Author: baggins Date: Thu Sep 29 09:38:45 2011 GMT Module: packages Tag: HEAD ---- Log message: - rel 3 - gssapi and dovecot auth fixes from debian
---- Files affected: packages/cyrus-sasl: cyrus-sasl.spec (1.210 -> 1.211) , 0032-revert_1.103_revision_to_unbreak_GSSAPI.patch (NONE -> 1.1) (NEW), 0033-fix_segfault_in_GSSAPI.patch (NONE -> 1.1) (NEW), 0034-fix_dovecot_authentication.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/cyrus-sasl/cyrus-sasl.spec diff -u packages/cyrus-sasl/cyrus-sasl.spec:1.210 packages/cyrus-sasl/cyrus-sasl.spec:1.211 --- packages/cyrus-sasl/cyrus-sasl.spec:1.210 Sat Sep 17 14:05:54 2011 +++ packages/cyrus-sasl/cyrus-sasl.spec Thu Sep 29 11:38:40 2011 @@ -26,7 +26,7 @@ Summary(uk.UTF-8): Бібліотека Cyrus SASL Name: cyrus-sasl Version: 2.1.25 -Release: 2 +Release: 3 License: distributable Group: Libraries Source0: ftp://ftp.cyrusimap.org/cyrus-sasl/%{name}-%{version}.tar.gz @@ -53,6 +53,9 @@ Patch14: %{name}-ac-libs.patch Patch15: %{name}-pam.patch Patch16: %{name}-gssapi_ext.patch +Patch17: 0032-revert_1.103_revision_to_unbreak_GSSAPI.patch +Patch18: 0033-fix_segfault_in_GSSAPI.patch +Patch19: 0034-fix_dovecot_authentication.patch URL: http://asg.web.cmu.edu/sasl/ BuildRequires: autoconf >= 2.54 BuildRequires: automake >= 1:1.7 @@ -483,6 +486,9 @@ %patch14 -p1 %patch15 -p1 %patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 cd doc echo "cyrus-sasl complies with the following RFCs:" > rfc-compliance @@ -749,6 +755,10 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.211 2011/09/29 09:38:40 baggins +- rel 3 +- gssapi and dovecot auth fixes from debian + Revision 1.210 2011/09/17 12:05:54 qboosh - updated ac-libs patch wrt. sqlite3 support - release 2 ================================================================ Index: packages/cyrus-sasl/0032-revert_1.103_revision_to_unbreak_GSSAPI.patch diff -u /dev/null packages/cyrus-sasl/0032-revert_1.103_revision_to_unbreak_GSSAPI.patch:1.1 --- /dev/null Thu Sep 29 11:38:45 2011 +++ packages/cyrus-sasl/0032-revert_1.103_revision_to_unbreak_GSSAPI.patch Thu Sep 29 11:38:40 2011 @@ -0,0 +1,15 @@ +--- a/plugins/gssapi.c ++++ b/plugins/gssapi.c +@@ -1480,10 +1480,10 @@ static int gssapi_client_mech_step(void + } + + /* Setup req_flags properly */ +- req_flags = GSS_C_INTEG_FLAG; ++ req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; + if (params->props.max_ssf > params->external_ssf) { + /* We are requesting a security layer */ +- req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; ++ req_flags |= GSS_C_INTEG_FLAG; + /* Any SSF bigger than 1 is confidentiality. */ + /* Let's check if the client of the API requires confidentiality, + and it wasn't already provided by an external layer */ ================================================================ Index: packages/cyrus-sasl/0033-fix_segfault_in_GSSAPI.patch diff -u /dev/null packages/cyrus-sasl/0033-fix_segfault_in_GSSAPI.patch:1.1 --- /dev/null Thu Sep 29 11:38:45 2011 +++ packages/cyrus-sasl/0033-fix_segfault_in_GSSAPI.patch Thu Sep 29 11:38:40 2011 @@ -0,0 +1,25 @@ +--- a/plugins/gssapi.c ++++ b/plugins/gssapi.c +@@ -370,7 +370,7 @@ sasl_gss_encode(void *context, const str + } + + if (output_token->value && output) { +- unsigned char * p = (unsigned char *) text->encode_buf; ++ int len; + + ret = _plug_buf_alloc(text->utils, + &(text->encode_buf), +@@ -384,11 +384,8 @@ sasl_gss_encode(void *context, const str + return ret; + } + +- p[0] = (output_token->length>>24) & 0xFF; +- p[1] = (output_token->length>>16) & 0xFF; +- p[2] = (output_token->length>>8) & 0xFF; +- p[3] = output_token->length & 0xFF; +- ++ len = htonl(output_token->length); ++ memcpy(text->encode_buf, &len, 4); + memcpy(text->encode_buf + 4, output_token->value, output_token->length); + } + ================================================================ Index: packages/cyrus-sasl/0034-fix_dovecot_authentication.patch diff -u /dev/null packages/cyrus-sasl/0034-fix_dovecot_authentication.patch:1.1 --- /dev/null Thu Sep 29 11:38:45 2011 +++ packages/cyrus-sasl/0034-fix_dovecot_authentication.patch Thu Sep 29 11:38:40 2011 @@ -0,0 +1,92 @@ +--- a/saslauthd/auth_rimap.c ++++ b/saslauthd/auth_rimap.c +@@ -1,3 +1,4 @@ ++ + /* MODULE: auth_rimap */ + + /* COPYRIGHT +@@ -367,6 +368,30 @@ auth_rimap ( + alarm(NETWORK_IO_TIMEOUT); + rc = read(s, rbuf, sizeof(rbuf)); + alarm(0); ++ if ( rc>0 ) { ++ /* check if there is more to read */ ++ fd_set perm; ++ int fds, ret; ++ struct timeval timeout; ++ ++ FD_ZERO(&perm); ++ FD_SET(s, &perm); ++ fds = s +1; ++ ++ timeout.tv_sec = 1; ++ timeout.tv_usec = 0; ++ while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { ++ if ( FD_ISSET(s, &perm) ) { ++ ret = read(s, rbuf+rc, sizeof(rbuf)-rc); ++ if ( ret<0 ) { ++ rc = ret; ++ break; ++ } else { ++ rc += ret; ++ } ++ } ++ } ++ } + if (rc == -1) { + syslog(LOG_WARNING, "auth_rimap: read (banner): %m"); + (void) close(s); +@@ -456,6 +481,30 @@ auth_rimap ( + alarm(NETWORK_IO_TIMEOUT); + rc = read(s, rbuf, sizeof(rbuf)); + alarm(0); ++ if ( rc>0 ) { ++ /* check if there is more to read */ ++ fd_set perm; ++ int fds, ret; ++ struct timeval timeout; ++ ++ FD_ZERO(&perm); ++ FD_SET(s, &perm); ++ fds = s +1; ++ ++ timeout.tv_sec = 1; ++ timeout.tv_usec = 0; ++ while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { ++ if ( FD_ISSET(s, &perm) ) { ++ ret = read(s, rbuf+rc, sizeof(rbuf)-rc); ++ if ( ret<0 ) { ++ rc = ret; ++ break; ++ } else { ++ rc += ret; ++ } ++ } ++ } ++ } + (void) close(s); /* we're done with the remote */ + if (rc == -1) { + syslog(LOG_WARNING, "auth_rimap: read (response): %m"); +--- a/lib/checkpw.c ++++ b/lib/checkpw.c +@@ -587,16 +587,14 @@ static int read_wait(int fd, unsigned de + /* Timeout. */ + errno = ETIMEDOUT; + return -1; +- case +1: +- if (FD_ISSET(fd, &rfds)) { +- /* Success, file descriptor is readable. */ +- return 0; +- } +- return -1; + case -1: + if (errno == EINTR || errno == EAGAIN) + continue; + default: ++ if (FD_ISSET(fd, &rfds)) { ++ /* Success, file descriptor is readable. */ ++ return 0; ++ } + /* Error catch-all. */ + return -1; + } ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/cyrus-sasl/cyrus-sasl.spec?r1=1.210&r2=1.211&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
