - - 16 Jan 2015; Raúl Porcel cyrus-sasl-2.1.26-r9.ebuild: - ia64/s390/sh/sparc stable wrt #519646 - - 28 Dec 2014; Aaron W. Swenson - cyrus-sasl-2.1.23-r7.ebuild, cyrus-sasl-2.1.26-r3.ebuild, - cyrus-sasl-2.1.26-r4.ebuild, cyrus-sasl-2.1.26-r5.ebuild, - cyrus-sasl-2.1.26-r7.ebuild, cyrus-sasl-2.1.26-r8.ebuild, - cyrus-sasl-2.1.26-r9.ebuild: - Rename virtual/postgresql to dev-db/postgresql - - 21 Nov 2014; Tobias Klausmann - cyrus-sasl-2.1.26-r9.ebuild: - Stable on alpha, bug 519646 - - 03 Nov 2014; Aaron W. Swenson - cyrus-sasl-2.1.23-r7.ebuild, cyrus-sasl-2.1.26-r3.ebuild, - cyrus-sasl-2.1.26-r4.ebuild, cyrus-sasl-2.1.26-r5.ebuild, - cyrus-sasl-2.1.26-r7.ebuild, cyrus-sasl-2.1.26-r8.ebuild, - cyrus-sasl-2.1.26-r9.ebuild: - Update PostgreSQL dependencies and/or checks to virtual/postgresql. - - 23 Oct 2014; Pacho Ramos cyrus-sasl-2.1.26-r9.ebuild: - amd64/x86 stable, bug #519646 - - 13 Sep 2014; Markus Meier cyrus-sasl-2.1.26-r9.ebuild: - arm stable, bug #519646 - - 22 Aug 2014; Jeroen Roovers cyrus-sasl-2.1.26-r9.ebuild: - Stable for HPPA (bug #519646). - -*cyrus-sasl-2.1.26-r9 (22 Aug 2014) - - 22 Aug 2014; Eray Aslan +cyrus-sasl-2.1.26-r9.ebuild, - files/cyrus-sasl-2.1.26-send-imap-logout.patch: - Fix send-imap-logout patch - bug #520486. Thanks to Jeroen Roovers - - 20 Aug 2014; Eray Aslan cyrus-sasl-2.1.26-r3.ebuild: - Fix stable version for >mysql-5.5 as well - -*cyrus-sasl-2.1.26-r8 (20 Aug 2014) - - 20 Aug 2014; Eray Aslan +cyrus-sasl-2.1.26-r8.ebuild: - Fix buiding with >mysql-5.5 - bug #519646 - - 10 Aug 2014; Sergei Trofimovich - cyrus-sasl-2.1.23-r7.ebuild, cyrus-sasl-2.1.26-r3.ebuild, - cyrus-sasl-2.1.26-r4.ebuild, cyrus-sasl-2.1.26-r5.ebuild, - cyrus-sasl-2.1.26-r7.ebuild: - QA: drop trailing '.' from DESCRIPTION - - 07 Jul 2014; Michał Górny cyrus-sasl-2.1.26-r7.ebuild: - Pass --enable-sql for non-native build only when SQLite is enabled (since - MySQL and PgSQL are not multilib ATM), bug #516514. - - 19 Jun 2014; Michał Górny cyrus-sasl-2.1.26-r7.ebuild: - Update dependencies to require guaranteed EAPI=5 or multilib ebuilds, bug - #513718. - -*cyrus-sasl-2.1.26-r7 (18 Jun 2014) - - 18 Jun 2014; Michał Górny +cyrus-sasl-2.1.26-r7.ebuild, - -cyrus-sasl-2.1.26-r6.ebuild: - Fix the reference to myconf array. Bug #513684. - -*cyrus-sasl-2.1.26-r6 (30 May 2014) - - 30 May 2014; Michał Górny +cyrus-sasl-2.1.26-r6.ebuild: - Enable multilib support. - -*cyrus-sasl-2.1.26-r5 (15 May 2014) - - 15 May 2014; Eray Aslan +cyrus-sasl-2.1.26-r5.ebuild, - +files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch: - Fix authentication loop - bug #510320 - -*cyrus-sasl-2.1.26-r4 (24 Feb 2014) - - 24 Feb 2014; Patrick Lauer +cyrus-sasl-2.1.26-r4.ebuild: - Fix configure.in and unrestrict allowed automake versions #486740 #468556 - - 14 Sep 2013; Agostino Sarubbo cyrus-sasl-2.1.23-r7.ebuild: - Stable for sparc, wrt bug #476764 - - 05 Sep 2013; Tim Harder -cyrus-sasl-2.1.23-r6.ebuild, - -cyrus-sasl-2.1.25-r4.ebuild, -cyrus-sasl-2.1.26-r1.ebuild, - -cyrus-sasl-2.1.26-r2.ebuild: - Remove old. - - 06 Aug 2013; Agostino Sarubbo cyrus-sasl-2.1.23-r7.ebuild, - cyrus-sasl-2.1.26-r3.ebuild: - Stable for s390, wrt bug #476764 - - 22 Jul 2013; Agostino Sarubbo cyrus-sasl-2.1.26-r3.ebuild: - Stable for sparc, wrt bug #476764 - - 21 Jul 2013; Agostino Sarubbo cyrus-sasl-2.1.23-r7.ebuild, - cyrus-sasl-2.1.26-r3.ebuild: - Stable for sh, wrt bug #476764 - - 21 Jul 2013; Agostino Sarubbo cyrus-sasl-2.1.23-r7.ebuild, - cyrus-sasl-2.1.26-r3.ebuild: - Stable for arm, wrt bug #476764 - - 21 Jul 2013; Agostino Sarubbo cyrus-sasl-2.1.23-r7.ebuild, - cyrus-sasl-2.1.26-r3.ebuild: - Stable for ppc, wrt bug #476764 - - 21 Jul 2013; Agostino Sarubbo cyrus-sasl-2.1.23-r7.ebuild, - cyrus-sasl-2.1.26-r3.ebuild: - Stable for ppc64, wrt bug #476764 - - 21 Jul 2013; Agostino Sarubbo cyrus-sasl-2.1.23-r7.ebuild, - cyrus-sasl-2.1.26-r3.ebuild: - Stable for ia64, wrt bug #476764 - - 21 Jul 2013; Agostino Sarubbo cyrus-sasl-2.1.23-r7.ebuild, - cyrus-sasl-2.1.26-r3.ebuild: - Stable for alpha, wrt bug #476764 - - 20 Jul 2013; Agostino Sarubbo cyrus-sasl-2.1.23-r7.ebuild, - cyrus-sasl-2.1.26-r3.ebuild: - Stable for x86, wrt bug #476764 - - 20 Jul 2013; Agostino Sarubbo cyrus-sasl-2.1.23-r7.ebuild, - cyrus-sasl-2.1.26-r3.ebuild: - Stable for amd64, wrt bug #476764 - - 17 Jul 2013; Jeroen Roovers cyrus-sasl-2.1.26-r3.ebuild: - Stable for HPPA (bug #476764). - - 17 Jul 2013; Jeroen Roovers cyrus-sasl-2.1.23-r7.ebuild: - Stable for HPPA (bug #476764). - -*cyrus-sasl-2.1.26-r3 (14 Jul 2013) - - 14 Jul 2013; Eray Aslan +cyrus-sasl-2.1.26-r3.ebuild, - +files/cyrus-sasl-2.1.26-CVE-2013-4122.patch, - +files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch, - +files/cyrus-sasl-2.1.26-send-imap-logout.patch: - Security bump - bug #476764. Import send-imap-logout and ldapdb-buffer patches - from debian. - -*cyrus-sasl-2.1.23-r7 (14 Jul 2013) - - 14 Jul 2013; Eray Aslan +cyrus-sasl-2.1.23-r7.ebuild, - +files/cyrus-sasl-2.1.23-CVE-2013-4122.patch: - Security bump - bug #476764 - -*cyrus-sasl-2.1.26-r2 (13 Jul 2013) - - 13 Jul 2013; Pacho Ramos +cyrus-sasl-2.1.26-r2.ebuild, - +files/cyrus-sasl.conf, +files/pwcheck.service, +files/saslauthd-2.1.26.conf, - +files/saslauthd.service, +files/saslauthd2.rc7: - Install unit file (#466376) - - 24 Apr 2013; Eray Aslan cyrus-sasl-2.1.25-r4.ebuild, - cyrus-sasl-2.1.26-r1.ebuild: - Do not use automake-1.13 until fixed - bug #466994 - - 11 Mar 2013; Eray Aslan -cyrus-sasl-2.1.25-r3.ebuild, - -cyrus-sasl-2.1.26.ebuild: - Remove old - - 01 Mar 2013; Agostino Sarubbo cyrus-sasl-2.1.25-r4.ebuild: - Stable for sh, wrt bug #457688 - - 28 Feb 2013; Jeroen Roovers cyrus-sasl-2.1.25-r4.ebuild: - Stable for HPPA (bug #457688). - - 23 Feb 2013; Eray Aslan cyrus-sasl-2.1.26-r1.ebuild: - Fix preserve_old_lib call - bug #458804 - - 23 Feb 2013; Eray Aslan - files/cyrus-sasl-2.1.26-missing-size_t.patch: - Commit forgotton patch - - 23 Feb 2013; Lars Wendler - +files/cyrus-sasl-2.1.26-missing-size_t.patch: - Added forgotten patch from previous commit. - -*cyrus-sasl-2.1.26-r1 (23 Feb 2013) - - 23 Feb 2013; Eray Aslan +cyrus-sasl-2.1.26-r1.ebuild: - Add missing header - bug #458790 - -*cyrus-sasl-2.1.26 (22 Feb 2013) - - 22 Feb 2013; Eray Aslan +cyrus-sasl-2.1.26.ebuild: - Version bump - bug #447984 - - 21 Feb 2013; Agostino Sarubbo cyrus-sasl-2.1.25-r4.ebuild: - Stable for ia64, wrt bug #457688 - - 20 Feb 2013; Agostino Sarubbo cyrus-sasl-2.1.25-r4.ebuild: - Stable for s390, wrt bug #457688 - - 20 Feb 2013; Eray Aslan cyrus-sasl-2.1.25-r4.ebuild: - Add net-mail/mailbase to DEPEND - bug #458408 - - 19 Feb 2013; Agostino Sarubbo cyrus-sasl-2.1.25-r4.ebuild: - Stable for arm, wrt bug #457688 - - 18 Feb 2013; Agostino Sarubbo cyrus-sasl-2.1.25-r4.ebuild: - Stable for ppc64, wrt bug #457688 - - 18 Feb 2013; Agostino Sarubbo cyrus-sasl-2.1.25-r4.ebuild: - Stable for ppc, wrt bug #457688 - - 15 Feb 2013; Agostino Sarubbo cyrus-sasl-2.1.25-r4.ebuild: - Stable for alpha, wrt bug #457688 - - 15 Feb 2013; Agostino Sarubbo cyrus-sasl-2.1.25-r4.ebuild: - Stable for sparc, wrt bug #457688 - - 15 Feb 2013; Agostino Sarubbo cyrus-sasl-2.1.25-r4.ebuild: - Stable for x86, wrt bug #457688 - - 15 Feb 2013; Agostino Sarubbo cyrus-sasl-2.1.25-r4.ebuild: - Stable for amd64, wrt bug #457688 - - 04 Jan 2013; Eray Aslan -cyrus-sasl-2.1.25-r1.ebuild, - -cyrus-sasl-2.1.25-r2.ebuild, -cyrus-sasl-2.1.25.ebuild: - Drop old - - 01 Jan 2013; Raúl Porcel cyrus-sasl-2.1.25-r3.ebuild: - s390/sh stable wrt #445208 - - 30 Dec 2012; Agostino Sarubbo cyrus-sasl-2.1.25-r3.ebuild: - Stable for alpha, wrt bug #445208 - - 29 Dec 2012; Agostino Sarubbo cyrus-sasl-2.1.25-r3.ebuild: - Stable for sparc, wrt bug #445208 - - 21 Dec 2012; Eray Aslan cyrus-sasl-2.1.23-r6.ebuild, - cyrus-sasl-2.1.25-r1.ebuild, cyrus-sasl-2.1.25-r2.ebuild, - cyrus-sasl-2.1.25-r3.ebuild, cyrus-sasl-2.1.25-r4.ebuild, - cyrus-sasl-2.1.25.ebuild: - Fix license - bug #447272 - - 18 Dec 2012; Agostino Sarubbo cyrus-sasl-2.1.25-r3.ebuild: - Stable for ia64, wrt bug #445208 - - 09 Dec 2012; Agostino Sarubbo cyrus-sasl-2.1.25-r3.ebuild: - Stable for ppc64, wrt bug #445208 - - 06 Dec 2012; Pawel Hajdan jr - cyrus-sasl-2.1.25-r3.ebuild: - x86 stable wrt bug #445208 - -*cyrus-sasl-2.1.25-r4 (05 Dec 2012) - - 05 Dec 2012; Eray Aslan +cyrus-sasl-2.1.25-r4.ebuild, - +files/cyrus-sasl-2.1.25-service_keytabs.patch: - Service keytabs should work with mit-krb5 now - bug #445932 - - 01 Dec 2012; Anthony G. Basile - cyrus-sasl-2.1.25-r3.ebuild: - stable arm, bug #445208 - - 30 Nov 2012; cyrus-sasl-2.1.25-r3.ebuild: - Stable for amd64, wrt bug #445208 - - 29 Nov 2012; Brent Baude cyrus-sasl-2.1.25-r3.ebuild: - Marking cyrus-sasl-2.1.25-r3 ppc for bug 445208 - - 29 Nov 2012; Jeroen Roovers cyrus-sasl-2.1.25-r3.ebuild: - Stable for HPPA (bug #445208). - - 05 Nov 2012; Eray Aslan cyrus-sasl-2.1.23-r6.ebuild, - cyrus-sasl-2.1.25-r1.ebuild, cyrus-sasl-2.1.25-r2.ebuild, - cyrus-sasl-2.1.25-r3.ebuild, cyrus-sasl-2.1.25.ebuild: - License as-is -> BSD-4 - -*cyrus-sasl-2.1.25-r3 (11 Jul 2012) - - 11 Jul 2012; Eray Aslan +cyrus-sasl-2.1.25-r3.ebuild: - Fix building with sqlite USE flag - bug #424769 - - 29 May 2012; Alexis Ballier - cyrus-sasl-2.1.25-r2.ebuild: - keyword ~amd64-fbsd - - 09 Mar 2012; Eray Aslan -cyrus-sasl-2.1.23-r1.ebuild, - -cyrus-sasl-2.1.23-r2.ebuild, -cyrus-sasl-2.1.23-r3.ebuild, - -cyrus-sasl-2.1.23-r4.ebuild, -cyrus-sasl-2.1.23-r5.ebuild: - remove old - - 08 Mar 2012; Brent Baude cyrus-sasl-2.1.23-r6.ebuild: - Marking cyrus-sasl-2.1.23-r6 ppc64 for bug 393387 - -*cyrus-sasl-2.1.25-r2 (21 Feb 2012) - - 21 Feb 2012; Eray Aslan +cyrus-sasl-2.1.25-r2.ebuild, - +files/cyrus-sasl-2.1.25-get_fqhostname.patch: - Fix failing get_fqhostname() - bug #405097 - -*cyrus-sasl-2.1.25-r1 (12 Jan 2012) - - 12 Jan 2012; Eray Aslan +cyrus-sasl-2.1.25-r1.ebuild, - +files/cyrus-sasl-2.1.25-auxprop.patch: - fix PLAIN and LOGIN with no auxprop - bug #392761 - - 04 Jan 2012; Brent Baude cyrus-sasl-2.1.23-r6.ebuild: - Marking cyrus-sasl-2.1.23-r6 ppc for bug 393387 - - 17 Dec 2011; Raúl Porcel cyrus-sasl-2.1.23-r6.ebuild: - alpha/ia64/s390/sh/sparc stable wrt #393387 - - 14 Dec 2011; Markus Meier cyrus-sasl-2.1.23-r6.ebuild: - arm stable, bug #393387 - - 14 Dec 2011; Pawel Hajdan jr - cyrus-sasl-2.1.23-r6.ebuild: - x86 stable wrt bug #393387 - - 12 Dec 2011; Agostino Sarubbo cyrus-sasl-2.1.23-r6.ebuild: - Stable for AMD64, wrt bug #393387 - - 12 Dec 2011; Jeroen Roovers cyrus-sasl-2.1.23-r6.ebuild: - Stable for HPPA (bug #393387). - - 05 Dec 2011; Eray Aslan cyrus-sasl-2.1.25.ebuild: - Preserve old lib and add revdep-rebuild warning - -*cyrus-sasl-2.1.25 (30 Nov 2011) - - 30 Nov 2011; Eray Aslan +cyrus-sasl-2.1.25.ebuild, - +files/cyrus-sasl-2.1.25-as_needed.patch, - +files/cyrus-sasl-2.1.25-autotools_fixes.patch, - +files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch, - +files/cyrus-sasl-2.1.25-fix_heimdal.patch, - +files/cyrus-sasl-2.1.25-gssapi.patch, - +files/cyrus-sasl-2.1.25-lib_before_plugin.patch, - +files/cyrus-sasl-2.1.25-missing_header.patch, - +files/cyrus-sasl-2.1.25-saslauthd_libtool.patch, - +files/cyrus-sasl-2.1.25-sasldb_al.patch: - Version bump. Add ldapdb USE flag - bug #320893 - -*cyrus-sasl-2.1.23-r6 (06 Nov 2011) - - 06 Nov 2011; Eray Aslan +cyrus-sasl-2.1.23-r6.ebuild, - +files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch: - Detect >=heimdal-1.4 correctly - bug #389349. Thanks to Rafał Mużyło. - - 03 Nov 2011; Naohiro Aota cyrus-sasl-2.1.23-r5.ebuild: - Add ~x86-fbsd. Bug #372433 - - 09 Sep 2011; Jeroen Roovers cyrus-sasl-2.1.23-r4.ebuild: - Stable for HPPA (bug #372435). - -*cyrus-sasl-2.1.23-r5 (02 Sep 2011) - - 02 Sep 2011; Eray Aslan +cyrus-sasl-2.1.23-r5.ebuild, - +files/cyrus-sasl-2.1.23-rimap-loop.patch: - Patch for rimap quote loop - bug #381427 - - 05 Aug 2011; Eray Aslan files/pwcheck.rc6: - remove deprecated oknodo from init script - bug #377767 - - 24 Jul 2011; Raúl Porcel cyrus-sasl-2.1.23-r4.ebuild: - alpha/ia64/s390/sh/sparc stable wrt #372435 - - 23 Jul 2011; Kacper Kowalik - cyrus-sasl-2.1.23-r4.ebuild: - ppc64 stable wrt #372435 - - 13 Jul 2011; Markus Meier cyrus-sasl-2.1.23-r4.ebuild: - x86 stable, bug #372435 - - 26 Jun 2011; Markus Meier cyrus-sasl-2.1.23-r4.ebuild: - arm stable, bug #372435 - - 22 Jun 2011; Brent Baude cyrus-sasl-2.1.23-r4.ebuild: - Marking cyrus-sasl-2.1.23-r4 ppc for bug 372435 - - 22 Jun 2011; Markos Chandras - cyrus-sasl-2.1.23-r4.ebuild: - Stable on amd64 wrt bug #372435 - - 21 Jun 2011; Eray Aslan cyrus-sasl-2.1.23-r4.ebuild: - Drop ~x86-fbsd - bug #372433 - -*cyrus-sasl-2.1.23-r4 (10 May 2011) - - 10 May 2011; Eray Aslan - +files/cyrus-sasl-2.1.21-keytab.patch, +cyrus-sasl-2.1.23-r4.ebuild: - Add kerberos keytab support - bug 337163. Thanks to Georgi Georgiev. - - 09 May 2011; Eray Aslan cyrus-sasl-2.1.23-r3.ebuild, - metadata.xml: - Change ldap USE flag to openldap bug #261855 - -*cyrus-sasl-2.1.23-r3 (08 May 2011) - - 08 May 2011; Eray Aslan - +files/cyrus-sasl-0001_versioned_symbols.patch, +cyrus-sasl-2.1.23-r3.ebuild, - +files/cyrus-sasl-0002_testsuite.patch, - +files/cyrus-sasl-0006_library_mutexes.patch, - +files/cyrus-sasl-0008_one_time_sasl_set_alloc.patch, - +files/cyrus-sasl-0010_maintainer_mode.patch, - +files/cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch, - +files/cyrus-sasl-0012_xopen_crypt_prototype.patch, - +files/cyrus-sasl-0014_avoid_pic_overwrite.patch, - +files/cyrus-sasl-0016_pid_file_lock_creation_mask.patch, - +files/cyrus-sasl-0026_drop_krb5support_dependency.patch: - Drop sqlite USE flag bug #245072. Drop pg_config from configure script bug - #296391. Cherry pick and add debian patches. EAPI bump. - - 08 May 2011; Eray Aslan -cyrus-sasl-2.1.22-r2.ebuild, - -cyrus-sasl-2.1.23.ebuild: - remove old - -*cyrus-sasl-2.1.23-r2 (10 Jan 2011) - - 10 Jan 2011; Diego E. Pettenò - +cyrus-sasl-2.1.23-r2.ebuild, +files/cyrus-sasl-2.1.23+db-5.0.patch: - Fix building with berkdb-5.0; thanks to Alec M. in bug #319935 for the build - patch. Use db-use to identify which version of db to use. - - 17 Jun 2010; Patrick Lauer - cyrus-sasl-2.1.22-r2.ebuild, cyrus-sasl-2.1.23.ebuild, - cyrus-sasl-2.1.23-r1.ebuild: - Migrating away from deprecated postgres virtuals - - 29 Apr 2010; Markos Chandras - cyrus-sasl-2.1.23-r1.ebuild: - Revert my previous commit - - 28 Apr 2010; Markos Chandras - cyrus-sasl-2.1.23-r1.ebuild: - Fix typo on pkg_config - - 11 Dec 2009; Raúl Porcel - cyrus-sasl-2.1.23-r1.ebuild: - ia64/s390/sh/sparc stable wrt #289481 - - 18 Nov 2009; Brent Baude cyrus-sasl-2.1.23-r1.ebuild: - Marking cyrus-sasl-2.1.23-r1 ppc64 for bug 289481 - - 10 Nov 2009; Markus Meier cyrus-sasl-2.1.23-r1.ebuild: - arm stable, bug #289481 - - 03 Nov 2009; Jeroen Roovers cyrus-sasl-2.1.23-r1.ebuild: - Stable for HPPA (bug #289481). - - 01 Nov 2009; nixnut cyrus-sasl-2.1.23-r1.ebuild: - ppc stable #289481 - - 30 Oct 2009; Markus Meier cyrus-sasl-2.1.23-r1.ebuild: - amd64/x86 stable, bug #289481 - - 27 Oct 2009; Tobias Klausmann - cyrus-sasl-2.1.23-r1.ebuild: - Stable on alpha, bug #289481 - - 17 Oct 2009; Petteri Räty - cyrus-sasl-2.1.23-r1.ebuild: - Remove >=virtual/jre-1.4 from DEPEND in order to fix bug #273071. - -*cyrus-sasl-2.1.23-r1 (17 Aug 2009) - - 17 Aug 2009; Mike Frysinger - +files/cyrus-sasl-2.1.23-authd-fix.patch, +cyrus-sasl-2.1.23-r1.ebuild: - Fix USE=postgres handling, add USE=sqlite support, use latest autotools, - and cleanup ebuild in general. - - 30 Jun 2009; Raúl Porcel cyrus-sasl-2.1.23.ebuild: - arm/ia64/s390/sh/sparc stable wrt #270261 - - 27 Jun 2009; Richard Freeman cyrus-sasl-2.1.23.ebuild: - amd64 stable - 270261 - - 27 Jun 2009; Brent Baude cyrus-sasl-2.1.23.ebuild: - Marking cyrus-sasl-2.1.23 ppc64 and ppc for bug 270261 - - 27 Jun 2009; Christian Faulhammer - cyrus-sasl-2.1.23.ebuild: - stable x86, security bug 270261 - - 26 Jun 2009; Tobias Klausmann - cyrus-sasl-2.1.23.ebuild: - Stable on alpha, bug #270261 - - 25 Jun 2009; Tobias Scherbaum - cyrus-sasl-2.1.23.ebuild: - Update ntlm_impl-spnego.patch, bug #273572, updated patch by Dmitry Karasik - - 25 Jun 2009; Jeroen Roovers cyrus-sasl-2.1.23.ebuild: - Stable for HPPA (bug #270261). - -*cyrus-sasl-2.1.23 (18 May 2009) - - 18 May 2009; Tobias Scherbaum - +cyrus-sasl-2.1.23.ebuild: - Version bump, p.masked though for ABI change without soname change (security - bug #270261) - - 08 May 2009; Peter Alfredsen - cyrus-sasl-2.1.22-r2.ebuild, +files/cyrus-sasl-2.1.22-gcc44.patch: - Fix gcc-4.4 compatibility, bug 248738. Thanks to dirtyepic for the patch. - - 06 Aug 2008; Ulrich Mueller metadata.xml: - Add USE flag description to metadata wrt GLEP 56. - - 19 May 2008; Tiziano Müller - cyrus-sasl-2.1.22-r2.ebuild: - Changed dependency for postgresql to virtual/postgresql-base - - 15 Mar 2008; Tobias Scherbaum - -cyrus-sasl-2.1.22.ebuild, -cyrus-sasl-2.1.22-r1.ebuild: - Drop old versions and therefore revert the mips stable keyword as per - #209999 - - 28 Oct 2007; Torsten Veller - +files/cyrus-sasl-2.1.22-db4.patch, cyrus-sasl-2.1.22-r2.ebuild: - Support latest sys-libs/db versions. Thanks Tuan Van in #192753. - - 19 Jun 2007; Raúl Porcel - cyrus-sasl-2.1.22-r2.ebuild: - alpha stable wrt #169512 - - 03 May 2007; Andrej Kacian cyrus-sasl-2.1.22-r2.ebuild: - Require libpq instead of posgresql for postgres USE flag. - - 16 Apr 2007; Christian Faulhammer - cyrus-sasl-2.1.22-r2.ebuild: - stable amd64, bug 169512 - - 07 Apr 2007; Luca Longinotti - files/saslauthd-2.1.21.conf, files/saslauthd2.rc6, files/pwcheck.rc6, - metadata.xml, cyrus-sasl-2.1.22-r2.ebuild: - General ebuild cleanup (comments/style). Fix issue in comment #3 of bug - #134437. - - 12 Mar 2007; Jeroen Roovers cyrus-sasl-2.1.22-r2.ebuild: - Stable for HPPA (bug #169512). - - 12 Mar 2007; Markus Rothe - cyrus-sasl-2.1.22-r2.ebuild: - Stable on ppc64; bug #169512 - - 08 Mar 2007; Tobias Scherbaum - cyrus-sasl-2.1.22-r2.ebuild: - Stable on ppc wrt bug #169512. - - 08 Mar 2007; Gustavo Zacarias ChangeLog: - Fix manifest - - 08 Mar 2007; Gustavo Zacarias - cyrus-sasl-2.1.22-r2.ebuild: - Stable on sparc wrt #169512 - - 08 Mar 2007; Christian Faulhammer - cyrus-sasl-2.1.22-r2.ebuild: - stable x86; bug 169512 - - 07 Mar 2007; Petteri Räty - cyrus-sasl-2.1.22-r2.ebuild: - Add a call for java-pkg-opt-2_pkg_setup to pkg_setup so that we can get away - with the hooks some day. - - 03 Mar 2007; Marius Mauch cyrus-sasl-2.1.22.ebuild, - cyrus-sasl-2.1.22-r1.ebuild, cyrus-sasl-2.1.22-r2.ebuild: - Replacing einfo with elog - - 18 Feb 2007; Torsten Veller cyrus-sasl-2.1.22.ebuild: - Removed ROOT (#167271) and set KEYWORDS="mips" - -*cyrus-sasl-2.1.22-r2 (03 Feb 2007) - - 03 Feb 2007; Alon Bar-Lev - +files/cyrus-sasl-2.1.22-qa.patch, +cyrus-sasl-2.1.22-r2.ebuild: - Fixed QA issues, migrate to new java build system bug#146647 - - 08 Jan 2007; Torsten Veller - -files/cyrus-sasl-2.1.20-configdir.patch, - -files/cyrus-sasl-2.1.20-gcc4.patch, -files/saslauthd-2.1.20.conf, - -files/cyrus-sasl-2.1.21-configure.patch, -files/saslauthd.pam, - -cyrus-sasl-2.1.21-r2.ebuild, -cyrus-sasl-2.1.21-r3.ebuild, - cyrus-sasl-2.1.22.ebuild, cyrus-sasl-2.1.22-r1.ebuild: - Fixing #160158 and removing unneeded files. - - 08 Jan 2007; Diego Pettenò - cyrus-sasl-2.1.21-r2.ebuild, cyrus-sasl-2.1.21-r3.ebuild, - cyrus-sasl-2.1.22.ebuild, cyrus-sasl-2.1.22-r1.ebuild: - Add inherit pam. - - 05 Jan 2007; Diego Pettenò - cyrus-sasl-2.1.21-r2.ebuild, cyrus-sasl-2.1.21-r3.ebuild, - cyrus-sasl-2.1.22.ebuild: - Remove gnuconfig_update usage, leave it to econf. - - 10 Dec 2006; Torsten Veller cyrus-sasl-2.1.22-r1.ebuild: - Change echo to ewarn (#153685) - - 23 Nov 2006; Francesco Riosa - cyrus-sasl-2.1.21-r2.ebuild, cyrus-sasl-2.1.21-r3.ebuild, - cyrus-sasl-2.1.22.ebuild, cyrus-sasl-2.1.22-r1.ebuild: - dev-db/mysql => virtual/mysql - - 15 Nov 2006; Markus Rothe - cyrus-sasl-2.1.22-r1.ebuild: - Stable on ppc64; bug #152544 - - 06 Nov 2006; Jeroen Roovers cyrus-sasl-2.1.22-r1.ebuild: - Stable for HPPA (bug #152544). - - 04 Nov 2006; Tobias Scherbaum - cyrus-sasl-2.1.22-r1.ebuild: - ppc stable, bug #152544 - - 31 Oct 2006; Chris White - cyrus-sasl-2.1.22-r1.ebuild: - Amd64 stable for bug #152544. - - 30 Oct 2006; Roy Marples cyrus-sasl-2.1.22.ebuild, - cyrus-sasl-2.1.22-r1.ebuild: - Added ~sparc-fbsd keyword. - - 30 Oct 2006; Torsten Veller cyrus-sasl-2.1.22-r1.ebuild: - Stable on x86 (#152544) - - 30 Oct 2006; Jason Wever cyrus-sasl-2.1.22-r1.ebuild: - Stable on SPARC wrt bug #152544. - - 29 Oct 2006; Fernando J. Pereda - cyrus-sasl-2.1.22-r1.ebuild: - Stable on alpha as per bug #152544. - -*cyrus-sasl-2.1.22-r1 (29 Oct 2006) - - 29 Oct 2006; Fernando J. Pereda - +files/cyrus-sasl-2.1.22-crypt.patch, +cyrus-sasl-2.1.22-r1.ebuild: - Fix for bug #152544. Thanks to everybody that helped there. - - 23 Oct 2006; Diego Pettenò - cyrus-sasl-2.1.22.ebuild: - Fix autotools rebuilding, force automake 1.9 because it does not work with - 1.10. Closes bug #148207. - - 15 Oct 2006; Bryan Østergaard - cyrus-sasl-2.1.22.ebuild: - Stable on ia64. - - 12 Oct 2006; Simon Stelling cyrus-sasl-2.1.22.ebuild: - specify pgsql libdir for bug 133551 - - 28 Sep 2006; Fernando J. Pereda - cyrus-sasl-2.1.22.ebuild: - Stable on alpha as per bug #142650 - - 26 Sep 2006; Gustavo Zacarias - cyrus-sasl-2.1.22.ebuild: - Stable on hppa wrt #142650 - - 16 Sep 2006; Tobias Scherbaum - cyrus-sasl-2.1.22.ebuild: - ppc stable - - 11 Sep 2006; Tuấn Văn -cyrus-sasl-2.1.20.ebuild: - security cleanup, bug #140514. - - 06 Sep 2006; Joshua Jackson cyrus-sasl-2.1.22.ebuild: - Stable x86; bug #142650 - - 05 Sep 2006; Gustavo Zacarias - cyrus-sasl-2.1.22.ebuild: - Stable on sparc wrt #142650 - - 04 Sep 2006; Markus Rothe cyrus-sasl-2.1.22.ebuild: - Stable on ppc64; bug #142650 - - 03 Sep 2006; Joshua Kinard cyrus-sasl-2.1.22.ebuild: - Marked stable on mips. - - 03 Sep 2006; cyrus-sasl-2.1.22.ebuild: - stable on amd64 - -*cyrus-sasl-2.1.21-r3 (04 Aug 2006) - - 04 Aug 2006; Tuấn Văn - +cyrus-sasl-2.1.21-r3.ebuild, cyrus-sasl-2.1.22.ebuild: - comply to the new java thingy. Bug #142650, #142708. - - 15 Jul 2006; Tuấn Văn -files/2.1.14-db4.patch, - -files/saslauthd-2.1.19.conf, -files/2.1.14-kerberos.patch, - -files/2.1.14-mysql.patch, -files/cyrus-sasl-1.5.21-des.patch, - -files/cyrus-sasl-1.5.24-rpath.patch, - -files/cyrus-sasl-1.5.27-scram.patch, - -files/cyrus-sasl-2.1.17-configdir.patch, - -files/cyrus-sasl-2.1.17-db4.patch, - -files/cyrus-sasl-2.1.18-cvs-1.172.patch, - -files/cyrus-sasl-2.1.18-db4.patch, - -files/cyrus-sasl-2.1.18-pam_mysql.patch, - -files/cyrus-sasl-2.1.18-sasl-path-fix.patch, - -files/cyrus-sasl-2.1.19-configdir.patch, - -files/cyrus-sasl-2.1.19-sasl-path-fix.patch, - -files/cyrus-sasl-configdir.patch, -files/cyrus-sasl-gcc32.patch, - -files/cyrus-sasl-heimdal-deps.patch, -files/cyrus-sasl-saslauthd.patch, - -files/saslauthd.conf, -files/saslauthd.rc6, -files/saslauthd2.conf: - remove unused files. - - 15 Jul 2006; Tuấn Văn - -cyrus-sasl-2.1.18-r2.ebuild, -cyrus-sasl-2.1.19-r1.ebuild, - -cyrus-sasl-2.1.20-r1.ebuild, -cyrus-sasl-2.1.20-r2.ebuild, - -cyrus-sasl-2.1.20-r3.ebuild, -cyrus-sasl-2.1.21.ebuild, - -cyrus-sasl-2.1.21-r1.ebuild: - Security cleanup. Bug #140514 - - 25 May 2006; Tuấn Văn cyrus-sasl-2.1.22.ebuild: - move the block generates sasldb2 to pkg_postinst. - -*cyrus-sasl-2.1.22 (25 May 2006) - - 25 May 2006; Tuấn Văn - +files/cyrus-sasl-2.1.22-as-needed.patch, +cyrus-sasl-2.1.22.ebuild: - Add --enable-auth-sasldb to myconf. - Requested by Gary Richards , bug #129170. - Add patch to support as-needed. - Report by Prakash Punnoor , bug #116458. - Do not generate /etc/sasl2/sasldb2 if found. Tidy. - NOTE: imtest from cyrus-imapd <2.3.6 is not compatible with this release. - - 27 Apr 2006; Marien Zwart - files/digest-cyrus-sasl-2.1.18-r2, files/digest-cyrus-sasl-2.1.19-r1, - files/digest-cyrus-sasl-2.1.20, files/digest-cyrus-sasl-2.1.20-r1, - files/digest-cyrus-sasl-2.1.20-r2, files/digest-cyrus-sasl-2.1.21, - files/digest-cyrus-sasl-2.1.21-r1, files/digest-cyrus-sasl-2.1.21-r2, - Manifest: - Fixing SHA256 digest, pass four - - 15 Apr 2006; Simon Stelling - cyrus-sasl-2.1.21-r2.ebuild: - stable on amd64 wrt bug 129523 - - 15 Apr 2006; Tobias Scherbaum - cyrus-sasl-2.1.21-r2.ebuild: - ppc stable, bug #129523 - - 14 Apr 2006; Rene Nussbaumer - cyrus-sasl-2.1.21-r2.ebuild: - Stable on hppa. See bug #129523. - - 11 Apr 2006; Markus Rothe - cyrus-sasl-2.1.21-r2.ebuild: - Stable on ppc64; bug #129523 - - 11 Apr 2006; Gustavo Zacarias - cyrus-sasl-2.1.21-r2.ebuild: - Stable on sparc wrt security #129523 - - 11 Apr 2006; Chris Gianelloni - cyrus-sasl-2.1.21-r2.ebuild: - Stable on x86 wrt bug #129523. - - 10 Apr 2006; Fernando J. Pereda - cyrus-sasl-2.1.21-r2.ebuild: - Stable on alpha wrt bug #129523 - - 01 Apr 2006; Diego Pettenò - cyrus-sasl-2.1.21-r2.ebuild: - Add ~x86-fbsd keyword. - - 24 Feb 2006; Tuấn Văn - files/digest-cyrus-sasl-2.1.20-r3, Manifest: - fix digest. Thannks to ciaranm. Bugs #123922. - - 07 Dec 2005; Benjamin Smee - cyrus-sasl-2.1.21-r2.ebuild: - changes for bug #110066 and bug #114719 - -*cyrus-sasl-2.1.21-r2 (30 Nov 2005) - - 30 Nov 2005; Benjamin Smee - +files/cyrus-sasl-2.1.21-configure.patch, +cyrus-sasl-2.1.21-r2.ebuild: - Patch for building with openldap 2.3.x as per bug #113914 - - 06 Nov 2005; Fernando J. Pereda - cyrus-sasl-2.1.21-r1.ebuild: - removed static use flag wrt bug #94137 - - 06 Nov 2005; Fernando J. Pereda - cyrus-sasl-2.1.21-r1.ebuild: - typo fixed, no bump needed wrt bug #45181 - - 06 Nov 2005; MATSUU Takuto cyrus-sasl-2.1.21.ebuild, - cyrus-sasl-2.1.21-r1.ebuild: - Added ~sh to KEYWORDS. - - 12 Oct 2005; Benjamin Smee files/saslauthd.rc6: - change to init script as per bug #109017 - - 02 Oct 2005; MATSUU Takuto cyrus-sasl-2.1.20.ebuild: - Stable on sh. - - 02 Jul 2005; Diego Pettenò - cyrus-sasl-2.1.18-r2.ebuild: - sys-libs/pam_mysql -> sys-auth/pam_mysql - -*cyrus-sasl-2.1.21-r1 (07 Jun 2005) - - 07 Jun 2005; Tuấn Văn - +cyrus-sasl-2.1.21-r1.ebuild: - add option to build auxprop plugin. Bug #95165. - add help message if USE=authdaemond. Bug #82316. - - 03 Jun 2005; Tuấn Văn - cyrus-sasl-2.1.20-r3.ebuild, cyrus-sasl-2.1.21.ebuild: - Don't try to create /etc/sasl2/sasldb if -berkdb and -gdbm. - -*cyrus-sasl-2.1.21 (25 May 2005) - - 25 May 2005; Fernando J. Pereda - +cyrus-sasl-2.1.21.ebuild: - version bump, wrt #93772; also fixes #79864 - - 23 May 2005; Fernando J. Pereda - cyrus-sasl-2.1.20-r3.ebuild: - use tabs instead of spaces to indent - - 23 May 2005; Fernando J. Pereda - cyrus-sasl-2.1.20-r3.ebuild: - typo fixed, wrt #93636. Thanks to Jonathan Adamczewski - -*cyrus-sasl-2.1.20-r3 (20 May 2005) - - 20 May 2005; Fernando J. Pereda - +files/saslauthd.pam-include, +cyrus-sasl-2.1.20-r3.ebuild: - opempam compatibility, fixes #93167. Thanks to flameeyes - - 05 May 2005; Sven Wegener - cyrus-sasl-2.1.20-r2.ebuild: - Added missing parentheses to SRC_URI. - - 24 Apr 2005; Michael Hanselmann - cyrus-sasl-2.1.20.ebuild: - Stable on ppc. - - 08 Apr 2005; Markus Rothe cyrus-sasl-2.1.20.ebuild: - Stable on ppc64 - - 19 Feb 2005; Michael Hanselmann - cyrus-sasl-2.1.20.ebuild: - Stable on hppa. - - 17 Feb 2005; Jeremy Huddleston - cyrus-sasl-2.1.20-r2.ebuild: - Multilib cleanup. - - 15 Feb 2005; Fernando J. Pereda - -files/cyrus-sasl-ntlm_impl-spnego.patch.gz, cyrus-sasl-2.1.20-r2.ebuild: - Move the ntlm patch out of the CVS - - 15 Feb 2005; Fernando J. Pereda - cyrus-sasl-2.1.20-r2.ebuild: - Add missing samba dependency - -*cyrus-sasl-2.1.20-r2 (15 Feb 2005) - - 15 Feb 2005; Fernando J. Pereda - +files/cyrus-sasl-2.1.19-checkpw.c.patch, - +files/cyrus-sasl-ntlm_impl-spnego.patch.gz, +cyrus-sasl-2.1.20-r2.ebuild: - Fix bugs #46038,#45181,#81970,#81342. Adding urandom,srp,crypt and - ntlm_unsupported_patch use flags and its patches. - - 06 Feb 2005; Joshua Kinard cyrus-sasl-2.1.20.ebuild: - Marked stable on mips. - - 24 Jan 2005; Tuấn Văn - cyrus-sasl-2.1.20-r1.ebuild, cyrus-sasl-2.1.20.ebuild: - add fix for double spaces in CFLAGS. Bug #75538. - add ccache to the list of FEATURES that parallel build fail. Bug #78643. - - 23 Dec 2004; Andrej Kacian cyrus-sasl-2.1.20-r1.ebuild: - Really fix #64733. - -*cyrus-sasl-2.1.20-r1 (23 Dec 2004) - - 23 Dec 2004; Andrej Kacian - +cyrus-sasl-2.1.20-r1.ebuild: - Added sample local USE flag to enable building of sample client and server. - See bug #64733, reported by Warren Howard . - - 21 Dec 2004; Bryan Østergaard - cyrus-sasl-2.1.20.ebuild: - Stable on alpha. - - 16 Dec 2004; Bryan Østergaard - cyrus-sasl-2.1.20.ebuild: - Fix alpha compilation, bug 69112. - - 16 Dec 2004; Dylan Carlson cyrus-sasl-2.1.20.ebuild: - Stable on amd64. - - 24 Nov 2004; Gustavo Zacarias - cyrus-sasl-2.1.20.ebuild: - Stable on sparc - - 16 Nov 2004; Tuan Van cyrus-sasl-2.1.20.ebuild: - Add mail-mta/courier as a qualified dep for authdaemond USE. - x86 keyword. - - 07 Nov 2004; Joshua Kinard cyrus-sasl-2.1.19-r1.ebuild: - Marked stable on mips. - - 30 Oct 2004; Tuan Van +files/saslauthd-2.1.20.conf, - -cyrus-sasl-1.5.27-r5.ebuild, -cyrus-sasl-1.5.27-r6.ebuild, - -cyrus-sasl-2.1.14.ebuild, -cyrus-sasl-2.1.17.ebuild, - -cyrus-sasl-2.1.18.ebuild, cyrus-sasl-2.1.20.ebuild: - add die, add missing file, remove old ebuilds. - - 27 Oct 2004; Jeremy Huddleston - +files/cyrus-sasl-2.1.20-gcc4.patch, cyrus-sasl-2.1.20.ebuild: - gcc-4.0 fix - -*cyrus-sasl-2.1.20 (26 Oct 2004) - - 26 Oct 2004; Tuan Van - +files/cyrus-sasl-2.1.20-configdir.patch, +cyrus-sasl-2.1.20.ebuild: - version bump. - - 19 Oct 2004; Dylan Carlson - cyrus-sasl-2.1.19-r1.ebuild: - Stable on amd64. - - 13 Oct 2004; Guy Martin cyrus-sasl-2.1.19-r1.ebuild: - Stable on hppa. - - 09 Oct 2004; Christian Birchinger - cyrus-sasl-2.1.19-r1.ebuild: - Added sparc stable keyword - - 04 Oct 2004; Tuan Van cyrus-sasl-2.1.19-r1.ebuild: - remove !arch? in *DEPEND, use.mask instead. - Stable on x86. - - 27 Sep 2004; Tuan Van cyrus-sasl-2.1.19-r1.ebuild: - sync IUSE. - - 19 Sep 2004; Joshua Kinard cyrus-sasl-2.1.18-r2.ebuild: - Marked stable on mips. - - 06 Sep 2004; Ciaran McCreesh - cyrus-sasl-2.1.19-r1.ebuild: - Switch to use epause and ebeep, bug #62950 - -*cyrus-sasl-2.1.19-r1 (29 Aug 2004) - - 29 Aug 2004; Tuan Van +files/java.README.gentoo, - +cyrus-sasl-2.1.19-r1.ebuild: - revision bump to fix the following bugs. - Bug #58768: add testsaslauthd. Thanks to steveb . - Bug #60769: fix java classes installation. Thanks to Paul de Vrieze - and Thomas Matthijs . - - 14 Aug 2004; Tom Gall cyrus-sasl-2.1.18-r2.ebuild: - stable on ppc64, bug #56016 - - 10 Aug 2004; Tuan Van cyrus-sasl-2.1.18-r2.ebuild, - cyrus-sasl-2.1.19.ebuild: - add --without-des if ! use ssl. Resolve bug #59634. - - 26 Jul 2004; Tuan Van cyrus-sasl-2.1.19.ebuild: - default to gdbm for SASLdb database backend if both berkdb and gdbm in - USE. - - 21 Jul 2004; Tuan Van cyrus-sasl-2.1.19.ebuild: - re-keywords, touchup ready to remove hardmask. - - 21 Jul 2004; Daniel Ostrow cyrus-sasl-2.1.18-r2.ebuild: - Stable on ppc. - -*cyrus-sasl-2.1.19 (16 Jul 2004) - - 16 Jul 2004; Tuan Van - +files/cyrus-sasl-2.1.19-configdir.patch, - +files/cyrus-sasl-2.1.19-sasl-path-fix.patch, +files/saslauthd-2.1.19.conf, - +cyrus-sasl-2.1.19.ebuild: - version bump. - -*cyrus-sasl-2.1.18-r2 (07 Jul 2004) - - 07 Jul 2004; Cory Visi cyrus-sasl-2.1.18-r1.ebuild, - cyrus-sasl-2.1.18-r2.ebuild, files/cyrus-sasl-2.1.18-sasl-path-fix.patch: - Fixed patch to close Bug 56389, revision bump to make sure everyone get's the fix. - - 08 Jul 2004; Christian Birchinger - cyrus-sasl-2.1.18-r1.ebuild: - Added sparc stable keyword - - 07 Jul 2004; Travis Tilley cyrus-sasl-2.1.18-r1.ebuild: - stable on amd64 - - 07 Jul 2004; langthang@gentoo.org : - stable cyrus-sasl-2.1.18-r1 on x86 - - 07 Jul 2004; Cory Visi - files/cyrus-sasl-2.1.18-sasl-path-fix.patch: - Fix mistake in boolean logic - - 07 Jul 2004; Aron Griffis cyrus-sasl-2.1.18-r1.ebuild: - stable on alpha and ia64 #56016 - - 06 Jul 2004; Cory Visi cyrus-sasl-2.1.18-r1.ebuild, - files/cyrus-sasl-2.1.18-pam_mysql.patch: - Added pam-mysql USE flag to support deprecated auth style re: Bug 39497 - -*cyrus-sasl-2.1.18-r1 (06 Jul 2004) - - 06 Jul 2004; Cory Visi cyrus-sasl-2.1.18-r1.ebuild, - files/cyrus-sasl-2.1.18-cvs-1.172.patch, - files/cyrus-sasl-2.1.18-sasl-path-fix.patch: - Add patches to: fix buffer overflow (bring plugins/digestmda5.c to cvs version - 1.172) and fix SASL_PATH vulnerability - marked unstable on all archs - -*cyrus-sasl-2.1.17 (02 Jul 2004) - - 02 Jul 2004; Michael Sterrett - +files/cyrus-sasl-2.1.17-db4.patch, +cyrus-sasl-2.1.17.ebuild, - cyrus-sasl-2.1.18.ebuild: - resurrect cyrus-sasl-2.1.17.ebuild and patch; re-keyword - cyrus-sasl-2.1.18.ebuild; required deps for several packages and archs - - 01 Jul 2004; Jeremy Huddleston - cyrus-sasl-1.5.27-r5.ebuild, cyrus-sasl-1.5.27-r6.ebuild, - cyrus-sasl-2.1.18.ebuild: - virtual/glibc -> virtual/libc - - 01 Jul 2004; Cory Visi cyrus-sasl-2.1.18.ebuild: - Moved all archs to unstable due to numerous open bugs - - 01 Jul 2004; Cory Visi cyrus-sasl-2.1.17.ebuild: - Unstable 2.1.17 dropped due to broken db4 patch, please use 2.1.18; reference: - Bug 47027 & Bug Bug 46936 - - 25 Jun 2004; Aron Griffis cyrus-sasl-2.1.17.ebuild, - cyrus-sasl-2.1.18.ebuild: - QA - fix use invocation - - 24 Jun 2004; Gustavo Zacarias - cyrus-sasl-2.1.18.ebuild: - Stable on hppa - - 12 Jun 2004; Tom Gall cyrus-sasl-2.1.18.ebuild: - marked stable on ppc64, bug# 53766 - - 03 Jun 2004; Aron Griffis cyrus-sasl-2.1.14.ebuild, - cyrus-sasl-2.1.15.ebuild, cyrus-sasl-2.1.17.ebuild, - cyrus-sasl-2.1.18.ebuild: - Fix use invocation - - 09 May 2004; Jason Wever cyrus-sasl-2.1.18.ebuild: - Stable on sparc. - - 11 May 2004; Michael McCabe cyrus-sasl-2.1.18.ebuild: - Added s390 keywords - - 25 Apr 2004; Aron Griffis cyrus-sasl-2.1.14.ebuild, - cyrus-sasl-2.1.15.ebuild, cyrus-sasl-2.1.17.ebuild, - cyrus-sasl-2.1.18.ebuild: - Add die following econf for bug 48950 - - 20 Apr 2004; Daniel Black cyrus-sasl-2.1.17.ebuild, - cyrus-sasl-2.1.18.ebuild: - QA - removed runtime dependance on autoconf, automake, libtool and sed - - 18 Apr 2004; Travis Tilley cyrus-sasl-2.1.18.ebuild: - marked stable on amd64 since the last version marked stable doesnt even seem - to compile anymore - - 16 Apr 2004; Michael Sterrett - cyrus-sasl-1.5.27-r6.ebuild: - move inherit to the right place - - 21 Mar 2004; Joshua Kinard cyrus-sasl-2.1.17.ebuild: - Marked stable on mips. - -*cyrus-sasl-2.1.17 (16 Mar 2004) - - 16 Mar 2004; Max Kalika cyrus-sasl-2.1.17.ebuild, - cyrus-sasl-2.1.18.ebuild: - Re-add 2.1.17. Forward port arch fixes from 2.1.17 to 2.1.18. Fix - DEPEND/RDEPEND settings. - -*cyrus-sasl-2.1.18 (15 Mar 2004) - - 15 Mar 2004; Max Kalika cyrus-sasl-2.1.17.ebuild, - cyrus-sasl-2.1.18.ebuild, files/cyrus-sasl-2.1.17-db4.patch, - files/cyrus-sasl-2.1.18-db4.patch: - Bump to version 2.1.18. Should fix bug #38699. - - 27 Feb 2004; Joshua Kinard cyrus-sasl-2.1.17.ebuild: - Forgot to add gnuconfig detection in for mips - - 27 Feb 2004; Joshua Kinard cyrus-sasl-2.1.17.ebuild: - Added ~mips to KEYWORDS to satisfy repoman deps. - - 25 Feb 2004; Guy Martin cyrus-sasl-2.1.17.ebuild: - Marked stable on hppa. - - 17 Feb 2004; Aron Griffis cyrus-sasl-2.1.17.ebuild: - stable on alpha and ia64 - - 28 Jan 2004; Max Kalika cyrus-sasl-2.1.17.ebuild: - Fix default port name for the rimap authentication mechanism (Gentoo uses - 'imap2' instead of 'imap'). Fixes bug 34272. - - 28 Jan 2004; Max Kalika files/saslauthd2.conf: - More flexible start-up script config file. Fixes bug 39447 as well. - - 28 Jan 2004; Max Kalika cyrus-sasl-1.5.27-r6.ebuild, - cyrus-sasl-2.1.13.ebuild, cyrus-sasl-2.1.14.ebuild, - cyrus-sasl-2.1.15.ebuild, cyrus-sasl-2.1.17.ebuild, - files/cyrus-sasl-1.5.21-des.patch, files/cyrus-sasl-1.5.24-rpath.patch, - files/cyrus-sasl-1.5.27-scram.patch, files/cyrus-sasl-2.1.12-db4.patch, - files/cyrus-sasl-2.1.12-kerberos.patch, files/saslauthd2.conf: - Drop 2.1.13. Re-add missing patches. Fix rimap hostname flag for newer sasl - versions. - - 18 Jan 2004; cyrus-sasl-2.1.14.ebuild: - Added ~mips to KEYWORDS. - - 15 Jan 2004; Max Kalika cyrus-sasl-2.1.17.ebuild, - files/saslauthd.pam: - Add PAM file from bug #27690 contributed by Ryan Dalzell. Fix installation of - .rc6 and .conf files - - 15 Jan 2004; Max Kalika cyrus-sasl-2.1.17.ebuild, - files/cyrus-sasl-2.1.17-pgsql-include.patch: - Fix compile with newer PostgreSQL versions. Use proper WANT_AUTOCONF syntax. - Fixes bug #37227. - -*cyrus-sasl-2.1.17 (14 Jan 2004) - - 14 Jan 2004; Max Kalika cyrus-sasl-1.5.27-r5.ebuild, - cyrus-sasl-1.5.27-r6.ebuild, cyrus-sasl-2.1.13.ebuild, - cyrus-sasl-2.1.14.ebuild, cyrus-sasl-2.1.15.ebuild, - cyrus-sasl-2.1.17.ebuild, metadata.xml, files/crypt.diff, - files/cyrus-sasl-1.5.21-des.patch, files/cyrus-sasl-1.5.24-rpath.patch, - files/cyrus-sasl-1.5.27-scram.patch, files/cyrus-sasl-2.1.10-db4.patch, - files/cyrus-sasl-2.1.17-configdir.patch, files/cyrus-sasl-2.1.17-db4.patch, - files/cyrus-sasl-2.1.6-iovec.diff, files/cyrus-sasl-iovec.diff, - files/cyrus-sasl2-heimdal-deps.patch, files/gssapi-sefault.patch, - files/saslauthd.conf, files/saslauthd.confd, files/saslauthd.confd-2.1, - files/saslauthd.rc6, files/saslauthd2.rc6: - Massive cleanup. Remove unused files. Consolidate some other files. Add - metadata.xml. Bump version. - - 07 Dec 2003; Michael Sterrett - cyrus-sasl-2.1.13.ebuild, cyrus-sasl-2.1.14.ebuild, - cyrus-sasl-2.1.15.ebuild: - chown x.y -> chown x:y (bug 35127) - - 17 Aug 2003; Tavis Ormandy cyrus-sasl-2.1.15.ebuild: - use -D_REENTRANT on alpha - -*cyrus-sasl-2.1.15 (14 Aug 2003) - - 14 Aug 2003; Nick Hadaway cyrus-sasl-2.1.15.ebuild: - Version bump. Kept the reworked db4 patch. - - 13 Jul 2003; Nick Hadaway cyrus-sasl-2.1.14.ebuild: - Changed kerberos dep to app-crypt/mit-krb5 and marked stbale for x86. - - 13 Jul 2003; Christian Birchinger - cyrus-sasl-2.1.14.ebuild: - Added sparc stable keyword - -*cyrus-sasl-2.1.14 (09 Jul 2003) - - 23 Jul 2003; Guy Martin cyrus-sasl-2.1.14.ebuild : - Added hppa to KEYWORDS. - - 09 Jul 2003; Nick Hadaway cyrus-sasl-2.1.14.ebuild, - files/2.1.14-kerberos.patch, files/2.1.14-mysql.patch, - files/2.1.14-db4.patch: - Version bump. 2 fixes included from cvs which were noted immediately - after release on the dev mailing list. Added java and pam to IUSE. - otp support will be added as soon as opie is in portage. Updated the - db4 patch. - -*cyrus-sasl-2.1.13 (09 Jun 2003) - - 22 Jun 2003; Nick Hadaway files/saslauthd2.rc6: - Changed pid filename as noted in bug #23075. Fixed conf.d file - so invalid options aren't passed to the daemon and added some better - comments. - - 15 Jun 2003; Guy Martin cyrus-sasl-2.1.13.ebuild: - Added hppa to KEYWORDS. - - 09 Jun 2003; Nick Hadaway cyrus-sasl-2.1.13.ebuild, - files/digest-cyrus-sasl-2.1.13: - Version bump. - -*cyrus-sasl-2.1.10-r3 (28 May 2003) - - 28 May 2003; Paul de Vrieze cyrus-sasl-2.1.10-r3.ebuild, - files/cyrus-sasl-2.1.10-db4.patch: - Make sasl-2.1.10 also work with db4 - - 28 May 2003; Paul de Vrieze cyrus-sasl-2.1.12.ebuild: - Fix cyrus-sasl to compile with db4 - -*cyrus-sasl-2.1.12 (06 Feb 2003) - - 06 Feb 2003; Nick Hadaway cyrus-sasl-2.1.12.ebuild, - files/digest-cyrus-sasl-2.1.12, files/cyrus-sasl-2.1.12-kerberos.patch : - Version bump. Cleaned up some configure options. - -*cyrus-sasl-2.1.10-r2 (29 Jan 2003) - - 29 Jan 2003; Nick Hadaway cyrus-sasl-2.1.10-r2.ebuild, - files/digest-cyrus-sasl-2.1.10-r2, files/digestmd5.patch : - Legwork done by jfelice@cronosys.com on bug #13116. This adds a patch - which should address a sendmail/sasl segfault. - -*cyrus-2.1.10-r1 (23 Jan 2003) - - 23 Jan 2003; Nick Hadaway cyrus-sasl-2.1.10-r1.ebuild, - files/digest-cyrus-sasl-2.1.10-r1 : - http://asg.web.cmu.edu/archive/message.php?mailbox=archive-sasl&msg=3066 - Added a patch to see if that will help with problems noted in bug - #13116 - -*cyrus-sasl-2.1.10 (14 Dec 2002) - - 27 Dec 2002; Daniel Ahlberg cyrus-sasl-2.10.ebuild : - Marked stable. - - 18 Dec 2002; Nick Hadaway cyrus-sasl-2.1.10.ebuild : - Added IUSE. - - 14 Dec 2002; Nick Hadaway cyrus-sasl-2.1.10.ebuild, - files/digest-cyrus-sasl-2.1.10 : - Version bump. There is a known security hole in 2.1.9 - - 06 Dec 2002; Rodney Rees : changed sparc ~sparc keywords - -*cyrus-sasl-2.1.9-r1 (06 Dec 2002) - - 06 Dec 2002; Bryon Roche cyrus-sasl-2.1.9-r1.ebuild, - cyrus-sasl-1.5.27-r6.ebuild, files/cyrus-sasl-heimdal-deps.patch, - files/cyrus-sasl2-heimdal-deps.patch, files/digest-cyrus-sasl-2.1.9-r1, - files/digest-cyrus-sasl-1.5.27-r6: - New ebuild for virtual/krb5 && fixing heimdal deps. Needs more testing. - -*cyrus-sasl-2.1.9 (26 Nov 2002) - - 03 Dec 2002; Nick Hadaway cyrus-sasl-2.1.9.ebuild : - Marked stable. - - 26 Nov 2002; Nick Hadaway cyrus-sasl-2.1.9.ebuild, - files/digest-cyrus-sasl-2.1.9 : - New ebuild. Currently marked unstable. - -*cyrus-sasl-2.1.7-r3 (01 Oct 2002) - - 11 Oct 2002; Nick Hadaway - cyrus-sasl-2.1.7-r3.ebuild : - Added gssapi authentication support via kerberos use variable. - - 01 Oct 2002; Alexander Holler - cyrus-sasl-2.1.7-r3.ebuild : - Added generation of an empty sasldb2 with correct permissions. - -*cyrus-sasl-2.1.7-r2 (17 Sep 2002) - - 17 Sep 2002; Bryon Roche - cyrus-sasl-1.5.27-r5.ebuild, cyrus-sasl-2.1.7-r2.ebuild, - files/digest-cyrus-sasl-2.1.7-r2, files/cyrus-sasl-gcc32.patch : - Kerberos 5 fix and a fix for GCC 3.2 - -*cyrus-sasl-2.1.7-r1 (23 Aug 2002) - - 15 Sep 2002; Nick Hadaway - cyrus-sasl-2.1.7-r1.ebuild : - Added LOGIN authentication to support Micro$oft mail clients. - - 10 Sep 2002; Nick Hadaway - cyrus-sasl-2.1.7-r1.ebuild : - Changed stanzas in pkg_postinst from install to dodir so directories - are kept between software upgrades. - - 09 Sep 2002; Nick Hadaway - cyrus-sasl-2.1.7-r1.ebuild : - Removed undocumented and unneeded use flags. Added kerberos flag. - All default enabled authenticators which don't require external - programs or libraries are compiled in. - - 07 Sep 2002; Seemant Kulleen - cyrus-sasl-2.1.7-r1.ebuild : - USE flag adjustments, as discovered by jap1@ionet.net (Jacob Perkins) and - kevin@aptbasilicata.it (j2ee) in bug #7598. - - 23 Aug 2002; Sascha Schwabbauer - files/digest-cyrus-sasl-2.1.7-r1 : - Added digest file.. - -*cyrus-sasl-2.1.7-r1 (22 Aug 2002) - - 22 Aug 2002; Nick Hadaway cyrus-sasl-2.1.7-r1.ebuild, - files/digest-cyrus-sasl-2.1.7-r1.ebuild, files/crypt.diff : - Enabled finer grained auth mechanism controls as suggested by Eric Renfro. - There are use variables for all relevant configure switches now. By - default pam authentication is enabled and any of the other insecure, - unsupported, or non-standard mechanisms are disabled. - -*cyrus-sasl-2.1.7 (13 Aug 2002) - - 15 Aug 2002; Nick Hadaway cyrus-sasl-2.1.7.ebuild : - Updated configure options to specify correct dbpath. (/etc/sasl2/sasldb2) - Changed /etc/sasl2 back to root:root 755 as sasl is referenced by many - different programs, not just mail. - - 13 Aug 2002; Nick Hadaway cyrus-sasl-2.1.7.ebuild : - Changed permissions of /etc/sasl2 (root:mail 640) - - 13 Aug 2002; Nick Hadaway - cyrus-sasl-2.1.7.ebuild, files/digest-cyrus-sasl-2.1.7 : - Version bump. Adjusted configure options so configdir and dbpath point - to /etc/sasl2. Previous iovec patch from 2.1.6 still works with this - version. - -*cyrus-sasl-* (22 Jul 2002) - - 22 Jul 2002; Nick Hadaway : - Re-SLOT'd all cyrus-sasl packages back to 0 as there are conflicting files - between the 1.x and the 2.x version of cyrus-sasl. - -*cyrus-sasl-2.1.6 (22 Jul 2002) - - 22 Jul 2002; Nick Hadaway - cyrus-sasl-2.1.6.ebuild, files/digest-cyrus-sasl-2.1.6, - files/cyrus-sasl-2.1.6-iovec.diff : - Updated to latest released version. Most notably, ldap support has been - added back in. (yay!) Here's the "New in 2.1.6" notes... - * Security fix for the CRAM-MD5 plugin to check the full length of the - digest string. - * Return of the Experimental LDAP saslauthd module. - * Addition of Experimental MySQL auxprop plugin. - * Can now select multiple auxprop plugins (and a priority ordering) - * Mechanism selection now includes number of security flags - * Mac OS X 10.1 Fixes - * Misc other minor bugfixes. - -*cyrus-sasl-2.1.5-r2 (13 Jul 2002) - - 13 Jul 2002; Grant Goodyear ChangeLog : - fixed typo in dep - -*cyrus-sasl-2.1.5-r1 (10 Jul 2002) - - 10 Jul 2002; Nick Hadaway : cyrus-sasl-2.1.5-r1.ebuild - Added support for openssl. Minor patches to fix compile issues. - -*cyrus-sasl-2.1.5 (08 Jul 2002) - - 08 Jul 2002; Maik Schreiber : - New version, closes bug #4155. - -*cyrus-sasl-1.5.27-r6 (13 Feb 2003) - - 12 Jul 2003; Daniel Ahlberg : - Added missing changelog entry. - -*cyrus-sasl-1.5.27-r5 (06 Jun 2003) - - 12 Jul 2003; Daniel Ahlberg : - Added missing changelog entry. - -*cyrus-sasl-1.5.27-r4 (21 May 2002) - - 21 May 2002; Martin Schlemmer : - Update it to use automake-1.5, hopefully finally resolving - bug #2319 and co. - -*cyrus-sasl-1.5.27-r3 (5 May 2002) - - 5 May 2002; Martin Schlemmer : - Resolve bug #2319. - -*cyrus-sasl-1.5.27-r2 (3 May 2002) - - 3 May 2002; Donny Davies : - Added LICENSE, SLOT, $Headers. - -*cyrus-sasl-1.5.27-r1 (23 Apr 2002) - - 23 Apr 2002; Martin Schlemmer : - Added a libtoolize && aclocal .. hopefully build issues is fixed now. - -*cyrus-sasl-1.5.27 (18 Feb 2002) - - 18 Feb 2002; Donny Davies : - Initial checkin of this package. Postfix now compiles with this - library by default, and I have tested successfully with *outbound* - smtp authentication. Should you discover a bug, or any issues with - *inbound* authentication, lemme know. diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/Manifest b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/Manifest index fd137b771d..843afea7db 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/Manifest @@ -1,52 +1 @@ -AUX cyrus-sasl-0001_versioned_symbols.patch 914 SHA256 d64669070f4d19d884eaeb7d2b3b66987a714c2dda462bbbc4bcf452b705c3e0 SHA512 83329417818f1a33fb013090024e15786dadfc0fc865e2c6f09addbf8ba51519f171f8d583cd558b2ec98c2ece112a5427f8a6b02b74246cc948fe196a38681c WHIRLPOOL acb76440be9cbbb671d686080ec9478c70773c7a84526f2f1ea8bf4b994b51bb8c32830ba12c4e8c8dcfc973e17a00b847e7f67c39f639c1b1ad825612c989bc -AUX cyrus-sasl-0002_testsuite.patch 1055 SHA256 d7fff57482c2a9b148296ec680327d0cbd5254ed0a0bc99f46e2dc73758a6abc SHA512 a7ea09cfb76b4c99ca8b1316c547e6168108e11495368453fbc4e4842306727c2e1aafe9d959d195d6eb5262b5e1f91668fc7ac1d24dc6b15149ae162288994e WHIRLPOOL 5b71f60005aeeea61ad403f8a7c8c8379348f22a16780a2ef35fb092ed265191638e859c9faf576e7e06dafe8357960db0b8ba8ff8d8a940731eb8de41f81a2e -AUX cyrus-sasl-0006_library_mutexes.patch 805 SHA256 c1b955a6e9873284d27a1df62cc8952d5dbca0ea729ba326aa6f8b4ed1a96c6e SHA512 cc1783f97c65a309a11ea91ddb6f4db06590af6a987acd333dbad2da880db36b8401213e8e2cbfdb48bec021ba204f63ac0ffbea7d4dd1fdfe65d1212a062963 WHIRLPOOL 3f9876cc765d5fbce3da495135bf745c6ef6f661088635d7f2f13e60e0f276d52d65bf9ca22cfb640b5bda5d7f93244c13556524056530007aa23e5f4f3a0706 -AUX cyrus-sasl-0008_one_time_sasl_set_alloc.patch 2067 SHA256 2489dbd2548fb19c75c511c3b1e86077b4dc9c9218c9d0513fdb37ff06c75dad SHA512 a9d87e0746d6584141252c1c248123cd6372df81ebcfe73d2e305757cd67bb15e1796a699a17b0f8df1504c288b4cbf172d4b604430ff84d6ab59559c3334cb3 WHIRLPOOL cec7893d587caa953fdf13030b0845656a03dbba4244dc24ee820ef555d72cd82f3b26b31c3f3d623aa2d754969ae4fd59f7d96dc598a43a5a73901372a6d49e -AUX cyrus-sasl-0010_maintainer_mode.patch 340 SHA256 dfe0cbaacbe8b6b50d14c9fcd62f0bb5e69ab942bbbfd9fbc5db96c724fadd47 SHA512 dacf72e220aae0e97635415b930c5020c846192b505db7b2aef80e0322514a1bd2ed61a00fc37e24ef034c4cde91d414582a8342a62f7a7acd0cdcfba4d41b2b WHIRLPOOL 6566b5ea1a46921cd011624a7dbf3603b209015628a6e18a9b29de9fbfeca0c4b87de696533ec6f8b9626f81c4f34675b0d639f2948085f4f91a18aa8774d401 -AUX cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch 281 SHA256 84458e986e1d83c4ed2c2797f367ae8a36cfe73dfc3b68a3b98e64588d9e1da2 SHA512 13273364b83a10e4d19efccbbeb39a2c00830b62b9e367812ecfd9d8d1662057d6ccfefbb89f94021491d36024d85f92482678a8773476e2aa66587a0d2769d0 WHIRLPOOL 6e6d0fa475386aab9f57bed6acdd46caa6569459e68275571ea89550aec086220e851d03b56eb0945e7882d10f403c2ac763fcdcd1cb8b3d59144cdedea6de07 -AUX cyrus-sasl-0012_xopen_crypt_prototype.patch 720 SHA256 1a6d1aa451c18a9ee61a1dc64a1e18a99935b3467f64a2f92e9bb70680039223 SHA512 c0cfa47bb295c7c2463d55ab370e6ed5b6515ce97a7534e68a8f0247add2d54d2593d801b6c4c5e34711f259788da44b57301781f146da5dfb066d4216e3a135 WHIRLPOOL 878688c99f9a26a6ca14147a26f412a19b61a201284f8f709ce62365712ecf39d9b5960d8c93332d4360e09225a0d0edef3a522d52eac9c0f9c30a582ebd6c22 -AUX cyrus-sasl-0014_avoid_pic_overwrite.patch 1074 SHA256 b78a3456c964116e8d121e5607b6ea3dd54d7a2696a10a18d41ff08b299ad982 SHA512 44e665021c2793c25ae95e52dbad2f9e685deab808b724b3c803a02a00b7610b7792c656752b93f4627106bb3297b6181bdfde84cce04d29d70d95731da5a83d WHIRLPOOL 783e1142d9ab6f3839d4983ff22ec273cd4b6b1166e2cb8d46871d1e732c18cbb22914599d29dd7881477fca817166abca1bdaeb0e08f9c350f4942e97f5bd8a -AUX cyrus-sasl-0016_pid_file_lock_creation_mask.patch 924 SHA256 4d802c2027e3a537be50305b0648ccdcdef6c1515b07a3d5d7bef3fb8dfbf531 SHA512 dbd61df25f235580d57dc6e09d45cd1f4b444f9a864daab50acbcb8d4e398fcc4e0432c3a21133ea855031d6d525155f5d772bd1f6124ee1e691168952207e46 WHIRLPOOL 8d3cfc094365d6c351042af6575f4421f99a4f5bd9be8191de274c079b14b5d3a158a667996e0ef8048a88f9781e4a4bf1851877a3b8b6772279d11cc2b46baa -AUX cyrus-sasl-0026_drop_krb5support_dependency.patch 1625 SHA256 e0bc73fb5a8858334ff49a2fbada79369867a7d5e90e6f9655c71d30a020656f SHA512 03e80a2ef6bca27e378195f9b3454c698005b63e56c01c0e15aeec120a28cd16f0ef98dcda445a449edf0de809658b9a5f87334b5d80488d47f44c037ca121a7 WHIRLPOOL 11f5ad7437302f8109c124b581b5075836b4cd8d82d7a045ed37374ab2924c6dc39c14c4d7ae7b76d3d62ae09043db9a7a62fd9c8bff37d91e7b8b16f419e67f -AUX cyrus-sasl-2.1.17-pgsql-include.patch 588 SHA256 577b2431bb49ce8fcd9f5f864532e69e84fc6032c56fa564f9e95e25cfdfbc7e SHA512 710b2939c6350fac164f427d870dff83f03e5050ef6258e92875249b972dcd30b99e27bfb226030f59c9202301c66901d7b4d6c62333dbd6704517ae57b7312e WHIRLPOOL bb9b02563271a1b14858df672f5c635e7729c11a7c7d1eac20ba7e9ef6f06a8637e19e42efd560f65cc307148911f2d5e1a695fe5278ba77d82334ba1a2711d6 -AUX cyrus-sasl-2.1.19-checkpw.c.patch 4657 SHA256 5bdb8b3525429696a391d95c89faa553c3137c442f71479bc1aa430ee5255495 SHA512 4bc6c34908bed04035f6bf77a980873df24dea51f2a836fa1e421547e230525069046b9994714375c4807b125dbcb1a417b234936db703da6423d1c3eb9dbb8d WHIRLPOOL 70d811766abdf82aa651638265164d295e07550a07a07d9679bde284a41f8032beab462c7e6d5917d48c150c10c811719e12b80cca21ef2aed94d5470607a113 -AUX cyrus-sasl-2.1.21-keytab.patch 1460 SHA256 51f0098f1293981cbea57c7c8fdb0ba7622e9b26404fe1a92bdfcdbad1526269 SHA512 d178025761273fd51a3d15fea0a44a2e66b4bd764a904a2b8cde00a77b5a13a9237bab60c0848e971613f26fc394efaf1de31246f4ebcd4990326420945f88a3 WHIRLPOOL c83731aa78604025f5f56339fcbeef56e57d2b92af269facf9beb3e9cf085abb4f1a2c4791612c47e787b7643791e681f45a40d910dd8b513da9e5dc33e7045c -AUX cyrus-sasl-2.1.22-as-needed.patch 463 SHA256 bc26996cbafb59f4daf1d7acc077bae9a60e4746109a9ec4a580eaba5cb9ca78 SHA512 e6abc938ca36435bc1bc9df2b996b4533fcc16bd4ab154aec3f747bb9d383fed23617f097c9c665f53cd35067d0f74e991c867d5029f787479d6b90869ffa8fb WHIRLPOOL c3db46be4a373adcf629f41ca742e0652ab64d32db42de47c9bb9145975f93ee79a7fdd0fb191809f11ca5343e0177d8a2b8d024f2dedc2c2ca499d39405ca79 -AUX cyrus-sasl-2.1.22-crypt.patch 2892 SHA256 cad92b50aabbf2bcfdbd8169949a85a75c96e12ad43fcd4aaf89d6d7482210bf SHA512 c3fc240e049e359c00077681dcaf58be1817a01d8588e161f65a5cfa65c132d7f72f5cc58c5d24747f3b7a7ead758dd2c5eb8462b72e1e3cf13f447c1bae8279 WHIRLPOOL c1dd99b303ab41c5d845c2f697222bc9a18a014cdfd8aa4fea66faf04922a8a113f785e597a408eb2b04a66a7fdfc3eb4906244acaf986c798571e78570d0c24 -AUX cyrus-sasl-2.1.22-gcc44.patch 540 SHA256 d803266d96bb3b9f46bc2ce4ec280509d769bbf9c1a226e20c13803db398a113 SHA512 ffaf7d469b049a41ca776d61b945a3adaba6eebb0e7836fa913f2d6999fda1e95d6b0ec9bb0dfa8a4809a8f865c8eef64806f43627081be6d30142e96a99724d WHIRLPOOL 78f3b53da149f045a2bc51939c63f28560e8b2926e5ab8e775e4129dff367c016f1efd83d84aa4540303e884f3f32a31306796b84112bd37a14cf1f89bcb9b4f -AUX cyrus-sasl-2.1.22-qa.patch 525 SHA256 56dbdc290871f3a42e507fe0be90431de15a832da7cf99bf3c21fb5aef05c8ac SHA512 228c9e035a29f4cf82b640f0cb16d947a43d1a95445929ea866c1a39763b8eded66dccbbdcf40e9753c7ab4da1b427c5311bcd1df5b13bbd439cd21483add5aa WHIRLPOOL 88319337100ef306b91ac768306cfef4be0eeebd193f3a35c202dc554010dfa2216fb246588b5f7526d0e2ff2551f3149b8158a1bd90592eb4444921a1e62e6f -AUX cyrus-sasl-2.1.23+db-5.0.patch 1009 SHA256 6570d4ff7668a7df47b457ebf38c232bcd9b7034db37d23effa5a18b735dc38e SHA512 da52efef06b3d43c88b1edbc16609e8db3440b39f9f515c5b16e510a83b0b5764b5b79733b68ce98b8da08d0dde43ed058ccd70b6d28593ad4c881a9f223fe36 WHIRLPOOL c2e7ae6a02fde77a562d7b9bf7732829bd6b94a525b0f30c3f7fe72053f22d1fc5d26795323f224bef09d1b3d22ef43f6d3f8d11ae6bdfef5cb1251e7646fa8e -AUX cyrus-sasl-2.1.23-CVE-2013-4122.patch 3418 SHA256 fd604196fd1a51f234445bd78ebda3655175e4fa1dbe9c918f5f093b8581ad29 SHA512 a1749be201997bf8e2a7e0bbc29b60baf8d2e4b398e88698ba59f4c55f857dcaa3fd7a2a9c9d2eb48f9ca0a9ea56f3822b5a7415d07021299bd5ed161b3f4a06 WHIRLPOOL 34b04a407552be8984e83682c2f2b1103926dbaf2304b93cc7d825928406bc02a3d1b54c9f85215ca341c8cac3805e96bb7e4bb68dd5f274716f4b68e554208b -AUX cyrus-sasl-2.1.23-authd-fix.patch 829 SHA256 8732176e4a493b6b1548dc4799bf6866b9c324f5ecaafc9d9beffe0ac423d43d SHA512 0c2a675aac47a42a17caec54ce1f5561a59a7d0dd803e1046c020f5462e49485b475983db49e64b49c24b18678afc2d58fd9937d08e8fd46fc4781e7e9441606 WHIRLPOOL bb2f3e90341d7518af21f7770cbba3e17f5fd7dc186c2eada8d969c7f5961dbfc29bbb44ffdfb68a83eabb10a82f63d32e0f62d42c839cb8039ba0cbaf32719c -AUX cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch 782 SHA256 672fce3a1b0a45f7e91e8ed8aaad953b70118f74cf10bfb966aa65d052017b0f SHA512 524b199559b5f8f363f12bd1dd677f3354eacb68e88fa43ab8dd227465121c00841ce48ce01ba7e9e64629d5871418ed424d0c9bdda6895914c07ae7f1035595 WHIRLPOOL bd9aca1b285698ef1dff06df7c3d72f7f09dd1621a81a764ace80bb94977e394f4b3e6dadebaff34bb64e5d031d4f30aef5e7400186a29a3707f3c984e3d0bcb -AUX cyrus-sasl-2.1.23-rimap-loop.patch 783 SHA256 1d07d64b79960f026bbf271222a985bbe39ad465dab157f0cd5fbffde5622a5d SHA512 bda3b0b6cbe21145b134fee58f0cc330159bca7ae59b7d3e557eb6d5e09ea00325eafe07d139b71903626010baaa08d4cfed67257ee9548374efccd516c5579c WHIRLPOOL 284e1a9ff539c6fb028c3c042c7f09703b0a876daebb2a7c5fabd293c4b0fa5dd98ac40ea6c7e37664060284ed2eb67ce013c33ba48f0875163828c64e1063ba -AUX cyrus-sasl-2.1.25-as_needed.patch 1083 SHA256 5143036f20fdc1ff0b44b73b6d245392edc2f786d74730fc0f8f75d7b40ea5c6 SHA512 8fdc7039fda79e95ec310cd63d72871d7b5b35b5a1b6cf30b9693f6a02e265d924e375ddc65158f38de129b5da058ecd26038f988153ff0aacf2665d66f40abb WHIRLPOOL cb83b15e434c4127279a7c51f44d3a592466cbcb1591a390614b170d516be556a779e366d83ca51029626e3de706fe5c187d86491ac1b0728f2d0031ff0b5a25 -AUX cyrus-sasl-2.1.25-autotools_fixes.patch 3926 SHA256 390aef512c359ae3eee9d1c781ab9586b71b98e4b8961594de0872b09acfbea2 SHA512 d1e39d856addf6b53a278669df6e87f0fddd9a1ceadc0fadf2bdac239fcec8540c797118be642a58e65e2ec667d3c2a4b604f68f659433e64dbcd5bfe35b9a82 WHIRLPOOL b501636d42de380041acf7edcb4f571fe3f4b9642ce309c78a20fa2617990dd4bede18ed368fd3ebc194c86e2b3614ccf4b1b3cb2912451cdb24d010ebab14bb -AUX cyrus-sasl-2.1.25-auxprop.patch 552 SHA256 d9f63e60aa664f064755151fb5aa442ed52a3053057b5a63f2d88c937906dc7c SHA512 73ae914e684ae698eb56a1579ba9a477a946625a3b079e2b400d88583074f1701d8a6926ed17dea36b923050f21c04fbf746d54284568bd21c14be3d10283b6f WHIRLPOOL 899e41790b71a55983fa99c09e3b9b28667e2e7f457bdc39028ad705883676f4363bbd968c04b35fe2ce84fd08c1b5daad73b988f6e2299f1c129e59bc65f93f -AUX cyrus-sasl-2.1.25-avoid_pic_overwrite.patch 1076 SHA256 80cb9cf22b0507b503ff0cf6c5946a44eb5c3808e0a77e66d56d5a53e5e76fa7 SHA512 033e3634116e1d3b316052dbe0b671cca0fcfb6063fca1a97d990c422c2ce05109a1e424e84ed9928dc0312a325a7248f2d2e3f9547f84453b36331c01f63be5 WHIRLPOOL c5d502cf80f298771331660fd3806685cee47c128be4cdffd603c44b5cc04adccf4f459b354cb30f1e05acf8be76cb1e3b76a22c09f1b3b873cc13b683608607 -AUX cyrus-sasl-2.1.25-fix_heimdal.patch 601 SHA256 6285b2a9c0b9ab2590a4225ac1eb8d01678e6b0559141c274d4451def65b5283 SHA512 80a5181a3c324551ae64ead2d6199691ac9994653e4b86de21852d2caf201b5fccde6464af4189351edcad4b87dc60cab5f1c03148db77f90c6c52a16465045a WHIRLPOOL cc1adba84e09ef37ac4102b2da7c45eff9c496ca2cdb680e76b287a104e5ad039bca0b1bf319a6c5bfaa2e57cb6e5c8c4b93a8682ebac01bcb18a3b82cecac16 -AUX cyrus-sasl-2.1.25-missing_header.patch 292 SHA256 a83296e782a6137b0f687491314af7a82a37296729af42ca11d1f3667f7320b3 SHA512 b1dc1fa2663c5bd9b051353e6c18ece48460c2de4aff3b6f13672e0aa08e651462af4dae38a2821367728e503ade577218d2645f8c0a96c85e77226ee77ac1a6 WHIRLPOOL 859f6c1f8a864083b163f1c95431c633b9ca6d75a72bae14ce526cca0525ef2c4f0bb2760792baeb228fcb2b64126685d918012574f6a23ebc6b4a580245f77f -AUX cyrus-sasl-2.1.25-saslauthd_libtool.patch 280 SHA256 76ba2532083630a05ed0e3a5f2976eef6ec62e0fc1782bfee6147aee749e2ce8 SHA512 1e79230a3891f1492c7d6f5969f6a4890aaae2f488e9f3942cafeda574bf8810c4fb3e004836f769244db02bae663fa3ac1eeca19658e6fd3c94f2a891ed2653 WHIRLPOOL 0ac53b59da7a22e93c489e3bc62b0db83f14953cacf6c79c806feaeb33186e4b8f747c58faf49c514df2daba2580326db2c59c576bca3ae192fc210915d93aad -AUX cyrus-sasl-2.1.25-sasldb_al.patch 555 SHA256 3885246eda016e7a6d273305b2a011770465e8324d1774ef0d021e3def3008d5 SHA512 2da553298b482ca3115294de7264428925911f8d1b6a15ae1af38ee7e0a3191a0f4ad90bcbaeef599c994842a86eea5157b663cb6944f035d9a377dba91dbbf0 WHIRLPOOL d248eae3c8e0e313c0047d0bfbf6e4dd1341afdd4b525138827148517e8cc3847f4c134cd1639be1734c60c5fde922e8bd759895de55b268c2bc9fd54994bda9 -AUX cyrus-sasl-2.1.25-service_keytabs.patch 932 SHA256 6b60574c65fffd802d19b409fe9a4b043614261e59051b7b9cf51380e08cd8f3 SHA512 bd5ceebfe1b8f72d275db487a6f11bbb8e6f20f3b44c05040fd9d0bb5c72e656f2c8f22924fecaa9c268e50d54d272f25f4a5a3b72ca49d1c23ef9f178d00733 WHIRLPOOL 7b3ab47b4af7425ed619c4c6336feb74d45ab9e52d102995d13c6b013cab4c1bf2804ace0b9714066eeec8b105d09e1c267405581ae10361afd7d8762f702a3f -AUX cyrus-sasl-2.1.26-CVE-2013-4122.patch 3838 SHA256 39c3c404d6fc0da79c51157c6a3c05aeb9117cf5df87615d6a8f8086056bf94e SHA512 3df09f16dc2f4efc601339743eb6e66087977fae4e174aa82c4abb7f85a77aa9eb98629837079236446ef3b494fb48931c9dc8850362a49615749e162b4699c8 WHIRLPOOL 68a61bd075006bdde0fc7982694f8a413c4f21522b6a3a38af345c0d94e96294eb31d2f8ce05eb30ca8d228327f69bfc55f91be43f9eb1484989de4ee7aedc53 -AUX cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch 284 SHA256 334c3a2c7f409707026136ef595845f61e971e369035c3b5e3bf284f1e7e6e1d SHA512 f3b789b7dea3f6a51fca6fd1877c81b5f5a3be342fa5c90ddae98a822e0c2a71e8fa582c6cb60c696363aa5cb99db8609cd6b3a91c5d402a0ad1e6124c726f5f WHIRLPOOL 70fb8cbddf81c3dc631c0b9df72d3255590d20ae5d7d1d0ed6ca70548aaef3c48444703821c2a5ccc3b7fec5592584bc843fe5284fa1b0ef40a3446727e0f6eb -AUX cyrus-sasl-2.1.26-fix_dovecot_authentication.patch 2603 SHA256 3edf79a6b1a03c87bef8b41f858ffe32c778288cd22ffc05460c3b8ad2f6393c SHA512 4244015451dfd41443a0cf8b56ae19a1dfb550e374fcdc37dc091a54f73ab36818c25fe96f7837e3ddfe5c7952d309a5b51bedfe0b7c7f1dec8ecf15f067acda WHIRLPOOL da1a5afb7a17e0eb3e7ca7586769a766b994794d3c24a21a88c895b17b0685a06287186b3bba6cce2daf0216ee91c89f79770f205eaa6b7ba844ade263ea134b -AUX cyrus-sasl-2.1.26-missing-size_t.patch 348 SHA256 1821e0f511a3eab2cbefba36b6538a997afad2a4892d1fcbf22847d34e06711e SHA512 026183880caa504af9dda5fb93a6f47a159c7ab6af79463bc512709681dd260489411b8b8da78a9f8cd260b77ae5d1977854a39de80bc48f3a03e3ffa1b09fb2 WHIRLPOOL c71d5e4919577b6c23b1610c3fa695ad035befa9cc1de43867c9e9c17016f681854e734275241dab60271d3bc7198fd633b079ab6f53e6b8bc8ce4c513eff6bd -AUX cyrus-sasl-2.1.26-send-imap-logout.patch 1897 SHA256 021289615c690937dacf7bd0d1f23823255d141ea0c7f81a9f98d4d2b42260d4 SHA512 b30a4faea9fb66d8fab95a27b8ec87371d3650c5d2d4475449b8cebb223631d1afe9cdebd8c9b076e77bc3d2e2f5c32b24fe9292db26523212a72754cbff9995 WHIRLPOOL b7348e5300c7584d9bf18421a703a66c348bbb926c569da618876c500c78385b5580cab98c261fb051684ed45f2fb682ca837a0d4beff789f94134801898f0fa -AUX cyrus-sasl.conf 34 SHA256 1d246914153ca86390e7c39aaa9494ce1175d783d3292a8cc5a2d867b816fb7b SHA512 67b9bb97191d091ffc2b8f450ad88a558df304a29651a9a49407c50df0a316666a96e7d1a2ca3ac8ee5e60a58a5d5b618ce963661f4f45049dc6b3ef2cf8099e WHIRLPOOL 671625830fc9df9b44fff4d7fe16a7d7e76c42e8c1cf75cc7a725586aad3f80b98aa5a07ae5dea848833aed6aa02294c2a7b9969f1e708dd6854370a62c5cd23 -AUX java.README.gentoo 934 SHA256 aeb733ab6371c1fe50e413e8469dcd11f0750b5afff489408c45f118857fc3fe SHA512 afcecb94e8e8c427b9491fc21312f4bed2a7d4ecedbbec8fec895cf8ca1e747073979f4415e12d8499eadbc29e8d74c6029f7cdfd7a2cb732454faaa19d52dd4 WHIRLPOOL d32cd2cfc9ffab9f791f48e0450c7eeff1b2203e29af8df8b96c4091ca7195cd579e41f38b857ef646eec28a11ea9e7c80aa6cee3f41a58d354b732a6ea15a92 -AUX pwcheck.rc6 415 SHA256 9f711d5c78c93da20ef92350c81abf8768a011efd4dc0f8470d94b3fee1bd86c SHA512 571af3cef1b2984127553cca8987a6638b68d260d5083d373fa28f67614ca972ebdb408da88cfc8f98c3f03cf67d3ee51bcfd4dd540499493ceed8c59d8bb999 WHIRLPOOL bafb9ff5e1bcb0e9e67367b4d05a301c03311230b60f9f7afc54477160b33a5ecb2d396626c6c9a50a539d73db8a22598e29520a37ac307fae7942b6d41c876e -AUX pwcheck.service 129 SHA256 6b4dd0f703dfb4d61f24f3ba42884d83eba4a8cd06eb794cc7cd8bebc6c93da5 SHA512 73e01063bf308cbdc45400d4d0b61f81eade8453acec71b2ac0c0acf1ee458881aab2876cbd47208f87c6a9f298846eb509e14eb01b985c4f9e0ad4db1d8b751 WHIRLPOOL 04ba7e1e7ddf7f5cccfc6ffa0d2bc6b7c47eb0d933409dc85eb1176e374a8a1dc1844221c6fe30a0341487226f1f42ea0473a5cc1c3455a06d071ed7ff625b46 -AUX saslauthd-2.1.21.conf 811 SHA256 5220310b313aa826e51dc4a2c1f97b474ded6af14a5e1cd63bcaa9c2b37321db SHA512 413acaceb34d29d9945393b6df6926d51b93e6884cf72d67031e88182f18ca0a5f24c41037a2b3cf3353944acb1eeb78e30de936627c8f8cf1f5df35730b9801 WHIRLPOOL e2e42c9b8747d51650fe27245f1313a3f740f8547cd4f95cb875872d3889dd70d6b60efe119d225b8510b51d713e49e7e575219deb788fd75da676f7fef9d7cc -AUX saslauthd-2.1.26.conf 695 SHA256 645f8991051921fb351645dc73b46bab9eddf3f4599670d189fc13855047e69d SHA512 1fdd046bec05ad1745ee8ad187eaf9fa4a47976b30b58851c46077a5990c30fa9cf658e210ec93001d213b1835c1d7623a5ec9cfb3e5ac5966fb99003806a54a WHIRLPOOL d29416006442136846d4f02ab6d7c4af84ef85db2d649792f520817be9be4835d2723dd42c92dc486888b9fe27ddbf177d1c33ab39b39e4e97b7e26e68dbf6a1 -AUX saslauthd.pam-include 160 SHA256 97166de49d227cf5ff305168ea75ca584feda9ab87d1eb1437638861986e70ba SHA512 14fcfc0f69dacd25ac9b298cf44b0b44146d418424ef16e66edf8893353e418ef53beebb7199bd516b828c40954e4875ab5659f50a09af12ef2a371b944b45b1 WHIRLPOOL cc1c48bb92cf89ed9f29df2469823bd7bfa96b97fa8d6d33c7cfedef1e1a2ee12e66a0c34b7a992a631d4f446dfa4e9769d5b2c08dae5039115c00514f8a40e9 -AUX saslauthd.service 277 SHA256 a8157a0748269d3534ac6f01bbf61f0215c665b50dbbf94fc2399b6d3287a677 SHA512 fa318aefec6f802badd72a4baf33875bc0021fc4889578877880971470d84bf645ad3c34dd10c582d8cc06ea512e3d56984902efaf09e2806a27feade5fc971c WHIRLPOOL 18f74f1caac60b7bbf58edf41b78c5d670a6892c8c763e05b026c930565dfb2c3ac7b6763e518824fe93c560c5f1f7e42306e950c1a942b38e0ec23824b74e89 -AUX saslauthd2.rc6 417 SHA256 cc74cca0202ba8b34afeb340eebb4b05ec46d4218a8b04eb9b075c781af54b53 SHA512 71ab930feebe9dec93b887f39a27219a68edc5b297777fca4e25d483f1f587e63540a867e92ca34664da8baadcaabb9c7c35637ade8301b962b273a39346c86e WHIRLPOOL 75580a6eca1d42b44994af77cf59f3b14b9f0c6a304ac43c8d1f290d0282bc1d32906aedf0df5594a3d005a55e00ce31ac37203785327eaf00454c7aa37678cf -AUX saslauthd2.rc7 417 SHA256 bb6e6867eec37bd194f3f9417bf31515a08d630d47f1ce713ad773f4551244e0 SHA512 4ec33fff39e6e21ba894a77b582a385ad54bd66f7d68733e597ba85f1b7571bf99427aad8b69ccaa5e3fd861537dd9b25fd6a1deac1d56e548f45beada6bf359 WHIRLPOOL e231f5cd8c3cd9bb7d8e51e117590ef603ec75a3f972c53987dfacc0e5f651c0d4448fe90bfd0a84ad9f53517cda5beab81ae669176d3059c8052c031e23a998 -DIST cyrus-sasl-2.1.26.tar.gz 5220231 SHA256 8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3 SHA512 78819cb9bb38bea4537d6770d309deeeef09ff44a67526177609d3e1257ff4334d2b5e5131d5a1e4dea7430d8db1918ea9d171f0dee38b5e8337f4b72ed068f0 WHIRLPOOL bcba17705d5d7ef9a03802d6a0c3a887bba0473605a3a48d2672aeac187193f2488f28ab01bdf659d7a68b94b4c74e36428ca4b5be840fbed2968f1592534b33 -EBUILD cyrus-sasl-2.1.26-r10.ebuild 7768 SHA256 6f3bb283f5fccf5902533dc396fad6721c7caeb5dd180c11b8728f430250c4a2 SHA512 8662debc01f3d67ae6c229379e2403d17a69545749bbcb31ff18721e82b18c4ce07edcc571dae141d55c2b0fb3041acff46ec98f73cfc831d97fa424b1c5b71d WHIRLPOOL 1f1509525471d063442a7dc6ecb192d8cedd322d85b9cc3d6e72c7a8fa6658eff936cc8df1670c197a3b1ab66f814932b39e41f711fc4583af975691dd837eeb -EBUILD cyrus-sasl-2.1.26-r9.ebuild 7674 SHA256 ff694d2a857df880a545df192f6e4e6b13f52356c9249129af1e47c300ee3694 SHA512 f8871a45e4a99d3289a576f8c2e6c1d19ccd4e0ff3261b480a99b9c258c84d09b7bdce14d1d425773b051f00d2f47f5c40cae4c7758f5de6fe72c0ab9434bfec WHIRLPOOL 6e238ae9c3f7cd835b4fc6dd327f5b1240db1be28fdb707bb2baf49306efa2225c1dc3f4600e8c6734e459aced77eb5927696e196f5f42e3e4fcacbad3bf52c0 -MISC ChangeLog 5018 SHA256 8134a6cfc4a34723ddde549b9cd8a8ba2eccbbb5f48d83ba8961de89e0db9886 SHA512 5546ded0ed88df92bcfec6d87650a40c423ed31b42d31cd052fef16b5a87eecf45181e1965427dc7ab92aab0f26bf44f0476860d3fdb227c5bc9bcd928f72198 WHIRLPOOL 5a5556faab64124c9748017f7b98f8be01fbfdfbe3ca8c5fb3c793ecc564404f420220442a09fc04909d0fde5967213b1517944e329ec0e5ee5fb3fb824595a9 -MISC ChangeLog-2015 52727 SHA256 cad5e2e4ba64d58e11617abd00f0fb1ef6c7f2edccc3b0c4df31bbd9c53d0d20 SHA512 7ace87d5f7be6e6d50367d79143688b3f0d363444b65a7440d9a5075c8d98c95bc882cd396dde521836cd05d233161727b4281db2184a00854c652e0a2be019f WHIRLPOOL e620fdbfe466b59edbba60af62089dcc9ce6a407917aedb5be3df3acacf0a963628c70cadb1684c908d7ebfc278006906f5d0abb76504ec4bf03ccb07960784f -MISC metadata.xml 706 SHA256 a20b99c5a9e2b9f98988c79cf520b26aeb4dc4fcc5ce64df4dbdf7edda1bae58 SHA512 1e7495deff4727296d29b25b7af535c0b36054b9172763ca8634b40f324dbc33697424a7e5565791c3131def3708c9ffb7e3e2362cbd8b334d650921fc2291ce WHIRLPOOL aa1f700aa5595aa60f2ad7befa95a055ca19aeeb059a3b5bd403f04e6da71d12de38d0dee7b3c4c8eb85cb454149bdbb408b7902fa38348ca0338d2396d21bfb +DIST cyrus-sasl-2.1.27.tar.gz 4111249 BLAKE2B 82c9acce8534521ce5c5806f093e927f1854b4bc4b83ea7db1b32ceaa811adc1a5b6fc16d03233d729194cd603836f6e58de67f915abab2cb74561a80d03f5a8 SHA512 d11549a99b3b06af79fc62d5478dba3305d7e7cc0824f4b91f0d2638daafbe940623eab235f85af9be38dcf5d42fc131db531c177040a85187aee5096b8df63b diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r10.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r10.ebuild deleted file mode 100644 index 9537cc475a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r10.ebuild +++ /dev/null @@ -1,245 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 - -inherit eutils flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd - -SASLAUTHD_CONF_VER="2.1.26" - -DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)" -HOMEPAGE="http://cyrusimap.web.cmu.edu/" -SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz" - -LICENSE="BSD-with-attribution" -SLOT="2" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" -IUSE="authdaemond berkdb gdbm kerberos ldapdb openldap mysql pam postgres sample selinux sqlite -srp ssl static-libs urandom" - -DEPEND="net-mail/mailbase - authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) ) - berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) - gdbm? ( >=sys-libs/gdbm-1.10-r1[${MULTILIB_USEDEP}] ) - kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) - openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) - mysql? ( virtual/mysql ) - pam? ( >=virtual/pam-0-r1[${MULTILIB_USEDEP}] ) - postgres? ( dev-db/postgresql:= ) - sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] ) - ssl? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] ) - java? ( >=virtual/jdk-1.4:= )" -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-sasl )" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/sasl/md5global.h -) - -pkg_setup() { - java-pkg-opt-2_pkg_setup -} - -src_prepare() { - epatch "${FILESDIR}"/${PN}-2.1.25-sasldb_al.patch - epatch "${FILESDIR}"/${PN}-2.1.25-saslauthd_libtool.patch - epatch "${FILESDIR}"/${PN}-2.1.25-avoid_pic_overwrite.patch - epatch "${FILESDIR}"/${PN}-2.1.25-autotools_fixes.patch - epatch "${FILESDIR}"/${PN}-2.1.25-as_needed.patch - epatch "${FILESDIR}"/${PN}-2.1.25-missing_header.patch - epatch "${FILESDIR}"/${PN}-2.1.25-fix_heimdal.patch - epatch "${FILESDIR}"/${PN}-2.1.25-auxprop.patch - epatch "${FILESDIR}"/${PN}-2.1.23-gss_c_nt_hostbased_service.patch - epatch "${FILESDIR}"/${PN}-2.1.25-service_keytabs.patch - epatch "${FILESDIR}"/${PN}-2.1.26-missing-size_t.patch - epatch "${FILESDIR}"/${PN}-2.1.26-CVE-2013-4122.patch - epatch "${FILESDIR}"/${PN}-2.1.26-send-imap-logout.patch - epatch "${FILESDIR}"/${PN}-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch - epatch "${FILESDIR}"/${PN}-2.1.26-fix_dovecot_authentication.patch - epatch "${FILESDIR}"/${PN}-2.1.26-fix-cross-compiling.patch - epatch "${FILESDIR}"/${PN}-2.1.26-fix-cross-compiling-again.patch - - # Get rid of the -R switch (runpath_switch for Sun) - # >=gcc-4.6 errors out with unknown option - sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \ - configure.in || die - - # Use plugindir for sasldir - sed -i '/^sasldir =/s:=.*:= $(plugindir):' \ - "${S}"/plugins/Makefile.{am,in} || die "sed failed" - - # #486740 #468556 - sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \ - -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ - configure.in || die - sed -i -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ - saslauthd/configure.in || die - - eautoreconf -} - -src_configure() { - append-flags -fno-strict-aliasing - append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED - - multilib-minimal_src_configure -} - -multilib_src_configure() { - # Java support. - multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}" - - local myconf=() - - # Add authdaemond support (bug #56523). - if use authdaemond ; then - myconf+=( --with-authdaemond=/var/lib/courier/authdaemon/socket ) - fi - - # Fix for bug #59634. - if ! use ssl ; then - myconf+=( --without-des ) - fi - - if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then - myconf+=( --enable-sql ) - else - myconf+=( --disable-sql ) - fi - - # Default to GDBM if both 'gdbm' and 'berkdb' are present. - if use gdbm ; then - einfo "Building with GNU DB as database backend for your SASLdb" - myconf+=( --with-dblib=gdbm ) - elif use berkdb ; then - einfo "Building with BerkeleyDB as database backend for your SASLdb" - myconf+=( - --with-dblib=berkeley - --with-bdb-incdir="$(db_includedir)" - ) - else - einfo "Building without SASLdb support" - myconf+=( --with-dblib=none ) - fi - - # Use /dev/urandom instead of /dev/random (bug #46038). - if use urandom ; then - myconf+=( --with-devrandom=/dev/urandom ) - fi - - ECONF_SOURCE=${S} \ - econf \ - --enable-login \ - --enable-ntlm \ - --enable-auth-sasldb \ - --disable-cmulocal \ - --disable-krb4 \ - --enable-otp \ - --without-sqlite \ - --with-saslauthd=/run/saslauthd \ - --with-pwcheck=/run/saslauthd \ - --with-configdir=/etc/sasl2 \ - --with-plugindir=/usr/$(get_libdir)/sasl2 \ - --with-dbpath=/etc/sasl2/sasldb2 \ - $(use_with ssl openssl) \ - $(use_with pam) \ - $(use_with openldap ldap) \ - $(use_enable ldapdb) \ - $(multilib_native_use_enable sample) \ - $(use_enable kerberos gssapi) \ - $(multilib_native_use_enable java) \ - $(multilib_native_use_with java javahome ${JAVA_HOME}) \ - $(multilib_native_use_with mysql mysql /usr) \ - $(multilib_native_use_with postgres pgsql) \ - $(use_with sqlite sqlite3 /usr/$(get_libdir)) \ - $(use_enable srp) \ - $(use_enable static-libs static) \ - "${myconf[@]}" -} - -multilib_src_compile() { - emake - - # Default location for java classes breaks OpenOffice (bug #60769). - # Thanks to axxo@gentoo.org for the solution. - if multilib_is_native_abi && use java ; then - jar -cvf ${PN}.jar -C java $(find java -name "*.class") - fi -} - -multilib_src_install() { - default - - if multilib_is_native_abi; then - if use sample ; then - docinto sample - dodoc "${S}"/sample/*.c - exeinto /usr/share/doc/${P}/sample - doexe sample/client sample/server - fi - - # Default location for java classes breaks OpenOffice (bug #60769). - if use java ; then - java-pkg_dojar ${PN}.jar - java-pkg_regso "${D}/usr/$(get_libdir)/libjavasasl.so" - # hackish, don't wanna dig through makefile - rm -Rf "${D}/usr/$(get_libdir)/java" - docinto "java" - dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/* - dodir "/usr/share/doc/${PF}/java/Test" - insinto "/usr/share/doc/${PF}/java/Test" - doins "${S}"/java/Test/*.java - fi - - dosbin saslauthd/testsaslauthd - fi -} - -multilib_src_install_all() { - keepdir /etc/sasl2 - - dodoc AUTHORS ChangeLog NEWS README doc/TODO doc/*.txt - newdoc pwcheck/README README.pwcheck - dohtml doc/*.html - - docinto "saslauthd" - dodoc saslauthd/{AUTHORS,ChangeLog,LDAP_SASLAUTHD,NEWS,README} - - newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd - - newinitd "${FILESDIR}/pwcheck.rc6" pwcheck - systemd_dounit "${FILESDIR}/pwcheck.service" - - newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd - newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd - systemd_dounit "${FILESDIR}/saslauthd.service" - systemd_dotmpfilesd "${FILESDIR}/${PN}.conf" - - prune_libtool_files --modules -} - -pkg_postinst () { - # Generate an empty sasldb2 with correct permissions. - if ( use berkdb || use gdbm ) && [[ ! -f "${ROOT}/etc/sasl2/sasldb2" ]] ; then - einfo "Generating an empty sasldb2 with correct permissions ..." - echo "p" | "${ROOT}/usr/sbin/saslpasswd2" -f "${ROOT}/etc/sasl2/sasldb2" -p login \ - || die "Failed to generate sasldb2" - "${ROOT}/usr/sbin/saslpasswd2" -f "${ROOT}/etc/sasl2/sasldb2" -d login \ - || die "Failed to delete temp user" - chown root:mail "${ROOT}/etc/sasl2/sasldb2" \ - || die "Failed to chown ${ROOT}/etc/sasl2/sasldb2" - chmod 0640 "${ROOT}/etc/sasl2/sasldb2" \ - || die "Failed to chmod ${ROOT}/etc/sasl2/sasldb2" - fi - - if use authdaemond ; then - elog "You need to add a user running a service using Courier's" - elog "authdaemon to the 'mail' group. For example, do:" - elog " gpasswd -a postfix mail" - elog "to add the 'postfix' user to the 'mail' group." - fi - - elog "pwcheck and saslauthd home directories have moved to:" - elog " /run/saslauthd, using tmpfiles.d" -} diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild new file mode 100644 index 0000000000..bcbff9d8ba --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild @@ -0,0 +1,262 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit eutils flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd + +SASLAUTHD_CONF_VER="2.1.26" + +DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)" +HOMEPAGE="https://www.cyrusimap.org/sasl/" +#SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz" +SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz" + +LICENSE="BSD-with-attribution" +SLOT="2" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="authdaemond berkdb gdbm kerberos ldapdb libressl openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom" + +CDEPEND=" + net-mail/mailbase + virtual/libcrypt:= + authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) ) + berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) + gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) + mysql? ( dev-db/mysql-connector-c:0=[${MULTILIB_USEDEP}] ) + pam? ( >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] ) + postgres? ( dev-db/postgresql:* ) + sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] ) + ssl? ( + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) + libressl? ( dev-libs/libressl:=[${MULTILIB_USEDEP}] ) + ) + java? ( >=virtual/jdk-1.6:= )" + +REQUIRED_USE="ldapdb? ( openldap )" + +RDEPEND=" + ${CDEPEND} + selinux? ( sec-policy/selinux-sasl )" + +DEPEND="${CDEPEND}" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/sasl/md5global.h +) + +PATCHES=( + "${FILESDIR}/${PN}-2.1.27-avoid_pic_overwrite.patch" + "${FILESDIR}/${PN}-2.1.27-autotools_fixes.patch" + "${FILESDIR}/${PN}-2.1.27-as_needed.patch" + "${FILESDIR}/${PN}-2.1.25-auxprop.patch" + "${FILESDIR}/${PN}-2.1.27-gss_c_nt_hostbased_service.patch" + "${FILESDIR}/${PN}-2.1.26-missing-size_t.patch" + "${FILESDIR}/${PN}-2.1.27-doc_build_fix.patch" + "${FILESDIR}/${PN}-2.1.27-memmem.patch" + "${FILESDIR}/${PN}-2.1.27-CVE-2019-19906.patch" + # Flatcar: + "${FILESDIR}/${PN}-2.1.27-fix-cross-compiling.patch" +) + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_prepare() { + default + + # Get rid of the -R switch (runpath_switch for Sun) + # >=gcc-4.6 errors out with unknown option + sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \ + configure.ac || die + + # Use plugindir for sasldir + sed -i '/^sasldir =/s:=.*:= $(plugindir):' \ + "${S}"/plugins/Makefile.{am,in} || die "sed failed" + + # #486740 #468556 + sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \ + -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ + configure.ac || die + + eautoreconf +} + +src_configure() { + append-flags -fno-strict-aliasing + if [[ ${CHOST} == *-solaris* ]] ; then + # getpassphrase is defined in /usr/include/stdlib.h + append-cppflags -DHAVE_GETPASSPHRASE + else + # this horrendously breaks things on Solaris + append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED + fi + + multilib-minimal_src_configure +} + +multilib_src_configure() { + # Java support. + multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}" + + local myeconfargs=( + --enable-login + --enable-ntlm + --enable-auth-sasldb + --disable-cmulocal + --disable-krb4 + --disable-macos-framework + --enable-otp + --without-sqlite + --with-saslauthd="${EPREFIX}"/run/saslauthd + --with-pwcheck="${EPREFIX}"/run/saslauthd + --with-configdir="${EPREFIX}"/etc/sasl2 + --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sasl2 + --with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2 + --with-sphinx-build=no + $(use_with ssl openssl) + $(use_with pam) + $(use_with openldap ldap) + $(use_enable ldapdb) + $(multilib_native_use_enable sample) + $(use_enable kerberos gssapi) + $(multilib_native_use_enable java) + $(multilib_native_use_with mysql mysql "${EPREFIX}"/usr) + $(multilib_native_use_with postgres pgsql "${EPREFIX}"/usr/$(get_libdir)/postgresql) + $(use_with sqlite sqlite3 "${EPREFIX}"/usr/$(get_libdir)) + $(use_enable srp) + $(use_enable static-libs static) + + # Add authdaemond support (bug #56523). + $(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '') + + # Fix for bug #59634. + $(usex ssl '' --without-des) + + # Use /dev/urandom instead of /dev/random (bug #46038). + $(usex urandom --with-devrandom=/dev/urandom '') + ) + + if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then + myeconfargs+=( --enable-sql ) + else + myeconfargs+=( --disable-sql ) + fi + + # Default to GDBM if both 'gdbm' and 'berkdb' are present. + if use gdbm ; then + einfo "Building with GNU DB as database backend for your SASLdb" + myeconfargs+=( --with-dblib=gdbm ) + elif use berkdb ; then + einfo "Building with BerkeleyDB as database backend for your SASLdb" + myeconfargs+=( + --with-dblib=berkeley + --with-bdb-incdir="$(db_includedir)" + ) + else + einfo "Building without SASLdb support" + myeconfargs+=( --with-dblib=none ) + fi + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake + + # Default location for java classes breaks OpenOffice (bug #60769). + # Thanks to axxo@gentoo.org for the solution. + if multilib_is_native_abi && use java ; then + jar -cvf ${PN}.jar -C java $(find java -name "*.class") + fi +} + +multilib_src_install() { + default + + if multilib_is_native_abi; then + if use sample ; then + docinto sample + dodoc "${S}"/sample/*.c + exeinto /usr/share/doc/${P}/sample + doexe sample/client sample/server + fi + + # Default location for java classes breaks OpenOffice (bug #60769). + if use java; then + java-pkg_dojar ${PN}.jar + java-pkg_regso "${ED}/usr/$(get_libdir)/libjavasasl$(get_libname)" + # hackish, don't wanna dig through makefile + rm -rf "${ED}/usr/$(get_libdir)/java" || die + docinto "java" + dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/* + dodir "/usr/share/doc/${PF}/java/Test" + insinto "/usr/share/doc/${PF}/java/Test" + doins "${S}"/java/Test/*.java + fi + + dosbin saslauthd/testsaslauthd + fi +} + +multilib_src_install_all() { + doman man/* + + keepdir /etc/sasl2 + + # Reset docinto to default value (#674296) + docinto + dodoc AUTHORS ChangeLog doc/legacy/TODO + newdoc pwcheck/README README.pwcheck + + newdoc docsrc/sasl/release-notes/$(ver_cut 1-2)/index.rst release-notes + edos2unix "${ED}/usr/share/doc/${PF}/release-notes" + + docinto html + dodoc doc/html/*.html + + newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd + + newinitd "${FILESDIR}/pwcheck.rc6" pwcheck + systemd_dounit "${FILESDIR}/pwcheck.service" + + newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd + newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd + systemd_dounit "${FILESDIR}/saslauthd.service" + systemd_dotmpfilesd "${FILESDIR}/${PN}.conf" + + # The get_modname bit is important: do not remove the .la files on + # platforms where the lib isn't called .so for cyrus searches the .la to + # figure out what the name is supposed to be instead + if ! use static-libs && [[ $(get_modname) == .so ]] ; then + find "${ED}" -name "*.la" -delete || die + fi +} + +pkg_postinst() { + # Generate an empty sasldb2 with correct permissions. + if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then + einfo "Generating an empty sasldb2 with correct permissions ..." + echo "p" | "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -p login \ + || die "Failed to generate sasldb2" + "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -d login \ + || die "Failed to delete temp user" + chown root:mail "${EROOT}/etc/sasl2/sasldb2" \ + || die "Failed to chown ${EROOT}/etc/sasl2/sasldb2" + chmod 0640 "${EROOT}/etc/sasl2/sasldb2" \ + || die "Failed to chmod ${EROOT}/etc/sasl2/sasldb2" + fi + + if use authdaemond ; then + elog "You need to add a user running a service using Courier's" + elog "authdaemon to the 'mail' group. For example, do:" + elog " gpasswd -a postfix mail" + elog "to add the 'postfix' user to the 'mail' group." + fi + + elog "pwcheck and saslauthd home directories have moved to:" + elog " /run/saslauthd, using tmpfiles.d" +} diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0001_versioned_symbols.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0001_versioned_symbols.patch deleted file mode 100644 index 312afc8ff5..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0001_versioned_symbols.patch +++ /dev/null @@ -1,30 +0,0 @@ -Author: Fabian Fagerholm - - Use versioned symbols for libsasl2. - -diff --git a/lib/Makefile.am b/lib/Makefile.am -index e09fe6e..e74c507 100644 ---- a/lib/Makefile.am -+++ b/lib/Makefile.am -@@ -61,8 +61,8 @@ LIB_DOOR= @LIB_DOOR@ - lib_LTLIBRARIES = libsasl2.la - - libsasl2_la_SOURCES = $(common_sources) $(common_headers) --libsasl2_la_LDFLAGS = -version-info $(sasl_version) --libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) -+libsasl2_la_LDFLAGS = -version-info $(sasl_version) -Wl,--version-script=$(top_srcdir)/Versions -+libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) $(top_srcdir)/Versions - libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(LIB_CRYPT) - - if MACOSX -new file mode 100644 -index 0000000..ff7190d ---- /dev/null -+++ b/Versions -@@ -0,0 +1,6 @@ -+SASL2 { -+ global: -+ sasl_*; prop_*; auxprop_plugin_info; _sasl_MD5*; -+}; -+ -+HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0002_testsuite.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0002_testsuite.patch deleted file mode 100644 index c550927962..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0002_testsuite.patch +++ /dev/null @@ -1,26 +0,0 @@ -Author: Fabian Fagerholm -Description: Rename the testsuite program to sasltestsuite and use /etc/sasldb2 -instead of ./sasldb as default path for the sasldb database file. ---- trunk.orig/utils/testsuite.c -+++ trunk/utils/testsuite.c -@@ -464,9 +464,9 @@ - *len = (unsigned) strlen("sasldb"); - return SASL_OK; - } else if (!strcmp(option, "sasldb_path")) { -- *result = "./sasldb"; -+ *result = "/etc/sasldb2"; - if (len) -- *len = (unsigned) strlen("./sasldb"); -+ *len = (unsigned) strlen("/etc/sasldb2"); - return SASL_OK; - } else if (!strcmp(option, "canon_user_plugin")) { - *result = cu_plugin; -@@ -2925,7 +2925,7 @@ - void usage(void) - { - printf("Usage:\n" \ -- " testsuite [-g name] [-s seed] [-r tests] -a -M\n" \ -+ " sasltestsuite [-g name] [-s seed] [-r tests] -a -M\n" \ - " g -- gssapi service name to use (default: host)\n" \ - " r -- # of random tests to do (default: 25)\n" \ - " a -- do all corruption tests (and ignores random ones unless -r specified)\n" \ diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0006_library_mutexes.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0006_library_mutexes.patch deleted file mode 100644 index 539bc06742..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0006_library_mutexes.patch +++ /dev/null @@ -1,25 +0,0 @@ -Author: Fabian Fagerholm -Description: Exact description unknown; make sure mutex-related code works. ---- trunk.orig/lib/common.c -+++ trunk/lib/common.c -@@ -771,7 +771,7 @@ - result = sasl_canonuser_add_plugin("INTERNAL", internal_canonuser_init); - if(result != SASL_OK) return result; - -- if (!free_mutex) -+ if (!free_mutex || free_mutex == 0x1) - free_mutex = sasl_MUTEX_ALLOC(); - if (!free_mutex) return SASL_FAIL; - -@@ -790,6 +790,11 @@ - - /* serialize disposes. this is necessary because we can't - dispose of conn->mutex if someone else is locked on it */ -+ -+ if (!free_mutex || free_mutex == 0x1) -+ free_mutex = sasl_MUTEX_ALLOC(); -+ if (!free_mutex) return SASL_FAIL; -+ - result = sasl_MUTEX_LOCK(free_mutex); - if (result!=SASL_OK) return; - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0008_one_time_sasl_set_alloc.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0008_one_time_sasl_set_alloc.patch deleted file mode 100644 index e252bab568..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0008_one_time_sasl_set_alloc.patch +++ /dev/null @@ -1,67 +0,0 @@ -Author: Fabian Fagerholm -Description: Make sasl_set_alloc a one-time function. -This patch will divert all allocations to whomever called -sasl_set_alloc first, hopefully that will be the application. If -not, we sure *hope* the library doing stupid things has sane -sasl_set_alloc semantics... -It will also deny any futher tries to sasl_set_alloc after one -of the _init functions are called. -This patch was introduced and works fine in SASL 1.5, and no -applications started behaving in insane ways, so chances are it -will also work with SASL 2.1 -Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139568 -Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=274087 -Reference: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2525 ---- trunk.orig/lib/client.c -+++ trunk/lib/client.c -@@ -202,6 +202,9 @@ - { NULL, NULL } - }; - -+ /* lock allocation type */ -+ _sasl_allocation_locked++; -+ - if(_sasl_client_active) { - /* We're already active, just increase our refcount */ - /* xxx do something with the callback structure? */ ---- trunk.orig/lib/common.c -+++ trunk/lib/common.c -@@ -107,6 +107,7 @@ - (sasl_realloc_t *) &realloc, - (sasl_free_t *) &free - }; -+int _sasl_allocation_locked = 0; - - #define SASL_ENCODEV_EXTRA 4096 - -@@ -637,6 +638,8 @@ - sasl_realloc_t *r, - sasl_free_t *f) - { -+ if (_sasl_allocation_locked++) return; -+ - _sasl_allocation_utils.malloc=m; - _sasl_allocation_utils.calloc=c; - _sasl_allocation_utils.realloc=r; ---- trunk.orig/lib/saslint.h -+++ trunk/lib/saslint.h -@@ -300,6 +300,7 @@ - - extern sasl_allocation_utils_t _sasl_allocation_utils; - extern sasl_mutex_utils_t _sasl_mutex_utils; -+extern int _sasl_allocation_locked; - - /* - * checkpw.c ---- trunk.orig/lib/server.c -+++ trunk/lib/server.c -@@ -698,6 +698,9 @@ - { NULL, NULL } - }; - -+ /* lock allocation type */ -+ _sasl_allocation_locked++; -+ - /* we require the appname (if present) to be short enough to be a path */ - if (appname != NULL && strlen(appname) >= PATH_MAX) - return SASL_BADPARAM; diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0010_maintainer_mode.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0010_maintainer_mode.patch deleted file mode 100644 index 14d4456494..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0010_maintainer_mode.patch +++ /dev/null @@ -1,13 +0,0 @@ -Author: Fabian Fagerholm -Description: Enable maintainer mode to avoid auto* problems. ---- trunk.orig/configure.in -+++ trunk/configure.in -@@ -62,6 +62,8 @@ - AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.23) - CMU_INIT_AUTOMAKE - -+AM_MAINTAINER_MODE -+ - # and include our config dir scripts - ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config" - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch deleted file mode 100644 index e9b92a40d8..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch +++ /dev/null @@ -1,12 +0,0 @@ -Author: Fabian Fagerholm -Description: Enable libtool use. ---- trunk.orig/saslauthd/configure.in -+++ trunk/saslauthd/configure.in -@@ -25,6 +25,7 @@ - AC_PROG_MAKE_SET - AC_PROG_LN_S - AC_PROG_INSTALL -+AC_PROG_LIBTOOL - - dnl Checks for build foo - CMU_C___ATTRIBUTE__ diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0012_xopen_crypt_prototype.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0012_xopen_crypt_prototype.patch deleted file mode 100644 index d9daad7d89..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0012_xopen_crypt_prototype.patch +++ /dev/null @@ -1,15 +0,0 @@ -Author: Dann Frazier -Description: When _XOPEN_SOURCE is defined, the subsequent #include -will define a correct function prototype for the crypt function. This avoids -segfaults on architectures where the size of a pointer is greater than the size -of an integer (ia64 and amd64 are examples). This may be detected by looking -for build log lines such as the following: -auth_shadow.c:183: warning: implicit declaration of function ‘crypt’ -auth_shadow.c:183: warning: cast to pointer from integer of different size ---- trunk.orig/saslauthd/auth_shadow.c -+++ trunk/saslauthd/auth_shadow.c -@@ -1,3 +1,4 @@ -+#define _XOPEN_SOURCE - #define PWBUFSZ 256 /***SWB***/ - - /* MODULE: auth_shadow */ diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0016_pid_file_lock_creation_mask.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0016_pid_file_lock_creation_mask.patch deleted file mode 100644 index a80ca06396..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0016_pid_file_lock_creation_mask.patch +++ /dev/null @@ -1,24 +0,0 @@ -Author: Sam Hocevar -Description: pid_file_lock is created with a mask of 644 instead of 0644. This -patch fixes this octal/decimal confusion as well as the (harmless) one in the -previous umask() call. ---- trunk.orig/saslauthd/saslauthd-main.c -+++ trunk/saslauthd/saslauthd-main.c -@@ -276,7 +276,7 @@ - exit(1); - } - -- umask(077); -+ umask(0077); - - pid_file_size = strlen(run_path) + sizeof(PID_FILE_LOCK) + 1; - if ((pid_file_lock = malloc(pid_file_size)) == NULL) { -@@ -287,7 +287,7 @@ - strlcpy(pid_file_lock, run_path, pid_file_size); - strlcat(pid_file_lock, PID_FILE_LOCK, pid_file_size); - -- if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 644)) < 0) { -+ if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 0644)) < 0) { - rc = errno; - logger(L_ERR, L_FUNC, "could not open pid lock file: %s", pid_file_lock); - logger(L_ERR, L_FUNC, "open: %s", strerror(rc)); diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0026_drop_krb5support_dependency.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0026_drop_krb5support_dependency.patch deleted file mode 100644 index 4df6a5aba4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0026_drop_krb5support_dependency.patch +++ /dev/null @@ -1,38 +0,0 @@ -Author: Roberto C. Sanchez -Description: Drop gratuitous dependency on krb5support ---- trunk.orig/aclocal.m4 -+++ trunk/aclocal.m4 -@@ -2924,9 +2924,6 @@ - fi - - if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then -- # check for libkrb5support first -- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET}) -- - gss_failed=0 - AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1, - ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET}) ---- trunk.orig/cmulocal/sasl2.m4 -+++ trunk/cmulocal/sasl2.m4 -@@ -110,9 +110,6 @@ - fi - - if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then -- # check for libkrb5support first -- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET}) -- - gss_failed=0 - AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1, - ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET}) ---- trunk.orig/saslauthd/aclocal.m4 -+++ trunk/saslauthd/aclocal.m4 -@@ -1333,9 +1333,6 @@ - fi - - if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then -- # check for libkrb5support first -- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET}) -- - gss_failed=0 - AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1, - ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET}) diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.17-pgsql-include.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.17-pgsql-include.patch deleted file mode 100644 index 0ee7236d4a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.17-pgsql-include.patch +++ /dev/null @@ -1,15 +0,0 @@ -Fix include path for newer PostgreSQL versions - ---- configure.in -+++ configure.in -@@ -674,7 +674,9 @@ - LIB_PGSQL_DIR=$LIB_PGSQL - LIB_PGSQL="$LIB_PGSQL -lpq" - -- if test -d ${with_pgsql}/include/pgsql; then -+ if test -d ${with_pgsql}/include/postgresql/pgsql; then -+ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql/pgsql" -+ elif test -d ${with_pgsql}/include/pgsql; then - CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql" - elif test -d ${with_pgsql}/pgsql/include; then - CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include" diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.19-checkpw.c.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.19-checkpw.c.patch deleted file mode 100644 index 1779babaa7..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.19-checkpw.c.patch +++ /dev/null @@ -1,172 +0,0 @@ -Support for crypted passwords - -http://bugs.gentoo.org/45181 - ---- cyrus-sasl-2.1.19/lib/Makefile.in -+++ cyrus-sasl-2.1.19/lib/Makefile.in -@@ -120,7 +120,7 @@ - JAVA_TRUE = @JAVA_TRUE@ - LDFLAGS = @LDFLAGS@ - LIBOBJS = @LIBOBJS@ --LIBS = @LIBS@ -+LIBS = -lcrypt @LIBS@ - LIBTOOL = @LIBTOOL@ - LIB_CRYPT = @LIB_CRYPT@ - LIB_DES = @LIB_DES@ ---- cyrus-sasl-2.1.19/lib/checkpw.c -+++ cyrus-sasl-2.1.19/lib/checkpw.c -@@ -94,6 +94,23 @@ - # endif - #endif - -+/****************************** -+ * crypt(3) patch start * -+ ******************************/ -+char *crypt(const char *key, const char *salt); -+ -+/* cleartext password formats */ -+#define PASSWORD_FORMAT_CLEARTEXT 1 -+#define PASSWORD_FORMAT_CRYPT 2 -+#define PASSWORD_FORMAT_CRYPTTRAD 3 -+#define PASSWORD_SALT_BUF_LEN 22 -+ -+/* weeds out crypt(3) password's salt */ -+int _sasl_get_salt (char *dest, char *src, int format); -+ -+/****************************** -+ * crypt(3) patch stop * -+ ******************************/ - - /* we store the following secret to check plaintext passwords: - * -@@ -143,7 +160,51 @@ - "*cmusaslsecretPLAIN", - NULL }; - struct propval auxprop_values[3]; -- -+ -+ /****************************** -+ * crypt(3) patch start * -+ * for password format check * -+ ******************************/ -+ sasl_getopt_t *getopt; -+ void *context; -+ const char *p = NULL; -+ /** -+ * MD5: 12 char salt -+ * BLOWFISH: 16 char salt -+ */ -+ char salt[PASSWORD_SALT_BUF_LEN]; -+ int password_format; -+ -+ /* get password format from auxprop configuration */ -+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { -+ getopt(context, NULL, "password_format", &p, NULL); -+ } -+ -+ /* set password format */ -+ if (p) { -+ /* -+ memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN); -+ strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1)); -+ */ -+ /* modern, modular crypt(3) */ -+ if (strncmp(p, "crypt", 11) == 0) -+ password_format = PASSWORD_FORMAT_CRYPT; -+ /* traditional crypt(3) */ -+ else if (strncmp(p, "crypt_trad", 11) == 0) -+ password_format = PASSWORD_FORMAT_CRYPTTRAD; -+ /* cleartext password */ -+ else -+ password_format = PASSWORD_FORMAT_CLEARTEXT; -+ } else { -+ /* cleartext password */ -+ password_format = PASSWORD_FORMAT_CLEARTEXT; -+ } -+ -+ /****************************** -+ * crypt(3) patch stop * -+ * for password format check * -+ ******************************/ -+ - if (!conn || !userstr) - return SASL_BADPARAM; - -@@ -180,14 +241,31 @@ - goto done; - } - -- /* At the point this has been called, the username has been canonified -- * and we've done the auxprop lookup. This should be easy. */ -- if(auxprop_values[0].name -- && auxprop_values[0].values -- && auxprop_values[0].values[0] -- && !strcmp(auxprop_values[0].values[0], passwd)) { -- /* We have a plaintext version and it matched! */ -- return SASL_OK; -+ -+ /****************************** -+ * crypt(3) patch start * -+ ******************************/ -+ -+ /* get salt */ -+ _sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format); -+ -+ /* crypt(3)-ed password? */ -+ if (password_format != PASSWORD_FORMAT_CLEARTEXT) { -+ /* compare password */ -+ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0) -+ return SASL_OK; -+ else -+ ret = SASL_BADAUTH; -+ } -+ else if (password_format == PASSWORD_FORMAT_CLEARTEXT) { -+ /* compare passwords */ -+ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0) -+ return SASL_OK; -+ else -+ ret = SASL_BADAUTH; -+ /****************************** -+ * crypt(3) patch stop * -+ ******************************/ - } else if(auxprop_values[1].name - && auxprop_values[1].values - && auxprop_values[1].values[0]) { -@@ -975,3 +1053,37 @@ - #endif - { NULL, NULL } - }; -+ -+/* weeds out crypt(3) password's salt */ -+int _sasl_get_salt (char *dest, char *src, int format) { -+ int num; /* how many characters is salt long? */ -+ switch (format) { -+ case PASSWORD_FORMAT_CRYPT: -+ /* md5 crypt */ -+ if (src[1] == '1') -+ num = 12; -+ /* blowfish crypt */ -+ else if (src[1] == '2') -+ num = (src[1] == '2' && src[2] == 'a') ? 17 : 16; -+ /* traditional crypt */ -+ else -+ num = 2; -+ break; -+ -+ case PASSWORD_FORMAT_CRYPTTRAD: -+ num = 2; -+ break; -+ -+ default: -+ return 1; -+ } -+ -+ /* destroy destination */ -+ memset(dest, '\0', (num + 1)); -+ -+ /* copy salt to destination */ -+ strncpy(dest, src, num); -+ -+ return 1; -+} -+ diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.21-keytab.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.21-keytab.patch deleted file mode 100644 index 2bbacaa64b..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.21-keytab.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -u -r cyrus-sasl-2.1.21-orig/cmulocal/sasl2.m4 cyrus-sasl-2.1.21/cmulocal/sasl2.m4 ---- cyrus-sasl-2.1.21-orig/cmulocal/sasl2.m4 2006-08-01 08:29:59.000000000 +0200 -+++ cyrus-sasl-2.1.21/cmulocal/sasl2.m4 2006-08-01 08:31:32.000000000 +0200 -@@ -257,7 +257,21 @@ - - cmu_save_LIBS="$LIBS" - LIBS="$LIBS $GSSAPIBASE_LIBS" -- AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) -+ dnl AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) -+ AC_CHECK_HEADER(gssapi/gssapi_krb5.h, AC_DEFINE(HAVE_GSSAPI_GSSAPI_KRB5_H,,[Define if you have the gssapi/gssapi_krb5.h header file])) -+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[ -+#ifdef HAVE_GSSAPI_H -+#include -+#else -+#include -+#endif -+#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H -+#include -+#endif -+]],[[gsskrb5_register_acceptor_identity("");]]) -+],[AC_DEFINE(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY,, -+ [Define if your GSSAPI implimentation defines GSSKRB5_REGISTER_ACCEPTOR_IDENTITY]) -+]) - LIBS="$cmu_save_LIBS" - else - AC_MSG_RESULT([disabled]) -diff -u -r cyrus-sasl-2.1.21-orig/plugins/gssapi.c cyrus-sasl-2.1.21/plugins/gssapi.c ---- cyrus-sasl-2.1.21-orig/plugins/gssapi.c 2004-07-21 16:39:06.000000000 +0200 -+++ cyrus-sasl-2.1.21/plugins/gssapi.c 2006-08-01 08:30:26.000000000 +0200 -@@ -50,6 +50,9 @@ - #else - #include - #endif -+#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H -+#include -+#endif - - #ifdef WIN32 - # include diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-as-needed.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-as-needed.patch deleted file mode 100644 index 1294cb5077..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-as-needed.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- saslauthd/configure.in.orig 2006-05-23 15:53:17.000000000 -0700 -+++ saslauthd/configure.in 2006-05-23 15:53:33.000000000 -0700 -@@ -77,7 +77,7 @@ - AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support]) - SASL_DB_PATH_CHECK() - SASL_DB_CHECK() -- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al" -+ SASL_DB_LIB="../sasldb/.libs/libsasldb.a $SASL_DB_LIB" - fi - - AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ], diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-crypt.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-crypt.patch deleted file mode 100644 index fd356327b4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-crypt.patch +++ /dev/null @@ -1,71 +0,0 @@ -http://bugs.gentoo.org/152544 - ---- cyrus-sasl-2.1.22/lib/Makefile.am -+++ cyrus-sasl-2.1.22/lib/Makefile.am -@@ -45,6 +45,7 @@ sasl_version = 2:22:0 - - INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb - -+AM_CFLAGS = -fPIC - EXTRA_DIST = windlopen.c staticopen.h NTMakefile - EXTRA_LIBRARIES = libsasl2.a - noinst_LIBRARIES = @SASL_STATIC_LIBS@ ---- cyrus-sasl-2.1.22/plugins/Makefile.am -+++ cyrus-sasl-2.1.22/plugins/Makefile.am -@@ -63,6 +63,7 @@ srp_version = 2:22:0 - - INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include - AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -+AM_CFLAGS = -fPIC - - COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@ - ---- cyrus-sasl-2.1.22/sasldb/Makefile.am -+++ cyrus-sasl-2.1.22/sasldb/Makefile.am -@@ -48,6 +48,7 @@ INCLUDES=-I$(top_srcdir)/include -I$(top - - extra_common_sources = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c - -+AM_CFLAGS = -fPIC - EXTRA_DIST = NTMakefile - - noinst_LTLIBRARIES = libsasldb.la ---- cyrus-sasl-2.1.22/utils/Makefile.am -+++ cyrus-sasl-2.1.22/utils/Makefile.am -@@ -42,7 +42,7 @@ - # - ################################################################ - --all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) -+all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) $(LIB_CRYPT) - all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) - - sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer ---- cyrus-sasl-2.1.22/sample/Makefile.am -+++ cyrus-sasl-2.1.22/sample/Makefile.am -@@ -54,10 +54,10 @@ sample_server_SOURCES = sample-server.c - server_SOURCES = server.c common.c common.h - client_SOURCES = client.c common.c common.h - --server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) --client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) -+server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT) -+client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT) - --sample_client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) --sample_server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) -+sample_client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT) -+sample_server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT) - - EXTRA_DIST = NTMakefile ---- cyrus-sasl-2.1.22/lib/Makefile.am -+++ cyrus-sasl-2.1.22/lib/Makefile.am -@@ -63,7 +63,7 @@ lib_LTLIBRARIES = libsasl2.la - libsasl2_la_SOURCES = $(common_sources) $(common_headers) - libsasl2_la_LDFLAGS = -version-info $(sasl_version) - libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) --libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) -+libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(LIB_CRYPT) - - if MACOSX - framedir = /Library/Frameworks/SASL2.framework diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-gcc44.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-gcc44.patch deleted file mode 100644 index e2621278ba..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-gcc44.patch +++ /dev/null @@ -1,24 +0,0 @@ -fix warnings with gcc-4.4 - -http://bugs.gentoo.org/248738 - ---- cyrus-sasl-2.1.22/plugins/digestmd5.c -+++ cyrus-sasl-2.1.22/plugins/digestmd5.c -@@ -2715,7 +2715,7 @@ static sasl_server_plug_t digestmd5_serv - "DIGEST-MD5", /* mech_name */ - #ifdef WITH_RC4 - 128, /* max_ssf */ --#elif WITH_DES -+#elif defined(WITH_DES) - 112, - #else - 1, -@@ -4034,7 +4034,7 @@ static sasl_client_plug_t digestmd5_clie - "DIGEST-MD5", - #ifdef WITH_RC4 /* mech_name */ - 128, /* max ssf */ --#elif WITH_DES -+#elif defined(WITH_DES) - 112, - #else - 1, diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-qa.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-qa.patch deleted file mode 100644 index 4f7b04f135..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-qa.patch +++ /dev/null @@ -1,22 +0,0 @@ -fix missing prototype warnings - ---- cyrus-sasl-2.1.22/lib/auxprop.c -+++ cyrus-sasl-2.1.22/lib/auxprop.c -@@ -43,6 +43,7 @@ - */ - - #include -+#include - #include - #include - #include ---- cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c -+++ cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c -@@ -24,6 +24,7 @@ OF OR IN CONNECTION WITH THE USE OR PERF - ******************************************************************/ - - #include -+#include - - extern char *crypt(); - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23+db-5.0.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23+db-5.0.patch deleted file mode 100644 index 10be0202ee..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23+db-5.0.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- sasldb/db_berkeley.c.orig 2010-10-04 21:11:15.044010468 -0400 -+++ sasldb/db_berkeley.c 2010-10-04 21:12:18.921998718 -0400 -@@ -100,7 +100,7 @@ - ret = db_create(mbdb, NULL, 0); - if (ret == 0 && *mbdb != NULL) - { --#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1 -+#if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5 - ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, flags, 0660); - #else - ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, flags, 0660); - ---- utils/dbconverter-2.c.orig 2010-10-04 21:23:39.778000256 -0400 -+++ utils/dbconverter-2.c 2010-10-04 21:24:50.384999893 -0400 -@@ -214,7 +214,7 @@ - ret = db_create(mbdb, NULL, 0); - if (ret == 0 && *mbdb != NULL) - { --#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1 -+#if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5 - ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, DB_CREATE, 0664); - #else - ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, DB_CREATE, 0664); diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-CVE-2013-4122.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-CVE-2013-4122.patch deleted file mode 100644 index 460953bf01..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-CVE-2013-4122.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 0626e86d2e1d0be63a56918371a15d98cfad19d1 Mon Sep 17 00:00:00 2001 -From: mancha -Date: Tue, 9 Jul 2013 -Subject: Handle NULL returns from glibc 2.17+ crypt(). - -Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL -(w/ NULL return) if the salt violates specifications. Additionally, -on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords -passed to crypt() fail with EPERM (w/ NULL return). - -When using glibc's crypt(), check return value to avoid a possible -NULL pointer dereference. ---- - pwcheck/pwcheck_getpwnam.c | 3 ++- - pwcheck/pwcheck_getspnam.c | 3 ++- - saslauthd/auth_getpwent.c | 3 ++- - saslauthd/auth_shadow.c | 7 ++----- - 4 files changed, 8 insertions(+), 8 deletions(-) - ---- a/pwcheck/pwcheck_getpwnam.c -+++ b/pwcheck/pwcheck_getpwnam.c -@@ -32,6 +32,7 @@ extern char *crypt(); - char *password; - { - char* r; -+ char* crpt_passwd; - struct passwd *pwd; - - pwd = getpwnam(userid); -@@ -41,7 +42,7 @@ char *password; - else if (pwd->pw_passwd[0] == '*') { - r = "Account disabled"; - } -- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) { -+ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) { - r = "Incorrect password"; - } - else { ---- a/saslauthd/auth_getpwent.c -+++ b/saslauthd/auth_getpwent.c -@@ -70,6 +70,7 @@ auth_getpwent ( - { - /* VARIABLES */ - struct passwd *pw; /* pointer to passwd file entry */ -+ char *crpt_passwd; /* encrypted password */ - /* END VARIABLES */ - - pw = getpwnam(login); -@@ -79,7 +80,7 @@ auth_getpwent ( - RETURN("NO"); - } - -- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) { -+ if (!(crpt_passwd = crypt(password, pw->pw_passwd)) || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) { - RETURN("NO"); - } - ---- a/saslauthd/auth_shadow.c -+++ b/saslauthd/auth_shadow.c -@@ -180,16 +180,13 @@ auth_shadow ( - * not returning any information about a login until we have validated - * the password. - */ -- cpw = strdup((const char *)crypt(password, sp->sp_pwdp)); -- if (strcmp(sp->sp_pwdp, cpw)) { -+ if (!(cpw = crypt(password, sp->sp_pwdp)) || strcmp(sp->sp_pwdp, (const char *)cpw)) { - if (flags & VERBOSE) { - syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'", - sp->sp_pwdp, cpw); - } -- free(cpw); - RETURN("NO"); - } -- free(cpw); - - /* - * The following fields will be set to -1 if: -@@ -251,7 +250,7 @@ auth_shadow ( - RETURN("NO"); - } - -- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) { -+ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) { - if (flags & VERBOSE) { - syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s", - password, upw->upw_passwd); ---- a/pwcheck/pwcheck_getspnam.c 2013-07-14 08:05:00.000000000 +0000 -+++ b/pwcheck/pwcheck_getspnam.c 2013-07-14 08:06:10.958815179 +0000 -@@ -32,13 +33,14 @@ - char *password; - { - struct spwd *pwd; -+ char *crpt_passwd; - - pwd = getspnam(userid); - if (!pwd) { - return "Userid not found"; - } - -- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) { -+ if (!(crpt_passwd = crypt(password, pwd->sp_pwdp)) || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) { - return "Incorrect password"; - } - else { diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-authd-fix.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-authd-fix.patch deleted file mode 100644 index f5f372d171..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-authd-fix.patch +++ /dev/null @@ -1,28 +0,0 @@ -fix warnings: - -auth_sasldb.c: In function ‘auth_sasldb’: -auth_sasldb.c:144: warning: implicit declaration of function ‘gethostname’ - -auth_sasldb.c:153: warning: passing argument 8 of ‘_sasldb_getdata’ from incompatible pointer type -../sasldb/sasldb.h:60: note: expected ‘size_t *’ but argument is of type ‘int *’ - ---- saslauthd/auth_sasldb.c -+++ saslauthd/auth_sasldb.c -@@ -41,6 +41,7 @@ - #include - #include - #include -+#include - /* END PUBLIC DEPENDENCIES */ - - #define RETURN(x) return strdup(x) -@@ -131,7 +132,8 @@ - /* VARIABLES */ - char pw[1024]; /* pointer to passwd file entry */ - sasl_utils_t utils; -- int ret, outsize; -+ int ret; -+ size_t outsize; - const char *use_realm; - char realm_buf[MAXHOSTNAMELEN]; - /* END VARIABLES */ diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-rimap-loop.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-rimap-loop.patch deleted file mode 100644 index 5574072d0e..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-rimap-loop.patch +++ /dev/null @@ -1,28 +0,0 @@ ---- a/saslauthd/auth_rimap.c 2011-09-01 14:19:54.754622284 +0100 -+++ b/saslauthd/auth_rimap.c 2011-09-01 14:19:59.410561033 +0100 -@@ -162,6 +162,7 @@ - num_quotes = 0; - p1 = s; - while ((p1 = strchr(p1, '"')) != NULL) { -+ p1++; - num_quotes++; - } - -@@ -438,7 +439,7 @@ - syslog(LOG_WARNING, "auth_rimap: writev: %m"); - memset(qlogin, 0, strlen(qlogin)); - free(qlogin); -- memset(qpass, 0, strlen(qlogin)); -+ memset(qpass, 0, strlen(qpass)); - free(qpass); - (void)close(s); - return strdup(RESP_IERROR); -@@ -447,7 +448,7 @@ - /* don't need these any longer */ - memset(qlogin, 0, strlen(qlogin)); - free(qlogin); -- memset(qpass, 0, strlen(qlogin)); -+ memset(qpass, 0, strlen(qpass)); - free(qpass); - - /* read and parse the LOGIN response */ diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch deleted file mode 100644 index 67b48b4a49..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch +++ /dev/null @@ -1,27 +0,0 @@ -Author: Matthias Klose -Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use -it. ---- a/saslauthd/Makefile.am -+++ b/saslauthd/Makefile.am -@@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c - saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@ - saslauthd_LDADD = @SASL_KRB_LIB@ \ - @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \ -- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ -+ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ - - testsaslauthd_SOURCES = testsaslauthd.c utils.c - testsaslauthd_LDADD = @LIB_SOCKET@ ---- a/sasldb/Makefile.am -+++ b/sasldb/Makefile.am -@@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a - - libsasldb_la_SOURCES = allockey.c sasldb.h - EXTRA_libsasldb_la_SOURCES = $(extra_common_sources) --libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) --libsasldb_la_LIBADD = $(SASL_DB_BACKEND) -+libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB) -+libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB) - - # Prevent make dist stupidity - libsasldb_a_SOURCES = diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch deleted file mode 100644 index 5837921d4f..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch +++ /dev/null @@ -1,114 +0,0 @@ ---- a/configure.in -+++ b/configure.in -@@ -44,6 +44,8 @@ dnl - AC_INIT(lib/saslint.h) - AC_PREREQ([2.54]) - -+AC_CONFIG_MACRO_DIR([cmulocal] [config]) -+ - dnl use ./config.cache as the default cache file. - dnl we require a cache file to successfully configure our build. - if test $cache_file = "/dev/null"; then ---- a/Makefile.am -+++ b/Makefile.am -@@ -43,6 +43,8 @@ AUTOMAKE_OPTIONS = 1.7 - # - ################################################################ - -+ACLOCAL_AMFLAGS = -I cmulocal -I config -+ - if SASLAUTHD - SAD = saslauthd - else ---- a/saslauthd/configure.in -+++ b/saslauthd/configure.in -@@ -1,7 +1,8 @@ - AC_INIT(mechanisms.h) - AC_PREREQ([2.54]) - --AC_CONFIG_AUX_DIR(config) -+AC_CONFIG_MACRO_DIR([../cmulocal] [../config]) -+AC_CONFIG_AUX_DIR([config]) - AC_CANONICAL_HOST - - dnl Should we enable SASLAUTHd at all? -@@ -164,30 +165,30 @@ AC_SUBST(LTLIBOBJS) - - dnl Checks for which function macros exist - AC_MSG_CHECKING(whether $CC implements __func__) --AC_CACHE_VAL(have_func, -+AC_CACHE_VAL(_cv_have_func, - [AC_TRY_LINK([#include ],[printf("%s", __func__);], --have_func=yes, --have_func=no)]) --AC_MSG_RESULT($have_func) --if test "$have_func" = yes; then -+_cv_have_func=yes, -+_cv_have_func=no)]) -+AC_MSG_RESULT($_cv_have_func) -+if test "$_cv_have_func" = yes; then - AC_DEFINE(HAVE_FUNC,[],[Does the compiler understand __func__]) - else - AC_MSG_CHECKING(whether $CC implements __PRETTY_FUNCTION__) -- AC_CACHE_VAL(have_pretty_function, -+ AC_CACHE_VAL(_cv_have_pretty_function, - [AC_TRY_LINK([#include ],[printf("%s", __PRETTY_FUNCTION__);], -- have_pretty_function=yes, -- have_pretty_function=no)]) -- AC_MSG_RESULT($have_pretty_function) -- if test "$have_pretty_function" = yes; then -+ _cv_have_pretty_function=yes, -+ _cv_have_pretty_function=no)]) -+ AC_MSG_RESULT($_cv_have_pretty_function) -+ if test "$_cv_have_pretty_function" = yes; then - AC_DEFINE(HAVE_PRETTY_FUNCTION,[],[Does compiler understand __PRETTY_FUNCTION__]) - else - AC_MSG_CHECKING(whether $CC implements __FUNCTION__) -- AC_CACHE_VAL(have_function, -+ AC_CACHE_VAL(_cv_have_function, - [AC_TRY_LINK([#include ],[printf("%s", __FUNCTION__);], -- have_function=yes, -- have_function=no)]) -- AC_MSG_RESULT($have_function) -- if test "$have_function" = yes; then -+ _cv_have_function=yes, -+ _cv_have_function=no)]) -+ AC_MSG_RESULT($_cv_have_function) -+ if test "$_cv_have_function" = yes; then - AC_DEFINE(HAVE_FUNCTION,[],[Does compiler understand __FUNCTION__]) - fi - fi ---- a/saslauthd/Makefile.am -+++ b/saslauthd/Makefile.am -@@ -1,4 +1,6 @@ - AUTOMAKE_OPTIONS = 1.7 -+ACLOCAL_AMFLAGS = -I ../cmulocal -I ../config -+ - sbin_PROGRAMS = saslauthd testsaslauthd - EXTRA_PROGRAMS = saslcache - ---- a/config/kerberos_v4.m4 -+++ b/config/kerberos_v4.m4 -@@ -89,18 +89,18 @@ AC_DEFUN([SASL_KERBEROS_V4_CHK], [ - dnl if we were ambitious, we would look more aggressively for the - dnl krb4 install - if test -d ${krb4}; then -- AC_CACHE_CHECK(for Kerberos includes, cyrus_krbinclude, [ -+ AC_CACHE_CHECK(for Kerberos includes, cyrus_cv_krbinclude, [ - for krbhloc in include/kerberosIV include/kerberos include - do - if test -f ${krb4}/${krbhloc}/krb.h ; then -- cyrus_krbinclude=${krb4}/${krbhloc} -+ cyrus_cv_krbinclude=${krb4}/${krbhloc} - break - fi - done - ]) - -- if test -n "${cyrus_krbinclude}"; then -- CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}" -+ if test -n "${cyrus_cv_krbinclude}"; then -+ CPPFLAGS="$CPPFLAGS -I${cyrus_cv_krbinclude}" - fi - LDFLAGS="$LDFLAGS -L$krb4/lib" - fi diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch deleted file mode 100644 index 2e5b1750d0..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch +++ /dev/null @@ -1,27 +0,0 @@ -Author: Fabian Fagerholm -Description: This patch makes sure the non-PIC version of libsasldb.a, which -is created out of non-PIC objects, is not going to overwrite the PIC version, -which is created out of PIC objects. The PIC version is placed in .libs, and -the non-PIC version in the current directory. This ensures that both non-PIC -and PIC versions are available in the correct locations. ---- a/lib/Makefile.am -+++ b/lib/Makefile.am -@@ -78,7 +78,7 @@ endif - - libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) - @echo adding static plugins and dependencies -- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) -+ $(AR) cru $@ $(SASL_STATIC_OBJS) - @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ - if test ! -f $$i; then continue; fi; . $$i; \ - for j in $$dependency_libs foo; do \ ---- a/sasldb/Makefile.am -+++ b/sasldb/Makefile.am -@@ -63,6 +63,6 @@ libsasldb_a_SOURCES = - EXTRA_libsasldb_a_SOURCES = - - libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC) -- $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC) -+ $(AR) cru $@ $(SASL_DB_BACKEND_STATIC) - - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch deleted file mode 100644 index abf0df2568..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch +++ /dev/null @@ -1,27 +0,0 @@ -Fix compiling against heimdal - ---- sample/server.c 2010-12-01 14:52:55.000000000 +0000 -+++ sample/server.c 2011-11-30 14:54:42.000000000 +0000 -@@ -85,8 +85,10 @@ - - #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE - #include -+#ifndef KRB5_HEIMDAL - #include - #endif -+#endif - - #include "common.h" - ---- plugins/gssapi.c 2011-05-11 19:25:55.000000000 +0000 -+++ plugins/gssapi.c 2011-11-30 14:54:33.000000000 +0000 -@@ -50,6 +50,9 @@ - #else - #include - #endif -+#ifdef KRB5_HEIMDAL -+#include -+#endif - - #ifdef WIN32 - # include diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch deleted file mode 100644 index 597d45a767..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- pwcheck/pwcheck_getspnam.c 1999-08-26 19:22:44.000000000 +0300 -+++ pwcheck/pwcheck_getspnam.c 2011-11-30 13:22:24.601023316 +0200 -@@ -24,6 +24,7 @@ - ******************************************************************/ - - #include -+#include - - extern char *crypt(); - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch deleted file mode 100644 index da1a49f1dd..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch +++ /dev/null @@ -1,12 +0,0 @@ -Author: Fabian Fagerholm -Description: Enable libtool use. ---- a/saslauthd/configure.in -+++ b/saslauthd/configure.in -@@ -25,6 +25,7 @@ AC_PROG_AWK - AC_PROG_MAKE_SET - AC_PROG_LN_S - AC_PROG_INSTALL -+AC_PROG_LIBTOOL - - dnl Checks for build foo - CMU_C___ATTRIBUTE__ diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch deleted file mode 100644 index 8eff5a8bdd..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch +++ /dev/null @@ -1,14 +0,0 @@ -Author: Fabian Fagerholm -Description: Fix linking with libsasldb.a when saslauthd is built with sasldb -support. ---- a/saslauthd/configure.in -+++ b/saslauthd/configure.in -@@ -77,7 +77,7 @@ if test "$authsasldb" != no; then - AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support]) - SASL_DB_PATH_CHECK() - SASL_DB_CHECK() -- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al" -+ SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.a" - fi - - AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ], diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch deleted file mode 100644 index 117e8eb888..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch +++ /dev/null @@ -1,27 +0,0 @@ -Bug #445932 ---- cmulocal/sasl2.m4 2011-09-02 12:58:00.000000000 +0000 -+++ cmulocal/sasl2.m4 2012-12-05 08:37:16.425811319 +0000 -@@ -268,7 +268,11 @@ - - cmu_save_LIBS="$LIBS" - LIBS="$LIBS $GSSAPIBASE_LIBS" -- AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) -+ AC_CHECK_FUNCS([gsskrb5_register_acceptor_identity], [], -+ [AC_CHECK_FUNCS([krb5_gss_register_acceptor_identity], -+ [AC_CHECK_HEADERS([gssapi/gssapi_krb5.h], -+ [AC_DEFINE([HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY], [1])] -+ )])]) - AC_CHECK_FUNCS(gss_decapsulate_token) - AC_CHECK_FUNCS(gss_encapsulate_token) - AC_CHECK_FUNCS(gss_oid_equal) ---- plugins/gssapi.c 2012-12-05 09:03:31.000220161 +0000 -+++ plugins/gssapi.c 2012-12-05 09:01:55.043380204 +0000 -@@ -50,7 +50,7 @@ - #else - #include - #endif --#ifdef KRB5_HEIMDAL -+#if defined (KRB5_HEIMDAL) || defined (HAVE_GSSAPI_GSSAPI_KRB5_H) - #include - #endif - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch deleted file mode 100644 index 09c9ce86c9..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch +++ /dev/null @@ -1,116 +0,0 @@ -From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001 -From: mancha -Date: Thu, 11 Jul 2013 09:08:07 +0000 -Subject: Handle NULL returns from glibc 2.17+ crypt() - -Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL -(w/ NULL return) if the salt violates specifications. Additionally, -on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords -passed to crypt() fail with EPERM (w/ NULL return). - -When using glibc's crypt(), check return value to avoid a possible -NULL pointer dereference. - -Patch by mancha1@hush.com. ---- -diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c -index 4b34222..400289c 100644 ---- a/pwcheck/pwcheck_getpwnam.c -+++ b/pwcheck/pwcheck_getpwnam.c -@@ -32,6 +32,7 @@ char *userid; - char *password; - { - char* r; -+ char* crpt_passwd; - struct passwd *pwd; - - pwd = getpwnam(userid); -@@ -41,7 +42,7 @@ char *password; - else if (pwd->pw_passwd[0] == '*') { - r = "Account disabled"; - } -- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) { -+ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) { - r = "Incorrect password"; - } - else { -diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c -index 2b11286..6d607bb 100644 ---- a/pwcheck/pwcheck_getspnam.c -+++ b/pwcheck/pwcheck_getspnam.c -@@ -32,13 +32,15 @@ char *userid; - char *password; - { - struct spwd *pwd; -+ char *crpt_passwd; - - pwd = getspnam(userid); - if (!pwd) { - return "Userid not found"; - } - -- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) { -+ crpt_passwd = crypt(password, pwd->sp_pwdp); -+ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) { - return "Incorrect password"; - } - else { -diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c -index fc8029d..d4ebe54 100644 ---- a/saslauthd/auth_getpwent.c -+++ b/saslauthd/auth_getpwent.c -@@ -77,6 +77,7 @@ auth_getpwent ( - { - /* VARIABLES */ - struct passwd *pw; /* pointer to passwd file entry */ -+ char *crpt_passwd; /* encrypted password */ - int errnum; - /* END VARIABLES */ - -@@ -105,7 +106,8 @@ auth_getpwent ( - } - } - -- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) { -+ crpt_passwd = crypt(password, pw->pw_passwd); -+ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) { - if (flags & VERBOSE) { - syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login); - } -diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c -index 677131b..1988afd 100644 ---- a/saslauthd/auth_shadow.c -+++ b/saslauthd/auth_shadow.c -@@ -210,8 +210,8 @@ auth_shadow ( - RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)"); - } - -- cpw = strdup((const char *)crypt(password, sp->sp_pwdp)); -- if (strcmp(sp->sp_pwdp, cpw)) { -+ cpw = crypt(password, sp->sp_pwdp); -+ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) { - if (flags & VERBOSE) { - /* - * This _should_ reveal the SHADOW_PW_LOCKED prefix to an -@@ -221,10 +221,8 @@ auth_shadow ( - syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'", - sp->sp_pwdp, cpw); - } -- free(cpw); - RETURN("NO Incorrect password"); - } -- free(cpw); - - /* - * The following fields will be set to -1 if: -@@ -286,7 +284,7 @@ auth_shadow ( - RETURN("NO Invalid username"); - } - -- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) { -+ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) { - if (flags & VERBOSE) { - syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s", - password, upw->upw_passwd); --- -cgit v0.9.0.2 diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch deleted file mode 100644 index af382181e0..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- cyrus-sasl2.orig/plugins/ldapdb.c -+++ cyrus-sasl2/plugins/ldapdb.c -@@ -406,6 +406,7 @@ ldapdb_canon_server(void *glob_context, - if ( len > out_max ) - len = out_max; - memcpy(out, bvals[0]->bv_val, len); -+ out[len] = '\0'; - *out_ulen = len; - ber_bvecfree(bvals); - } diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix-cross-compiling-again.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix-cross-compiling-again.patch deleted file mode 100644 index 019a4f205c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix-cross-compiling-again.patch +++ /dev/null @@ -1,186 +0,0 @@ -From c34ae6a35909e4ec50b4614628a598ae935c71c4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Thu, 19 Nov 2015 19:40:52 +0100 -Subject: [PATCH] Use AX_PROG_CC_FOR_BUILD for build generators - -This allows to call makemd5 in cross-compiled environments. ---- - configure.ac | 1 + - include/Makefile.am | 15 ++++-- - m4/ax_prog_cc_for_build.m4 | 125 +++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 138 insertions(+), 3 deletions(-) - create mode 100644 m4/ax_prog_cc_for_build.m4 - -diff --git a/configure.ac b/configure.ac -index 429189e..2abcc61 100644 ---- a/configure.in -+++ b/configure.in -@@ -93,6 +93,7 @@ AC_ARG_ENABLE(obsolete_cram_attr, - enable_obsolete_cram_attr=yes) - - AC_PROG_CC -+AX_PROG_CC_FOR_BUILD - AC_PROG_CPP - AC_PROG_AWK - AC_PROG_LN_S -diff --git a/include/Makefile.am b/include/Makefile.am -index 5ea5be2..c942efa 100644 ---- a/include/Makefile.am -+++ b/include/Makefile.am -@@ -51,9 +51,15 @@ noinst_PROGRAMS = makemd5 - - makemd5_SOURCES = makemd5.c - --md5global.h: makemd5 -- -rm -f md5global.h -- ./makemd5 md5global.h -+makemd5$(BUILD_EXEEXT) $(makemd5_OBJECTS): CC=$(CC_FOR_BUILD) -+makemd5$(BUILD_EXEEXT) $(makemd5_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) -+makemd5$(BUILD_EXEEXT): LDFLAGS=$(LDFLAGS_FOR_BUILD) -+ -+md5global.h: makemd5$(BUILD_EXEEXT) Makefile -+ -rm -f $@ -+ ./$< $@ -+ -+BUILT_SOURCES = md5global.h - - EXTRA_DIST = NTMakefile - DISTCLEANFILES = md5global.h -@@ -63,3 +69,6 @@ framedir = /Library/Frameworks/SASL2.framework - frameheaderdir = $(framedir)/Versions/A/Headers - frameheader_DATA = $(saslinclude_HEADERS) - endif -+ -+# TODO: automake, don't build it -+makemd5$(EXEEXT): -diff --git a/m4/ax_prog_cc_for_build.m4 b/m4/ax_prog_cc_for_build.m4 -new file mode 100644 -index 0000000..77fd346 ---- /dev/null -+++ b/m4/ax_prog_cc_for_build.m4 -@@ -0,0 +1,125 @@ -+# =========================================================================== -+# http://www.gnu.org/software/autoconf-archive/ax_prog_cc_for_build.html -+# =========================================================================== -+# -+# SYNOPSIS -+# -+# AX_PROG_CC_FOR_BUILD -+# -+# DESCRIPTION -+# -+# This macro searches for a C compiler that generates native executables, -+# that is a C compiler that surely is not a cross-compiler. This can be -+# useful if you have to generate source code at compile-time like for -+# example GCC does. -+# -+# The macro sets the CC_FOR_BUILD and CPP_FOR_BUILD macros to anything -+# needed to compile or link (CC_FOR_BUILD) and preprocess (CPP_FOR_BUILD). -+# The value of these variables can be overridden by the user by specifying -+# a compiler with an environment variable (like you do for standard CC). -+# -+# It also sets BUILD_EXEEXT and BUILD_OBJEXT to the executable and object -+# file extensions for the build platform, and GCC_FOR_BUILD to `yes' if -+# the compiler we found is GCC. All these variables but GCC_FOR_BUILD are -+# substituted in the Makefile. -+# -+# LICENSE -+# -+# Copyright (c) 2008 Paolo Bonzini -+# -+# Copying and distribution of this file, with or without modification, are -+# permitted in any medium without royalty provided the copyright notice -+# and this notice are preserved. This file is offered as-is, without any -+# warranty. -+ -+#serial 8 -+ -+AU_ALIAS([AC_PROG_CC_FOR_BUILD], [AX_PROG_CC_FOR_BUILD]) -+AC_DEFUN([AX_PROG_CC_FOR_BUILD], [dnl -+AC_REQUIRE([AC_PROG_CC])dnl -+AC_REQUIRE([AC_PROG_CPP])dnl -+AC_REQUIRE([AC_EXEEXT])dnl -+AC_REQUIRE([AC_CANONICAL_HOST])dnl -+ -+dnl Use the standard macros, but make them use other variable names -+dnl -+pushdef([ac_cv_prog_CPP], ac_cv_build_prog_CPP)dnl -+pushdef([ac_cv_prog_gcc], ac_cv_build_prog_gcc)dnl -+pushdef([ac_cv_prog_cc_works], ac_cv_build_prog_cc_works)dnl -+pushdef([ac_cv_prog_cc_cross], ac_cv_build_prog_cc_cross)dnl -+pushdef([ac_cv_prog_cc_g], ac_cv_build_prog_cc_g)dnl -+pushdef([ac_cv_exeext], ac_cv_build_exeext)dnl -+pushdef([ac_cv_objext], ac_cv_build_objext)dnl -+pushdef([ac_exeext], ac_build_exeext)dnl -+pushdef([ac_objext], ac_build_objext)dnl -+pushdef([CC], CC_FOR_BUILD)dnl -+pushdef([CPP], CPP_FOR_BUILD)dnl -+pushdef([CFLAGS], CFLAGS_FOR_BUILD)dnl -+pushdef([CPPFLAGS], CPPFLAGS_FOR_BUILD)dnl -+pushdef([LDFLAGS], LDFLAGS_FOR_BUILD)dnl -+pushdef([host], build)dnl -+pushdef([host_alias], build_alias)dnl -+pushdef([host_cpu], build_cpu)dnl -+pushdef([host_vendor], build_vendor)dnl -+pushdef([host_os], build_os)dnl -+pushdef([ac_cv_host], ac_cv_build)dnl -+pushdef([ac_cv_host_alias], ac_cv_build_alias)dnl -+pushdef([ac_cv_host_cpu], ac_cv_build_cpu)dnl -+pushdef([ac_cv_host_vendor], ac_cv_build_vendor)dnl -+pushdef([ac_cv_host_os], ac_cv_build_os)dnl -+pushdef([ac_cpp], ac_build_cpp)dnl -+pushdef([ac_compile], ac_build_compile)dnl -+pushdef([ac_link], ac_build_link)dnl -+ -+save_cross_compiling=$cross_compiling -+save_ac_tool_prefix=$ac_tool_prefix -+cross_compiling=no -+ac_tool_prefix= -+ -+AC_PROG_CC -+AC_PROG_CPP -+AC_EXEEXT -+ -+ac_tool_prefix=$save_ac_tool_prefix -+cross_compiling=$save_cross_compiling -+ -+dnl Restore the old definitions -+dnl -+popdef([ac_link])dnl -+popdef([ac_compile])dnl -+popdef([ac_cpp])dnl -+popdef([ac_cv_host_os])dnl -+popdef([ac_cv_host_vendor])dnl -+popdef([ac_cv_host_cpu])dnl -+popdef([ac_cv_host_alias])dnl -+popdef([ac_cv_host])dnl -+popdef([host_os])dnl -+popdef([host_vendor])dnl -+popdef([host_cpu])dnl -+popdef([host_alias])dnl -+popdef([host])dnl -+popdef([LDFLAGS])dnl -+popdef([CPPFLAGS])dnl -+popdef([CFLAGS])dnl -+popdef([CPP])dnl -+popdef([CC])dnl -+popdef([ac_objext])dnl -+popdef([ac_exeext])dnl -+popdef([ac_cv_objext])dnl -+popdef([ac_cv_exeext])dnl -+popdef([ac_cv_prog_cc_g])dnl -+popdef([ac_cv_prog_cc_cross])dnl -+popdef([ac_cv_prog_cc_works])dnl -+popdef([ac_cv_prog_gcc])dnl -+popdef([ac_cv_prog_CPP])dnl -+ -+dnl Finally, set Makefile variables -+dnl -+BUILD_EXEEXT=$ac_build_exeext -+BUILD_OBJEXT=$ac_build_objext -+AC_SUBST(BUILD_EXEEXT)dnl -+AC_SUBST(BUILD_OBJEXT)dnl -+AC_SUBST([CFLAGS_FOR_BUILD])dnl -+AC_SUBST([CPPFLAGS_FOR_BUILD])dnl -+AC_SUBST([LDFLAGS_FOR_BUILD])dnl -+]) diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch deleted file mode 100644 index 46bbdd1ca1..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch +++ /dev/null @@ -1,90 +0,0 @@ -Bug #510320 ---- saslauthd/auth_rimap.c 2012-10-12 14:05:48.000000000 +0000 -+++ saslauthd/auth_rimap.c 2014-05-15 05:23:02.000000000 +0000 -@@ -371,7 +371,7 @@ - if ( rc>0 ) { - /* check if there is more to read */ - fd_set perm; -- int fds, ret; -+ int fds, ret, loopc; - struct timeval timeout; - - FD_ZERO(&perm); -@@ -380,6 +380,7 @@ - - timeout.tv_sec = 1; - timeout.tv_usec = 0; -+ loopc = 0; - while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { - if ( FD_ISSET(s, &perm) ) { - ret = read(s, rbuf+rc, sizeof(rbuf)-rc); -@@ -387,6 +388,14 @@ - rc = ret; - break; - } else { -+ if (ret == 0) { -+ loopc += 1; -+ } else { -+ loopc = 0; -+ } -+ if (loopc > sizeof(rbuf)) { // arbitrary chosen value -+ break; -+ } - rc += ret; - } - } -@@ -484,7 +493,7 @@ - if ( rc>0 ) { - /* check if there is more to read */ - fd_set perm; -- int fds, ret; -+ int fds, ret, loopc; - struct timeval timeout; - - FD_ZERO(&perm); -@@ -493,6 +502,7 @@ - - timeout.tv_sec = 1; - timeout.tv_usec = 0; -+ loopc = 0; - while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { - if ( FD_ISSET(s, &perm) ) { - ret = read(s, rbuf+rc, sizeof(rbuf)-rc); -@@ -500,6 +510,14 @@ - rc = ret; - break; - } else { -+ if (ret == 0) { -+ loopc += 1; -+ } else { -+ loopc = 0; -+ } -+ if (loopc > sizeof(rbuf)) { // arbitrary chosen value -+ break; -+ } - rc += ret; - } - } ---- lib/checkpw.c 2012-01-27 23:31:36.000000000 +0000 -+++ lib/checkpw.c 2014-05-15 05:19:35.000000000 +0000 -@@ -587,16 +587,14 @@ - /* Timeout. */ - errno = ETIMEDOUT; - return -1; -- case +1: -- if (FD_ISSET(fd, &rfds)) { -- /* Success, file descriptor is readable. */ -- return 0; -- } -- return -1; - case -1: - if (errno == EINTR || errno == EAGAIN) - continue; - default: -+ if (FD_ISSET(fd, &rfds)) { -+ /* Success, file descriptor is readable. */ -+ return 0; -+ } - /* Error catch-all. */ - return -1; - } diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch index 42f20fb809..0177b52567 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch @@ -1,6 +1,6 @@ Gentoo bug #458790 ---- include/sasl.h 2012-10-12 17:05:48.000000000 +0300 -+++ include/sasl.h 2013-02-23 16:56:44.648786268 +0200 +--- a/include/sasl.h ++++ b/include/sasl.h @@ -121,6 +121,9 @@ #ifndef SASL_H #define SASL_H 1 diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch deleted file mode 100644 index d8b4b6efc3..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch +++ /dev/null @@ -1,48 +0,0 @@ ---- cyrus-sasl2.orig/saslauthd/auth_rimap.c -+++ cyrus-sasl2/saslauthd/auth_rimap.c -@@ -90,6 +90,7 @@ static struct addrinfo *ai = NULL; /* re - service we connect to. */ - #define TAG "saslauthd" /* IMAP command tag */ - #define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */ -+#define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/ - #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */ - #define RESP_LEN 1000 /* size of read response buffer */ - -@@ -307,10 +308,12 @@ auth_rimap ( - int s=-1; /* socket to remote auth host */ - struct addrinfo *r; /* remote socket address info */ - struct iovec iov[5]; /* for sending LOGIN command */ -+ struct iovec iov2[2]; /* for sending LOGOUT command */ - char *qlogin; /* pointer to "quoted" login */ - char *qpass; /* pointer to "quoted" password */ - char *c; /* scratch pointer */ - int rc; /* return code scratch area */ -+ int rcl; /* return code scratch area */ - char rbuf[RESP_LEN]; /* response read buffer */ - char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; - int saved_errno; -@@ -505,6 +508,24 @@ auth_rimap ( - } - } - } -+ -+ /* close remote imap */ -+ iov2[0].iov_base = LOGOUT_CMD; -+ iov2[0].iov_len = sizeof(LOGOUT_CMD) - 1; -+ iov2[1].iov_base = "\r\n"; -+ iov2[1].iov_len = sizeof("\r\n") - 1; -+ -+ if (flags & VERBOSE) { -+ syslog(LOG_DEBUG, "auth_rimap: sending %s%s %s", -+ LOGOUT_CMD, qlogin, qpass); -+ } -+ alarm(NETWORK_IO_TIMEOUT); -+ rcl = retry_writev(s, iov2, 2); -+ alarm(0); -+ if (rcl == -1) { -+ syslog(LOG_WARNING, "auth_rimap: writev logout: %m"); -+ } -+ - (void) close(s); /* we're done with the remote */ - if (rc == -1) { - syslog(LOG_WARNING, "auth_rimap: read (response): %m"); diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-CVE-2019-19906.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-CVE-2019-19906.patch new file mode 100644 index 0000000000..82b9e1fb6d --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-CVE-2019-19906.patch @@ -0,0 +1,20 @@ +Description: CVE-2019-19906: Off-by-one in _sasl_add_string function +Origin: vendor +Bug: https://github.com/cyrusimap/cyrus-sasl/issues/587 +Bug-Debian: https://bugs.debian.org/947043 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-19906 +Author: Stephan Zeisberg +Reviewed-by: Salvatore Bonaccorso +Last-Update: 2019-12-19 + +--- a/lib/common.c ++++ b/lib/common.c +@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t + + if (add==NULL) add = "(null)"; + +- addlen=strlen(add); /* only compute once */ ++ addlen=strlen(add)+1; /* only compute once */ + if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK) + return SASL_NOMEM; + diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-as_needed.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-as_needed.patch new file mode 100644 index 0000000000..7cd9e151fb --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-as_needed.patch @@ -0,0 +1,25 @@ +Author: Matthias Klose +Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use +it. +--- cyrus-sasl-2.1.27/saslauthd/Makefile.am ++++ cyrus-sasl-2.1.27/saslauthd/Makefile.am +@@ -25,7 +25,7 @@ + saslauthd_DEPENDENCIES = saslauthd-main.o $(LTLIBOBJS_FULL) + saslauthd_LDADD = @SASL_KRB_LIB@ \ + @GSSAPIBASE_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \ +- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS) ++ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS) + + testsaslauthd_SOURCES = testsaslauthd.c utils.c + testsaslauthd_LDADD = @LIB_SOCKET@ +--- cyrus-sasl-2.1.27/sasldb/Makefile.am ++++ cyrus-sasl-2.1.27/sasldb/Makefile.am +@@ -54,6 +54,6 @@ + + libsasldb_la_SOURCES = allockey.c sasldb.h + EXTRA_libsasldb_la_SOURCES = $(extra_common_sources) +-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) +-libsasldb_la_LIBADD = $(SASL_DB_BACKEND) ++libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB) ++libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB) + libsasldb_la_LDFLAGS = -no-undefined diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-autotools_fixes.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-autotools_fixes.patch new file mode 100644 index 0000000000..2ce971efc5 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-autotools_fixes.patch @@ -0,0 +1,31 @@ +--- cyrus-sasl-2.1.27/configure.ac ++++ cyrus-sasl-2.1.27/configure.ac +@@ -44,6 +44,8 @@ + + AC_PREREQ(2.63) + ++AC_CONFIG_MACRO_DIR([config]) ++ + dnl + dnl REMINDER: When changing the version number here, please also update + dnl the values in win32/include/config.h and include/sasl.h as well. +--- cyrus-sasl-2.1.27/Makefile.am ++++ cyrus-sasl-2.1.27/Makefile.am +@@ -44,6 +44,8 @@ + # + ################################################################ + ++ACLOCAL_AMFLAGS = -I config ++ + if SASLAUTHD + SAD = saslauthd + else +--- cyrus-sasl-2.1.27/saslauthd/Makefile.am ++++ cyrus-sasl-2.1.27/saslauthd/Makefile.am +@@ -1,4 +1,6 @@ + AUTOMAKE_OPTIONS = 1.7 ++ACLOCAL_AMFLAGS = -I ../config ++ + sbin_PROGRAMS = saslauthd testsaslauthd + EXTRA_PROGRAMS = saslcache + diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0014_avoid_pic_overwrite.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch similarity index 62% rename from sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0014_avoid_pic_overwrite.patch rename to sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch index ffc69b77cc..c331039e2f 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0014_avoid_pic_overwrite.patch +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch @@ -4,24 +4,14 @@ is created out of non-PIC objects, is not going to overwrite the PIC version, which is created out of PIC objects. The PIC version is placed in .libs, and the non-PIC version in the current directory. This ensures that both non-PIC and PIC versions are available in the correct locations. ---- trunk.orig/lib/Makefile.am -+++ trunk/lib/Makefile.am -@@ -76,7 +76,7 @@ +--- cyrus-sasl-2.1.27/lib/Makefile.am ++++ cyrus-sasl-2.1.27/lib/Makefile.am +@@ -98,7 +98,7 @@ libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) @echo adding static plugins and dependencies - $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) + $(AR) cru $@ $(SASL_STATIC_OBJS) - @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ + @for i in ./libsasl2.la ../common/libplugin_common.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ if test ! -f $$i; then continue; fi; . $$i; \ for j in $$dependency_libs foo; do \ ---- trunk.orig/sasldb/Makefile.am -+++ trunk/sasldb/Makefile.am -@@ -63,6 +63,6 @@ - EXTRA_libsasldb_a_SOURCES = - - libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC) -- $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC) -+ $(AR) cru $@ $(SASL_DB_BACKEND_STATIC) - - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-doc_build_fix.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-doc_build_fix.patch new file mode 100644 index 0000000000..bdd02f7796 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-doc_build_fix.patch @@ -0,0 +1,11 @@ +--- cyrus-sasl-2.1.27/docsrc/exts/sphinxlocal/writers/manpage.py ++++ cyrus-sasl-2.1.27/docsrc/exts/sphinxlocal/writers/manpage.py +@@ -23,7 +23,7 @@ + from sphinx import addnodes + from sphinx.locale import admonitionlabels, _ + from sphinx.util.osutil import ustrftime +-from sphinx.util.compat import docutils_version ++#from sphinx.util.compat import docutils_version + + class CyrusManualPageWriter(ManualPageWriter): + diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix-cross-compiling.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-fix-cross-compiling.patch similarity index 74% rename from sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix-cross-compiling.patch rename to sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-fix-cross-compiling.patch index bcdcad56b7..86fbcad2e4 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix-cross-compiling.patch +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-fix-cross-compiling.patch @@ -1,12 +1,12 @@ -diff -ur cyrus-sasl-2.1.26.orig/cmulocal/sasl2.m4 cyrus-sasl-2.1.26/cmulocal/sasl2.m4 ---- cyrus-sasl-2.1.26.orig/cmulocal/sasl2.m4 2016-04-05 17:38:41.181743471 -0700 -+++ cyrus-sasl-2.1.26/cmulocal/sasl2.m4 2016-04-05 17:48:43.137754169 -0700 -@@ -287,35 +287,7 @@ - AC_CHECK_FUNCS(gss_get_name_attribute) - LIBS="$cmu_save_LIBS" - +--- cyrus-sasl-2.1.27/m4/sasl2.m4 ++++ cyrus-sasl-2.1.27/m4/sasl2.m4 +@@ -311,36 +311,7 @@ if test "$gssapi" != no; then + [AC_DEFINE(HAVE_GSS_C_SEC_CONTEXT_SASL_SSF,, + [Define if your GSSAPI implementation defines GSS_C_SEC_CONTEXT_SASL_SSF])]) + fi - cmu_save_LIBS="$LIBS" - LIBS="$LIBS $GSSAPIBASE_LIBS" +- - AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries]) - AC_TRY_RUN([ -#ifdef HAVE_GSSAPI_H diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch similarity index 74% rename from sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch rename to sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch index 9eeab1b42f..c585cb158e 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch @@ -1,7 +1,7 @@ Gentoo bug #389349 ---- cmulocal/sasl2.m4 2009-04-28 17:09:13.000000000 +0200 -+++ cmulocal/sasl2.m4 2011-11-02 17:55:24.000000000 +0100 -@@ -217,7 +217,11 @@ +--- cyrus-sasl-2.1.27/m4/sasl2.m4 ++++ cyrus-sasl-2.1.27/m4/sasl2.m4 +@@ -220,7 +220,11 @@ [AC_WARN([Cybersafe define not found])]) elif test "$ac_cv_header_gssapi_h" = "yes"; then @@ -12,5 +12,5 @@ Gentoo bug #389349 + hostbased_service_gss_nt_yes + #endif], [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,, - [Define if your GSSAPI implimentation defines GSS_C_NT_HOSTBASED_SERVICE])]) + [Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE])]) elif test "$ac_cv_header_gssapi_gssapi_h"; then diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-memmem.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-memmem.patch new file mode 100644 index 0000000000..158529dcb5 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-memmem.patch @@ -0,0 +1,53 @@ +auth_rimap: provide naive memmem implementation if missing + +read_response uses memmem, which is not available on e.g. Solaris 10 + +Bug: https://github.com/cyrusimap/cyrus-sasl/pull/551 +Signed-off-by: Fabian Groffen + +--- a/saslauthd/auth_rimap.c ++++ b/saslauthd/auth_rimap.c +@@ -367,6 +367,32 @@ + /* END FUNCTION: process_login_reply */ + + ++#ifndef HAVE_MEMMEM ++static void *memmem( ++ const void *big, size_t big_len, ++ const void *little, size_t little_len) ++{ ++ const char *bp = (const char *)big; ++ const char *lp = (const char *)little; ++ size_t l; ++ ++ if (big_len < little_len || little_len == 0 || big_len == 0) ++ return NULL; ++ ++ while (big_len > 0) { ++ for (l = 0; l < little_len; l++) { ++ if (bp[l] != lp[l]) ++ break; ++ } ++ if (l == little_len) ++ return (void *)bp; ++ bp++; ++ } ++ ++ return NULL; ++} ++#endif ++ + static int read_response(int s, char *rbuf, int buflen, const char *tag) + { + int rc = 0; +--- a/configure.ac ++++ b/configure.ac +@@ -1292,7 +1292,7 @@ + + #AC_FUNC_MEMCMP + #AC_FUNC_VPRINTF +-AC_CHECK_FUNCS(gethostname getdomainname getpwnam getspnam gettimeofday inet_aton memcpy mkdir select socket strchr strdup strerror strspn strstr strtol jrand48 getpassphrase asprintf strlcat strlcpy) ++AC_CHECK_FUNCS(gethostname getdomainname getpwnam getspnam gettimeofday inet_aton memcpy memmem mkdir select socket strchr strdup strerror strspn strstr strtol jrand48 getpassphrase asprintf strlcat strlcpy) + + if test $ac_cv_func_getspnam = yes; then + AC_MSG_CHECKING(if getpwnam_r/getspnam_r take 5 arguments) diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/pwcheck.rc6 b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/pwcheck.rc6 index 4530daf129..7b43c4ea15 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/pwcheck.rc6 +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/pwcheck.rc6 @@ -1,7 +1,6 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ depend() { need localmount diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf deleted file mode 100644 index 1bbe44d765..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf +++ /dev/null @@ -1,25 +0,0 @@ -# $Id$ - -# Config file for /etc/init.d/saslauthd - -# Initial (empty) options. -SASLAUTHD_OPTS="" - -# Specify the authentications mechanism. -# **NOTE** For a list see: saslauthd -v -# Since 2.1.19, add "-r" to options for old behavior, -# ie. reassemble user and realm to user@realm form. -#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a pam -r" -SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a pam" - -# Specify the hostname for remote IMAP server. -# **NOTE** Only needed if rimap auth mechanism is used. -#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost" - -# Specify the number of worker processes to create. -#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -n 5" - -# Enable credential cache, set cache size and timeout. -# **NOTE** Size is measured in kilobytes. -# Timeout is measured in seconds. -#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -c -s 128 -t 30" diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf index 2b60bc03c9..dd487b0eda 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf @@ -1,5 +1,3 @@ -# $Id$ - # Config file for /etc/init.d/saslauthd and systemd unit # PLEASE READ THIS IF YOU ARE USING SYSTEMD diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd2.rc6 b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd2.rc6 deleted file mode 100644 index b1cc1c3b33..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd2.rc6 +++ /dev/null @@ -1,21 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2007 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -depend() { - need net -} - -start() { - ebegin "Starting saslauthd" - start-stop-daemon --start --quiet --exec /usr/sbin/saslauthd \ - -- ${SASLAUTHD_OPTS} - eend $? -} - -stop() { - ebegin "Stopping saslauthd" - start-stop-daemon --stop --quiet --pidfile /var/lib/sasl2/saslauthd.pid - eend $? -} diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd2.rc7 b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd2.rc7 index 23504f60f5..0abeaf6f57 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd2.rc7 +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd2.rc7 @@ -1,7 +1,6 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ depend() { need net diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/metadata.xml b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/metadata.xml index d50ec8da46..bcabb66dbd 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/metadata.xml @@ -1,10 +1,7 @@ - - net-mail@gentoo.org - Net-Mail - + Add Courier-IMAP authdaemond unix socket support (net-mail/courier-imap, mail-mta/courier) diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest index 00fa5591c1..860cf1106d 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest @@ -1,3 +1,2 @@ -DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 -DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6 -DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 +DIST openssl-1.1.1e-bindist-1.0.tar.xz 16948 BLAKE2B 78e034f1d263cbf5e57c92393f72acd07e86e39a5511a8852bad151371430954e07d787fd82cca55b373d1579bb22b9d29c9d677104ed68291a9d2dffe3ffbbb SHA512 0dbfb378b8f2724db82915e17fd4e43977e3e45030db25cdb9241c0ab842e41ef3d597ef71c4db5103635752dc2059ea6022597511a440f55fb56a5a52d3ccea +DIST openssl-1.1.1g.tar.gz 9801502 BLAKE2B 5e3dd4725ff89b959a5436d64b521317c6ffeb377418cc24c6d1927fab923423cb5f5fce2f9c2cdee597041c7be156d09668a5fd13dc6ff06d235a83db94cf19 SHA512 01e3d0b1bceeed8fb066f542ef5480862001556e0f612e017442330bbd7e5faee228b2de3513d7fc347446b7f217e27de1003dc9d7214d5833b97593f3ec25ab diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch deleted file mode 100644 index 3a005c9b09..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch +++ /dev/null @@ -1,43 +0,0 @@ -https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest - -From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Sat, 21 Mar 2015 06:01:25 -0400 -Subject: [PATCH] crypto: use bigint in x86-64 perl - -When building on x32 systems where the default type is 32bit, make sure -we can transparently represent 64bit integers. Otherwise we end up with -build errors like: -/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s -Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890. -... -ghash-x86_64.s: Assembler messages: -ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression - -We don't enable this globally as there are some cases where we'd get -32bit values interpreted as unsigned when we need them as signed. - -Reported-by: Bertrand Jacquin -URL: https://bugs.gentoo.org/542618 ---- - crypto/perlasm/x86_64-xlate.pl | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl -index aae8288..0bf9774 100755 ---- a/crypto/perlasm/x86_64-xlate.pl -+++ b/crypto/perlasm/x86_64-xlate.pl -@@ -195,6 +195,10 @@ my %globals; - sub out { - my $self = shift; - -+ # When building on x32 ABIs, the expanded hex value might be too -+ # big to fit into 32bits. Enable transparent 64bit support here -+ # so we can safely print it out. -+ use bigint; - if ($gas) { - # Solaris /usr/ccs/bin/as can't handle multiplications - # in $self->{value} --- -2.3.3 - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch deleted file mode 100644 index 3a458a7836..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch +++ /dev/null @@ -1,283 +0,0 @@ -Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series. - -From https://src.fedoraproject.org/git/rpms/openssl.git - -Contains parts of the following patches, rediffed. The patches are on various -different branches. -f23 openssl-1.0.2c-ecc-suiteb.patch -f23 openssl-1.0.2a-fips-ec.patch -f28 openssl-1.1.0-ec-curves.patch - -Signed-off-By: Robin H. Johnson - ---- a/apps/speed.c -+++ b/apps/speed.c -@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv) - } else - # endif - # ifndef OPENSSL_NO_ECDSA -- if (strcmp(*argv, "ecdsap160") == 0) -- ecdsa_doit[R_EC_P160] = 2; -- else if (strcmp(*argv, "ecdsap192") == 0) -- ecdsa_doit[R_EC_P192] = 2; -+ if (0) {} - else if (strcmp(*argv, "ecdsap224") == 0) - ecdsa_doit[R_EC_P224] = 2; - else if (strcmp(*argv, "ecdsap256") == 0) -@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv) - ecdsa_doit[R_EC_P384] = 2; - else if (strcmp(*argv, "ecdsap521") == 0) - ecdsa_doit[R_EC_P521] = 2; -- else if (strcmp(*argv, "ecdsak163") == 0) -- ecdsa_doit[R_EC_K163] = 2; -- else if (strcmp(*argv, "ecdsak233") == 0) -- ecdsa_doit[R_EC_K233] = 2; -- else if (strcmp(*argv, "ecdsak283") == 0) -- ecdsa_doit[R_EC_K283] = 2; -- else if (strcmp(*argv, "ecdsak409") == 0) -- ecdsa_doit[R_EC_K409] = 2; -- else if (strcmp(*argv, "ecdsak571") == 0) -- ecdsa_doit[R_EC_K571] = 2; -- else if (strcmp(*argv, "ecdsab163") == 0) -- ecdsa_doit[R_EC_B163] = 2; -- else if (strcmp(*argv, "ecdsab233") == 0) -- ecdsa_doit[R_EC_B233] = 2; -- else if (strcmp(*argv, "ecdsab283") == 0) -- ecdsa_doit[R_EC_B283] = 2; -- else if (strcmp(*argv, "ecdsab409") == 0) -- ecdsa_doit[R_EC_B409] = 2; -- else if (strcmp(*argv, "ecdsab571") == 0) -- ecdsa_doit[R_EC_B571] = 2; - else if (strcmp(*argv, "ecdsa") == 0) { -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i < R_EC_P521; i++) - ecdsa_doit[i] = 1; - } else - # endif - # ifndef OPENSSL_NO_ECDH -- if (strcmp(*argv, "ecdhp160") == 0) -- ecdh_doit[R_EC_P160] = 2; -- else if (strcmp(*argv, "ecdhp192") == 0) -- ecdh_doit[R_EC_P192] = 2; -+ if (0) {} - else if (strcmp(*argv, "ecdhp224") == 0) - ecdh_doit[R_EC_P224] = 2; - else if (strcmp(*argv, "ecdhp256") == 0) -@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv) - ecdh_doit[R_EC_P384] = 2; - else if (strcmp(*argv, "ecdhp521") == 0) - ecdh_doit[R_EC_P521] = 2; -- else if (strcmp(*argv, "ecdhk163") == 0) -- ecdh_doit[R_EC_K163] = 2; -- else if (strcmp(*argv, "ecdhk233") == 0) -- ecdh_doit[R_EC_K233] = 2; -- else if (strcmp(*argv, "ecdhk283") == 0) -- ecdh_doit[R_EC_K283] = 2; -- else if (strcmp(*argv, "ecdhk409") == 0) -- ecdh_doit[R_EC_K409] = 2; -- else if (strcmp(*argv, "ecdhk571") == 0) -- ecdh_doit[R_EC_K571] = 2; -- else if (strcmp(*argv, "ecdhb163") == 0) -- ecdh_doit[R_EC_B163] = 2; -- else if (strcmp(*argv, "ecdhb233") == 0) -- ecdh_doit[R_EC_B233] = 2; -- else if (strcmp(*argv, "ecdhb283") == 0) -- ecdh_doit[R_EC_B283] = 2; -- else if (strcmp(*argv, "ecdhb409") == 0) -- ecdh_doit[R_EC_B409] = 2; -- else if (strcmp(*argv, "ecdhb571") == 0) -- ecdh_doit[R_EC_B571] = 2; - else if (strcmp(*argv, "ecdh") == 0) { -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i <= R_EC_P521; i++) - ecdh_doit[i] = 1; - } else - # endif -@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv) - BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n"); - # endif - # ifndef OPENSSL_NO_ECDSA -- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 " -+ BIO_printf(bio_err, "ecdsap224 " - "ecdsap256 ecdsap384 ecdsap521\n"); -- BIO_printf(bio_err, -- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n"); -- BIO_printf(bio_err, -- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); - BIO_printf(bio_err, "ecdsa\n"); - # endif - # ifndef OPENSSL_NO_ECDH -- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 " -+ BIO_printf(bio_err, "ecdhp224 " - "ecdhp256 ecdhp384 ecdhp521\n"); -- BIO_printf(bio_err, -- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n"); -- BIO_printf(bio_err, -- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n"); - BIO_printf(bio_err, "ecdh\n"); - # endif - -@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv) - for (i = 0; i < DSA_NUM; i++) - dsa_doit[i] = 1; - # ifndef OPENSSL_NO_ECDSA -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i <= R_EC_P521; i++) - ecdsa_doit[i] = 1; - # endif - # ifndef OPENSSL_NO_ECDH -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i <= R_EC_P521; i++) - ecdh_doit[i] = 1; - # endif - } ---- a/crypto/ec/ecp_smpl.c -+++ b/crypto/ec/ecp_smpl.c -@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group, - return 0; - } - -+ if (BN_num_bits(p) < 224) { -+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); -+ return 0; -+ } -+ - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) ---- a/crypto/ecdh/ecdhtest.c -+++ b/crypto/ecdh/ecdhtest.c -@@ -501,11 +501,13 @@ int main(int argc, char *argv[]) - goto err; - - /* NIST PRIME CURVES TESTS */ -+# if 0 - if (!test_ecdh_curve - (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) - goto err; - if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) - goto err; -+# endif - if (!test_ecdh_curve - (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) - goto err; -@@ -536,13 +538,14 @@ int main(int argc, char *argv[]) - if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) - goto err; - # endif -+# if 0 - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256)) - goto err; - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384)) - goto err; - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512)) - goto err; -- -+# endif - ret = 0; - - err: ---- a/crypto/ecdsa/ecdsatest.c -+++ b/crypto/ecdsa/ecdsatest.c -@@ -138,9 +138,12 @@ int restore_rand(void) - } - - static int fbytes_counter = 0, use_fake = 0; --static const char *numbers[8] = { -+static const char *numbers[10] = { -+ "651056770906015076056810763456358567190100156695615665659", - "651056770906015076056810763456358567190100156695615665659", - "6140507067065001063065065565667405560006161556565665656654", -+ "8763001015071075675010661307616710783570106710677817767166" -+ "71676178726717", - "8763001015071075675010661307616710783570106710677817767166" - "71676178726717", - "7000000175690566466555057817571571075705015757757057795755" -@@ -163,7 +166,7 @@ int fbytes(unsigned char *buf, int num) - - use_fake = 0; - -- if (fbytes_counter >= 8) -+ if (fbytes_counter >= 10) - return 0; - tmp = BN_new(); - if (!tmp) -@@ -539,8 +542,10 @@ int main(void) - RAND_seed(rnd_seed, sizeof(rnd_seed)); - - /* the tests */ -+# if 0 - if (!x9_62_tests(out)) - goto err; -+# endif - if (!test_builtin(out)) - goto err; - ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto[] = { - 0, 23, /* secp256r1 (23) */ - /* Other >= 256-bit prime curves. */ - 0, 25, /* secp521r1 (25) */ -- 0, 28, /* brainpool512r1 (28) */ -- 0, 27, /* brainpoolP384r1 (27) */ - 0, 24, /* secp384r1 (24) */ -- 0, 26, /* brainpoolP256r1 (26) */ - 0, 22, /* secp256k1 (22) */ - # ifndef OPENSSL_NO_EC2M - /* >= 256-bit binary curves. */ -@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[] = { - 0, 23, /* secp256r1 (23) */ - /* Other >= 256-bit prime curves. */ - 0, 25, /* secp521r1 (25) */ -- 0, 28, /* brainpool512r1 (28) */ -- 0, 27, /* brainpoolP384r1 (27) */ - 0, 24, /* secp384r1 (24) */ -- 0, 26, /* brainpoolP256r1 (26) */ - 0, 22, /* secp256k1 (22) */ - # ifndef OPENSSL_NO_EC2M - /* >= 256-bit binary curves. */ -@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[] = { - * Remaining curves disabled by default but still permitted if set - * via an explicit callback or parameters. - */ -- 0, 20, /* secp224k1 (20) */ -- 0, 21, /* secp224r1 (21) */ -- 0, 18, /* secp192k1 (18) */ -- 0, 19, /* secp192r1 (19) */ -- 0, 15, /* secp160k1 (15) */ -- 0, 16, /* secp160r1 (16) */ -- 0, 17, /* secp160r2 (17) */ - # ifndef OPENSSL_NO_EC2M - 0, 8, /* sect239k1 (8) */ - 0, 6, /* sect233k1 (6) */ -@@ -351,29 +338,21 @@ static const unsigned char fips_curves_default[] = { - 0, 9, /* sect283k1 (9) */ - 0, 10, /* sect283r1 (10) */ - # endif -- 0, 22, /* secp256k1 (22) */ - 0, 23, /* secp256r1 (23) */ - # ifndef OPENSSL_NO_EC2M - 0, 8, /* sect239k1 (8) */ - 0, 6, /* sect233k1 (6) */ - 0, 7, /* sect233r1 (7) */ - # endif -- 0, 20, /* secp224k1 (20) */ -- 0, 21, /* secp224r1 (21) */ - # ifndef OPENSSL_NO_EC2M - 0, 4, /* sect193r1 (4) */ - 0, 5, /* sect193r2 (5) */ - # endif -- 0, 18, /* secp192k1 (18) */ -- 0, 19, /* secp192r1 (19) */ - # ifndef OPENSSL_NO_EC2M - 0, 1, /* sect163k1 (1) */ - 0, 2, /* sect163r1 (2) */ - 0, 3, /* sect163r2 (3) */ - # endif -- 0, 15, /* secp160k1 (15) */ -- 0, 16, /* secp160r1 (16) */ -- 0, 17, /* secp160r2 (17) */ - }; - # endif - diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.1.0j-parallel_install_fix.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.1.0j-parallel_install_fix.patch new file mode 100644 index 0000000000..c837e208cf --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.1.0j-parallel_install_fix.patch @@ -0,0 +1,21 @@ +https://github.com/openssl/openssl/issues/7679 + +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -77,8 +77,14 @@ + # to. You're welcome. + sub dependmagic { + my $target = shift; +- +- return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target"; ++ my $magic = <<"_____"; ++$target: build_generated depend ++ \$(MAKE) _$target ++_$target ++_____ ++ # Remove line ending ++ $magic =~ s|\R$||; ++ return $magic; + } + ''; + -} diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2u.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.1.1g.ebuild similarity index 72% rename from sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2u.ebuild rename to sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.1.1g.ebuild index 8897acef02..8f3f524377 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2u.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.1.1g.ebuild @@ -1,3 +1,6 @@ +# Difference to upstream from ./update_ebuilds: +# - Ported changes from 7b591fb2e0ec7a0f9fe43218f9196d825b5f9653 +# # Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 @@ -5,21 +8,16 @@ EAPI="7" inherit flag-o-matic toolchain-funcs multilib multilib-minimal systemd -# openssl-1.0.2-patches-1.6 contain additional CVE patches -# which got fixed with this release. -# Please use 1.7 version number when rolling a new tarball! -PATCH_SET="openssl-1.0.2-patches-1.5" - MY_P=${P/_/-} -# This patch set is based on the following files from Fedora 25, -# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec +# This patch set is based on the following files from Fedora 31, +# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec # for more details: # - hobble-openssl (SOURCE1) # - ec_curve.c (SOURCE12) -- MODIFIED # - ectest.c (SOURCE13) # - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED -BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz" +BINDIST_PATCH_SET="openssl-1.1.1e-bindist-1.0.tar.xz" DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" HOMEPAGE="https://www.openssl.org/" @@ -27,24 +25,17 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz bindist? ( mirror://gentoo/${BINDIST_PATCH_SET} https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} - ) - !vanilla? ( - mirror://gentoo/${PATCH_SET}.tar.xz - https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz - https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz - https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz )" LICENSE="openssl" -SLOT="0" +SLOT="0/1.1" # .so version of libssl/libcrypto +[[ "${PV}" = *_pre* ]] || \ KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux" -IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" +IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib" RESTRICT="!bindist? ( bindist ) !test? ( test )" RDEPEND=">=app-misc/c_rehash-1.7-r1 - gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" DEPEND="${RDEPEND}" BDEPEND=" @@ -53,29 +44,64 @@ BDEPEND=" test? ( sys-apps/diffutils sys-devel/bc + sys-process/procps )" PDEPEND="app-misc/ca-certificates" +PATCHES=( + "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 +) + S="${WORKDIR}/${MY_P}" +# force upgrade to prevent broken login, bug 696950 +RDEPEND+=" !/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" + fi + fi +} + src_prepare() { + # allow openssl to be cross-compiled + cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die + chmod a+rx gentoo.config || die + if use bindist; then mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die bash "${WORKDIR}"/hobble-openssl || die cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die - cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die + cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die eapply "${WORKDIR}"/bindist-patches/ec-curves.patch + local known_failing_test + for known_failing_test in \ + 30-test_evp_extra.t \ + 80-test_ssl_new.t \ + ; do + ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist" + rm test/recipes/${known_failing_test} || die + eend $? + done + # Also see the configure parts below: # enable-ec \ # $(use_ssl !bindist ec2m) \ - # $(use_ssl !bindist srp) \ fi # keep this in sync with app-misc/c_rehash @@ -86,46 +112,51 @@ src_prepare() { rm -f Makefile if ! use vanilla ; then - eapply "${WORKDIR}"/patch/*.patch + if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then + [[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}" + fi fi - eapply_user + eapply_user #332661 + + if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then + ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox" + rm test/recipes/80-test_ssl_new.t || die + eend $? + fi - # disable fips in the build # make sure the man pages are suffixed #302165 # don't bother building man pages if they're disabled + # Make DOCDIR Gentoo compliant sed -i \ - -e '/DIRS/s: fips : :g' \ -e '/^MANSUFFIX/s:=.*:=ssl:' \ -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ -e $(has noman FEATURES \ && echo '/^install:/s:install_docs::' \ || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ + -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \ + Configurations/unix-Makefile.tmpl \ || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - # this breaks build with 1.0.2p, not sure if it is needed anymore - #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die # quiet out unknown driver argument warnings since openssl # doesn't have well-split CFLAGS and we're making it even worse # and 'make depend' uses -Werror for added fun (#417795 again) [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die - chmod a+rx gentoo.config || die - append-flags -fno-strict-aliasing append-flags $(test-flags-CC -Wa,--noexecstack) append-cppflags -DOPENSSL_NO_BUF_FREELISTS - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 + # Prefixify Configure shebang (#141906) + sed \ + -e "1s,/usr/bin/env,${EPREFIX}&," \ + -i Configure || die + # Remove test target when FEATURES=test isn't set + if ! use test ; then + sed \ + -e '/^$config{dirs}/s@ "test",@@' \ + -i Configure || die + fi # The config script does stupid stuff to prompt the user. Kill it. sed -i '/stty -icanon min 0 time 50; read waste/d' config || die ./config --test-sanity || die "I AM NOT SANE" @@ -163,18 +194,15 @@ multilib_src_configure() { # fi #fi - # https://github.com/openssl/openssl/issues/2286 - if use ia64 ; then - replace-flags -g3 -g2 - replace-flags -ggdb3 -ggdb2 - fi - local sslout=$(./gentoo.config) einfo "Use configuration ${sslout:-(openssl knows best)}" local config="Configure" [[ -z ${sslout} ]] && config="config" - # Fedora hobbled-EC needs 'no-ec2m', 'no-srp' + # Fedora hobbled-EC needs 'no-ec2m' + # 'srp' was restricted until early 2017 as well. + # "disable-deprecated" option breaks too many consumers. + # Don't set it without thorough revdeps testing. # Make sure user flags don't get added *yet* to avoid duplicated # flags. CFLAGS= LDFLAGS= echoit \ @@ -184,19 +212,17 @@ multilib_src_configure() { enable-camellia \ enable-ec \ $(use_ssl !bindist ec2m) \ - $(use_ssl !bindist srp) \ + enable-srp \ + $(use elibc_musl && echo "no-async") \ ${ec_nistp_64_gcc_128} \ enable-idea \ enable-mdc2 \ enable-rc5 \ - enable-tlsext \ + $(use_ssl sslv3 ssl3) \ + $(use_ssl sslv3 ssl3-method) \ $(use_ssl asm) \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ $(use_ssl rfc3779) \ $(use_ssl sctp) \ - $(use_ssl sslv2 ssl2) \ - $(use_ssl sslv3 ssl3) \ $(use_ssl tls-heartbeat heartbeats) \ $(use_ssl zlib) \ --prefix="${EPREFIX}"/usr \ @@ -206,8 +232,8 @@ multilib_src_configure() { || die # Clean out hardcoded flags that openssl uses - local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ + local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ + -e 's:^CFLAGS=::' \ -e 's:\(^\| \)-fomit-frame-pointer::g' \ -e 's:\(^\| \)-O[^ ]*::g' \ -e 's:\(^\| \)-march=[^ ]*::g' \ @@ -221,7 +247,7 @@ multilib_src_configure() { # Now insert clean default flags with user flags sed -i \ - -e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ + -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ Makefile || die } @@ -229,11 +255,8 @@ multilib_src_configure() { multilib_src_compile() { # depend is needed to use $confopts; it also doesn't matter # that it's -j1 as the code itself serializes subdirs - emake -j1 V=1 depend + emake -j1 depend emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash } multilib_src_test() { @@ -247,7 +270,7 @@ multilib_src_install() { mkdir "${ED}"/usr || die fi - emake INSTALL_PREFIX="${D}" install + emake DESTDIR="${D}" install } multilib_src_install_all() { @@ -255,10 +278,7 @@ multilib_src_install_all() { # we provide a shell version via app-misc/c_rehash rm "${ED}"/usr/bin/c_rehash || die - local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el ) - einstalldocs - - use rfc3779 && dodoc engines/ccgost/README.gost + dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el # This is crappy in that the static archives are still built even # when USE=static-libs. But this is due to a failing in the openssl @@ -268,7 +288,7 @@ multilib_src_install_all() { use static-libs || rm -f "${ED}"/usr/lib*/lib*.a # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man + cd "${ED}"/usr/share/man || die local m d s for m in $(find . -type f | xargs grep -L '#include') ; do d=${m%/*} ; d=${d#./} ; m=${m##*/} @@ -283,6 +303,7 @@ multilib_src_install_all() { for s in $(find -L ${d} -type l) ; do s=${s##*/} rm -f ${d}/${s} + # We don't want to "|| die" here ln -s ssl-${m} ${d}/ssl-${s} ln -s ssl-${s} ${d}/openssl-${s} done diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/Manifest b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/Manifest index 9d50c1d0d4..6bc6b03934 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/Manifest @@ -2,6 +2,12 @@ DIST openssh-8.1_p1-glibc-2.31-patches.tar.xz 1752 BLAKE2B ccab53069c0058be7ba78 DIST openssh-8.1p1+x509-12.3.diff.gz 689934 BLAKE2B 57a302a25bec1d630b9c36f74ab490e11c97f9bcbaf8f527e46ae7fd5bade19feb3d8853079870b5c08b70a55e289cf4bf7981c11983973fa588841aeb21e650 SHA512 8d7c321423940f5a78a51a25ad5373f5db17a4a8ca7e85041e503998e0823ad22068bc652e907e9f5787858d45ce438a4bba18240fa72e088eb10b903e96b192 DIST openssh-8.1p1-sctp-1.2.patch.xz 7672 BLAKE2B f1aa0713fcb114d8774bd8d524d106401a9d7c2c73a05fbde200ccbdd2562b3636ddd2d0bc3eae9f04b4d7c729c3dafd814ae8c530a76c4a0190fae71d1edcd2 SHA512 2bffab0bbae5a4c1875e0cc229bfd83d8565bd831309158cd489d8b877556c69b936243888a181bd9ff302e19f2c174156781574294d260b6384c464d003d566 DIST openssh-8.1p1.tar.gz 1625894 BLAKE2B d525be921a6f49420a58df5ac434d43a0c85e0f6bf8428ecebf04117c50f473185933e6e4485e506ac614f71887a513b9962d7b47969ba785da8e3a38f767322 SHA512 b987ea4ffd4ab0c94110723860273b06ed8ffb4d21cbd99ca144a4722dc55f4bf86f6253d500386b6bee7af50f066e2aa2dd095d50746509a10e11221d39d925 +DIST openssh-8.2p1+x509-12.4.3.diff.gz 806905 BLAKE2B 8e0f0f3eeb2aafd9fc9e6eca80c0b51ffedbed9dfc46ff73bb1becd28f6ac013407d03107b59da05d9d56edbf283eef20891086867b79efd8aab81c3e9a4a32f SHA512 51117d7e4df2ff78c4fdfd08c2bb8f1739b1db064df65bab3872e1a956c277a4736c511794aa399061058fea666a76ee07bb50d83a0d077b7fa572d02c030b91 +DIST openssh-8.2p1-sctp-1.2.patch.xz 7668 BLAKE2B 717487cffd235a5dfa2d9d3f2c1983f410d400b0d23f71a9b74406ac3d2f448d76381a3b7a3244942bff4e6bdc3bc78d148b9949c78dc297d99c7330179f8176 SHA512 a5fbd827e62e91b762062a29c7bc3bf569a202bdc8c91da7d77566ff8bb958b5b9fb6f8d45df586e0d7ac07a83de6e82996e9c5cdd6b3bf43336c420d3099305 +DIST openssh-8.2p1.tar.gz 1701197 BLAKE2B 8b95cdebc87e8d14f655ed13c12b91b122adf47161071aa81d0763f81b12fe4bc3d409c260783d995307d4e4ed2d16080fd74b15e4dc6dcc5648d7e66720c3ed SHA512 c4db64e52a3a4c410de9de49f9cb104dd493b10250af3599b92457dd986277b3fd99a6f51cec94892fd1be5bd0369c5757262ea7805f0de464b245c3d34c120a +DIST openssh-8.3p1+x509-12.5.1.diff.gz 803054 BLAKE2B ec88959b4e3328e70d6f136f3d5bebced2e555de3ea40f55c535ca8a30a0eed84d177ad966e5bda46e1fc61d42141b13e96d068f5abfd069ae81b131dfb5a66c SHA512 28166a1a1aeff0c65f36263c0009e82cda81fc8f4efe3d11fabd0312d199a4f935476cf7074fbce68787d2fec0fd42f00fef383bf856a5767ce9d0ca6bbc8ef0 +DIST openssh-8.3p1-sctp-1.2.patch.xz 7668 BLAKE2B abbc65253d842c09a04811bdbafc175c5226996cdd190812b47ce9646853cd5c1b21d733e719b481cce9c7f4dc00894b6d6be732e311850963df23b9dc55a0e6 SHA512 4e0cc1707663f902dfbf331a431325da78759cc757a4aaae33e0c7f64f21830ec805168d8ae4d47a65a20c235fa534679e288f922df2b24655b7d1ee9a3bf014 +DIST openssh-8.3p1.tar.gz 1706358 BLAKE2B 0b53d92caa4a0f4cb40eee671ac889753d320b7c8e44df159a81dd8163c3663f07fa648f5dc506fb27d31893acf9701b997598c50bf204acf54172d72825a4d8 SHA512 b5232f7c85bf59ae2ff9d17b030117012e257e3b8c0d5ac60bb139a85b1fbf298b40f2e04203a2e13ca7273053ed668b9dedd54d3a67a7cb8e8e58c0228c5f40 DIST openssh-8_1_P1-hpn-AES-CTR-14.20.diff 29935 BLAKE2B 79101c43601e41306c957481c0680a63357d93bededdf12a32229d50acd9c1f46a386cbb91282e9e7d7bb26a9f276f5a675fd2de7662b7cbd073322b172d3bca SHA512 94f011b7e654630e968a378375aa54fa1fde087b4426d0f2225813262e6667a1073814d6a83e9005f97b371c536e462e614bfe726b092ffed8229791592ca221 DIST openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 42696 BLAKE2B d8ac7fa1a4e4d1877acdedeaee80172da469b5a62d0aaa43d6ed46c578e7893577b9d563835d89ca2044867fc561ad3f562bf504c025cf4c78421cf3d24397e9 SHA512 768db7cca8839df4441afcb08457d13d32625b31859da527c3d7f1a92d17a4ec81d6987db00879c394bbe59589e57b10bfd98899a167ffed65ab367b1fd08739 DIST openssh-8_1_P1-hpn-PeakTput-14.20.diff 2012 BLAKE2B e42c43128f1d82b4de1517e6a9219947da03cecb607f1bc45f0728547f17601a6ce2ec819b6434890efd19ceaf4d20cb98183596ab5ee79e104a52cda7db9cdc SHA512 238f9419efd3be80bd700f6ae7e210e522d747c363c4e670364f5191f144ae3aa8d1b1539c0bf87b3de36743aa73e8101c53c0ef1c6472d209569be389e7814d diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch new file mode 100644 index 0000000000..167adfcaef --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch @@ -0,0 +1,111 @@ +diff -ur a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff +--- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-04 15:49:15.746095444 -0800 ++++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-04 15:49:54.181853707 -0800 +@@ -4,8 +4,8 @@ + +++ b/Makefile.in + @@ -42,7 +42,7 @@ CC=@CC@ + LD=@LD@ +- CFLAGS=@CFLAGS@ +- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ ++ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA) ++ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ + -LIBS=@LIBS@ + +LIBS=@LIBS@ -lpthread + K5LIBS=@K5LIBS@ +@@ -803,8 +803,8 @@ + ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) + { + struct session_state *state; +-- const struct sshcipher *none = cipher_by_name("none"); +-+ struct sshcipher *none = cipher_by_name("none"); ++- const struct sshcipher *none = cipher_none(); +++ struct sshcipher *none = cipher_none(); + int r; + + if (none == NULL) { +@@ -948,9 +948,9 @@ + /* Portable-specific options */ + sUsePAM, + + sDisableMTAES, +- /* Standard Options */ +- sPort, sHostKeyFile, sLoginGraceTime, +- sPermitRootLogin, sLogFacility, sLogLevel, ++ /* X.509 Standard Options */ ++ sHostbasedAlgorithms, ++ sPubkeyAlgorithms, + @@ -643,6 +647,7 @@ static struct { + { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, + { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, +diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff +--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 15:41:42.512910357 -0800 ++++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 15:56:40.323299499 -0800 +@@ -382,7 +382,7 @@ + @@ -884,6 +884,10 @@ kex_choose_conf(struct ssh *ssh) + int nenc, nmac, ncomp; + u_int mode, ctos, need, dh_need, authlen; +- int r, first_kex_follows; ++ int r, first_kex_follows = 0; + + int auth_flag; + + + + auth_flag = packet_authentication_state(ssh); +@@ -391,8 +391,8 @@ + debug2("local %s KEXINIT proposal", kex->server ? "server" : "client"); + if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0) + @@ -954,6 +958,14 @@ kex_choose_conf(struct ssh *ssh) +- peer[ncomp] = NULL; +- goto out; ++ else ++ fatal("Pre-authentication none cipher requests are not allowed."); + } + + debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name); + + if (strcmp(newkeys->enc.name, "none") == 0) { +@@ -1169,15 +1169,3 @@ + # Example of overriding settings on a per-user basis + #Match User anoncvs + # X11Forwarding no +-diff --git a/version.h b/version.h +-index 6b3fadf8..ec1d2e27 100644 +---- a/version.h +-+++ b/version.h +-@@ -3,4 +3,6 @@ +- #define SSH_VERSION "OpenSSH_8.1" +- +- #define SSH_PORTABLE "p1" +--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE +-+#define SSH_HPN "-hpn14v20" +-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN +-+ +diff -ur a/openssh-8_1_P1-hpn-PeakTput-14.20.diff b/openssh-8_1_P1-hpn-PeakTput-14.20.diff +--- a/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-04 15:41:42.512910357 -0800 ++++ b/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-04 16:02:42.203023609 -0800 +@@ -12,9 +12,9 @@ + static long stalled; /* how long we have been stalled */ + static int bytes_per_second; /* current speed in bytes per second */ + @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update) ++ off_t bytes_left; + int cur_speed; +- int hours, minutes, seconds; +- int file_len; ++ int len; + + off_t delta_pos; + + if ((!force_update && !alarm_fired && !win_resized) || !can_output()) +@@ -33,12 +33,12 @@ + @@ -166,7 +173,7 @@ refresh_progress_meter(int force_update) + + /* filename */ +- buf[0] = '\0'; +-- file_len = win_size - 36; +-+ file_len = win_size - 45; +- if (file_len > 0) { +- buf[0] = '\r'; +- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s", ++ if (win_size > 36) { ++- int file_len = win_size - 36; +++ int file_len = win_size - 45; ++ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ", ++ file_len, file); ++ } + @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update) + (off_t)bytes_per_second); + strlcat(buf, "/s ", win_size); diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.0_p1-hpn-X509-glue.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.0_p1-hpn-X509-glue.patch deleted file mode 100644 index 2a9d3bd2f3..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.0_p1-hpn-X509-glue.patch +++ /dev/null @@ -1,114 +0,0 @@ ---- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 17:07:59.413376785 -0700 -+++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 20:05:12.622588051 -0700 -@@ -382,7 +382,7 @@ - @@ -822,6 +822,10 @@ kex_choose_conf(struct ssh *ssh) - int nenc, nmac, ncomp; - u_int mode, ctos, need, dh_need, authlen; -- int r, first_kex_follows; -+ int r, first_kex_follows = 0; - + int auth_flag; - + - + auth_flag = packet_authentication_state(ssh); -@@ -441,6 +441,39 @@ - int ssh_packet_get_state(struct ssh *, struct sshbuf *); - int ssh_packet_set_state(struct ssh *, struct sshbuf *); - -+diff --git a/packet.c b/packet.c -+index dcf35e6..9433f08 100644 -+--- a/packet.c -++++ b/packet.c -+@@ -920,6 +920,14 @@ ssh_set_newkeys(struct ssh *ssh, int mode) -+ return 0; -+ } -+ -++/* this supports the forced rekeying required for the NONE cipher */ -++int rekey_requested = 0; -++void -++packet_request_rekeying(void) -++{ -++ rekey_requested = 1; -++} -++ -+ #define MAX_PACKETS (1U<<31) -+ static int -+ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) -+@@ -946,6 +954,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) -+ if (state->p_send.packets == 0 && state->p_read.packets == 0) -+ return 0; -+ -++ /* used to force rekeying when called for by the none -++ * cipher switch and aes-mt-ctr methods -cjr */ -++ if (rekey_requested == 1) { -++ rekey_requested = 0; -++ return 1; -++ } -++ -+ /* Time-based rekeying */ -+ if (state->rekey_interval != 0 && -+ (int64_t)state->rekey_time + state->rekey_interval <= monotime()) - diff --git a/readconf.c b/readconf.c - index db5f2d5..33f18c9 100644 - --- a/readconf.c -@@ -453,10 +486,9 @@ - - /* Format of the configuration file: - --@@ -166,6 +167,8 @@ typedef enum { -+@@ -166,5 +167,7 @@ typedef enum { - oTunnel, oTunnelDevice, - oLocalCommand, oPermitLocalCommand, oRemoteCommand, -- oDisableMTAES, - + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, - + oNoneEnabled, oNoneSwitch, - oVisualHostKey, -@@ -592,10 +624,9 @@ - int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ - int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ - SyslogFacility log_facility; /* Facility for system logging. */ --@@ -111,7 +115,10 @@ typedef struct { -+@@ -111,6 +115,9 @@ typedef struct { - int enable_ssh_keysign; - int64_t rekey_limit; -- int disable_multithreaded; /*disable multithreaded aes-ctr*/ - + int none_switch; /* Use none cipher */ - + int none_enabled; /* Allow none to be used */ - int rekey_interval; -@@ -650,10 +681,8 @@ - - /* Portable-specific options */ - if (options->use_pam == -1) --@@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options) -+@@ -391,4 +400,41 @@ fill_default_server_options(ServerOptions *options) - options->permit_tun = SSH_TUNMODE_NO; -- if (options->disable_multithreaded == -1) -- options->disable_multithreaded = 0; - + if (options->none_enabled == -1) - + options->none_enabled = 0; - + if (options->hpn_disabled == -1) -@@ -1095,9 +1124,9 @@ - + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); - + } - + } -+ debug("Authentication succeeded (%s).", authctxt.method->name); -+ } - -- #ifdef WITH_OPENSSL -- if (options.disable_multithreaded == 0) { - diff --git a/sshd.c b/sshd.c - index a738c3a..b32dbe0 100644 - --- a/sshd.c -@@ -1181,14 +1210,3 @@ - # Example of overriding settings on a per-user basis - #Match User anoncvs - # X11Forwarding no --diff --git a/version.h b/version.h --index f1bbf00..21a70c2 100644 ----- a/version.h --+++ b/version.h --@@ -3,4 +3,5 @@ -- #define SSH_VERSION "OpenSSH_7.8" -- -- #define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN --+ diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.1_p1-X509-12.3-tests.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.1_p1-X509-12.3-tests.patch new file mode 100644 index 0000000000..67a93fe2a0 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.1_p1-X509-12.3-tests.patch @@ -0,0 +1,11 @@ +--- a/openbsd-compat/regress/Makefile.in 2019-06-17 10:59:01.210601434 -0700 ++++ b/openbsd-compat/regress/Makefile.in 2019-06-17 10:59:18.753485852 -0700 +@@ -7,7 +7,7 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ ++CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ + EXEEXT=@EXEEXT@ + LIBCOMPAT=../libopenbsd-compat.a + LIBS=@LIBS@ diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.1_p1-X509-glue-12.3.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.1_p1-X509-glue-12.3.patch new file mode 100644 index 0000000000..48cce79790 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.1_p1-X509-glue-12.3.patch @@ -0,0 +1,35 @@ +Only in b: .openssh-8.1p1+x509-12.3.diff.un~ +diff -ur a/openssh-8.1p1+x509-12.3.diff b/openssh-8.1p1+x509-12.3.diff +--- a/openssh-8.1p1+x509-12.3.diff 2019-10-14 11:33:45.796485604 -0700 ++++ b/openssh-8.1p1+x509-12.3.diff 2019-10-14 11:39:44.960312587 -0700 +@@ -35343,12 +35343,11 @@ + + install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config + install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf +-@@ -339,6 +360,8 @@ ++@@ -339,6 +360,7 @@ + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 + $(MKDIR_P) $(DESTDIR)$(libexecdir) + + $(MKDIR_P) $(DESTDIR)$(sshcadir) +-+ $(MKDIR_P) $(DESTDIR)$(piddir) + $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) +@@ -83536,16 +83535,6 @@ + + return mbtowc(NULL, s, n); + +} + +#endif +-diff -ruN openssh-8.1p1/version.h openssh-8.1p1+x509-12.3/version.h +---- openssh-8.1p1/version.h 2019-10-09 03:31:03.000000000 +0300 +-+++ openssh-8.1p1+x509-12.3/version.h 2019-10-13 09:07:00.000000000 +0300 +-@@ -2,5 +2,4 @@ +- +- #define SSH_VERSION "OpenSSH_8.1" +- +--#define SSH_PORTABLE "p1" +--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE +-+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" + diff -ruN openssh-8.1p1/version.m4 openssh-8.1p1+x509-12.3/version.m4 + --- openssh-8.1p1/version.m4 1970-01-01 02:00:00.000000000 +0200 + +++ openssh-8.1p1+x509-12.3/version.m4 2019-10-13 09:07:00.000000000 +0300 diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-GSSAPI-dns.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-GSSAPI-dns.patch new file mode 100644 index 0000000000..d4db77b985 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-GSSAPI-dns.patch @@ -0,0 +1,359 @@ +diff --git a/auth.c b/auth.c +index 086b8ebb..a267353c 100644 +--- a/auth.c ++++ b/auth.c +@@ -724,120 +724,6 @@ fakepw(void) + return (&fake); + } + +-/* +- * Returns the remote DNS hostname as a string. The returned string must not +- * be freed. NB. this will usually trigger a DNS query the first time it is +- * called. +- * This function does additional checks on the hostname to mitigate some +- * attacks on legacy rhosts-style authentication. +- * XXX is RhostsRSAAuthentication vulnerable to these? +- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) +- */ +- +-static char * +-remote_hostname(struct ssh *ssh) +-{ +- struct sockaddr_storage from; +- socklen_t fromlen; +- struct addrinfo hints, *ai, *aitop; +- char name[NI_MAXHOST], ntop2[NI_MAXHOST]; +- const char *ntop = ssh_remote_ipaddr(ssh); +- +- /* Get IP address of client. */ +- fromlen = sizeof(from); +- memset(&from, 0, sizeof(from)); +- if (getpeername(ssh_packet_get_connection_in(ssh), +- (struct sockaddr *)&from, &fromlen) == -1) { +- debug("getpeername failed: %.100s", strerror(errno)); +- return xstrdup(ntop); +- } +- +- ipv64_normalise_mapped(&from, &fromlen); +- if (from.ss_family == AF_INET6) +- fromlen = sizeof(struct sockaddr_in6); +- +- debug3("Trying to reverse map address %.100s.", ntop); +- /* Map the IP address to a host name. */ +- if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), +- NULL, 0, NI_NAMEREQD) != 0) { +- /* Host name not found. Use ip address. */ +- return xstrdup(ntop); +- } +- +- /* +- * if reverse lookup result looks like a numeric hostname, +- * someone is trying to trick us by PTR record like following: +- * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 +- */ +- memset(&hints, 0, sizeof(hints)); +- hints.ai_socktype = SOCK_DGRAM; /*dummy*/ +- hints.ai_flags = AI_NUMERICHOST; +- if (getaddrinfo(name, NULL, &hints, &ai) == 0) { +- logit("Nasty PTR record \"%s\" is set up for %s, ignoring", +- name, ntop); +- freeaddrinfo(ai); +- return xstrdup(ntop); +- } +- +- /* Names are stored in lowercase. */ +- lowercase(name); +- +- /* +- * Map it back to an IP address and check that the given +- * address actually is an address of this host. This is +- * necessary because anyone with access to a name server can +- * define arbitrary names for an IP address. Mapping from +- * name to IP address can be trusted better (but can still be +- * fooled if the intruder has access to the name server of +- * the domain). +- */ +- memset(&hints, 0, sizeof(hints)); +- hints.ai_family = from.ss_family; +- hints.ai_socktype = SOCK_STREAM; +- if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { +- logit("reverse mapping checking getaddrinfo for %.700s " +- "[%s] failed.", name, ntop); +- return xstrdup(ntop); +- } +- /* Look for the address from the list of addresses. */ +- for (ai = aitop; ai; ai = ai->ai_next) { +- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, +- sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && +- (strcmp(ntop, ntop2) == 0)) +- break; +- } +- freeaddrinfo(aitop); +- /* If we reached the end of the list, the address was not there. */ +- if (ai == NULL) { +- /* Address not found for the host name. */ +- logit("Address %.100s maps to %.600s, but this does not " +- "map back to the address.", ntop, name); +- return xstrdup(ntop); +- } +- return xstrdup(name); +-} +- +-/* +- * Return the canonical name of the host in the other side of the current +- * connection. The host name is cached, so it is efficient to call this +- * several times. +- */ +- +-const char * +-auth_get_canonical_hostname(struct ssh *ssh, int use_dns) +-{ +- static char *dnsname; +- +- if (!use_dns) +- return ssh_remote_ipaddr(ssh); +- else if (dnsname != NULL) +- return dnsname; +- else { +- dnsname = remote_hostname(ssh); +- return dnsname; +- } +-} +- + /* + * Runs command in a subprocess with a minimal environment. + * Returns pid on success, 0 on failure. +diff --git a/canohost.c b/canohost.c +index abea9c6e..4f4524d2 100644 +--- a/canohost.c ++++ b/canohost.c +@@ -202,3 +202,117 @@ get_local_port(int sock) + { + return get_sock_port(sock, 1); + } ++ ++/* ++ * Returns the remote DNS hostname as a string. The returned string must not ++ * be freed. NB. this will usually trigger a DNS query the first time it is ++ * called. ++ * This function does additional checks on the hostname to mitigate some ++ * attacks on legacy rhosts-style authentication. ++ * XXX is RhostsRSAAuthentication vulnerable to these? ++ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) ++ */ ++ ++static char * ++remote_hostname(struct ssh *ssh) ++{ ++ struct sockaddr_storage from; ++ socklen_t fromlen; ++ struct addrinfo hints, *ai, *aitop; ++ char name[NI_MAXHOST], ntop2[NI_MAXHOST]; ++ const char *ntop = ssh_remote_ipaddr(ssh); ++ ++ /* Get IP address of client. */ ++ fromlen = sizeof(from); ++ memset(&from, 0, sizeof(from)); ++ if (getpeername(ssh_packet_get_connection_in(ssh), ++ (struct sockaddr *)&from, &fromlen) < 0) { ++ debug("getpeername failed: %.100s", strerror(errno)); ++ return strdup(ntop); ++ } ++ ++ ipv64_normalise_mapped(&from, &fromlen); ++ if (from.ss_family == AF_INET6) ++ fromlen = sizeof(struct sockaddr_in6); ++ ++ debug3("Trying to reverse map address %.100s.", ntop); ++ /* Map the IP address to a host name. */ ++ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), ++ NULL, 0, NI_NAMEREQD) != 0) { ++ /* Host name not found. Use ip address. */ ++ return strdup(ntop); ++ } ++ ++ /* ++ * if reverse lookup result looks like a numeric hostname, ++ * someone is trying to trick us by PTR record like following: ++ * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 ++ */ ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_socktype = SOCK_DGRAM; /*dummy*/ ++ hints.ai_flags = AI_NUMERICHOST; ++ if (getaddrinfo(name, NULL, &hints, &ai) == 0) { ++ logit("Nasty PTR record \"%s\" is set up for %s, ignoring", ++ name, ntop); ++ freeaddrinfo(ai); ++ return strdup(ntop); ++ } ++ ++ /* Names are stored in lowercase. */ ++ lowercase(name); ++ ++ /* ++ * Map it back to an IP address and check that the given ++ * address actually is an address of this host. This is ++ * necessary because anyone with access to a name server can ++ * define arbitrary names for an IP address. Mapping from ++ * name to IP address can be trusted better (but can still be ++ * fooled if the intruder has access to the name server of ++ * the domain). ++ */ ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = from.ss_family; ++ hints.ai_socktype = SOCK_STREAM; ++ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { ++ logit("reverse mapping checking getaddrinfo for %.700s " ++ "[%s] failed.", name, ntop); ++ return strdup(ntop); ++ } ++ /* Look for the address from the list of addresses. */ ++ for (ai = aitop; ai; ai = ai->ai_next) { ++ if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, ++ sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && ++ (strcmp(ntop, ntop2) == 0)) ++ break; ++ } ++ freeaddrinfo(aitop); ++ /* If we reached the end of the list, the address was not there. */ ++ if (ai == NULL) { ++ /* Address not found for the host name. */ ++ logit("Address %.100s maps to %.600s, but this does not " ++ "map back to the address.", ntop, name); ++ return strdup(ntop); ++ } ++ return strdup(name); ++} ++ ++/* ++ * Return the canonical name of the host in the other side of the current ++ * connection. The host name is cached, so it is efficient to call this ++ * several times. ++ */ ++ ++const char * ++auth_get_canonical_hostname(struct ssh *ssh, int use_dns) ++{ ++ static char *dnsname; ++ ++ if (!use_dns) ++ return ssh_remote_ipaddr(ssh); ++ else if (dnsname != NULL) ++ return dnsname; ++ else { ++ dnsname = remote_hostname(ssh); ++ return dnsname; ++ } ++} +diff --git a/readconf.c b/readconf.c +index f3cac6b3..adfd7a4e 100644 +--- a/readconf.c ++++ b/readconf.c +@@ -160,6 +160,7 @@ typedef enum { + oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, + oAddressFamily, oGssAuthentication, oGssDelegateCreds, ++ oGssTrustDns, + oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, + oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, + oHashKnownHosts, +@@ -205,9 +206,11 @@ static struct { + #if defined(GSSAPI) + { "gssapiauthentication", oGssAuthentication }, + { "gssapidelegatecredentials", oGssDelegateCreds }, ++ { "gssapitrustdns", oGssTrustDns }, + # else + { "gssapiauthentication", oUnsupported }, + { "gssapidelegatecredentials", oUnsupported }, ++ { "gssapitrustdns", oUnsupported }, + #endif + #ifdef ENABLE_PKCS11 + { "pkcs11provider", oPKCS11Provider }, +@@ -1033,6 +1036,10 @@ parse_time: + intptr = &options->gss_deleg_creds; + goto parse_flag; + ++ case oGssTrustDns: ++ intptr = &options->gss_trust_dns; ++ goto parse_flag; ++ + case oBatchMode: + intptr = &options->batch_mode; + goto parse_flag; +@@ -1912,6 +1919,7 @@ initialize_options(Options * options) + options->challenge_response_authentication = -1; + options->gss_authentication = -1; + options->gss_deleg_creds = -1; ++ options->gss_trust_dns = -1; + options->password_authentication = -1; + options->kbd_interactive_authentication = -1; + options->kbd_interactive_devices = NULL; +@@ -2061,6 +2069,8 @@ fill_default_options(Options * options) + options->gss_authentication = 0; + if (options->gss_deleg_creds == -1) + options->gss_deleg_creds = 0; ++ if (options->gss_trust_dns == -1) ++ options->gss_trust_dns = 0; + if (options->password_authentication == -1) + options->password_authentication = 1; + if (options->kbd_interactive_authentication == -1) +diff --git a/readconf.h b/readconf.h +index feedb3d2..c7139c1b 100644 +--- a/readconf.h ++++ b/readconf.h +@@ -42,6 +42,7 @@ typedef struct { + /* Try S/Key or TIS, authentication. */ + int gss_authentication; /* Try GSS authentication */ + int gss_deleg_creds; /* Delegate GSS credentials */ ++ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ + int password_authentication; /* Try password + * authentication. */ + int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ +diff --git a/ssh_config.5 b/ssh_config.5 +index 06a32d31..6871ff36 100644 +--- a/ssh_config.5 ++++ b/ssh_config.5 +@@ -770,6 +770,16 @@ The default is + Forward (delegate) credentials to the server. + The default is + .Cm no . ++Note that this option applies to protocol version 2 connections using GSSAPI. ++.It Cm GSSAPITrustDns ++Set to ++.Dq yes to indicate that the DNS is trusted to securely canonicalize ++the name of the host being connected to. If ++.Dq no, the hostname entered on the ++command line will be passed untouched to the GSSAPI library. ++The default is ++.Dq no . ++This option only applies to protocol version 2 connections using GSSAPI. + .It Cm HashKnownHosts + Indicates that + .Xr ssh 1 +diff --git a/sshconnect2.c b/sshconnect2.c +index af00fb30..652463c5 100644 +--- a/sshconnect2.c ++++ b/sshconnect2.c +@@ -716,6 +716,13 @@ userauth_gssapi(struct ssh *ssh) + OM_uint32 min; + int r, ok = 0; + gss_OID mech = NULL; ++ const char *gss_host; ++ ++ if (options.gss_trust_dns) { ++ extern const char *auth_get_canonical_hostname(struct ssh *ssh, int use_dns); ++ gss_host = auth_get_canonical_hostname(ssh, 1); ++ } else ++ gss_host = authctxt->host; + + /* Try one GSSAPI method at a time, rather than sending them all at + * once. */ +@@ -730,7 +737,7 @@ userauth_gssapi(struct ssh *ssh) + elements[authctxt->mech_tried]; + /* My DER encoding requires length<128 */ + if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt, +- mech, authctxt->host)) { ++ mech, gss_host)) { + ok = 1; /* Mechanism works */ + } else { + authctxt->mech_tried++; diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.3-tests.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.3-tests.patch new file mode 100644 index 0000000000..1c58d0d5d8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.3-tests.patch @@ -0,0 +1,11 @@ +--- a/openbsd-compat/regress/Makefile.in 2020-02-15 10:59:01.210601434 -0700 ++++ b/openbsd-compat/regress/Makefile.in 2020-02-15 10:59:18.753485852 -0700 +@@ -7,7 +7,7 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ ++CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ + EXEEXT=@EXEEXT@ + LIBCOMPAT=../libopenbsd-compat.a + LIBS=@LIBS@ diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.3.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.3.patch new file mode 100644 index 0000000000..e73c499d5c --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.3.patch @@ -0,0 +1,128 @@ +--- a/openssh-8.2p1+x509-12.4.3.diff 2020-03-21 11:15:05.939809371 -0700 ++++ b/openssh-8.2p1+x509-12.4.3.diff 2020-03-21 11:23:15.424752355 -0700 +@@ -39298,16 +39298,15 @@ + + install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config + install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf +-@@ -378,6 +379,8 @@ ++@@ -378,6 +379,7 @@ + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 + $(MKDIR_P) $(DESTDIR)$(libexecdir) + + $(MKDIR_P) $(DESTDIR)$(sshcadir) +-+ $(MKDIR_P) $(DESTDIR)$(piddir) + $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) +-@@ -386,11 +389,14 @@ ++@@ -386,11 +388,14 @@ + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT) +@@ -39326,7 +39325,7 @@ + $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 + $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 + $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 +-@@ -400,12 +406,12 @@ ++@@ -400,12 +405,12 @@ + $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5 + $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 + $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 +@@ -39340,7 +39339,7 @@ + + install-sysconf: + $(MKDIR_P) $(DESTDIR)$(sysconfdir) +-@@ -463,10 +469,9 @@ ++@@ -463,10 +468,9 @@ + -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) + -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) + -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) +@@ -39354,7 +39353,7 @@ + -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 + -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 + -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 +-@@ -478,7 +483,6 @@ ++@@ -478,7 +482,6 @@ + -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 + -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 + -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 +@@ -39362,7 +39361,7 @@ + + regress-prep: + $(MKDIR_P) `pwd`/regress/unittests/test_helper +-@@ -491,11 +495,11 @@ ++@@ -491,11 +494,11 @@ + $(MKDIR_P) `pwd`/regress/unittests/match + $(MKDIR_P) `pwd`/regress/unittests/utf8 + $(MKDIR_P) `pwd`/regress/misc/kexfuzz +@@ -39376,7 +39375,7 @@ + + regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c $(REGRESSLIBS) + $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \ +-@@ -546,8 +550,7 @@ ++@@ -546,8 +549,7 @@ + regress/unittests/sshkey/tests.o \ + regress/unittests/sshkey/common.o \ + regress/unittests/sshkey/test_file.o \ +@@ -39406,7 +39405,7 @@ + + regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \ + ${UNITTESTS_TEST_HOSTKEYS_OBJS} \ +-@@ -618,35 +619,18 @@ ++@@ -618,35 +618,18 @@ + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + + MISC_KEX_FUZZ_OBJS=\ +@@ -39444,7 +39443,7 @@ + regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ + regress/unittests/sshkey/test_sshkey$(EXEEXT) \ + regress/unittests/bitmap/test_bitmap$(EXEEXT) \ +-@@ -657,36 +641,29 @@ ++@@ -657,36 +640,29 @@ + regress/unittests/utf8/test_utf8$(EXEEXT) \ + regress/misc/kexfuzz/kexfuzz$(EXEEXT) + +@@ -39501,7 +39500,7 @@ + TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \ + TEST_SSH_UTF8="@TEST_SSH_UTF8@" ; \ + TEST_SSH_ECC="@TEST_SSH_ECC@" ; \ +-@@ -708,8 +685,6 @@ ++@@ -708,8 +684,6 @@ + TEST_SSH_SSHPKCS11HELPER="$${TEST_SSH_SSHPKCS11HELPER}" \ + TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \ + TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \ +@@ -39510,7 +39509,7 @@ + TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \ + TEST_SSH_PLINK="$${TEST_SSH_PLINK}" \ + TEST_SSH_PUTTYGEN="$${TEST_SSH_PUTTYGEN}" \ +-@@ -717,17 +692,35 @@ ++@@ -717,17 +691,35 @@ + TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \ + TEST_SSH_UTF8="$${TEST_SSH_UTF8}" \ + TEST_SSH_ECC="$${TEST_SSH_ECC}" \ +@@ -39549,7 +39548,7 @@ + + survey: survey.sh ssh + @$(SHELL) ./survey.sh > survey +-@@ -743,4 +736,8 @@ ++@@ -743,4 +735,8 @@ + sh buildpkg.sh; \ + fi + +@@ -98215,16 +98214,6 @@ + + return mbtowc(NULL, s, n); + +} + +#endif +-diff -ruN openssh-8.2p1/version.h openssh-8.2p1+x509-12.4.3/version.h +---- openssh-8.2p1/version.h 2020-02-14 02:40:54.000000000 +0200 +-+++ openssh-8.2p1+x509-12.4.3/version.h 2020-03-21 19:07:00.000000000 +0200 +-@@ -2,5 +2,4 @@ +- +- #define SSH_VERSION "OpenSSH_8.2" +- +--#define SSH_PORTABLE "p1" +--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE +-+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" + diff -ruN openssh-8.2p1/version.m4 openssh-8.2p1+x509-12.4.3/version.m4 + --- openssh-8.2p1/version.m4 1970-01-01 02:00:00.000000000 +0200 + +++ openssh-8.2p1+x509-12.4.3/version.m4 2020-03-21 19:07:00.000000000 +0200 diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-X509-glue.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-X509-glue.patch new file mode 100644 index 0000000000..5af4534ce7 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-X509-glue.patch @@ -0,0 +1,133 @@ +diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff +--- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 13:41:56.143193830 -0800 ++++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 13:46:40.060133610 -0800 +@@ -3,9 +3,9 @@ + --- a/Makefile.in + +++ b/Makefile.in + @@ -42,7 +42,7 @@ CC=@CC@ +- CFLAGS_NOPIE=@CFLAGS_NOPIE@ +- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ +- PICFLAG=@PICFLAG@ ++ LD=@LD@ ++ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA) ++ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ + -LIBS=@LIBS@ + +LIBS=@LIBS@ -lpthread + K5LIBS=@K5LIBS@ +@@ -803,8 +803,8 @@ + ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) + { + struct session_state *state; +-- const struct sshcipher *none = cipher_by_name("none"); +-+ struct sshcipher *none = cipher_by_name("none"); ++- const struct sshcipher *none = cipher_none(); +++ struct sshcipher *none = cipher_none(); + int r; + + if (none == NULL) { +@@ -902,14 +902,14 @@ + + /* + @@ -2118,6 +2125,8 @@ fill_default_options(Options * options) +- options->canonicalize_hostname = SSH_CANONICALISE_NO; +- if (options->fingerprint_hash == -1) + options->fingerprint_hash = SSH_FP_HASH_DEFAULT; ++ if (options->update_hostkeys == -1) ++ options->update_hostkeys = 0; + + if (options->disable_multithreaded == -1) + + options->disable_multithreaded = 0; +- #ifdef ENABLE_SK_INTERNAL + if (options->sk_provider == NULL) +- options->sk_provider = xstrdup("internal"); ++ options->sk_provider = xstrdup("$SSH_SK_PROVIDER"); ++ + diff --git a/readconf.h b/readconf.h + index 8e36bf32..c803eca7 100644 + --- a/readconf.h +@@ -948,9 +948,9 @@ + /* Portable-specific options */ + sUsePAM, + + sDisableMTAES, +- /* Standard Options */ +- sPort, sHostKeyFile, sLoginGraceTime, +- sPermitRootLogin, sLogFacility, sLogLevel, ++ /* X.509 Standard Options */ ++ sHostbasedAlgorithms, ++ sPubkeyAlgorithms, + @@ -643,6 +647,7 @@ static struct { + { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, + { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, +Only in b: openssh-8_1_P1-hpn-AES-CTR-14.20.diff.orig +diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff +--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 13:41:56.144193830 -0800 ++++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 13:45:36.665147504 -0800 +@@ -382,7 +382,7 @@ + @@ -884,6 +884,10 @@ kex_choose_conf(struct ssh *ssh) + int nenc, nmac, ncomp; + u_int mode, ctos, need, dh_need, authlen; +- int r, first_kex_follows; ++ int r, first_kex_follows = 0; + + int auth_flag; + + + + auth_flag = packet_authentication_state(ssh); +@@ -391,8 +391,8 @@ + debug2("local %s KEXINIT proposal", kex->server ? "server" : "client"); + if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0) + @@ -954,6 +958,14 @@ kex_choose_conf(struct ssh *ssh) +- peer[ncomp] = NULL; +- goto out; ++ else ++ fatal("Pre-authentication none cipher requests are not allowed."); + } + + debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name); + + if (strcmp(newkeys->enc.name, "none") == 0) { +@@ -1169,15 +1169,3 @@ + # Example of overriding settings on a per-user basis + #Match User anoncvs + # X11Forwarding no +-diff --git a/version.h b/version.h +-index 6b3fadf8..ec1d2e27 100644 +---- a/version.h +-+++ b/version.h +-@@ -3,4 +3,6 @@ +- #define SSH_VERSION "OpenSSH_8.1" +- +- #define SSH_PORTABLE "p1" +--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE +-+#define SSH_HPN "-hpn14v20" +-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN +-+ +diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-PeakTput-14.20.diff b/openssh-8_1_P1-hpn-PeakTput-14.20.diff +--- a/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-15 13:41:43.834196317 -0800 ++++ b/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-15 13:45:36.665147504 -0800 +@@ -12,9 +12,9 @@ + static long stalled; /* how long we have been stalled */ + static int bytes_per_second; /* current speed in bytes per second */ + @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update) ++ off_t bytes_left; + int cur_speed; +- int hours, minutes, seconds; +- int file_len; ++ int len; + + off_t delta_pos; + + if ((!force_update && !alarm_fired && !win_resized) || !can_output()) +@@ -33,12 +33,12 @@ + @@ -166,7 +173,7 @@ refresh_progress_meter(int force_update) + + /* filename */ +- buf[0] = '\0'; +-- file_len = win_size - 36; +-+ file_len = win_size - 45; +- if (file_len > 0) { +- buf[0] = '\r'; +- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s", ++ if (win_size > 36) { ++- int file_len = win_size - 36; +++ int file_len = win_size - 45; ++ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ", ++ file_len, file); ++ } + @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update) + (off_t)bytes_per_second); + strlcat(buf, "/s ", win_size); diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-glue.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-glue.patch new file mode 100644 index 0000000000..b2163fe5ad --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-glue.patch @@ -0,0 +1,151 @@ +diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff +--- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 12:50:44.413776914 -0800 ++++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 12:53:06.190742744 -0800 +@@ -3,9 +3,9 @@ + --- a/Makefile.in + +++ b/Makefile.in + @@ -42,7 +42,7 @@ CC=@CC@ +- LD=@LD@ +- CFLAGS=@CFLAGS@ ++ CFLAGS_NOPIE=@CFLAGS_NOPIE@ + CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ ++ PICFLAG=@PICFLAG@ + -LIBS=@LIBS@ + +LIBS=@LIBS@ -lpthread + K5LIBS=@K5LIBS@ +@@ -902,14 +902,14 @@ + + /* + @@ -2118,6 +2125,8 @@ fill_default_options(Options * options) ++ options->canonicalize_hostname = SSH_CANONICALISE_NO; ++ if (options->fingerprint_hash == -1) + options->fingerprint_hash = SSH_FP_HASH_DEFAULT; +- if (options->update_hostkeys == -1) +- options->update_hostkeys = 0; + + if (options->disable_multithreaded == -1) + + options->disable_multithreaded = 0; +- +- /* Expand KEX name lists */ +- all_cipher = cipher_alg_list(',', 0); ++ #ifdef ENABLE_SK_INTERNAL ++ if (options->sk_provider == NULL) ++ options->sk_provider = xstrdup("internal"); + diff --git a/readconf.h b/readconf.h + index 8e36bf32..c803eca7 100644 + --- a/readconf.h +@@ -952,9 +952,9 @@ + sPort, sHostKeyFile, sLoginGraceTime, + sPermitRootLogin, sLogFacility, sLogLevel, + @@ -643,6 +647,7 @@ static struct { +- { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, + { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, + { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, ++ { "include", sInclude, SSHCFG_ALL }, + + { "disableMTAES", sDisableMTAES, SSHCFG_ALL }, + { "ipqos", sIPQoS, SSHCFG_ALL }, + { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, +diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff +--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:50:44.413776914 -0800 ++++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:51:19.541768656 -0800 +@@ -409,18 +409,10 @@ + index 817da43b..b2bcf78f 100644 + --- a/packet.c + +++ b/packet.c +-@@ -925,6 +925,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) ++@@ -925,6 +925,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) + return 0; + } + +-+/* this supports the forced rekeying required for the NONE cipher */ +-+int rekey_requested = 0; +-+void +-+packet_request_rekeying(void) +-+{ +-+ rekey_requested = 1; +-+} +-+ + +/* used to determine if pre or post auth when rekeying for aes-ctr + + * and none cipher switch */ + +int +@@ -434,20 +426,6 @@ + #define MAX_PACKETS (1U<<31) + static int + ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) +-@@ -951,6 +969,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) +- if (state->p_send.packets == 0 && state->p_read.packets == 0) +- return 0; +- +-+ /* used to force rekeying when called for by the none +-+ * cipher switch methods -cjr */ +-+ if (rekey_requested == 1) { +-+ rekey_requested = 0; +-+ return 1; +-+ } +-+ +- /* Time-based rekeying */ +- if (state->rekey_interval != 0 && +- (int64_t)state->rekey_time + state->rekey_interval <= monotime()) + diff --git a/packet.h b/packet.h + index 8ccfd2e0..1ad9bc06 100644 + --- a/packet.h +@@ -476,9 +454,9 @@ + /* Format of the configuration file: + + @@ -167,6 +168,8 @@ typedef enum { +- oHashKnownHosts, + oTunnel, oTunnelDevice, + oLocalCommand, oPermitLocalCommand, oRemoteCommand, ++ oDisableMTAES, + + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, + + oNoneEnabled, oNoneSwitch, + oVisualHostKey, +@@ -615,9 +593,9 @@ + int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ + SyslogFacility log_facility; /* Facility for system logging. */ + @@ -112,7 +116,10 @@ typedef struct { +- + int enable_ssh_keysign; + int64_t rekey_limit; ++ int disable_multithreaded; /*disable multithreaded aes-ctr*/ + + int none_switch; /* Use none cipher */ + + int none_enabled; /* Allow none to be used */ + int rekey_interval; +@@ -700,9 +678,9 @@ + + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; + + } + + ++ if (options->disable_multithreaded == -1) ++ options->disable_multithreaded = 0; + if (options->ip_qos_interactive == -1) +- options->ip_qos_interactive = IPTOS_DSCP_AF21; +- if (options->ip_qos_bulk == -1) + @@ -486,6 +532,8 @@ typedef enum { + sPasswordAuthentication, sKbdInteractiveAuthentication, + sListenAddress, sAddressFamily, +@@ -1079,11 +1057,11 @@ + xxx_host = host; + xxx_hostaddr = hostaddr; + +-@@ -422,6 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, ++@@ -422,7 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, + + if (!authctxt.success) + fatal("Authentication failed."); +-+ ++ + + /* + + * If the user wants to use the none cipher, do it post authentication + + * and only if the right conditions are met -- both of the NONE commands +@@ -1105,9 +1083,9 @@ + + } + + } + + +- debug("Authentication succeeded (%s).", authctxt.method->name); +- } +- ++ #ifdef WITH_OPENSSL ++ if (options.disable_multithreaded == 0) { ++ /* if we are using aes-ctr there can be issues in either a fork or sandbox + diff --git a/sshd.c b/sshd.c + index 11571c01..23a06022 100644 + --- a/sshd.c diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch new file mode 100644 index 0000000000..69dd22a5ee --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch @@ -0,0 +1,20 @@ +--- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-04-17 10:31:37.392120799 -0700 ++++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-04-17 10:32:46.143684424 -0700 +@@ -672,7 +672,7 @@ + +const EVP_CIPHER * + +evp_aes_ctr_mt(void) + +{ +-+# if OPENSSL_VERSION_NUMBER >= 0x10100000UL +++# if (OPENSSL_VERSION_NUMBER >= 0x10100000UL || defined(HAVE_OPAQUE_STRUCTS)) && !defined(LIBRESSL_VERSION_NUMBER) + + static EVP_CIPHER *aes_ctr; + + aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/); + + EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE); +@@ -701,7 +701,7 @@ + + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; + +# endif /*SSH_OLD_EVP*/ + + return &aes_ctr; +-+# endif /*OPENSSH_VERSION_NUMBER*/ +++# endif /*OPENSSL_VERSION_NUMBER*/ + +} + + + +#endif /* defined(WITH_OPENSSL) */ diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-sctp-glue.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-sctp-glue.patch new file mode 100644 index 0000000000..2397aad96f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-sctp-glue.patch @@ -0,0 +1,19 @@ +diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff +--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:10:00.321998279 -0800 ++++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:10:21.759980508 -0800 +@@ -1169,15 +1169,3 @@ + # Example of overriding settings on a per-user basis + #Match User anoncvs + # X11Forwarding no +-diff --git a/version.h b/version.h +-index 6b3fadf8..ec1d2e27 100644 +---- a/version.h +-+++ b/version.h +-@@ -3,4 +3,6 @@ +- #define SSH_VERSION "OpenSSH_8.1" +- +- #define SSH_PORTABLE "p1" +--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE +-+#define SSH_HPN "-hpn14v20" +-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN +-+ diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.3_p1-X509-glue-12.5.1.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.3_p1-X509-glue-12.5.1.patch new file mode 100644 index 0000000000..d1651bc187 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.3_p1-X509-glue-12.5.1.patch @@ -0,0 +1,35 @@ +Only in b: .openssh-8.3p1+x509-12.5.1.diff.un~ +diff -u a/openssh-8.3p1+x509-12.5.1.diff b/openssh-8.3p1+x509-12.5.1.diff +--- a/openssh-8.3p1+x509-12.5.1.diff 2020-06-08 10:13:08.937543708 -0700 ++++ b/openssh-8.3p1+x509-12.5.1.diff 2020-06-08 10:16:33.417271984 -0700 +@@ -35541,12 +35541,11 @@ + + install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config + install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf +-@@ -382,6 +363,8 @@ ++@@ -382,6 +363,7 @@ + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 + $(MKDIR_P) $(DESTDIR)$(libexecdir) + + $(MKDIR_P) $(DESTDIR)$(sshcadir) +-+ $(MKDIR_P) $(DESTDIR)$(piddir) + $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) +@@ -97028,16 +97027,6 @@ + +int asnmprintf(char **, size_t, int *, const char *, ...) + __attribute__((format(printf, 4, 5))); + void msetlocale(void); +-diff -ruN openssh-8.3p1/version.h openssh-8.3p1+x509-12.5.1/version.h +---- openssh-8.3p1/version.h 2020-05-27 03:38:00.000000000 +0300 +-+++ openssh-8.3p1+x509-12.5.1/version.h 2020-06-07 11:07:00.000000000 +0300 +-@@ -2,5 +2,4 @@ +- +- #define SSH_VERSION "OpenSSH_8.3" +- +--#define SSH_PORTABLE "p1" +--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE +-+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" + diff -ruN openssh-8.3p1/version.m4 openssh-8.3p1+x509-12.5.1/version.m4 + --- openssh-8.3p1/version.m4 1970-01-01 02:00:00.000000000 +0200 + +++ openssh-8.3p1+x509-12.5.1/version.m4 2020-06-07 11:07:00.000000000 +0300 diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.3_p1-hpn-14.20-glue.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.3_p1-hpn-14.20-glue.patch new file mode 100644 index 0000000000..4414f9be53 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.3_p1-hpn-14.20-glue.patch @@ -0,0 +1,177 @@ +Only in b: .openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff.un~ +diff -ur a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff +--- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-05-27 13:52:27.704108928 -0700 ++++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-05-27 13:52:49.803967500 -0700 +@@ -3,9 +3,9 @@ + --- a/Makefile.in + +++ b/Makefile.in + @@ -42,7 +42,7 @@ CC=@CC@ +- LD=@LD@ +- CFLAGS=@CFLAGS@ ++ CFLAGS_NOPIE=@CFLAGS_NOPIE@ + CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ ++ PICFLAG=@PICFLAG@ + -LIBS=@LIBS@ + +LIBS=@LIBS@ -lpthread + K5LIBS=@K5LIBS@ +@@ -902,14 +902,14 @@ + + /* + @@ -2118,6 +2125,8 @@ fill_default_options(Options * options) ++ options->canonicalize_hostname = SSH_CANONICALISE_NO; ++ if (options->fingerprint_hash == -1) + options->fingerprint_hash = SSH_FP_HASH_DEFAULT; +- if (options->update_hostkeys == -1) +- options->update_hostkeys = 0; + + if (options->disable_multithreaded == -1) + + options->disable_multithreaded = 0; +- +- /* Expand KEX name lists */ +- all_cipher = cipher_alg_list(',', 0); ++ #ifdef ENABLE_SK_INTERNAL ++ if (options->sk_provider == NULL) ++ options->sk_provider = xstrdup("internal"); + diff --git a/readconf.h b/readconf.h + index 8e36bf32..c803eca7 100644 + --- a/readconf.h +@@ -952,9 +952,9 @@ + sPort, sHostKeyFile, sLoginGraceTime, + sPermitRootLogin, sLogFacility, sLogLevel, + @@ -643,6 +647,7 @@ static struct { +- { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, + { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, + { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, ++ { "include", sInclude, SSHCFG_ALL }, + + { "disableMTAES", sDisableMTAES, SSHCFG_ALL }, + { "ipqos", sIPQoS, SSHCFG_ALL }, + { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, +diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff +--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-05-27 13:52:27.705108921 -0700 ++++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-05-27 14:03:57.888683100 -0700 +@@ -409,18 +409,10 @@ + index 817da43b..b2bcf78f 100644 + --- a/packet.c + +++ b/packet.c +-@@ -925,6 +925,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) ++@@ -925,6 +925,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) + return 0; + } + +-+/* this supports the forced rekeying required for the NONE cipher */ +-+int rekey_requested = 0; +-+void +-+packet_request_rekeying(void) +-+{ +-+ rekey_requested = 1; +-+} +-+ + +/* used to determine if pre or post auth when rekeying for aes-ctr + + * and none cipher switch */ + +int +@@ -434,20 +426,6 @@ + #define MAX_PACKETS (1U<<31) + static int + ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) +-@@ -951,6 +969,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) +- if (state->p_send.packets == 0 && state->p_read.packets == 0) +- return 0; +- +-+ /* used to force rekeying when called for by the none +-+ * cipher switch methods -cjr */ +-+ if (rekey_requested == 1) { +-+ rekey_requested = 0; +-+ return 1; +-+ } +-+ +- /* Time-based rekeying */ +- if (state->rekey_interval != 0 && +- (int64_t)state->rekey_time + state->rekey_interval <= monotime()) + diff --git a/packet.h b/packet.h + index 8ccfd2e0..1ad9bc06 100644 + --- a/packet.h +@@ -476,9 +454,9 @@ + /* Format of the configuration file: + + @@ -167,6 +168,8 @@ typedef enum { +- oHashKnownHosts, + oTunnel, oTunnelDevice, + oLocalCommand, oPermitLocalCommand, oRemoteCommand, ++ oDisableMTAES, + + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, + + oNoneEnabled, oNoneSwitch, + oVisualHostKey, +@@ -615,9 +593,9 @@ + int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ + SyslogFacility log_facility; /* Facility for system logging. */ + @@ -112,7 +116,10 @@ typedef struct { +- + int enable_ssh_keysign; + int64_t rekey_limit; ++ int disable_multithreaded; /*disable multithreaded aes-ctr*/ + + int none_switch; /* Use none cipher */ + + int none_enabled; /* Allow none to be used */ + int rekey_interval; +@@ -700,9 +678,9 @@ + + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; + + } + + ++ if (options->disable_multithreaded == -1) ++ options->disable_multithreaded = 0; + if (options->ip_qos_interactive == -1) +- options->ip_qos_interactive = IPTOS_DSCP_AF21; +- if (options->ip_qos_bulk == -1) + @@ -486,6 +532,8 @@ typedef enum { + sPasswordAuthentication, sKbdInteractiveAuthentication, + sListenAddress, sAddressFamily, +@@ -731,11 +709,10 @@ + *flags = keywords[i].flags; + return keywords[i].opcode; + } +-@@ -1424,10 +1477,27 @@ process_server_config_line(ServerOptions *options, char *line, +- multistate_ptr = multistate_flag; ++@@ -1424,12 +1477,28 @@ process_server_config_line(ServerOptions *options, char *line, ++ multistate_ptr = multistate_ignore_rhosts; + goto parse_multistate; + +-+ + + case sTcpRcvBufPoll: + + intptr = &options->tcp_rcv_buf_poll; + + goto parse_flag; +@@ -750,7 +727,9 @@ + + + case sIgnoreUserKnownHosts: + intptr = &options->ignore_user_known_hosts; +- goto parse_flag; ++ parse_flag: ++ multistate_ptr = multistate_flag; ++ goto parse_multistate; + + + case sNoneEnabled: + + intptr = &options->none_enabled; +@@ -1079,11 +1058,11 @@ + xxx_host = host; + xxx_hostaddr = hostaddr; + +-@@ -422,6 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, ++@@ -422,7 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, + + if (!authctxt.success) + fatal("Authentication failed."); +-+ ++ + + /* + + * If the user wants to use the none cipher, do it post authentication + + * and only if the right conditions are met -- both of the NONE commands +@@ -1105,9 +1084,9 @@ + + } + + } + + +- debug("Authentication succeeded (%s).", authctxt.method->name); +- } +- ++ #ifdef WITH_OPENSSL ++ if (options.disable_multithreaded == 0) { ++ /* if we are using aes-ctr there can be issues in either a fork or sandbox + diff --git a/sshd.c b/sshd.c + index 11571c01..23a06022 100644 + --- a/sshd.c diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.3_p1-sha2-include.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.3_p1-sha2-include.patch new file mode 100644 index 0000000000..6bd7166197 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.3_p1-sha2-include.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile.in b/Makefile.in +index c9e4294d..2dbfac24 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -44,7 +44,7 @@ CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ + CFLAGS_NOPIE=@CFLAGS_NOPIE@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) -I$(srcdir)/openbsd-compat @CPPFLAGS@ $(PATHS) @DEFS@ + PICFLAG=@PICFLAG@ + LIBS=@LIBS@ + K5LIBS=@K5LIBS@ diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.confd b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.confd deleted file mode 100644 index 28952b4a28..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.confd +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/conf.d/sshd: config file for /etc/init.d/sshd - -# Where is your sshd_config file stored? - -SSHD_CONFDIR="/etc/ssh" - - -# Any random options you want to pass to sshd. -# See the sshd(8) manpage for more info. - -SSHD_OPTS="" - - -# Pid file to use (needs to be absolute path). - -#SSHD_PIDFILE="/var/run/sshd.pid" - - -# Path to the sshd binary (needs to be absolute path). - -#SSHD_BINARY="/usr/sbin/sshd" diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.initd b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.initd deleted file mode 100644 index c5df4693db..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.initd +++ /dev/null @@ -1,89 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -extra_commands="checkconfig" -extra_started_commands="reload" - -: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh} -: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config} -: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid} -: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd} -: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen} - -command="${SSHD_BINARY}" -pidfile="${SSHD_PIDFILE}" -command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}" - -# Wait one second (length chosen arbitrarily) to see if sshd actually -# creates a PID file, or if it crashes for some reason like not being -# able to bind to the address in ListenAddress (bug 617596). -: ${SSHD_SSD_OPTS:=--wait 1000} -start_stop_daemon_args="${SSHD_SSD_OPTS}" - -depend() { - # Entropy can be used by ssh-keygen, among other things, but - # is not strictly required (bug 470020). - use logger dns entropy - if [ "${rc_need+set}" = "set" ] ; then - : # Do nothing, the user has explicitly set rc_need - else - local x warn_addr - for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do - case "${x}" in - 0.0.0.0|0.0.0.0:*) ;; - ::|\[::\]*) ;; - *) warn_addr="${warn_addr} ${x}" ;; - esac - done - if [ -n "${warn_addr}" ] ; then - need net - ewarn "You are binding an interface in ListenAddress statement in your sshd_config!" - ewarn "You must add rc_need=\"net.FOO\" to your ${RC_PREFIX%/}/etc/conf.d/sshd" - ewarn "where FOO is the interface(s) providing the following address(es):" - ewarn "${warn_addr}" - fi - fi -} - -checkconfig() { - checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty" - - if [ ! -e "${SSHD_CONFIG}" ] ; then - eerror "You need an ${SSHD_CONFIG} file to run sshd" - eerror "There is a sample file in /usr/share/doc/openssh" - return 1 - fi - - ${SSHD_KEYGEN_BINARY} -A || return 2 - - "${command}" -t ${command_args} || return 3 -} - -start_pre() { - # If this isn't a restart, make sure that the user's config isn't - # busted before we try to start the daemon (this will produce - # better error messages than if we just try to start it blindly). - # - # If, on the other hand, this *is* a restart, then the stop_pre - # action will have ensured that the config is usable and we don't - # need to do that again. - if [ "${RC_CMD}" != "restart" ] ; then - checkconfig || return $? - fi -} - -stop_pre() { - # If this is a restart, check to make sure the user's config - # isn't busted before we stop the running daemon. - if [ "${RC_CMD}" = "restart" ] ; then - checkconfig || return $? - fi -} - -reload() { - checkconfig || return $? - ebegin "Reloading ${SVCNAME}" - start-stop-daemon --signal HUP --pidfile "${pidfile}" - eend $? -} diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/metadata.xml b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/metadata.xml index 6cc1ea7842..9ce34e6107 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/metadata.xml @@ -5,10 +5,6 @@ base-system@gentoo.org Gentoo Base System - - robbat2@gentoo.org - LPK issues. Only assign if it's a direct LPK issue. Do not directly assign for anything else. - OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, @@ -25,18 +21,17 @@ ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and Disable EC/RC5 algorithms in OpenSSL for patent reasons. + Enable scp command with known security problems. See bug 733802 Enable high performance ssh - Add support for storing SSH public keys in LDAP Use LDNS for DNSSEC/SSHFP validation. Enable root password logins for live-cd environment. Include builtin U2F/FIDO support - Support the legacy/weak SSH1 protocol Enable additional crypto algorithms via OpenSSL Adds support for X.509 certificate authentication Enable XMSS post-quantum authentication algorithm - cpe:/a:openssh:openssh + cpe:/a:openbsd:openssh hpnssh diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.1_p1-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.1_p1-r3.ebuild index 75a4549b39..36006062b0 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.1_p1-r3.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.1_p1-r3.ebuild @@ -1,3 +1,6 @@ +# Difference to upstream from ./update_ebuilds: +# - Ported changes from 775af6c96219eba4bc6294712a36bddc0e6db00f +# # Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 @@ -34,7 +37,7 @@ S="${WORKDIR}/${PARCH}" LICENSE="BSD GPL-2" SLOT="0" -KEYWORDS="~alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" # Probably want to drop ssl defaulting to on in a future version. IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509 xmss" diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.2_p1-r6.ebuild b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.2_p1-r6.ebuild new file mode 100644 index 0000000000..c0ed8f5dec --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.2_p1-r6.ebuild @@ -0,0 +1,483 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit user-info flag-o-matic multilib autotools pam systemd toolchain-funcs + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} +HPN_PV="8.1_P1" + +HPN_VER="14.20" +HPN_PATCHES=( + ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff +) + +SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" +X509_VER="12.4.3" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="https://www.openssh.com/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} + ${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )} + ${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} +" +S="${WORKDIR}/${PARCH}" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +# Probably want to drop ssl defaulting to on in a future version. +IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp security-key selinux +ssl static test X X509 xmss" + +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + ldns? ( ssl ) + pie? ( !static ) + static? ( !kerberos !pam ) + X509? ( !sctp !security-key ssl !xmss ) + xmss? ( || ( ssl libressl ) ) + test? ( ssl ) +" + +LIB_DEPEND=" + audit? ( sys-process/audit[static-libs(+)] ) + ldns? ( + net-libs/ldns[static-libs(+)] + !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) + bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) + ) + libedit? ( dev-libs/libedit:=[static-libs(+)] ) + sctp? ( net-misc/lksctp-tools[static-libs(+)] ) + security-key? ( dev-libs/libfido2:=[static-libs(+)] ) + selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + ssl? ( + !libressl? ( + || ( + ( + >=dev-libs/openssl-1.0.1:0[bindist=] + =dev-libs/openssl-1.1.0g:0[bindist=] + ) + dev-libs/openssl:0=[static-libs(+)] + ) + libressl? ( dev-libs/libressl:0=[static-libs(+)] ) + ) + virtual/libcrypt:=[static-libs(+)] + >=sys-libs/zlib-1.2.3:=[static-libs(+)] +" +RDEPEND=" + acct-group/sshd + acct-user/sshd + !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) + pam? ( sys-libs/pam ) + kerberos? ( virtual/krb5 ) +" +DEPEND="${RDEPEND} + static? ( ${LIB_DEPEND} ) + virtual/os-headers +" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 ) + userland_GNU? ( !prefix? ( sys-apps/shadow ) ) + X? ( x11-apps/xauth ) +" +BDEPEND=" + virtual/pkgconfig + sys-devel/autoconf +" + +pkg_pretend() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } + local fail=" + $(use hpn && maybe_fail hpn HPN_VER) + $(use sctp && maybe_fail sctp SCTP_PATCH) + $(use X509 && maybe_fail X509 X509_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi + + # Make sure people who are using tcp wrappers are notified of its removal. #531156 + if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then + ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" + ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." + fi +} + +src_prepare() { + sed -i \ + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ + pathnames.h || die + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch + eapply "${FILESDIR}"/${PN}-8.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex + eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch + eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch + eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch + eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch + + [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches + + local PATCHSET_VERSION_MACROS=() + + if use X509 ; then + pushd "${WORKDIR}" &>/dev/null || die + eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch" + popd &>/dev/null || die + + eapply "${WORKDIR}"/${X509_PATCH%.*} + eapply "${FILESDIR}"/${P}-X509-${X509_VER}-tests.patch + + # We need to patch package version or any X.509 sshd will reject our ssh client + # with "userauth_pubkey: could not parse key: string is too large [preauth]" + # error + einfo "Patching package version for X.509 patch set ..." + sed -i \ + -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ + "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" + + einfo "Patching version.h to expose X.509 patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in X.509 patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) + fi + + if use sctp ; then + eapply "${WORKDIR}"/${SCTP_PATCH%.*} + + einfo "Patching version.h to expose SCTP patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in SCTP patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) + + einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..." + sed -i \ + -e "/\t\tcfgparse \\\/d" \ + "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" + fi + + if use hpn ; then + local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" + mkdir "${hpn_patchdir}" || die + cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die + pushd "${hpn_patchdir}" &>/dev/null || die + eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch + eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-libressl.patch + if use X509; then + # einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set" + # # X509 and AES-CTR-MT don't get along, let's just drop it + # rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die + eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-X509-glue.patch + fi + use sctp && eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-sctp-glue.patch + popd &>/dev/null || die + + eapply "${hpn_patchdir}" + + use X509 || eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch" + + einfo "Patching Makefile.in for HPN patch set ..." + sed -i \ + -e "/^LIBS=/ s/\$/ -lpthread/" \ + "${S}"/Makefile.in || die "Failed to patch Makefile.in" + + einfo "Patching version.h to expose HPN patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ + "${S}"/version.h || die "Failed to sed-in HPN patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) + + if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + einfo "Disabling known non-working MT AES cipher per default ..." + + cat > "${T}"/disable_mtaes.conf <<- EOF + + # HPN's Multi-Threaded AES CTR cipher is currently known to be broken + # and therefore disabled per default. + DisableMTAES yes + EOF + sed -i \ + -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ + "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" + + sed -i \ + -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ + "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" + fi + fi + + if use X509 || use sctp || use hpn ; then + einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" + + einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" + + einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." + sed -i \ + -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ + "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" + fi + + sed -i \ + -e "/#UseLogin no/d" \ + "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" + + eapply_user #473004 + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable PATH reset, trust what portage gives us #254615 + -e 's:^PATH=/:#PATH=/:' + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + + # The -ftrapv flag ICEs on hppa #505182 + use hppa && sed_args+=( + -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' + -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' + ) + # _XOPEN_SOURCE causes header conflicts on Solaris + [[ ${CHOST} == *-solaris* ]] && sed_args+=( + -e 's/-D_XOPEN_SOURCE//' + ) + sed -i "${sed_args[@]}" configure{.ac,} || die + + eautoreconf +} + +src_configure() { + addwrite /dev/ptmx + + use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG + use static && append-ldflags -static + use xmss && append-cflags -DWITH_XMSS + + local myconf=( + --with-ldflags="${LDFLAGS}" + --disable-strip + --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run + --sysconfdir="${EPREFIX}"/etc/ssh + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc + --datadir="${EPREFIX}"/usr/share/openssh + --with-privsep-path="${EPREFIX}"/var/empty + --with-privsep-user=sshd + $(use_with audit audit linux) + $(use_with kerberos kerberos5 "${EPREFIX}"/usr) + # We apply the sctp patch conditionally, so can't pass --without-sctp + # unconditionally else we get unknown flag warnings. + $(use sctp && use_with sctp) + $(use_with ldns ldns "${EPREFIX}"/usr) + $(use_with libedit) + $(use_with pam) + $(use_with pie) + $(use_with selinux) + $(use_with security-key security-key-builtin) + $(use_with ssl openssl) + $(use_with ssl md5-passwords) + $(use_with ssl ssl-engine) + $(use_with !elibc_Cygwin hardening) #659210 + ) + + # stackprotect is broken on musl x86 and ppc + use elibc_musl && ( use x86 || use ppc ) && myconf+=( --without-stackprotect ) + + # The seccomp sandbox is broken on x32, so use the older method for now. #553748 + use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) + + econf "${myconf[@]}" +} + +src_test() { + local t skipped=() failed=() passed=() + local tests=( interop-tests compat-tests ) + + local shell=$(egetshell "${UID}") + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped+=( tests ) + else + tests+=( tests ) + fi + + # It will also attempt to write to the homedir .ssh. + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in "${tests[@]}" ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" HOME="${sshhome}" SUDO="" \ + emake -k -j1 ${t} > "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables. #367017 + AcceptEnv ${locale_vars[*]} + + # Allow client to pass COLORTERM to match TERM. #658540 + AcceptEnv COLORTERM + EOF + + # Then the client config. + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables. #367017 + SendEnv ${locale_vars[*]} + + # Send COLORTERM to match TERM. #658540 + SendEnv COLORTERM + EOF + + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die + fi + + if use livecd ; then + sed -i \ + -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ + "${ED}"/etc/ssh/sshd_config || die + fi +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd-r1.initd sshd + newconfd "${FILESDIR}"/sshd-r1.confd sshd + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + + tweak_ssh_configs + + doman contrib/ssh-copy-id.1 + dodoc CREDITS OVERVIEW README* TODO sshd_config + use hpn && dodoc HPN-README + use X509 || dodoc ChangeLog + + diropts -m 0700 + dodir /etc/skel/.ssh + + keepdir /var/empty + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +pkg_preinst() { + if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then + show_ssl_warning=1 + fi +} + +pkg_postinst() { + local old_ver + for old_ver in ${REPLACING_VERSIONS}; do + if ver_test "${old_ver}" -lt "5.8_p1"; then + elog "Starting with openssh-5.8p1, the server will default to a newer key" + elog "algorithm (ECDSA). You are encouraged to manually update your stored" + elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." + fi + if ver_test "${old_ver}" -lt "7.0_p1"; then + elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." + elog "Make sure to update any configs that you might have. Note that xinetd might" + elog "be an alternative for you as it supports USE=tcpd." + fi + if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 + elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" + elog "weak sizes. If you rely on these key types, you can re-enable the key types by" + elog "adding to your sshd_config or ~/.ssh/config files:" + elog " PubkeyAcceptedKeyTypes=+ssh-dss" + elog "You should however generate new keys using rsa or ed25519." + + elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" + elog "to 'prohibit-password'. That means password auth for root users no longer works" + elog "out of the box. If you need this, please update your sshd_config explicitly." + fi + if ver_test "${old_ver}" -lt "7.6_p1"; then + elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." + elog "Furthermore, rsa keys with less than 1024 bits will be refused." + fi + if ver_test "${old_ver}" -lt "7.7_p1"; then + elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." + elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" + elog "if you need to authenticate against LDAP." + elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." + fi + if ver_test "${old_ver}" -lt "8.2_p1"; then + ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" + ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" + ewarn "connection is generally safe." + fi + done + + if [[ -n ${show_ssl_warning} ]]; then + elog "Be aware that by disabling openssl support in openssh, the server and clients" + elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" + elog "and update all clients/servers that utilize them." + fi + + if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + elog "" + elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" + elog "and therefore disabled at runtime per default." + elog "Make sure your sshd_config is up to date and contains" + elog "" + elog " DisableMTAES yes" + elog "" + elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." + elog "" + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.3_p1-r4.ebuild b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.3_p1-r4.ebuild new file mode 100644 index 0000000000..6e93d57cf8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.3_p1-r4.ebuild @@ -0,0 +1,501 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit user-info flag-o-matic multilib autotools pam systemd toolchain-funcs + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} + +# PV to USE for HPN patches +#HPN_PV="${PV^^}" +HPN_PV="8.1_P1" + +HPN_VER="14.20" +HPN_PATCHES=( + ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff +) + +SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" +X509_VER="12.5.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="https://www.openssh.com/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} + ${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )} + ${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} +" +S="${WORKDIR}/${PARCH}" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +# Probably want to drop ssl defaulting to on in a future version. +IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie +scp sctp security-key selinux +ssl static test X X509 xmss" + +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + ldns? ( ssl ) + pie? ( !static ) + static? ( !kerberos !pam ) + X509? ( !sctp !security-key ssl !xmss ) + xmss? ( || ( ssl libressl ) ) + test? ( ssl ) +" + +LIB_DEPEND=" + audit? ( sys-process/audit[static-libs(+)] ) + ldns? ( + net-libs/ldns[static-libs(+)] + !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) + bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) + ) + libedit? ( dev-libs/libedit:=[static-libs(+)] ) + sctp? ( net-misc/lksctp-tools[static-libs(+)] ) + security-key? ( >=dev-libs/libfido2-1.4.0:=[static-libs(+)] ) + selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + ssl? ( + !libressl? ( + || ( + ( + >=dev-libs/openssl-1.0.1:0[bindist=] + =dev-libs/openssl-1.1.0g:0[bindist=] + ) + dev-libs/openssl:0=[static-libs(+)] + ) + libressl? ( dev-libs/libressl:0=[static-libs(+)] ) + ) + virtual/libcrypt:=[static-libs(+)] + >=sys-libs/zlib-1.2.3:=[static-libs(+)] +" +RDEPEND=" + acct-group/sshd + acct-user/sshd + !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) + pam? ( sys-libs/pam ) + kerberos? ( virtual/krb5 ) +" +DEPEND="${RDEPEND} + static? ( ${LIB_DEPEND} ) + virtual/os-headers +" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 ) + userland_GNU? ( !prefix? ( sys-apps/shadow ) ) + X? ( x11-apps/xauth ) +" +BDEPEND=" + virtual/pkgconfig + sys-devel/autoconf +" + +pkg_pretend() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } + local fail=" + $(use hpn && maybe_fail hpn HPN_VER) + $(use sctp && maybe_fail sctp SCTP_PATCH) + $(use X509 && maybe_fail X509 X509_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi + + # Make sure people who are using tcp wrappers are notified of its removal. #531156 + if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then + ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" + ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." + fi +} + +src_prepare() { + sed -i \ + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ + pathnames.h || die + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch + eapply "${FILESDIR}"/${PN}-8.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex + eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch + eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch + eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch + eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch + + # workaround for https://bugs.gentoo.org/734984 + use X509 || eapply "${FILESDIR}"/${PN}-8.3_p1-sha2-include.patch + + [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches + + local PATCHSET_VERSION_MACROS=() + + if use X509 ; then + pushd "${WORKDIR}" &>/dev/null || die + eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch" + popd &>/dev/null || die + + eapply "${WORKDIR}"/${X509_PATCH%.*} + + # We need to patch package version or any X.509 sshd will reject our ssh client + # with "userauth_pubkey: could not parse key: string is too large [preauth]" + # error + einfo "Patching package version for X.509 patch set ..." + sed -i \ + -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ + "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" + + einfo "Patching version.h to expose X.509 patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in X.509 patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) + fi + + if use sctp ; then + eapply "${WORKDIR}"/${SCTP_PATCH%.*} + + einfo "Patching version.h to expose SCTP patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in SCTP patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) + + einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..." + sed -i \ + -e "/\t\tcfgparse \\\/d" \ + "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" + fi + + if use hpn ; then + local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" + mkdir "${hpn_patchdir}" || die + cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die + pushd "${hpn_patchdir}" &>/dev/null || die + eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch + eapply "${FILESDIR}"/${PN}-8.2_p1-hpn-${HPN_VER}-libressl.patch + if use X509; then + # einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set" + # # X509 and AES-CTR-MT don't get along, let's just drop it + # rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die + + eapply "${FILESDIR}"/${PN}-8.2_p1-hpn-${HPN_VER}-X509-glue.patch + fi + use sctp && eapply "${FILESDIR}"/${PN}-8.2_p1-hpn-${HPN_VER}-sctp-glue.patch + popd &>/dev/null || die + + eapply "${hpn_patchdir}" + + use X509 || eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch" + + einfo "Patching Makefile.in for HPN patch set ..." + sed -i \ + -e "/^LIBS=/ s/\$/ -lpthread/" \ + "${S}"/Makefile.in || die "Failed to patch Makefile.in" + + einfo "Patching version.h to expose HPN patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ + "${S}"/version.h || die "Failed to sed-in HPN patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) + + if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + einfo "Disabling known non-working MT AES cipher per default ..." + + cat > "${T}"/disable_mtaes.conf <<- EOF + + # HPN's Multi-Threaded AES CTR cipher is currently known to be broken + # and therefore disabled per default. + DisableMTAES yes + EOF + sed -i \ + -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ + "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" + + sed -i \ + -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ + "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" + fi + fi + + if use X509 || use sctp || use hpn ; then + einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" + + einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" + + einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." + sed -i \ + -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ + "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" + fi + + sed -i \ + -e "/#UseLogin no/d" \ + "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" + + eapply_user #473004 + + # These tests are currently incompatible with PORTAGE_TMPDIR/sandbox + sed -e '/\t\tpercent \\/ d' \ + -i regress/Makefile || die + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable PATH reset, trust what portage gives us #254615 + -e 's:^PATH=/:#PATH=/:' + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + + # The -ftrapv flag ICEs on hppa #505182 + use hppa && sed_args+=( + -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' + -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' + ) + # _XOPEN_SOURCE causes header conflicts on Solaris + [[ ${CHOST} == *-solaris* ]] && sed_args+=( + -e 's/-D_XOPEN_SOURCE//' + ) + sed -i "${sed_args[@]}" configure{.ac,} || die + + eautoreconf +} + +src_configure() { + addwrite /dev/ptmx + + use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG + use static && append-ldflags -static + use xmss && append-cflags -DWITH_XMSS + + local myconf=( + --with-ldflags="${LDFLAGS}" + --disable-strip + --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run + --sysconfdir="${EPREFIX}"/etc/ssh + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc + --datadir="${EPREFIX}"/usr/share/openssh + --with-privsep-path="${EPREFIX}"/var/empty + --with-privsep-user=sshd + $(use_with audit audit linux) + $(use_with kerberos kerberos5 "${EPREFIX}"/usr) + # We apply the sctp patch conditionally, so can't pass --without-sctp + # unconditionally else we get unknown flag warnings. + $(use sctp && use_with sctp) + $(use_with ldns ldns "${EPREFIX}"/usr) + $(use_with libedit) + $(use_with pam) + $(use_with pie) + $(use_with selinux) + $(usex X509 '' "$(use_with security-key security-key-builtin)") + $(use_with ssl openssl) + $(use_with ssl md5-passwords) + $(use_with ssl ssl-engine) + $(use_with !elibc_Cygwin hardening) #659210 + ) + + # stackprotect is broken on musl x86 and ppc + use elibc_musl && ( use x86 || use ppc ) && myconf+=( --without-stackprotect ) + + # The seccomp sandbox is broken on x32, so use the older method for now. #553748 + use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) + + econf "${myconf[@]}" +} + +src_test() { + local t skipped=() failed=() passed=() + local tests=( interop-tests compat-tests ) + + local shell=$(egetshell "${UID}") + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped+=( tests ) + else + tests+=( tests ) + fi + + # It will also attempt to write to the homedir .ssh. + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in "${tests[@]}" ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" HOME="${sshhome}" TMPDIR="${T}" \ + SUDO="" SSH_SK_PROVIDER="" \ + TEST_SSH_UNSAFE_PERMISSIONS=1 \ + emake -k -j1 ${t} > "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables. #367017 + AcceptEnv ${locale_vars[*]} + + # Allow client to pass COLORTERM to match TERM. #658540 + AcceptEnv COLORTERM + EOF + + # Then the client config. + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables. #367017 + SendEnv ${locale_vars[*]} + + # Send COLORTERM to match TERM. #658540 + SendEnv COLORTERM + EOF + + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die + fi + + if use livecd ; then + sed -i \ + -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ + "${ED}"/etc/ssh/sshd_config || die + fi +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd-r1.initd sshd + newconfd "${FILESDIR}"/sshd-r1.confd sshd + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + + tweak_ssh_configs + + doman contrib/ssh-copy-id.1 + dodoc CREDITS OVERVIEW README* TODO sshd_config + use hpn && dodoc HPN-README + use X509 || dodoc ChangeLog + + diropts -m 0700 + dodir /etc/skel/.ssh + + # https://bugs.gentoo.org/733802 + if ! use scp; then + rm "${ED}"/usr/{bin/scp,share/man/man1/scp.1} \ + || die "failed to remove scp" + fi + + keepdir /var/empty + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +pkg_preinst() { + if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then + show_ssl_warning=1 + fi +} + +pkg_postinst() { + local old_ver + for old_ver in ${REPLACING_VERSIONS}; do + if ver_test "${old_ver}" -lt "5.8_p1"; then + elog "Starting with openssh-5.8p1, the server will default to a newer key" + elog "algorithm (ECDSA). You are encouraged to manually update your stored" + elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." + fi + if ver_test "${old_ver}" -lt "7.0_p1"; then + elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." + elog "Make sure to update any configs that you might have. Note that xinetd might" + elog "be an alternative for you as it supports USE=tcpd." + fi + if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 + elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" + elog "weak sizes. If you rely on these key types, you can re-enable the key types by" + elog "adding to your sshd_config or ~/.ssh/config files:" + elog " PubkeyAcceptedKeyTypes=+ssh-dss" + elog "You should however generate new keys using rsa or ed25519." + + elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" + elog "to 'prohibit-password'. That means password auth for root users no longer works" + elog "out of the box. If you need this, please update your sshd_config explicitly." + fi + if ver_test "${old_ver}" -lt "7.6_p1"; then + elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." + elog "Furthermore, rsa keys with less than 1024 bits will be refused." + fi + if ver_test "${old_ver}" -lt "7.7_p1"; then + elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." + elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" + elog "if you need to authenticate against LDAP." + elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." + fi + if ver_test "${old_ver}" -lt "8.2_p1"; then + ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" + ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" + ewarn "connection is generally safe." + fi + done + + if [[ -n ${show_ssl_warning} ]]; then + elog "Be aware that by disabling openssl support in openssh, the server and clients" + elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" + elog "and update all clients/servers that utilize them." + fi + + if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + elog "" + elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" + elog "and therefore disabled at runtime per default." + elog "Make sure your sshd_config is up to date and contains" + elog "" + elog " DisableMTAES yes" + elog "" + elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." + elog "" + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords index 120b4d3508..d6ba59b938 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords @@ -36,6 +36,7 @@ =net-firewall/conntrack-tools-1.4.5 ~arm64 =net-firewall/ebtables-2.0.10.4-r1 ~arm64 =net-firewall/ipset-6.29 ~arm64 +=net-libs/http-parser-2.6.2 ~arm64 =net-libs/libmicrohttpd-0.9.52 ** =net-libs/libnetfilter_conntrack-1.0.8 ~arm64 =net-libs/libnetfilter_cthelper-1.0.0-r1 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask new file mode 100644 index 0000000000..2220eaad15 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask @@ -0,0 +1,2 @@ +# Overwrite outdated portage-stable mask +=dev-libs/openssl-1.1.1g diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog deleted file mode 100644 index 66fb5b2e0c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog +++ /dev/null @@ -1,101 +0,0 @@ -# ChangeLog for sys-auth/sssd -# Copyright 1999-2016 Gentoo Foundation; Distributed under the GPL v2 -# (auto-generated from git log) - -*sssd-1.13.0 (09 Aug 2015) -*sssd-1.12.5 (09 Aug 2015) -*sssd-1.12.4 (09 Aug 2015) -*sssd-1.12.1 (09 Aug 2015) -*sssd-1.9.7 (09 Aug 2015) -*sssd-1.9.6-r3 (09 Aug 2015) - - 09 Aug 2015; Robin H. Johnson - +files/0001_add_pthread_to_fix_as-needed.patch, - +files/0002_allow_xdm_openrc.patch, +files/0003_new_krb5.patch, - +files/allow_xdm.patch, +files/sssd, +files/sssd-1.13.0-fix-init.patch, - +files/sssd-1.9.6-fix-init.patch, +files/sssd.conf, +files/sssd.service, - +metadata.xml, +sssd-1.9.6-r3.ebuild, +sssd-1.9.7.ebuild, - +sssd-1.12.1.ebuild, +sssd-1.12.4.ebuild, +sssd-1.12.5.ebuild, - +sssd-1.13.0.ebuild: - proj/gentoo: Initial commit - - This commit represents a new era for Gentoo: - Storing the gentoo-x86 tree in Git, as converted from CVS. - - This commit is the start of the NEW history. - Any historical data is intended to be grafted onto this point. - - Creation process: - 1. Take final CVS checkout snapshot - 2. Remove ALL ChangeLog* files - 3. Transform all Manifests to thin - 4. Remove empty Manifests - 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ - 5.1. Do not touch files with -kb/-ko keyword flags. - - Signed-off-by: Robin H. Johnson - X-Thanks: Alec Warner - did the GSoC 2006 migration - tests - X-Thanks: Robin H. Johnson - infra guy, herding this - project - X-Thanks: Nguyen Thai Ngoc Duy - Former Gentoo - developer, wrote Git features for the migration - X-Thanks: Brian Harring - wrote much python to improve - cvs2svn - X-Thanks: Rich Freeman - validation scripts - X-Thanks: Patrick Lauer - Gentoo dev, running new 2014 - work in migration - X-Thanks: Michał Górny - scripts, QA, nagging - X-Thanks: All of other Gentoo developers - many ideas and lots of paint on - the bikeshed - - 24 Aug 2015; Justin Lecher metadata.xml: - Use https by default - - Convert all URLs for sites supporting encrypted connections from http to - https - - Signed-off-by: Justin Lecher - - 24 Aug 2015; Mike Gilbert metadata.xml: - Revert DOCTYPE SYSTEM https changes in metadata.xml - - repoman does not yet accept the https version. - This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450. - - Bug: https://bugs.gentoo.org/552720 - - 28 Aug 2015; Lars Wendler sssd-1.12.1.ebuild, - sssd-1.12.4.ebuild, sssd-1.12.5.ebuild: - Stick to automake-1.13 (bug #557436) - - Committed on behalf of Markos Chandras (hwoarang) - - Package-Manager: portage-2.2.20.1 - Signed-off-by: Lars Wendler - -*sssd-1.13.1 (04 Nov 2015) - - 04 Nov 2015; Markos Chandras +sssd-1.13.1.ebuild: - Version bump - - Package-Manager: portage-2.2.23 - - 14 Nov 2015; Jeroen Roovers sssd-1.9.6-r3.ebuild, - sssd-1.9.7.ebuild, sssd-1.12.1.ebuild, sssd-1.12.4.ebuild, - sssd-1.12.5.ebuild, sssd-1.13.0.ebuild, sssd-1.13.1.ebuild: - Verbose build. - - Package-Manager: portage-2.2.24 - - 24 Jan 2016; Michał Górny metadata.xml: - Unify quoting in metadata.xml files for machine processing - - Force unified quoting in all metadata.xml files since lxml does not - preserve original use of single and double quotes. Ensuring unified - quoting before the process allows distinguishing the GLEP 67-related - metadata.xml changes from unrelated quoting changes. - - 24 Jan 2016; Michał Górny metadata.xml: - Set appropriate maintainer types in metadata.xml (GLEP 67) - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog-2015 b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog-2015 deleted file mode 100644 index 189f2d897c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog-2015 +++ /dev/null @@ -1,353 +0,0 @@ -# ChangeLog for sys-auth/sssd -# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/sssd/ChangeLog,v 1.74 2015/07/23 11:48:12 hwoarang Exp $ - - 23 Jul 2015; Markos Chandras sssd-1.13.0.ebuild: - Bring back the python-r1 eclass inclusion - - 22 Jul 2015; Markos Chandras - +files/sssd-1.13.0-fix-init.patch, sssd-1.13.0.ebuild: - Fix python support. Bug #554776. Respect SSSD_OPTIONS in init script. Bug - #553678 - -*sssd-1.13.0 (11 Jul 2015) - - 11 Jul 2015; Markos Chandras +sssd-1.13.0.ebuild: - Version bump - -*sssd-1.12.5 (13 Jun 2015) - - 13 Jun 2015; Markos Chandras +sssd-1.12.5.ebuild: - Version bump - - 18 Apr 2015; Markos Chandras sssd-1.12.4.ebuild: - Restore samba4 magic - - 10 Apr 2015; Anthony G. Basile sssd-1.12.1.ebuild, - sssd-1.12.4.ebuild, sssd-1.9.6-r3.ebuild, sssd-1.9.7.ebuild: - Keyword ~ppc ~ppc64. Bug #540540. - - 06 Mar 2015; Jeroen Roovers sssd-1.12.4.ebuild: - Marked ~hppa (bug #540540). - - 04 Mar 2015; Markos Chandras -sssd-1.12.2-r1.ebuild, - -sssd-1.12.2.ebuild, -sssd-1.12.3.ebuild: - Remove old - - 03 Mar 2015; Markus Meier sssd-1.12.4.ebuild: - add ~arm, bug #540540 - -*sssd-1.12.4 (22 Feb 2015) - - 22 Feb 2015; Markos Chandras +sssd-1.12.4.ebuild: - Version bump. Install with -j1 so we can workaround build system issues - -*sssd-1.12.3 (09 Jan 2015) - - 09 Jan 2015; Markos Chandras +sssd-1.12.3.ebuild: - Version bump - -*sssd-1.9.7 (10 Dec 2014) - - 10 Dec 2014; Markos Chandras +sssd-1.9.7.ebuild: - Version bump for the LTM branch. 1.9.7 is going to be the last one - -*sssd-1.12.2-r1 (20 Nov 2014) - - 20 Nov 2014; Michał Górny +sssd-1.12.2-r1.ebuild: - Enable multilib support, bug #409701. - -*sssd-1.12.2 (15 Nov 2014) - - 15 Nov 2014; Markos Chandras +sssd-1.12.2.ebuild, - -sssd-1.11.6.ebuild, -sssd-1.12.0.ebuild, -sssd-1.8.6-r1.ebuild, - -sssd-1.8.6.ebuild, -sssd-1.9.6-r2.ebuild: - Version bump. Remove some old ebuilds - - 02 Nov 2014; Sven Vermeulen sssd-1.12.1.ebuild: - Remove sec-policy/selinux-* dependency from DEPEND but keep in RDEPEND (bug - #527698) - - 06 Oct 2014; Agostino Sarubbo sssd-1.12.1.ebuild: - Stable for x86, wrt bug #511670 - - 06 Oct 2014; Agostino Sarubbo sssd-1.12.1.ebuild: - Stable for amd64, wrt bug #511670 - -*sssd-1.12.1 (14 Sep 2014) - - 14 Sep 2014; Markos Chandras +sssd-1.12.1.ebuild, - metadata.xml: - Version bump - -*sssd-1.12.0 (12 Jul 2014) - - 12 Jul 2014; Markos Chandras +sssd-1.12.0.ebuild, - metadata.xml: - Version bump - -*sssd-1.11.6 (14 Jun 2014) - - 14 Jun 2014; Markos Chandras +sssd-1.11.6.ebuild: - Version bump. Bug #477190 - - 27 May 2014; Michał Górny sssd-1.9.6-r3.ebuild: - Convert to python-single-r1. - -*sssd-1.9.6-r3 (26 May 2014) - - 26 May 2014; Markos Chandras +sssd-1.9.6-r3.ebuild: - Revbump for multiple fixes. See bug #511530, #499584 and 511528 - - 26 May 2014; Markos Chandras metadata.xml: - Take over maintainership - - 21 May 2014; Markos Chandras -sssd-1.9.4-r3.ebuild, - -sssd-1.9.5-r1.ebuild, -sssd-1.9.6-r1.ebuild: - Clean up old ebuilds per #462496 - -*sssd-1.9.6-r2 (10 Apr 2014) - - 10 Apr 2014; Markos Chandras +sssd-1.9.6-r2.ebuild, - +files/sssd.service: - Add systemd unit file based on upstream - https://git.fedorahosted.org/cgit/sssd.git/tree/src/sysv/systemd/sssd.service - .in one - - 07 Dec 2013; Markos Chandras - files/sssd-1.9.6-fix-init.patch: - Add upstream commit references for the init script improvements - - 02 Dec 2013; Markos Chandras sssd-1.9.6-r1.ebuild, - files/sssd-1.9.6-fix-init.patch: - Use sbindir instead of exec_prefix. No functional changes - -*sssd-1.9.6-r1 (02 Dec 2013) - - 02 Dec 2013; Markos Chandras sssd-1.9.6-r1.ebuild, - files/sssd-1.9.6-fix-init.patch: - More fixes in init script - - -*sssd-1.9.6 (01 Dec 2013) - - 01 Dec 2013; Markos Chandras - +files/sssd-1.9.6-fix-init.patch, +sssd-1.9.6.ebuild: - Version bump. Remove nscd dependency from the init script. Bug #491608 - - 27 Oct 2013; Michał Górny sssd-1.8.6-r1.ebuild, - sssd-1.8.6.ebuild, sssd-1.9.4-r3.ebuild, sssd-1.9.5-r1.ebuild: - Replace calls to deprecated remove_libtool_files (and prune_libtool_files) - with AUTOTOOLS_PRUNE_LIBTOOL_FILES var. - - 03 Jul 2013; Markos Chandras metadata.xml, - sssd-1.9.5-r1.ebuild: - Allow ldb versions higher than 1.1.15-r1 - -*sssd-1.9.5-r1 (03 Jul 2013) -*sssd-1.9.4-r3 (03 Jul 2013) - - 03 Jul 2013; Markos Chandras +sssd-1.9.4-r3.ebuild, - +sssd-1.9.5-r1.ebuild, -sssd-1.9.4-r1.ebuild, -sssd-1.9.4-r2.ebuild, - -sssd-1.9.4.ebuild, -sssd-1.9.5.ebuild, metadata.xml, sssd-1.8.6-r1.ebuild, - sssd-1.8.6.ebuild: - Revbump to fix sys-libs/ldb dependencies and runtime problems against sys- - libs/ldb-1.1.15-r1. Remove old versions - -*sssd-1.9.5 (21 May 2013) - - 21 May 2013; Markos Chandras +sssd-1.9.5.ebuild: - Version bump. Bug #470728 - - 12 May 2013; Patrick Lauer metadata.xml: - Drop obsolete use flags from metadata.xml - - 12 Apr 2013; Maxim Koltsov +files/0003_new_krb5.patch, - -files/new_krb5.patch, files/allow_xdm.patch: - Fix new_krb5 patch file name to match 0*.patch glob in ebuilds, thanks to - Night Nord. - - 05 Apr 2013; Maxim Koltsov +files/new_krb5.patch: - Fix build with mit-krb5-1.11.1, bug #463812. Thanks to slepnoga and Andrian - Nord. - -*sssd-1.9.4-r2 (05 Apr 2013) -*sssd-1.8.6-r1 (05 Apr 2013) - - 05 Apr 2013; Maxim Koltsov +sssd-1.8.6-r1.ebuild, - +sssd-1.9.4-r2.ebuild: - Fix glibc[nscd] dependency, bug #463832. Thanks to slepnoga. - - 17 Mar 2013; Markos Chandras metadata.xml: - Add proxy-maintainers to metadata.xml - -*sssd-1.9.4-r1 (20 Feb 2013) - - 20 Feb 2013; Maxim Koltsov +sssd-1.9.4-r1.ebuild: - Remove samba-4 dep until it's unmasked. - - 31 Jan 2013; Agostino Sarubbo -sssd-1.8.1-r1.ebuild, - -sssd-1.8.2.ebuild, -sssd-1.8.4.ebuild, -sssd-1.8.5.ebuild, - -sssd-1.9.2.ebuild: - Remove old - - 31 Jan 2013; Agostino Sarubbo sssd-1.8.6.ebuild: - Stable for x86, wrt bug #453808 - - 31 Jan 2013; Agostino Sarubbo sssd-1.8.6.ebuild: - Stable for amd64, wrt bug #453808 - -*sssd-1.8.6 (31 Jan 2013) -*sssd-1.9.4 (31 Jan 2013) - - 31 Jan 2013; Maxim Koltsov +sssd-1.8.6.ebuild, - +sssd-1.9.4.ebuild, -sssd-1.9.3.ebuild: - Bump to 1.9.4 and 1.8.6, clean vulnerable 1.9.x versions, fixes security bug - 453808 - - 06 Jan 2013; Maxim Koltsov sssd-1.9.3.ebuild: - Change 1.9.3 depends to make it build, bug #450226. Thanks to slepnoga. - -*sssd-1.9.3 (02 Jan 2013) - - 02 Jan 2013; Maxim Koltsov +sssd-1.9.3.ebuild: - Bump to 1.9.3, thanks to slepnoga - - 04 Dec 2012; Maxim Koltsov sssd-1.9.2.ebuild: - Fix bug #445478, thanks to Reto Gantenbein - - 21 Nov 2012; Agostino Sarubbo sssd-1.8.4.ebuild: - Stable for x86, wrt bug #434352 - -*sssd-1.9.2 (17 Oct 2012) - - 17 Oct 2012; Maxim Koltsov - +files/0001_add_pthread_to_fix_as-needed.patch, - +files/0002_allow_xdm_openrc.patch, +sssd-1.9.2.ebuild, metadata.xml: - Bump to 1.9.2, thanks to slepnoga - -*sssd-1.8.5 (14 Oct 2012) - - 14 Oct 2012; Sergey Popov +sssd-1.8.5.ebuild: - Version bump - - 09 Sep 2012; Agostino Sarubbo sssd-1.8.4.ebuild: - Stable for amd64, wrt bug #434352 - - 03 Aug 2012; Andreas Schuerch sssd-1.8.1-r1.ebuild: - x86 stable, see bug 413977. Thanks Myckel - - 27 Jun 2012; Alexander Vershilov Manifest: - fixing metadata (due #423701) asked by slepnoga - -*sssd-1.8.4 (21 Jun 2012) - - 21 Jun 2012; Maxim Koltsov +sssd-1.8.4.ebuild: - Bump to 1.8.4, thanks to slepnoga - - 02 Jun 2012; Maxim Koltsov -sssd-1.6.4-r1.ebuild, - -sssd-1.6.4.ebuild: - Remove old 1.6.4 - - 05 May 2012; Markos Chandras sssd-1.8.1-r1.ebuild: - Stable on amd64 wrt bug #413977 - -*sssd-1.8.2 (14 Apr 2012) - - 14 Apr 2012; Maxim Koltsov +sssd-1.8.2.ebuild, - -sssd-1.8.1.ebuild: - Bump to 1.8.2, thanks to slepnoga - -*sssd-1.6.4-r1 (08 Apr 2012) -*sssd-1.8.1-r1 (08 Apr 2012) - - 08 Apr 2012; Maxim Koltsov +sssd-1.6.4-r1.ebuild, - +sssd-1.8.1-r1.ebuild, -sssd-1.7.0.ebuild, -sssd-1.8.0.ebuild, - sssd-1.6.4.ebuild: - Cleanup old versions, revision-bump the rest adding selinux policy dependency. - Thanks to slepnoga - -*sssd-1.8.1 (16 Mar 2012) - - 16 Mar 2012; Maxim Koltsov +sssd-1.8.1.ebuild: - Bump to 1.8.1, thanks to slepnoga - - 05 Mar 2012; Maxim Koltsov sssd-1.6.4.ebuild, - sssd-1.7.0.ebuild, sssd-1.8.0.ebuild: - Block ~net-nds/openldap-2.4.28, bug #405343. Thanks to slepnoga - -*sssd-1.8.0 (02 Mar 2012) - - 02 Mar 2012; Maxim Koltsov +sssd-1.8.0.ebuild: - Bump to 1.8.0, drop libunistring depend, make logrotate installation - unconditional. Thanks to slepnoga - - 02 Mar 2012; Agostino Sarubbo sssd-1.6.4.ebuild: - Stable for amd64, wrt bug #406291 - -*sssd-1.7.0 (24 Feb 2012) - - 24 Feb 2012; Maxim Koltsov +sssd-1.7.0.ebuild, - -sssd-1.6.1-r2.ebuild, -sssd-1.6.2.ebuild: - Bump to 1.7.0, remove old versions. Thanks to slepnoga - - 04 Feb 2012; Maxim Koltsov metadata.xml: - Fix maintainer's email in metadata - -*sssd-1.6.4 (19 Dec 2011) - - 19 Dec 2011; Maxim Koltsov +sssd-1.6.4.ebuild, - metadata.xml: - Bump to 1.6.4 and EAPI 4, thanks so slepnoga. Bug 394699 - -*sssd-1.6.2 (28 Oct 2011) - - 28 Oct 2011; Maxim Koltsov -sssd-1.6.1-r1.ebuild, - +sssd-1.6.2.ebuild: - Bump to 1.6.2, bug #388787. Removed obsolete 1.6.1-r1 - -*sssd-1.6.1-r2 (23 Oct 2011) - - 23 Oct 2011; Maxim Koltsov +sssd-1.6.1-r2.ebuild, - +files/sssd, +files/sssd.conf: - Fix depends in init script, bug 385157 - - 17 Sep 2011; Maxim Koltsov -sssd-1.6.1.ebuild, - sssd-1.6.1-r1.ebuild: - Drop static-libs use flag, finish work on #382703. Thanks to Andreis - Vinogradovs - -*sssd-1.6.1-r1 (16 Sep 2011) - - 16 Sep 2011; Maxim Koltsov -sssd-1.5.13.ebuild, - +sssd-1.6.1-r1.ebuild: - (ChangeLog by Andreis Vinogradovs ) - Fix #382703 - remove useless .la files; - Thanks Samuli Suominen for report - - 31 Aug 2011; Maxim Koltsov +files/allow_xdm.patch: - Add forgotten patch - -*sssd-1.6.1 (31 Aug 2011) -*sssd-1.5.13 (31 Aug 2011) - - 31 Aug 2011; Maxim Koltsov -sssd-1.5.12-r1.ebuild, - +sssd-1.5.13.ebuild, +sssd-1.6.1.ebuild: - Bumped to 1.5.13 and 1.6.1, removed old 1.5.12-r1 - - 20 Aug 2011; Maxim Koltsov sssd-1.5.12-r1.ebuild: - Fix LDB path again - -*sssd-1.5.12-r1 (20 Aug 2011) - - 20 Aug 2011; Maxim Koltsov +sssd-1.5.12-r1.ebuild, - -sssd-1.5.12.ebuild: - Revision bump: fixed LDB library path and .la files, thanks to slepnoga. Old - revision dropped cause it can't work due to wrong LDB search path. - -*sssd-1.5.12 (14 Aug 2011) - - 14 Aug 2011; Maxim Koltsov +sssd-1.5.12.ebuild, +metadata.xml: - Add sssd-1.5.12, 1.6.0 is not yet considered ready by ebuild author. Thanks - to - slepnoga, bug #321875 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest index 6160bb5165..8cb22a3997 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest @@ -1,26 +1 @@ -AUX 0001_add_pthread_to_fix_as-needed.patch 744 SHA256 3d9f822d93555393c19fc9bdbface08092e78e640dd939424700f6403f11ac1f SHA512 fee020fa5f1ef22065c91e93178d99e3a451769cc5fb1ebdceef446a9bea5547727189c65310de2fe68a12f975eb1980af7a5b737882c0c6cdd5129b76659f82 WHIRLPOOL dac4c364fe617d23f0f66675bf98e8dd33c378709c997783df52007e33a89ba871e9f455a705da09e4d213c34707fed864fa5c46c8260c81e83db809a0c7f895 -AUX 0002_allow_xdm_openrc.patch 472 SHA256 9d0462096d7eb03489dbb4f5920c767828068cc87d2e41c75c37631f95850368 SHA512 c728b3619746902584d2f75ef57829a249c964139a24bd012530399ce3fb478fd2236efaa6c5313dd8132ea46ecb9a8c899f7a10c5b063da2a03ba9f9ba2650f WHIRLPOOL 93d4fdd206602833104f43eae576fc22bee4975e3ba116dd4caff1067a0394c230726d70d8e74d90288c984b46c3f9d26856bb2ee663dd63ace425ce6acc4d71 -AUX 0003_new_krb5.patch 1702 SHA256 5ad16a7c733824dea87dc0df4ac8b1e9ec3edbd94093856bf379875dbbef4602 SHA512 a55285885d076250890765f25b3c2af5e28649de7efcc275d12ba751784182dccdab76b0f72f5e68863581b588cd4ddd615a218ebdd47be4317983f4c919fc9a WHIRLPOOL 55590c98ef738179e4ec0b4f3791d3fe38c7074173569408f32e102df38e1b86f29b729b85b791fd5661fff69f81c72d86402474eee5669fa079a090311fe47b -AUX allow_xdm.patch 472 SHA256 9d0462096d7eb03489dbb4f5920c767828068cc87d2e41c75c37631f95850368 SHA512 c728b3619746902584d2f75ef57829a249c964139a24bd012530399ce3fb478fd2236efaa6c5313dd8132ea46ecb9a8c899f7a10c5b063da2a03ba9f9ba2650f WHIRLPOOL 93d4fdd206602833104f43eae576fc22bee4975e3ba116dd4caff1067a0394c230726d70d8e74d90288c984b46c3f9d26856bb2ee663dd63ace425ce6acc4d71 -AUX sssd 488 SHA256 464f6ecb559cbe14dcd1974837aeab338f4ce38686cc464bcddf1db28839caa5 SHA512 274473cf69e62f405c2af2ea94e9964f579140c47623f4d7712f33c9e34525fda6b77c8fe8d180e8b45905ad6c4d581f9ae4f173aafa0660e48f61da0069e65d WHIRLPOOL ceb70b5c0bf11f6620f0c31fab6c7f4fe5c7ff84fc07aa4f63a6a73be05f0bca62d1f9ab0d422ec0c97939569ec3a6ca7ed63b13ede84f6e39c4ac3c12cc0ba4 -AUX sssd-1.13.0-fix-init.patch 814 SHA256 edb1d019c8642794700f25a7f6b4adf06748d00a5def81c535415828498c9024 SHA512 6e25c091789fe31ca515de85510a473189b4007c9ad180f20e6c372ea4a78a64f1c881fbf36ac4c648897dcef3d61586bb4d66b7256c7bba3bca83d11f83ecc8 WHIRLPOOL 07cdc90f2c66b22856fee3f46969bc65a4fe2e7e55fe0a617c5d094c1745122bea1692dda5c67d7e74aad66890181653186dbc08e068330aed66f911745f726e -AUX sssd-1.9.6-fix-init.patch 1020 SHA256 d9c1044ed9fca08cc4c104622aea56faa182465f5ce82796963636915de41ab9 SHA512 7718f990265fb1d4a717b3ca3863279b3351625438acea4bb3325ee3db7cdfef332290042856019badf22c1de604095686521c733fb0c725f2eaef0df61e5100 WHIRLPOOL 602bf7f3a4747b28d6af97284edaeadee82b9c1b28239a388b17166c5a0ea8b6b99842b4f3921ea94c40889987dcb3fee782435ce82eef3a0070a6655789f9d3 -AUX sssd.conf 124 SHA256 bc5154f0ee2c2e6cffd5b6e371d4302a5952bd04343dd4c56689f43821a5fb94 SHA512 f16908c44b213edbf6b0c6e8d49df92e8c06fc623279037074fe51e49b8aca7dc18f5ed83f71909fc8209df80dfc150583edb1687f88e61588bdf9d1fbf6ed5a WHIRLPOOL 37151473420598bd24d90ef1975ba83c5e9f5301a459b8d73d5df540d5b67686494b9f826b8e985b42765c65861d5f82b6ef705ebe577e68bbf57a893a24f32b -AUX sssd.service 341 SHA256 633a4824ba95524a0d9cf8b42cd1a5dc3f9b40f6aeda9ffc60d56edf72b2015e SHA512 99510d11f390722f56bc164059033fc40299dd4ea29f98cd5f08b2648f31b2e70afeb6b2d90f919bde595546c80b4e6941cf6f48130661ead09c0576043e4cf5 WHIRLPOOL 57963f1251e8f24d2ca67b1c71108171c468077e8ace27347d22e21ce854ab339a4131741397fa39607d8b10621c8fc33420a14bef1fdbd236442ad733299182 -DIST sssd-1.12.1.tar.gz 4088341 SHA256 18b2d7e93e77435708feaf3ff65656f89e5a531ae6d48c4bff98168f171ba8ff SHA512 9514586eb51ac7e8d9639f2aba52cfd5cf71c442ee0a6c652e7838a96cf0fcb62ce4ffa9f9b956d984cd5ecfb3d13b8c21a66677e1e3e9e76f13202792ee2a7e WHIRLPOOL 73b34d373b3b557dc1a075eef94c69ff12051ffef04cd607e81bd84366ca233b67a1b815b02f6aa80d14fbc0453cbe301cdee75e4cc1e218aef8160b2a875e8e -DIST sssd-1.12.4.tar.gz 4226841 SHA256 ea3be3a40b20284bd3126481dd0747cd07e39d5ef7ef7026d4902d96fc3e9edf SHA512 817141378d4c535ee1018c4246c77a61b963ab10c026e6983e1be90860fa68698dd60cd27ab7ac77da096057f8c71cba90387cf3329e9d43e98a23163f8bb233 WHIRLPOOL 7ee273fcb2e2311f9239face618be1d2eb88c4b6df177ce61854e3465fe6e484753b55a7e864f3b6e4beb2ebea43ae348a06d3ea29eb2560a2ebe3c8a8d0ffed -DIST sssd-1.12.5.tar.gz 4300869 SHA256 243d8db7c72ecb21aa9db8a09fe9f9b10049dbdb35a1cc2f55e214f21e3ce256 SHA512 573947c58dc53b92b6b60390375a70f3842e0bfd22c696e60dd84b8dd671bc508f30f3a0952135b0c6a1e555d43493f59ce60f780a5130696cada06cc467fa6c WHIRLPOOL 6614d32f0808b97e55b33f996e12207b4960b6f694a7321235e26b7760aa84acad7dd68c2019857ce08d32585f9157e28d2a4be6f944f1eeaaf2f6b84c807638 -DIST sssd-1.13.0.tar.gz 4417697 SHA256 bd1dd95165bca02a08fbd0ea8ac6aa296bc339798d6c6566aee823c536718a5a SHA512 c11303557180d6491933f5732ed831d1725d33e7444d92d5a20ba24a35d77845711d8427d869fe526fbdea482944269469f5bbbb779e3006998fbe09403ebf7f WHIRLPOOL 0ef934e4e22d1c5a8d1e5f649de29e162717e421a341839cecc9ac089d022a30f843463966dc572619b959fd4e850d651bf372e2d511dba24994f790f1006a55 -DIST sssd-1.13.1.tar.gz 4517171 SHA256 ff6425d455a5cae2359e32c8627832e67b5cc0bbec4081a16d926b6e1b431ae7 SHA512 93d7f9230e6464c3346abad374e7b4a17a148a5d6e37736a4d1aaf9c99dce6065e0b1eed329c8de997c7cf902728077dd31ec4920a8d192fc67cc27f16723346 WHIRLPOOL 1b169a5ada95968508314e0f5f466a3c5655839e106a875ecf0f6001aaafe1c2228a6e79c10d9d23392fa54c375f5514c2f2d52b414d57b089de521b3f3cac77 -DIST sssd-1.9.6.tar.gz 3180066 SHA256 ca96e8d98eb4113396b13d9601dbdd20f4b2f2613d0f29a0157ffd05e3748601 SHA512 32d6056db1a17fe348f0b932d4242ce3b3dc615d4d93ebf580f5f9a3e16985324d9955e092803cf9a2bf35724feab0450737f516e9ce003f6812a0debf54ba15 WHIRLPOOL e496d63a042b39dd5d269a7d24b9a535c73a47741a4429e78e2a9d1282515747a83251338d6c94d75b2de06a415bfed18f7223864b1b4e9a824a25d41afa6a59 -DIST sssd-1.9.7.tar.gz 3485351 SHA256 ed2b7e9835143404cbc0e3e105607b7c554f568e4af024b5db0f10ca4f809c7e SHA512 1c73078f2127c1359c13601900e39dcb7527c5ca1346dfbb2fdcf07d98d3542f7b79aed8acc9dd289ab1a679f0b5477e08a9f1d58da4847ada53bdb4f3f606e2 WHIRLPOOL 691164b8edbcdc5acba024a00ead18e1769175cf6f9c3e49f065d31c84b55b315e569fbf04a841c9cd67ce76531f26875a97e0c553b462aecee29aa9428493be -EBUILD sssd-1.12.1.ebuild 3438 SHA256 a742120dbf88db2387731323dcd45798767342e2cd19ba27c10d22a7d819be0f SHA512 8aab2f9912a4959645d1ed0fa68c25a4bf5483e33edf9218a81b5f92a568e0094952fb6dc82459daf7d825bea6c3154d562362b83d55a53a18664f4d0c39198b WHIRLPOOL a0dddadf7983e466b9d47edeb11d38e15dc70a113451a1456c7e8402ef9c50b1aed3c8cf5f6ffa4cf9e0819440a903a30137d1746cc33441bb6ff17d8ed0fc98 -EBUILD sssd-1.12.4.ebuild 5287 SHA256 d24f2ec4cbc28719fd98e5f7cd230ca4ff959a91f9a7b33fd92a367d6add8dbb SHA512 6a99828a719f7c5224e21d10b818c5076a0707e32ce25c712c253e02aba3611b862d7de8fc174822a7164f3add15399ae8c1838a05a38d3fbb70c8c424fd3b03 WHIRLPOOL d36de690c78e802fe90874dc6e9ee8cd652f6cd139a43c65347531b556b349e9f2bce548b7c4fecca14c464fa644f141dd66d4f87b3f6408c82beae63ed74630 -EBUILD sssd-1.12.5.ebuild 5287 SHA256 d24f2ec4cbc28719fd98e5f7cd230ca4ff959a91f9a7b33fd92a367d6add8dbb SHA512 6a99828a719f7c5224e21d10b818c5076a0707e32ce25c712c253e02aba3611b862d7de8fc174822a7164f3add15399ae8c1838a05a38d3fbb70c8c424fd3b03 WHIRLPOOL d36de690c78e802fe90874dc6e9ee8cd652f6cd139a43c65347531b556b349e9f2bce548b7c4fecca14c464fa644f141dd66d4f87b3f6408c82beae63ed74630 -EBUILD sssd-1.13.0.ebuild 5494 SHA256 0a3e02ddf9301319cc165a034b3e45bd57a43a7ef392d167377594b639d93bc5 SHA512 864d970f8cf72043167e8a9c6643582906e1286256d657ea249a126cb95a5b66c9dc001e636b5f93b97793cf1939425d19b97dd4a69c6712eeac7f450c2799a4 WHIRLPOOL c809a59252a3204b6274e96cad87e65c790dcb7ee5081d234dfc71a054dc7173c62892a82b89d46f3e74242d1aa2ef59ecd913f433f44d000fdac29438245bde -EBUILD sssd-1.13.1.ebuild 5436 SHA256 d960862b23ef0efd44c5bb9f44286fa73cac1e18523420ed2c09a3bfa65d45bc SHA512 baa89853f0b5813f0cb599f077808c9bf66acdd285e36c4dc002c98995009a41118fcdcf0f70d79df02eb01c2ccf7bcb3d61b0e950b99b212642ae66900e7820 WHIRLPOOL 3f0f3e8c7d840e1e27cacde6992ff70cf75bdb52b72e1867c3b296ddf90c8cc3c233087e018b422ac1543418de90e212277678e0b7105a317d2d809050cd4918 -EBUILD sssd-1.9.6-r3.ebuild 3118 SHA256 4d5583207b3bf13db0bfc654439ab76afb95603c402532c37363ecd9464adf56 SHA512 52e897cb939780d505e2ce3e72f6160642253db550124f568f376613564d2719a6e41debc0468e2dc55d83d2a4be0135d0fa3bf677b01e4e3fd37e04160d1ff3 WHIRLPOOL 1a7ba4dbeac0ac399fbf6199672108ae4dc3befb5dddca2b73147e38d7dd9f4710ad7ae84181052b048a37144618431e8d142e11a25b82c0c9da174a2464d976 -EBUILD sssd-1.9.7.ebuild 3133 SHA256 7f4e1bba3508a4a4585f130a2ccda8ed8cccc53427fd275d80602d9e642a6015 SHA512 0bbb8bb8e31843f0baddd466345f2849d8f9b2aaef88d947263f3ee50e07b948cc4553951d3a93d3368a1b6d667ff7e995429854bc5efb953b7cee6cc4875fb8 WHIRLPOOL 99c71b4e5b4b94ad058a0f613139f9eee18fd811e25a9a31f945a9d8f0337296ec4fc8d3d8a1f7b47a5902fc17248259079d2e4551d0ea4ba7bc8ea195056a8d -MISC ChangeLog 3773 SHA256 b4f6a0f45702526e37c23d3a5f90fd3a7b0a23f8d0d262a26450272604ff4447 SHA512 58721f69badc3a7880caee75e807c0e3e1ea757b4c1a381e252d4fb872bf0e081f150e7c96bc37b3e455d8607f5f418693ccd624b376dfd1719cd771cba5f756 WHIRLPOOL a10e5be4fc054656cd301d4d372f57886aff5bfca3a330d7837c7a8ecaca99f04fc2a86664415211347ec38a098d1921df3ef1119a873a40eca81fa7afe194dc -MISC ChangeLog-2015 11963 SHA256 154e1613682ee02aa2e786fe88b8d2de96f2a16ee7e88fe253e426d5980f1c44 SHA512 062523e93acd6935c90c3edd1da99310460582a3d4c8ceb0976cb087f2c8d108d485d866d21fd2d6a354b6d0e692f1618647307409f71cac93b9e71a655f010d WHIRLPOOL ce0a1ca173c71a004b3eb4d93d18dda3d239cfae49e18e2a8a49f998918366f5bc1e0e30373bced0685aede13131497db7c6dd8c581519428feea267b00b7f69 -MISC metadata.xml 1037 SHA256 9509811fba6f4021d94d02b3e3e1da972bfbc05f6c3ca9c23842a7f4f729d9d3 SHA512 1269a811a3891fa298387667d321da5b8cc67440b4d69865c80ce0ac72a12a05eec6734e3ffeef8f4b7316dbd419a6eed98844ff120d5c3752d6ca0918401731 WHIRLPOOL 84e4351e84a229942a4ad3d7e6cdc2894989455a4bd9ad57983ebe13f65e2bf2d493fd5c9015125238685a65e3e3d57d1899a457e98acf1a12cb59a1899109d3 +DIST sssd-1.16.3.tar.gz 6217114 BLAKE2B eefaf8de466d0d76e9a4b60aefef6eb63c17a55b9a1f2e07e973a61d71cbe5432e92357656a1eb353d45bbc2fa92290cef45898d0b315d4a4c4074652ff25a23 SHA512 6165923f652f624bbe3ddc625ae682c4867eb7a20652d0cf74bbb8dda2307c917d3189ede26fd21a4fb5fd5926149271a65fa09f3affe928029ed99e6422b728 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd index dbf7850227..c79b79ac1e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-1.14.2-fix-krb5-config.patch b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-1.14.2-fix-krb5-config.patch deleted file mode 100644 index 20c57209a3..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-1.14.2-fix-krb5-config.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 79c0ed5d08fdcc093baef155a118829caf4af63b Mon Sep 17 00:00:00 2001 -From: David Michael -Date: Wed, 14 Dec 2016 15:08:28 -0800 -Subject: [PATCH] BUILD: Find a host-prefixed krb5-config when cross-compiling - ---- - src/external/krb5.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/external/krb5.m4 b/src/external/krb5.m4 -index 8fc9096..b844c2f 100644 ---- a/src/external/krb5.m4 -+++ b/src/external/krb5.m4 -@@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then - KRB5_PASSED_CFLAGS=$KRB5_CFLAGS - fi - --AC_PATH_PROG(KRB5_CONFIG, krb5-config) -+AC_PATH_TOOL(KRB5_CONFIG, krb5-config) - AC_MSG_CHECKING(for working krb5-config) - if test -x "$KRB5_CONFIG"; then - KRB5_CFLAGS="`$KRB5_CONFIG --cflags`" --- -2.7.4 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-curl-macros.patch b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-curl-macros.patch new file mode 100644 index 0000000000..91e71e8378 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-curl-macros.patch @@ -0,0 +1,34 @@ +From d3cdf9cbfbace4874c6e5c96f1e5ef5b342c813e Mon Sep 17 00:00:00 2001 +From: Mikle Kolyada +Date: Sun, 16 Dec 2018 20:42:39 +0300 +Subject: [PATCH] tev_curl.c: remove case duplication + +CURLE_SSL_CACERT and CURLE_PEER_FAILED_VERIFICATION macros are provided +by net-misc/curl-7.62.0 and older +--- + tev_curl.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/tev_curl.c b/tev_curl.c +index 6a7a580..ce6fdba 100644 +--- a/src/util/tev_curl.c ++++ b/src/util/tev_curl.c +@@ -97,7 +97,6 @@ static errno_t curl_code2errno(CURLcode crv) + return ETIMEDOUT; + case CURLE_SSL_ISSUER_ERROR: + case CURLE_SSL_CACERT_BADFILE: +- case CURLE_SSL_CACERT: + case CURLE_SSL_CERTPROBLEM: + return ERR_INVALID_CERT; + +@@ -110,8 +109,6 @@ static errno_t curl_code2errno(CURLcode crv) + case CURLE_SSL_ENGINE_NOTFOUND: + case CURLE_SSL_CONNECT_ERROR: + return ERR_SSL_FAILURE; +- case CURLE_PEER_FAILED_VERIFICATION: +- return ERR_UNABLE_TO_VERIFY_PEER; + case CURLE_COULDNT_RESOLVE_HOST: + return ERR_UNABLE_TO_RESOLVE_HOST; + default: +-- +2.19.2 \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch new file mode 100644 index 0000000000..87db45fd24 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch @@ -0,0 +1,96 @@ +From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001 +From: Tomas Halman +Date: Mon, 3 Dec 2018 14:11:31 +0100 +Subject: [PATCH] nss: sssd returns '/' for emtpy home directories + +For empty home directory in passwd file sssd returns "/". Sssd +should respect system behaviour and return the same as nsswitch +"files" module - return empty string. + +Resolves: +https://pagure.io/SSSD/sssd/issue/3901 + +Reviewed-by: Simo Sorce +Reviewed-by: Jakub Hrozek +(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49) +--- + src/confdb/confdb.c | 9 +++++++++ + src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++ + src/responder/nss/nss_protocol_pwent.c | 2 +- + src/tests/intg/test_files_provider.py | 2 +- + 4 files changed, 30 insertions(+), 2 deletions(-) + +diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c +index a3eb9c66d9..17bb4f8274 100644 +--- a/src/confdb/confdb.c ++++ b/src/confdb/confdb.c +@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, + ret = ENOMEM; + goto done; + } ++ } else { ++ if (strcasecmp(domain->provider, "ad") == 0) { ++ /* ad provider default */ ++ domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u"); ++ if (!domain->fallback_homedir) { ++ ret = ENOMEM; ++ goto done; ++ } ++ } + } + + tmp = ldb_msg_find_attr_as_string(res->msgs[0], +diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml +index 818a2bf787..425b7e8ee0 100644 +--- a/src/man/include/ad_modified_defaults.xml ++++ b/src/man/include/ad_modified_defaults.xml +@@ -76,4 +76,23 @@ + + + ++ ++ NSS configuration ++ ++ ++ ++ fallback_homedir = /home/%d/%u ++ ++ ++ The AD provider automatically sets ++ "fallback_homedir = /home/%d/%u" to provide personal ++ home directories for users without the homeDirectory ++ attribute. If your AD Domain is properly ++ populated with Posix attributes, and you want to avoid ++ this fallback behavior, you can explicitly ++ set "fallback_homedir = %o". ++ ++ ++ ++ + +diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c +index af9e74fc86..86fa4ec465 100644 +--- a/src/responder/nss/nss_protocol_pwent.c ++++ b/src/responder/nss/nss_protocol_pwent.c +@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx, + + homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx); + if (homedir == NULL) { +- return "/"; ++ return ""; + } + + return homedir; +diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py +index ead1cc4c34..4761f1bd15 100644 +--- a/src/tests/intg/test_files_provider.py ++++ b/src/tests/intg/test_files_provider.py +@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only): + Test that resolving a user without a homedir defined works and returns + a fallback value + """ +- check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/')) ++ check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '')) + + + def test_user_no_gecos(setup_pw_with_canary, files_domain_only): diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/tmpfiles.d/sssd.conf b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/tmpfiles.d/sssd.conf index 1347b5c621..f8074a4332 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/tmpfiles.d/sssd.conf +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/tmpfiles.d/sssd.conf @@ -1,9 +1,13 @@ d /etc/sssd 0700 root root - - C /etc/sssd/sssd.conf 0600 root root - /usr/share/sssd/sssd-example.conf d /var/lib/sss - root root - - +d /var/lib/sss/deskprofile 0755 root root - - d /var/lib/sss/db 0700 root root - - +d /var/lib/sss/gpo_cache 0755 root root - - +d /var/lib/sss/keytabs 0700 root root - - d /var/lib/sss/mc 0700 root root - - d /var/lib/sss/pipes - root root - - d /var/lib/sss/pipes/private 0700 root root - - d /var/lib/sss/pubconf 0700 root root - - d /var/lib/sss/pubconf/krb5.include.d 0700 root root - - +d /var/lib/sss/secrets 0755 root root - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/metadata.xml index 7c6b99de06..5b5f4a6f7a 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/metadata.xml @@ -1,19 +1,21 @@ - - hwoarang@gentoo.org - Markos Chandras - - - Build and use the cifsidmap plugin - Build internal configuration library - Install sssd's Kerberos plugin - Add support for netlink protocol via dev-libs/libnl - Add support for the nfsv4 idmapd plugin provided by net-libs/libnfsidmap - Build man pages with dev-libs/libxslt - Build helper to let net-fs/autofs use sssd provided information - Build helper to let net-misc/openssh use sssd provided information - Build helper to let app-admin/sudo use sssd provided information - + + alexxy@gentoo.org + Alexey Shvetsov + + + Build and use the cifsidmap plugin + Install sssd's Kerberos plugin + Add support for netlink protocol via dev-libs/libnl + Add support for the nfsv4 idmapd plugin provided by net-libs/libnfsidmap + Build man pages with dev-libs/libxslt + Build helper to let net-fs/autofs use sssd provided information + Build helper to let net-misc/openssh use sssd provided information + Build helper to let app-admin/sudo use sssd provided information + + + cpe:/a:fedorahosted:sssd + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.13.1-r7.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.16.3-r3.ebuild similarity index 65% rename from sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.13.1-r7.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.16.3-r3.ebuild index 7773192f89..089931addb 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.13.1-r7.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.16.3-r3.ebuild @@ -1,24 +1,29 @@ -# Copyright 1999-2015 Gentoo Foundation +# Flatcar modifications: +# - changed files/sssd.service +# - added files/tmpfiles.d/sssd.conf +# - other ebuild modifications marked below +# +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -# $Id$ -EAPI=5 +EAPI=7 -PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} ) - -inherit eutils multilib pam linux-info autotools multilib-minimal python-r1 systemd toolchain-funcs +inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs DESCRIPTION="System Security Services Daemon provides access to identity and authentication" -HOMEPAGE="http://fedorahosted.org/sssd/" -SRC_URI="http://fedorahosted.org/released/${PN}/${P}.tar.gz" +HOMEPAGE="https://pagure.io/SSSD/sssd" +SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" +# Flatcar: stabilize arm64 +KEYWORDS="amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86" LICENSE="GPL-3" SLOT="0" -KEYWORDS="amd64 arm64 ~hppa ~ppc ~ppc64 ~x86" -IUSE="acl augeas autofs +locator netlink nfsv4 nls +manpages python samba selinux sudo ssh test" +IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" +RESTRICT="!test? ( test )" +# Flatcar: don't force gssapi for >=net-dns/bind-tools-9.9 COMMON_DEP=" - >=virtual/pam-0-r1[${MULTILIB_USEDEP}] + >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] >=dev-libs/popt-1.16 dev-libs/glib:2 >=dev-libs/ding-libs-0.2 @@ -27,13 +32,16 @@ COMMON_DEP=" >=sys-libs/tevent-0.9.16 >=sys-libs/ldb-1.1.17-r1:= >=net-nds/openldap-2.4.30[sasl] + net-libs/http-parser >=dev-libs/libpcre-8.30 >=app-crypt/mit-krb5-1.10.3 + dev-libs/jansson + net-misc/curl locator? ( >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] ) - >=sys-apps/keyutils-1.5 + >=sys-apps/keyutils-1.5:= >=net-dns/c-ares-1.7.4 >=dev-libs/nss-3.12.9 selinux? ( @@ -44,12 +52,11 @@ COMMON_DEP=" >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] >=sys-apps/dbus-1.6 acl? ( net-fs/cifs-utils[acl] ) - augeas? ( app-admin/augeas ) - nfsv4? ( net-libs/libnfsidmap ) + nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) nls? ( >=sys-devel/gettext-0.18 ) virtual/libintl netlink? ( dev-libs/libnl:3 ) - samba? ( >=net-fs/samba-4.0 ) + samba? ( >=net-fs/samba-4.5 ) " RDEPEND="${COMMON_DEP} @@ -73,21 +80,24 @@ MULTILIB_WRAPPED_HEADERS=( # --with-ifp /usr/include/sss_sifp.h /usr/include/sss_sifp_dbus.h + # from 1.15.3 + /usr/include/sss_certmap.h ) -pkg_setup(){ +pkg_setup() { linux-info_pkg_setup } src_prepare() { - epatch "${FILESDIR}"/sssd-1.14.2-fix-krb5-config.patch + sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ + "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" + eapply "${FILESDIR}"/${PN}-curl-macros.patch + eapply "${FILESDIR}"/${PN}-fix-CVE-2019-3811.patch + + default eautoreconf - multilib_copy_sources - - # Maybe run it before eautoreconf? - epatch_user } src_configure() { @@ -97,21 +107,33 @@ src_configure() { } multilib_src_configure() { + # Flatcar: delete, use systemd and not sysv + + #Work around linker dependency problem. + append-ldflags "-Wl,--allow-shlib-undefined" + myconf+=( --localstatedir="${EPREFIX}"/var --enable-nsslibdir="${EPREFIX}"/$(get_libdir) --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb - --without-nscd + --with-os=gentoo + --with-nscd --with-unicode-lib="glib2" --disable-rpath - --disable-silent-rules + # Flatcar: make nss lookups succeed when not running --enable-sss-default-nss-plugin + # Flatcar: prevent cross-compilation error + # when autotools does not want to compile and run the test + $(use_with samba smb-idmap-interface-version=6) + # --sbindir=/usr/sbin + --without-kcm + $(use_with samba libwbclient) + --with-secrets $(multilib_native_use_with samba) $(multilib_native_use_enable acl cifs-idmap-plugin) - $(multilib_native_use_enable augeas config-lib) $(multilib_native_use_with selinux) $(multilib_native_use_with selinux semanage) $(use_enable locator krb5-locator-plugin) @@ -122,11 +144,12 @@ multilib_src_configure() { $(multilib_native_use_with sudo) $(multilib_native_use_with autofs) $(multilib_native_use_with ssh) - --with-crypto="libcrypto" + --with-crypto="nss" --with-initscript="sysv" --without-python2-bindings --without-python3-bindings - ) + # Flatcar: delete, fix krb5-config detection + ) if ! multilib_is_native_abi; then # work-around all the libraries that are used for CLI and server @@ -142,10 +165,14 @@ multilib_src_configure() { # non-pkgconfig checks ac_cv_lib_ldap_ldap_search=yes + --without-secrets + --without-libwbclient + --without-kcm + --with-crypto="" ) use locator || myconf+=( - KRB5_CONFIG=/bin/true + KRB5_CONFIG=/bin/true ) fi @@ -163,13 +190,14 @@ multilib_src_compile() { multilib_src_install() { if multilib_is_native_abi; then + # Flatcar: add sysconfdir emake -j1 DESTDIR="${D}" sysconfdir="/usr/share" "${_at_args[@]}" install else # easier than playing with automake... dopammod .libs/pam_sss.so into / - dolib .libs/libnss_sss.so* + dolib.so .libs/libnss_sss.so* if use locator; then exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 @@ -180,12 +208,16 @@ multilib_src_install() { multilib_src_install_all() { einstalldocs - prune_libtool_files --all + find "${ED}" -type f -name '*.la' -delete || die + # Flatcar: store on /usr insinto /usr/share/sssd doins "${S}"/src/examples/sssd-example.conf + # Flatcar: delete, remove /var files taken care of by tmpfiles + systemd_dounit "${FILESDIR}/${PN}.service" + # Flatcar: add tmpfile directive and remove /etc/rc.d systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/sssd.conf" rm -rf "${D}/etc/rc.d" } @@ -194,8 +226,8 @@ multilib_src_test() { default } -pkg_postinst(){ +pkg_postinst() { elog "You must set up sssd.conf (default installed into /etc/sssd)" elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in http://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2" + elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/index.html#implemented-in-1-16-x" }