1 |
commit: 0ea0e5c7d34102447316e0ec3e9a4aa82e4523bf |
2 |
Author: Martin Kletzander <nert.pinx <AT> gmail <DOT> com> |
3 |
AuthorDate: Wed Oct 27 09:45:22 2021 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Oct 27 23:20:16 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ea0e5c7 |
7 |
|
8 |
dev-libs/cyrus-sasl: Backport upstream fix for wrong error handling w/ newer gdbm |
9 |
|
10 |
Without this fix applications might fail with spurious error message, for |
11 |
example libvirt's sasl authentication fails with: |
12 |
|
13 |
authentication failed: Failed to start SASL negotiation: -1 (SASL(-1): |
14 |
generic failure: unable to canonify user and get auxprops) |
15 |
|
16 |
It is merged upstream as commit cyrus-sasl-2.1.27-2-gaf48f6fec9a7: |
17 |
|
18 |
commit af48f6fec9a7b6374d4153c5db894d4a1f349645 |
19 |
Author: Jonas Jelten <jj <AT> sft.mx> |
20 |
Date: Sat Feb 2 20:53:37 2019 +0100 |
21 |
|
22 |
db_gdbm: fix gdbm_errno overlay from gdbm_close |
23 |
|
24 |
Package-Manager: Portage-3.0.28, Repoman-3.0.3 |
25 |
Closes: https://github.com/gentoo/gentoo/pull/22723 |
26 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
27 |
|
28 |
dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r5.ebuild | 269 +++++++++++++++++++++ |
29 |
...bm-fix-gdbm_errno-overlay-from-gdbm_close.patch | 35 +++ |
30 |
2 files changed, 304 insertions(+) |
31 |
|
32 |
diff --git a/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r5.ebuild b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r5.ebuild |
33 |
new file mode 100644 |
34 |
index 00000000000..3d486cc99a5 |
35 |
--- /dev/null |
36 |
+++ b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r5.ebuild |
37 |
@@ -0,0 +1,269 @@ |
38 |
+# Copyright 1999-2021 Gentoo Authors |
39 |
+# Distributed under the terms of the GNU General Public License v2 |
40 |
+ |
41 |
+EAPI=7 |
42 |
+ |
43 |
+inherit flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd toolchain-funcs tmpfiles |
44 |
+ |
45 |
+SASLAUTHD_CONF_VER="2.1.26" |
46 |
+ |
47 |
+DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)" |
48 |
+HOMEPAGE="https://www.cyrusimap.org/sasl/" |
49 |
+#SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz" |
50 |
+SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz" |
51 |
+ |
52 |
+LICENSE="BSD-with-attribution" |
53 |
+SLOT="2" |
54 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
55 |
+IUSE="authdaemond berkdb gdbm kerberos ldapdb openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom" |
56 |
+ |
57 |
+CDEPEND=" |
58 |
+ net-mail/mailbase |
59 |
+ virtual/libcrypt:= |
60 |
+ authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) ) |
61 |
+ berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) |
62 |
+ gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] ) |
63 |
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) |
64 |
+ openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) |
65 |
+ mysql? ( dev-db/mysql-connector-c:0=[${MULTILIB_USEDEP}] ) |
66 |
+ pam? ( >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] ) |
67 |
+ postgres? ( dev-db/postgresql:* ) |
68 |
+ sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] ) |
69 |
+ ssl? ( |
70 |
+ >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] |
71 |
+ ) |
72 |
+ java? ( >=virtual/jdk-1.6:= )" |
73 |
+ |
74 |
+REQUIRED_USE="ldapdb? ( openldap )" |
75 |
+ |
76 |
+RDEPEND=" |
77 |
+ ${CDEPEND} |
78 |
+ selinux? ( sec-policy/selinux-sasl )" |
79 |
+ |
80 |
+DEPEND="${CDEPEND}" |
81 |
+ |
82 |
+MULTILIB_WRAPPED_HEADERS=( |
83 |
+ /usr/include/sasl/md5global.h |
84 |
+) |
85 |
+ |
86 |
+PATCHES=( |
87 |
+ "${FILESDIR}/${PN}-2.1.27-avoid_pic_overwrite.patch" |
88 |
+ "${FILESDIR}/${PN}-2.1.27-autotools_fixes.patch" |
89 |
+ "${FILESDIR}/${PN}-2.1.27-as_needed.patch" |
90 |
+ "${FILESDIR}/${PN}-2.1.25-auxprop.patch" |
91 |
+ "${FILESDIR}/${PN}-2.1.27-gss_c_nt_hostbased_service.patch" |
92 |
+ "${FILESDIR}/${PN}-2.1.26-missing-size_t.patch" |
93 |
+ "${FILESDIR}/${PN}-2.1.27-doc_build_fix.patch" |
94 |
+ "${FILESDIR}/${PN}-2.1.27-memmem.patch" |
95 |
+ "${FILESDIR}/${PN}-2.1.27-CVE-2019-19906.patch" |
96 |
+ "${FILESDIR}/${PN}-2.1.27-slibtool.patch" |
97 |
+ "${FILESDIR}/${PN}-2.1.27-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch" |
98 |
+) |
99 |
+ |
100 |
+pkg_setup() { |
101 |
+ java-pkg-opt-2_pkg_setup |
102 |
+} |
103 |
+ |
104 |
+src_prepare() { |
105 |
+ default |
106 |
+ |
107 |
+ # Get rid of the -R switch (runpath_switch for Sun) |
108 |
+ # >=gcc-4.6 errors out with unknown option |
109 |
+ sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \ |
110 |
+ configure.ac || die |
111 |
+ |
112 |
+ # Use plugindir for sasldir |
113 |
+ sed -i '/^sasldir =/s:=.*:= $(plugindir):' \ |
114 |
+ "${S}"/plugins/Makefile.{am,in} || die "sed failed" |
115 |
+ |
116 |
+ # #486740 #468556 |
117 |
+ sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \ |
118 |
+ -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ |
119 |
+ configure.ac || die |
120 |
+ |
121 |
+ eautoreconf |
122 |
+ |
123 |
+ export CC_FOR_BUILD="$(tc-getBUILD_CC)" |
124 |
+} |
125 |
+ |
126 |
+src_configure() { |
127 |
+ append-flags -fno-strict-aliasing |
128 |
+ |
129 |
+ if [[ ${CHOST} == *-solaris* ]] ; then |
130 |
+ # getpassphrase is defined in /usr/include/stdlib.h |
131 |
+ append-cppflags -DHAVE_GETPASSPHRASE |
132 |
+ else |
133 |
+ # this horrendously breaks things on Solaris |
134 |
+ append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED |
135 |
+ # replaces BSD_SOURCE (bug #579218) |
136 |
+ append-cppflags -D_DEFAULT_SOURCE |
137 |
+ fi |
138 |
+ |
139 |
+ multilib-minimal_src_configure |
140 |
+} |
141 |
+ |
142 |
+multilib_src_configure() { |
143 |
+ # Java support |
144 |
+ multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}" |
145 |
+ |
146 |
+ local myeconfargs=( |
147 |
+ --enable-login |
148 |
+ --enable-ntlm |
149 |
+ --enable-auth-sasldb |
150 |
+ --disable-cmulocal |
151 |
+ --disable-krb4 |
152 |
+ --disable-macos-framework |
153 |
+ --enable-otp |
154 |
+ --without-sqlite |
155 |
+ --with-saslauthd="${EPREFIX}"/run/saslauthd |
156 |
+ --with-pwcheck="${EPREFIX}"/run/saslauthd |
157 |
+ --with-configdir="${EPREFIX}"/etc/sasl2 |
158 |
+ --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sasl2 |
159 |
+ --with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2 |
160 |
+ --with-sphinx-build=no |
161 |
+ $(use_with ssl openssl) |
162 |
+ $(use_with pam) |
163 |
+ $(use_with openldap ldap) |
164 |
+ $(use_enable ldapdb) |
165 |
+ $(multilib_native_use_enable sample) |
166 |
+ $(use_enable kerberos gssapi) |
167 |
+ $(multilib_native_use_enable java) |
168 |
+ $(multilib_native_use_with mysql mysql "${EPREFIX}"/usr) |
169 |
+ $(multilib_native_use_with postgres pgsql "${EPREFIX}"/usr/$(get_libdir)/postgresql) |
170 |
+ $(use_with sqlite sqlite3 "${EPREFIX}"/usr/$(get_libdir)) |
171 |
+ $(use_enable srp) |
172 |
+ $(use_enable static-libs static) |
173 |
+ |
174 |
+ # Add authdaemond support (bug #56523). |
175 |
+ $(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '') |
176 |
+ |
177 |
+ # Fix for bug #59634. |
178 |
+ $(usex ssl '' --without-des) |
179 |
+ |
180 |
+ # Use /dev/urandom instead of /dev/random (bug #46038). |
181 |
+ $(usex urandom --with-devrandom=/dev/urandom '') |
182 |
+ ) |
183 |
+ |
184 |
+ if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then |
185 |
+ myeconfargs+=( --enable-sql ) |
186 |
+ else |
187 |
+ myeconfargs+=( --disable-sql ) |
188 |
+ fi |
189 |
+ |
190 |
+ # Default to GDBM if both 'gdbm' and 'berkdb' are present. |
191 |
+ if use gdbm ; then |
192 |
+ einfo "Building with GNU DB as database backend for your SASLdb" |
193 |
+ myeconfargs+=( --with-dblib=gdbm ) |
194 |
+ elif use berkdb ; then |
195 |
+ einfo "Building with BerkeleyDB as database backend for your SASLdb" |
196 |
+ myeconfargs+=( |
197 |
+ --with-dblib=berkeley |
198 |
+ --with-bdb-incdir="$(db_includedir)" |
199 |
+ ) |
200 |
+ else |
201 |
+ einfo "Building without SASLdb support" |
202 |
+ myeconfargs+=( --with-dblib=none ) |
203 |
+ fi |
204 |
+ |
205 |
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" |
206 |
+} |
207 |
+ |
208 |
+multilib_src_compile() { |
209 |
+ emake |
210 |
+ |
211 |
+ # Default location for java classes breaks OpenOffice (bug #60769). |
212 |
+ # Thanks to axxo@g.o for the solution. |
213 |
+ if multilib_is_native_abi && use java ; then |
214 |
+ jar -cvf ${PN}.jar -C java $(find java -name "*.class") |
215 |
+ fi |
216 |
+} |
217 |
+ |
218 |
+multilib_src_install() { |
219 |
+ default |
220 |
+ |
221 |
+ if multilib_is_native_abi; then |
222 |
+ if use sample ; then |
223 |
+ docinto sample |
224 |
+ dodoc "${S}"/sample/*.c |
225 |
+ exeinto /usr/share/doc/${P}/sample |
226 |
+ doexe sample/client sample/server |
227 |
+ fi |
228 |
+ |
229 |
+ # Default location for java classes breaks OpenOffice (bug #60769). |
230 |
+ if use java; then |
231 |
+ java-pkg_dojar ${PN}.jar |
232 |
+ java-pkg_regso "${ED}/usr/$(get_libdir)/libjavasasl$(get_libname)" |
233 |
+ # hackish, don't wanna dig through makefile |
234 |
+ rm -rf "${ED}/usr/$(get_libdir)/java" || die |
235 |
+ docinto "java" |
236 |
+ dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/* |
237 |
+ insinto "/usr/share/doc/${PF}/java/Test" |
238 |
+ doins "${S}"/java/Test/*.java |
239 |
+ fi |
240 |
+ |
241 |
+ dosbin saslauthd/testsaslauthd |
242 |
+ fi |
243 |
+} |
244 |
+ |
245 |
+multilib_src_install_all() { |
246 |
+ doman man/* |
247 |
+ |
248 |
+ keepdir /etc/sasl2 |
249 |
+ |
250 |
+ # Reset docinto to default value (#674296) |
251 |
+ docinto |
252 |
+ dodoc AUTHORS ChangeLog doc/legacy/TODO |
253 |
+ newdoc pwcheck/README README.pwcheck |
254 |
+ |
255 |
+ newdoc docsrc/sasl/release-notes/$(ver_cut 1-2)/index.rst release-notes |
256 |
+ edos2unix "${ED}/usr/share/doc/${PF}/release-notes" |
257 |
+ |
258 |
+ docinto html |
259 |
+ dodoc doc/html/*.html |
260 |
+ |
261 |
+ if use pam; then |
262 |
+ newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd |
263 |
+ fi |
264 |
+ |
265 |
+ newinitd "${FILESDIR}/pwcheck.rc6" pwcheck |
266 |
+ systemd_dounit "${FILESDIR}/pwcheck.service" |
267 |
+ |
268 |
+ newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd |
269 |
+ newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd |
270 |
+ systemd_dounit "${FILESDIR}/saslauthd.service" |
271 |
+ dotmpfiles "${FILESDIR}/${PN}.conf" |
272 |
+ |
273 |
+ # The get_modname bit is important: do not remove the .la files on |
274 |
+ # platforms where the lib isn't called .so for cyrus searches the .la to |
275 |
+ # figure out what the name is supposed to be instead |
276 |
+ if ! use static-libs && [[ $(get_modname) == .so ]] ; then |
277 |
+ find "${ED}" -name "*.la" -delete || die |
278 |
+ fi |
279 |
+} |
280 |
+ |
281 |
+pkg_postinst() { |
282 |
+ tmpfiles_process ${PN}.conf |
283 |
+ |
284 |
+ # Generate an empty sasldb2 with correct permissions. |
285 |
+ if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then |
286 |
+ einfo "Generating an empty sasldb2 with correct permissions ..." |
287 |
+ echo "p" | "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -p login \ |
288 |
+ || die "Failed to generate sasldb2" |
289 |
+ "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -d login \ |
290 |
+ || die "Failed to delete temp user" |
291 |
+ chown root:mail "${EROOT}/etc/sasl2/sasldb2" \ |
292 |
+ || die "Failed to chown ${EROOT}/etc/sasl2/sasldb2" |
293 |
+ chmod 0640 "${EROOT}/etc/sasl2/sasldb2" \ |
294 |
+ || die "Failed to chmod ${EROOT}/etc/sasl2/sasldb2" |
295 |
+ fi |
296 |
+ |
297 |
+ if use authdaemond ; then |
298 |
+ elog "You need to add a user running a service using Courier's" |
299 |
+ elog "authdaemon to the 'mail' group. For example, do:" |
300 |
+ elog " gpasswd -a postfix mail" |
301 |
+ elog "to add the 'postfix' user to the 'mail' group." |
302 |
+ fi |
303 |
+ |
304 |
+ elog "pwcheck and saslauthd home directories have moved to:" |
305 |
+ elog " /run/saslauthd, using tmpfiles.d" |
306 |
+} |
307 |
|
308 |
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch |
309 |
new file mode 100644 |
310 |
index 00000000000..f1e3ae9850c |
311 |
--- /dev/null |
312 |
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch |
313 |
@@ -0,0 +1,35 @@ |
314 |
+From af48f6fec9a7b6374d4153c5db894d4a1f349645 Mon Sep 17 00:00:00 2001 |
315 |
+Message-Id: <af48f6fec9a7b6374d4153c5db894d4a1f349645.1635327406.git.mkletzan@××××××.com> |
316 |
+From: Jonas Jelten <jj@×××.mx> |
317 |
+Date: Sat, 2 Feb 2019 20:53:37 +0100 |
318 |
+Subject: [PATCH] db_gdbm: fix gdbm_errno overlay from gdbm_close |
319 |
+ |
320 |
+`gdbm_close` also sets gdbm_errno since version 1.17. |
321 |
+This leads to a problem in `libsasl` as the `gdbm_close` incovation overlays |
322 |
+the `gdbm_errno` value which is then later used for the error handling. |
323 |
+ |
324 |
+Signed-off-by: Martin Kletzander <mkletzan@××××××.com> |
325 |
+--- |
326 |
+ sasldb/db_gdbm.c | 4 +++- |
327 |
+ 1 file changed, 3 insertions(+), 1 deletion(-) |
328 |
+ |
329 |
+diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c |
330 |
+index ee56a6bf8516..c908808e04a1 100644 |
331 |
+--- a/sasldb/db_gdbm.c |
332 |
++++ b/sasldb/db_gdbm.c |
333 |
+@@ -107,9 +107,11 @@ int _sasldb_getdata(const sasl_utils_t *utils, |
334 |
+ gkey.dptr = key; |
335 |
+ gkey.dsize = key_len; |
336 |
+ gvalue = gdbm_fetch(db, gkey); |
337 |
++ int fetch_errno = gdbm_errno; |
338 |
++ |
339 |
+ gdbm_close(db); |
340 |
+ if (! gvalue.dptr) { |
341 |
+- if (gdbm_errno == GDBM_ITEM_NOT_FOUND) { |
342 |
++ if (fetch_errno == GDBM_ITEM_NOT_FOUND) { |
343 |
+ utils->seterror(conn, SASL_NOLOG, |
344 |
+ "user: %s@%s property: %s not found in %s", |
345 |
+ authid, realm, propName, path); |
346 |
+-- |
347 |
+2.33.1 |
348 |
+ |