diff options
| author | Hajimu UMEMOTO <ume@FreeBSD.org> | 2018-11-17 18:47:45 +0000 |
|---|---|---|
| committer | Hajimu UMEMOTO <ume@FreeBSD.org> | 2018-11-17 18:47:45 +0000 |
| commit | b39a664d41fcd70524786627b04ac456ec6f9c56 (patch) | |
| tree | 11d67863ed4ca7d8d9518299ae4b622c1390a504 | |
| parent | f58b402544b2aebe4724309a0a191590275c49f8 (diff) | |
| download | ports-b39a664d41fcd70524786627b04ac456ec6f9c56.tar.gz ports-b39a664d41fcd70524786627b04ac456ec6f9c56.zip | |
Notes
34 files changed, 73 insertions, 3178 deletions
diff --git a/security/cyrus-sasl2-gssapi/Makefile b/security/cyrus-sasl2-gssapi/Makefile index 48bd9795a85b..144e5a9afae8 100644 --- a/security/cyrus-sasl2-gssapi/Makefile +++ b/security/cyrus-sasl2-gssapi/Makefile @@ -1,7 +1,6 @@ # $FreeBSD$ PKGNAMESUFFIX= -gssapi -PORTREVISION= 7 COMMENT= SASL GSSAPI authentication plugin diff --git a/security/cyrus-sasl2-gssapi/pkg-descr b/security/cyrus-sasl2-gssapi/pkg-descr index 729dbd44f930..15d38f4cfb34 100644 --- a/security/cyrus-sasl2-gssapi/pkg-descr +++ b/security/cyrus-sasl2-gssapi/pkg-descr @@ -1,3 +1,3 @@ SASL GSSAPI authentication plugin -WWW: http://cyrusimap.web.cmu.edu/ +WWW: https://www.cyrusimap.org/sasl/ diff --git a/security/cyrus-sasl2-ldapdb/Makefile b/security/cyrus-sasl2-ldapdb/Makefile index b44d80c92e09..6268ede9ce1d 100644 --- a/security/cyrus-sasl2-ldapdb/Makefile +++ b/security/cyrus-sasl2-ldapdb/Makefile @@ -1,16 +1,15 @@ # $FreeBSD$ PKGNAMESUFFIX= -ldapdb -PORTREVISION= 5 COMMENT= SASL LDAPDB auxprop plugin +CYRUS_CONFIGURE_ARGS= --enable-ldapdb --with-ldap=${LOCALBASE} + OPTIONS_DEFINE= OPENLDAP_SASL OPENLDAP_SASL_DESC= OpenLDAP client with SASL2 support OPENLDAP_SASL_VARS= WANT_OPENLDAP_SASL=yes -CYRUS_CONFIGURE_ARGS= --enable-ldapdb --with-ldap=${LOCALBASE} - USE_OPENLDAP= yes .if defined(WITH_OPENLDAP_VER) WANT_OPENLDAP_VER= ${WITH_OPENLDAP_VER} diff --git a/security/cyrus-sasl2-ldapdb/pkg-descr b/security/cyrus-sasl2-ldapdb/pkg-descr index 9f9ff4fd4a1d..de06a92f6b05 100644 --- a/security/cyrus-sasl2-ldapdb/pkg-descr +++ b/security/cyrus-sasl2-ldapdb/pkg-descr @@ -1,3 +1,3 @@ SASL LDAPDB auxprop plugin -WWW: http://cyrusimap.web.cmu.edu/ +WWW: https://www.cyrusimap.org/sasl/ diff --git a/security/cyrus-sasl2-saslauthd/Makefile b/security/cyrus-sasl2-saslauthd/Makefile index 0f8a1468ac62..459cd649a084 100644 --- a/security/cyrus-sasl2-saslauthd/Makefile +++ b/security/cyrus-sasl2-saslauthd/Makefile @@ -1,7 +1,6 @@ # $FreeBSD$ PKGNAMESUFFIX= -saslauthd -PORTREVISION= 4 COMMENT= SASL authentication server for cyrus-sasl2 @@ -12,7 +11,7 @@ INSTALL_WRKSRC= ${WRKSRC}/saslauthd USE_RC_SUBR= saslauthd CYRUS_CONFIGURE_ARGS= --with-saslauthd=${SASLAUTHD_RUNPATH} -CONFIGURE_ENV+= andrew_cv_runpath_switch=none +CONFIGURE_ENV+= andrew_cv_runpath_switch=none OPTIONS_DEFINE= DOCS HTTPFORM OPENLDAP OPENLDAP_SASL OPTIONS_RADIO= GSSAPI SASLDB @@ -56,6 +55,6 @@ GSSAPI_MIT_USES= gssapi:mit GSSAPI_MIT_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ --with-gss_impl=mit -DOCS= AUTHORS COPYING ChangeLog INSTALL LDAP_SASLAUTHD NEWS README +DOCS= COPYING ChangeLog LDAP_SASLAUTHD .include "${.CURDIR}/../../security/cyrus-sasl2/Makefile.common" diff --git a/security/cyrus-sasl2-saslauthd/pkg-descr b/security/cyrus-sasl2-saslauthd/pkg-descr index 6ed81176a400..50dc96a91b75 100644 --- a/security/cyrus-sasl2-saslauthd/pkg-descr +++ b/security/cyrus-sasl2-saslauthd/pkg-descr @@ -7,4 +7,4 @@ provide proxy authentication services to clients that do not understand SASL based authentication. -WWW: http://cyrusimap.web.cmu.edu/ +WWW: https://www.cyrusimap.org/sasl/ diff --git a/security/cyrus-sasl2-saslauthd/pkg-plist b/security/cyrus-sasl2-saslauthd/pkg-plist index ab501acef1cf..0eb40ac2a76c 100644 --- a/security/cyrus-sasl2-saslauthd/pkg-plist +++ b/security/cyrus-sasl2-saslauthd/pkg-plist @@ -2,11 +2,4 @@ man/man8/saslauthd.8.gz sbin/saslauthd sbin/saslcache sbin/testsaslauthd -%%PORTDOCS%%%%DOCSDIR%%/saslauthd/AUTHORS -%%PORTDOCS%%%%DOCSDIR%%/saslauthd/COPYING -%%PORTDOCS%%%%DOCSDIR%%/saslauthd/ChangeLog -%%PORTDOCS%%%%DOCSDIR%%/saslauthd/INSTALL -%%PORTDOCS%%%%DOCSDIR%%/saslauthd/LDAP_SASLAUTHD -%%PORTDOCS%%%%DOCSDIR%%/saslauthd/NEWS -%%PORTDOCS%%%%DOCSDIR%%/saslauthd/README %%RUNPATH%%@dir(cyrus,mail,750) /var/run/saslauthd diff --git a/security/cyrus-sasl2-sql/pkg-descr b/security/cyrus-sasl2-sql/pkg-descr index a0a0f928d52e..36aab3d14d85 100644 --- a/security/cyrus-sasl2-sql/pkg-descr +++ b/security/cyrus-sasl2-sql/pkg-descr @@ -1,3 +1,3 @@ SASL SQL database plugin support -WWW: http://cyrusimap.web.cmu.edu/ +WWW: https://www.cyrusimap.org/sasl/ diff --git a/security/cyrus-sasl2-srp/pkg-descr b/security/cyrus-sasl2-srp/pkg-descr index a765614c6ca8..916deddfd79a 100644 --- a/security/cyrus-sasl2-srp/pkg-descr +++ b/security/cyrus-sasl2-srp/pkg-descr @@ -1,3 +1,3 @@ SASL SRP authentication plugin -WWW: http://cyrusimap.web.cmu.edu/ +WWW: https://www.cyrusimap.org/sasl/ diff --git a/security/cyrus-sasl2/Makefile b/security/cyrus-sasl2/Makefile index f71845d2e915..2887b8c218dd 100644 --- a/security/cyrus-sasl2/Makefile +++ b/security/cyrus-sasl2/Makefile @@ -1,6 +1,6 @@ # $FreeBSD$ -PORTREVISION= 14 +#PORTREVISION= 0 COMMENT= RFC 2222 SASL (Simple Authentication and Security Layer) @@ -11,13 +11,13 @@ CYRUS_CONFIGURE_ARGS= --with-saslauthd=${SASLAUTHD_RUNPATH} NO_OPTIONS_SORT= yes OPTIONS_DEFINE= ALWAYSTRUE AUTHDAEMOND DOCS KEEP_DB_OPEN \ - OBSOLETE_CRAM_ATTR + OBSOLETE_CRAM_ATTR OBSOLETE_DIGEST_ATTR OPTIONS_RADIO= SASLDB -OPTIONS_RADIO_SASLDB= BDB1 BDB GDBM +OPTIONS_RADIO_SASLDB= BDB1 BDB GDBM LMDB OPTIONS_GROUP= PLUGIN OPTIONS_GROUP_PLUGIN= ANONYMOUS CRAM DIGEST LOGIN NTLM OTP PLAIN SCRAM OPTIONS_DEFAULT= ANONYMOUS AUTHDAEMOND BDB1 OBSOLETE_CRAM_ATTR CRAM \ - DIGEST LOGIN NTLM OTP PLAIN SCRAM + OBSOLETE_DIGEST_ATTR DIGEST LOGIN NTLM OTP PLAIN SCRAM OPTIONS_SUB= yes ALWAYSTRUE_DESC= Alwaystrue password verifier (discouraged) ALWAYSTRUE_CONFIGURE_ENABLE=alwaystrue @@ -28,6 +28,8 @@ KEEP_DB_OPEN_DESC= Keep handle to Berkeley DB open KEEP_DB_OPEN_CONFIGURE_ENABLE=keep-db-open OBSOLETE_CRAM_ATTR_DESC=cmusaslsecretCRAM-MD5 auxprop property OBSOLETE_CRAM_ATTR_CONFIGURE_OFF=--enable-obsolete_cram_attr=no +OBSOLETE_DIGEST_ATTR_DESC=cmusaslsecretDIGEST-MD5 auxprop property +OBSOLETE_DIGEST_ATTR_CONFIGURE_OFF=--enable-obsolete_digest_attr=no SASLDB_DESC= SASLdb auxprop plugin BDB_USES= bdb BDB_CONFIGURE_ON= --with-dblib=berkeley \ @@ -38,6 +40,11 @@ BDB1_CONFIGURE_ON= --with-dblib=ndbm GDBM_LIB_DEPENDS= libgdbm.so:databases/gdbm GDBM_CONFIGURE_ON= --with-dblib=gdbm \ --with-gdbm=${LOCALBASE} +LMDB_DESC= OpenLDAP Lightning Memory-Mapped Database support +LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb +LMDB_CONFIGURE_ON= --with-dblib=lmdb +LMDB_CFLAGS= -I${LOCALBASE}/include +LMDB_LDFLAGS= -L${LOCALBASE}/lib ANONYMOUS_DESC= ANONYMOUS authentication ANONYMOUS_CONFIGURE_ENABLE= anon CRAM_DESC= CRAM-MD5 authentication @@ -55,20 +62,6 @@ PLAIN_CONFIGURE_ENABLE= plain SCRAM_DESC= SCRAM authentication SCRAM_CONFIGURE_ENABLE= scram -DOCS= AUTHORS COPYING ChangeLog INSTALL INSTALL.TXT NEWS README - -DOC2= ONEWS TODO draft-burdis-cat-srp-sasl-xx.txt \ - draft-ietf-sasl-anon-xx.txt draft-ietf-sasl-crammd5-xx.txt \ - draft-ietf-sasl-gssapi-xx.txt draft-ietf-sasl-plain-xx.txt \ - draft-ietf-sasl-rfc2222bis-xx.txt draft-ietf-sasl-rfc2831bis-xx.txt \ - draft-ietf-sasl-saslprep-xx.txt draft-murchison-sasl-login-xx.txt \ - draft-newman-sasl-c-api-xx.txt rfc1321.txt rfc1939.txt rfc2104.txt \ - rfc2195.txt rfc2222.txt rfc2243.txt rfc2245.txt rfc2289.txt \ - rfc2444.txt rfc2595.txt rfc2831.txt rfc2945.txt rfc3174.txt \ - server-plugin-flow.fig testing.txt - -HTDOCS= advanced appconvert components gssapi index install macosx \ - mechanisms options plugprog programming readme sysadmin upgrading \ - windows +DOCS= AUTHORS COPYING ChangeLog INSTALL INSTALL.TXT README .include "${.CURDIR}/../../security/cyrus-sasl2/Makefile.common" diff --git a/security/cyrus-sasl2/Makefile.common b/security/cyrus-sasl2/Makefile.common index 667fce0e10e6..e961ea13f346 100644 --- a/security/cyrus-sasl2/Makefile.common +++ b/security/cyrus-sasl2/Makefile.common @@ -1,16 +1,17 @@ # $FreeBSD$ PORTNAME= cyrus-sasl -PORTVERSION= 2.1.26 +PORTVERSION= 2.1.27 CATEGORIES= security ipv6 -MASTER_SITES= ftp://ftp.cyrusimap.org/cyrus-sasl/ \ - http://cyrusimap.org/releases/ +MASTER_SITES= https://www.cyrusimap.org/releases/ \ + ftp://ftp.cyrusimap.org/cyrus-sasl/ MAINTAINER= ume@FreeBSD.org LICENSE= BSD4CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING +USES+= gmake USE_LDCONFIG= yes USES+= ssl GNU_CONFIGURE= yes @@ -83,6 +84,8 @@ CONFIGURE_ARGS+=--with-openssl=${OPENSSLBASE} CPPFLAGS+= -fPIC .endif +PORTDOCS= * + .if ${CYRUS_BUILD_TARGET} == "cyrus-sasl" .if ${PORT_OPTIONS:MBDB1} @@ -90,7 +93,7 @@ SASLDB_NAME= sasldb2.db .elif ${PORT_OPTIONS:MBDB} INVALID_BDB_VER=2 SASLDB_NAME= sasldb2 -.elif ${PORT_OPTIONS:MGDBM} +.elif ${PORT_OPTIONS:MGDBM} || ${PORT_OPTIONS:MLMDB} SASLDB_NAME= sasldb2 .else SASLDB= "@comment " @@ -101,32 +104,19 @@ SUB_LIST= CYRUS_USER=${CYRUS_USER} CYRUS_GROUP=${CYRUS_GROUP} \ SASLDB_NAME=${SASLDB_NAME} PLIST_SUB+= PREFIX=${PREFIX} \ - SASLDB=${SASLDB} \ - DOCSDIR=${DOCSDIR:S/^${PREFIX}\///} - -post-patch: -# Try to unbreak parallel (-jX) builds, part 1: make build commands atomic - @${FIND} ${WRKSRC} -name Makefile.in | ${XARGS} ${PERL} -w0pi.bak \ - -e 's/(^\@am__fastdepCC_TRUE\@.*?) \ - \n\@am__fastdepCC_TRUE\@\s+(.*?)$$/$$1 && $$2/mgx' -# Part 2: prevent intermediate *.Tpo output files clash (use unique names) - @${FIND} ${WRKSRC} -name Makefile.in | ${XARGS} ${PERL} -wpi.bak \ - -e 's/\$$\*\.Tpo/$$&.$$./g' + SASLDB=${SASLDB} post-install-DOCS-on: - @${MKDIR} ${STAGEDIR}${DOCSDIR}/html + ${MKDIR} ${STAGEDIR}${DOCSDIR} + cd ${WRKSRC}/doc && ${COPYTREE_SHARE} . ${STAGEDIR}${DOCSDIR} \ + "! ( -path */html/_sources* -o -name .buildinfo \ + -o -name Makefile -o -name Makefile.in \ + -o -name Makefile.in.bak -o -name Makefile.am \ + -o -name NTMakefile -o -name .cvsignore )" .for f in ${DOCS} @${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${DOCSDIR} .endfor -.for f in ${DOC2} - @${INSTALL_DATA} ${WRKSRC}/doc/${f} ${STAGEDIR}${DOCSDIR} -.endfor -.for f in ${HTDOCS} - @${INSTALL_DATA} ${WRKSRC}/doc/${f}.html \ - ${STAGEDIR}${DOCSDIR}/html -.endfor - @${INSTALL_DATA} ${FILESDIR}/Sendmail.README \ - ${STAGEDIR}${DOCSDIR} + @${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${STAGEDIR}${DOCSDIR} .elif ${CYRUS_BUILD_TARGET} == "saslauthd" @@ -145,19 +135,19 @@ RUNPATH= "@comment " .endif PLIST_SUB+= PREFIX=${PREFIX} \ - DOCSDIR=${DOCSDIR:S/^${PREFIX}\///} \ RUNPATH=${RUNPATH} SUB_LIST+= SASLAUTHD_RUNPATH=${SASLAUTHD_RUNPATH} do-build: - cd ${WRKSRC}/include && ${MAKE} -.if ${PORT_OPTIONS:MBDB1} || ${PORT_OPTIONS:MBDB} || ${PORT_OPTIONS:MGDBM} - cd ${WRKSRC}/sasldb && ${MAKE} -.endif - cd ${WRKSRC}/saslauthd && ${MAKE} - cd ${WRKSRC}/saslauthd && ${MAKE} saslcache - cd ${WRKSRC}/saslauthd && ${MAKE} testsaslauthd + cd ${WRKSRC}/include && gmake + cd ${WRKSRC}/common && gmake +#.if ${PORT_OPTIONS:MBDB1} || ${PORT_OPTIONS:MBDB} || ${PORT_OPTIONS:MGDBM} + cd ${WRKSRC}/sasldb && gmake +#.endif + cd ${WRKSRC}/saslauthd && gmake + cd ${WRKSRC}/saslauthd && gmake saslcache + cd ${WRKSRC}/saslauthd && gmake testsaslauthd post-install: @${INSTALL_PROGRAM} ${WRKSRC}/saslauthd/saslcache \ @@ -190,8 +180,10 @@ post-patch: ${WRKSRC}/configure do-build: - cd ${WRKSRC}/include && ${MAKE} - cd ${WRKSRC}/plugins && ${MAKE} + cd ${WRKSRC}/include && gmake + cd ${WRKSRC}/common && gmake + cd ${WRKSRC}/lib && gmake libobj.la + cd ${WRKSRC}/plugins && gmake .endif diff --git a/security/cyrus-sasl2/distinfo b/security/cyrus-sasl2/distinfo index c6406751ecd3..661810dc9df6 100644 --- a/security/cyrus-sasl2/distinfo +++ b/security/cyrus-sasl2/distinfo @@ -1,2 +1,3 @@ -SHA256 (cyrus-sasl-2.1.26.tar.gz) = 8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3 -SIZE (cyrus-sasl-2.1.26.tar.gz) = 5220231 +TIMESTAMP = 1542468728 +SHA256 (cyrus-sasl-2.1.27.tar.gz) = 26866b1549b00ffd020f188a43c258017fa1c382b3ddadd8201536f72efb05d5 +SIZE (cyrus-sasl-2.1.27.tar.gz) = 4111249 diff --git a/security/cyrus-sasl2/files/patch-Makefile.am b/security/cyrus-sasl2/files/patch-Makefile.am deleted file mode 100644 index 8d29adb0ffc2..000000000000 --- a/security/cyrus-sasl2/files/patch-Makefile.am +++ /dev/null @@ -1,14 +0,0 @@ ---- Makefile.am.orig 2012-10-12 14:05:48 UTC -+++ Makefile.am -@@ -76,6 +76,11 @@ EXTRA_DIST=config cmulocal win32 mac dlc - pkgconfigdir = $(libdir)/pkgconfig - pkgconfig_DATA = libsasl2.pc - -+noinst_LTLIBRARIES = libcrypto_compat.la -+ -+libcrypto_compat_la_SOURCES = crypto-compat.c crypto-compat.h -+libcrypto_compat_la_LDFLAGS = -version-info $(crypto_compat_version) -no-undefined -+ - dist-hook: - @find $(distdir) -exec chmod o+w {} ';' - @find $(distdir) -name CVS -print | xargs -t rm -rf diff --git a/security/cyrus-sasl2/files/patch-configure b/security/cyrus-sasl2/files/patch-configure index 581fa4917f3e..befb3bc18e8b 100644 --- a/security/cyrus-sasl2/files/patch-configure +++ b/security/cyrus-sasl2/files/patch-configure @@ -1,41 +1,15 @@ -Index: configure -diff -u configure.orig configure ---- configure.orig 2012-11-07 04:21:37.000000000 +0900 -+++ configure 2014-03-25 18:24:59.021374856 +0900 -@@ -2365,6 +2365,7 @@ - fi - { $as_echo "$as_me:$LINENO: result: yes" >&5 - $as_echo "yes" >&6; } -+program_prefix=NONE - test "$program_prefix" != NONE && - program_transform_name="s&^&$program_prefix&;$program_transform_name" - # Use a double $ so make ignores it. -@@ -6329,6 +6330,7 @@ - cat confdefs.h >>conftest.$ac_ext - cat >>conftest.$ac_ext <<_ACEOF - /* end confdefs.h. */ -+#include <stdio.h> - #include <db.h> - _ACEOF - if { (ac_try="$ac_cpp conftest.$ac_ext" -@@ -7156,6 +7158,7 @@ - cat confdefs.h >>conftest.$ac_ext - cat >>conftest.$ac_ext <<_ACEOF - /* end confdefs.h. */ -+#include <stdio.h> - #include <db.h> - _ACEOF - if { (ac_try="$ac_cpp conftest.$ac_ext" -@@ -8700,6 +8703,8 @@ +--- configure.orig 2017-11-30 21:15:59 UTC ++++ configure +@@ -15415,6 +15415,8 @@ else SASLAUTHD_TRUE='#' SASLAUTHD_FALSE= fi +SASLAUTHD_TRUE='#' +SASLAUTHD_FALSE= - { $as_echo "$as_me:$LINENO: checking if I should include saslauthd" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if I should include saslauthd" >&5 $as_echo_n "checking if I should include saslauthd... " >&6; } -@@ -12552,6 +12557,7 @@ +@@ -17029,6 +17031,7 @@ fi gssapi_dir="${gssapi}/lib" GSSAPIBASE_LIBS="-L$gssapi_dir" GSSAPIBASE_STATIC_LIBS="-L$gssapi_dir" @@ -43,54 +17,21 @@ diff -u configure.orig configure else # FIXME: This is only used for building cyrus, and then only as # a real hack. it needs to be fixed. -@@ -12571,7 +12577,7 @@ +@@ -17048,7 +17051,7 @@ if ${ac_cv_lib_gssapi_gss_unwrap+:} fals $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lgssapi ${GSSAPIBASE_LIBS} -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err ${LIB_SOCKET} $LIBS" +LIBS="${GSSAPIBASE_LIBS} `${gssapi_bindir}krb5-config --libs gssapi` $LIBS" - cat >conftest.$ac_ext <<_ACEOF - /* confdefs.h. */ - _ACEOF -@@ -13047,7 +13053,7 @@ - GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a ${K5SUPSTATIC}" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -17308,7 +17311,7 @@ fi + GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a" elif test "$gss_impl" = "heimdal"; then - CPPFLAGS="$CPPFLAGS -DKRB5_HEIMDAL" + CPPFLAGS="$CPPFLAGS" - GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err" + GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS `${gssapi_bindir}krb5-config --libs gssapi`" GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_STATIC_LIBS $gssapi_dir/libgssapi.a $gssapi_dir/libkrb5.a $gssapi_dir/libasn1.a $gssapi_dir/libroken.a $gssapi_dir/libcom_err.a ${LIB_CRYPT}" elif test "$gss_impl" = "cybersafe03"; then # Version of CyberSafe with two libraries -@@ -14479,7 +14485,7 @@ - $as_echo_n "(cached) " >&6 - else - ac_check_lib_save_LIBS=$LIBS --LIBS="-lpq $LIBS" -+LIBS="-lpq $GSSAPIBASE_LIBS $LIBS" - cat >conftest.$ac_ext <<_ACEOF - /* confdefs.h. */ - _ACEOF -@@ -14591,9 +14597,9 @@ - $as_echo "$as_me: WARNING: SQLite Library not found" >&2;}; true;; - *) - if test -d ${with_sqlite}/lib; then -- LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib" -+ LIB_SQLITE="-L${with_sqlite}/lib $andrew_cv_runpath_switch${with_sqlite}/lib" - else -- LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}" -+ LIB_SQLITE="-L${with_sqlite} $andrew_cv_runpath_switch${with_sqlite}" - fi - - LIB_SQLITE_DIR=$LIB_SQLITE -@@ -14721,9 +14727,9 @@ - $as_echo "$as_me: WARNING: SQLite3 Library not found" >&2;}; true;; - *) - if test -d ${with_sqlite3}/lib; then -- LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib" -+ LIB_SQLITE3="-L${with_sqlite3}/lib $andrew_cv_runpath_switch${with_sqlite3}/lib" - else -- LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}" -+ LIB_SQLITE3="-L${with_sqlite3} $andrew_cv_runpath_switch${with_sqlite3}" - fi - - LIB_SQLITE3_DIR=$LIB_SQLITE3 diff --git a/security/cyrus-sasl2/files/patch-crypto-compat.c b/security/cyrus-sasl2/files/patch-crypto-compat.c deleted file mode 100644 index a522d9b51f01..000000000000 --- a/security/cyrus-sasl2/files/patch-crypto-compat.c +++ /dev/null @@ -1,449 +0,0 @@ ---- crypto-compat.c.orig 2018-02-14 13:10:38 UTC -+++ crypto-compat.c -@@ -0,0 +1,446 @@ -+/* -+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the OpenSSL license (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include "crypto-compat.h" -+ -+#if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L) -+ -+#include <string.h> -+#include <openssl/engine.h> -+ -+static void *OPENSSL_zalloc(size_t num) -+{ -+ void *ret = OPENSSL_malloc(num); -+ -+ if (ret != NULL) -+ memset(ret, 0, num); -+ return ret; -+} -+ -+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) -+{ -+ /* If the fields n and e in r are NULL, the corresponding input -+ * parameters MUST be non-NULL for n and e. d may be -+ * left NULL (in case only the public key is used). -+ */ -+ if ((r->n == NULL && n == NULL) -+ || (r->e == NULL && e == NULL)) -+ return 0; -+ -+ if (n != NULL) { -+ BN_free(r->n); -+ r->n = n; -+ } -+ if (e != NULL) { -+ BN_free(r->e); -+ r->e = e; -+ } -+ if (d != NULL) { -+ BN_free(r->d); -+ r->d = d; -+ } -+ -+ return 1; -+} -+ -+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) -+{ -+ /* If the fields p and q in r are NULL, the corresponding input -+ * parameters MUST be non-NULL. -+ */ -+ if ((r->p == NULL && p == NULL) -+ || (r->q == NULL && q == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_free(r->p); -+ r->p = p; -+ } -+ if (q != NULL) { -+ BN_free(r->q); -+ r->q = q; -+ } -+ -+ return 1; -+} -+ -+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) -+{ -+ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input -+ * parameters MUST be non-NULL. -+ */ -+ if ((r->dmp1 == NULL && dmp1 == NULL) -+ || (r->dmq1 == NULL && dmq1 == NULL) -+ || (r->iqmp == NULL && iqmp == NULL)) -+ return 0; -+ -+ if (dmp1 != NULL) { -+ BN_free(r->dmp1); -+ r->dmp1 = dmp1; -+ } -+ if (dmq1 != NULL) { -+ BN_free(r->dmq1); -+ r->dmq1 = dmq1; -+ } -+ if (iqmp != NULL) { -+ BN_free(r->iqmp); -+ r->iqmp = iqmp; -+ } -+ -+ return 1; -+} -+ -+void RSA_get0_key(const RSA *r, -+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) -+{ -+ if (n != NULL) -+ *n = r->n; -+ if (e != NULL) -+ *e = r->e; -+ if (d != NULL) -+ *d = r->d; -+} -+ -+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) -+{ -+ if (p != NULL) -+ *p = r->p; -+ if (q != NULL) -+ *q = r->q; -+} -+ -+void RSA_get0_crt_params(const RSA *r, -+ const BIGNUM **dmp1, const BIGNUM **dmq1, -+ const BIGNUM **iqmp) -+{ -+ if (dmp1 != NULL) -+ *dmp1 = r->dmp1; -+ if (dmq1 != NULL) -+ *dmq1 = r->dmq1; -+ if (iqmp != NULL) -+ *iqmp = r->iqmp; -+} -+ -+void DSA_get0_pqg(const DSA *d, -+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) -+{ -+ if (p != NULL) -+ *p = d->p; -+ if (q != NULL) -+ *q = d->q; -+ if (g != NULL) -+ *g = d->g; -+} -+ -+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) -+{ -+ /* If the fields p, q and g in d are NULL, the corresponding input -+ * parameters MUST be non-NULL. -+ */ -+ if ((d->p == NULL && p == NULL) -+ || (d->q == NULL && q == NULL) -+ || (d->g == NULL && g == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_free(d->p); -+ d->p = p; -+ } -+ if (q != NULL) { -+ BN_free(d->q); -+ d->q = q; -+ } -+ if (g != NULL) { -+ BN_free(d->g); -+ d->g = g; -+ } -+ -+ return 1; -+} -+ -+void DSA_get0_key(const DSA *d, -+ const BIGNUM **pub_key, const BIGNUM **priv_key) -+{ -+ if (pub_key != NULL) -+ *pub_key = d->pub_key; -+ if (priv_key != NULL) -+ *priv_key = d->priv_key; -+} -+ -+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) -+{ -+ /* If the field pub_key in d is NULL, the corresponding input -+ * parameters MUST be non-NULL. The priv_key field may -+ * be left NULL. -+ */ -+ if (d->pub_key == NULL && pub_key == NULL) -+ return 0; -+ -+ if (pub_key != NULL) { -+ BN_free(d->pub_key); -+ d->pub_key = pub_key; -+ } -+ if (priv_key != NULL) { -+ BN_free(d->priv_key); -+ d->priv_key = priv_key; -+ } -+ -+ return 1; -+} -+ -+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) -+{ -+ if (pr != NULL) -+ *pr = sig->r; -+ if (ps != NULL) -+ *ps = sig->s; -+} -+ -+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) -+{ -+ if (r == NULL || s == NULL) -+ return 0; -+ BN_clear_free(sig->r); -+ BN_clear_free(sig->s); -+ sig->r = r; -+ sig->s = s; -+ return 1; -+} -+ -+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) -+{ -+ if (pr != NULL) -+ *pr = sig->r; -+ if (ps != NULL) -+ *ps = sig->s; -+} -+ -+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) -+{ -+ if (r == NULL || s == NULL) -+ return 0; -+ BN_clear_free(sig->r); -+ BN_clear_free(sig->s); -+ sig->r = r; -+ sig->s = s; -+ return 1; -+} -+ -+void DH_get0_pqg(const DH *dh, -+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) -+{ -+ if (p != NULL) -+ *p = dh->p; -+ if (q != NULL) -+ *q = dh->q; -+ if (g != NULL) -+ *g = dh->g; -+} -+ -+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) -+{ -+ /* If the fields p and g in d are NULL, the corresponding input -+ * parameters MUST be non-NULL. q may remain NULL. -+ */ -+ if ((dh->p == NULL && p == NULL) -+ || (dh->g == NULL && g == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_free(dh->p); -+ dh->p = p; -+ } -+ if (q != NULL) { -+ BN_free(dh->q); -+ dh->q = q; -+ } -+ if (g != NULL) { -+ BN_free(dh->g); -+ dh->g = g; -+ } -+ -+ if (q != NULL) { -+ dh->length = BN_num_bits(q); -+ } -+ -+ return 1; -+} -+ -+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) -+{ -+ if (pub_key != NULL) -+ *pub_key = dh->pub_key; -+ if (priv_key != NULL) -+ *priv_key = dh->priv_key; -+} -+ -+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) -+{ -+ /* If the field pub_key in dh is NULL, the corresponding input -+ * parameters MUST be non-NULL. The priv_key field may -+ * be left NULL. -+ */ -+ if (dh->pub_key == NULL && pub_key == NULL) -+ return 0; -+ -+ if (pub_key != NULL) { -+ BN_free(dh->pub_key); -+ dh->pub_key = pub_key; -+ } -+ if (priv_key != NULL) { -+ BN_free(dh->priv_key); -+ dh->priv_key = priv_key; -+ } -+ -+ return 1; -+} -+ -+int DH_set_length(DH *dh, long length) -+{ -+ dh->length = length; -+ return 1; -+} -+ -+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) -+{ -+ return ctx->iv; -+} -+ -+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) -+{ -+ return ctx->iv; -+} -+ -+EVP_MD_CTX *EVP_MD_CTX_new(void) -+{ -+ return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); -+} -+ -+void EVP_MD_CTX_free(EVP_MD_CTX *ctx) -+{ -+ EVP_MD_CTX_cleanup(ctx); -+ OPENSSL_free(ctx); -+} -+ -+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) -+{ -+ return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX)); -+} -+ -+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) -+{ -+ OPENSSL_free(ctx); -+} -+ -+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth) -+{ -+ RSA_METHOD *ret; -+ -+ ret = OPENSSL_malloc(sizeof(RSA_METHOD)); -+ -+ if (ret != NULL) { -+ memcpy(ret, meth, sizeof(*meth)); -+ ret->name = OPENSSL_strdup(meth->name); -+ if (ret->name == NULL) { -+ OPENSSL_free(ret); -+ return NULL; -+ } -+ } -+ -+ return ret; -+} -+ -+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) -+{ -+ char *tmpname; -+ -+ tmpname = OPENSSL_strdup(name); -+ if (tmpname == NULL) { -+ return 0; -+ } -+ -+ OPENSSL_free((char *)meth->name); -+ meth->name = tmpname; -+ -+ return 1; -+} -+ -+int RSA_meth_set_priv_enc(RSA_METHOD *meth, -+ int (*priv_enc) (int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, -+ int padding)) -+{ -+ meth->rsa_priv_enc = priv_enc; -+ return 1; -+} -+ -+int RSA_meth_set_priv_dec(RSA_METHOD *meth, -+ int (*priv_dec) (int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, -+ int padding)) -+{ -+ meth->rsa_priv_dec = priv_dec; -+ return 1; -+} -+ -+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) -+{ -+ meth->finish = finish; -+ return 1; -+} -+ -+void RSA_meth_free(RSA_METHOD *meth) -+{ -+ if (meth != NULL) { -+ OPENSSL_free((char *)meth->name); -+ OPENSSL_free(meth); -+ } -+} -+ -+int RSA_bits(const RSA *r) -+{ -+ return (BN_num_bits(r->n)); -+} -+ -+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) -+{ -+ if (pkey->type != EVP_PKEY_RSA) { -+ return NULL; -+ } -+ return pkey->pkey.rsa; -+} -+ -+HMAC_CTX *HMAC_CTX_new(void) -+{ -+ HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); -+ if (ctx != NULL) { -+ if (!HMAC_CTX_reset(ctx)) { -+ HMAC_CTX_free(ctx); -+ return NULL; -+ } -+ } -+ return ctx; -+} -+ -+void HMAC_CTX_free(HMAC_CTX *ctx) -+{ -+ if (ctx != NULL) { -+ HMAC_CTX_cleanup(ctx); -+ OPENSSL_free(ctx); -+ } -+} -+ -+int HMAC_CTX_reset(HMAC_CTX *ctx) -+{ -+ HMAC_CTX_init(ctx); -+ return 1; -+} -+ -+ -+#endif /* HAVE_OPENSSL && OPENSSL_VERSION_NUMBER */ diff --git a/security/cyrus-sasl2/files/patch-crypto-compat.h b/security/cyrus-sasl2/files/patch-crypto-compat.h deleted file mode 100644 index 71236be6a4e2..000000000000 --- a/security/cyrus-sasl2/files/patch-crypto-compat.h +++ /dev/null @@ -1,76 +0,0 @@ ---- crypto-compat.h.orig 2018-02-14 13:10:38 UTC -+++ crypto-compat.h -@@ -0,0 +1,73 @@ -+#ifndef LIBCRYPTO_COMPAT_H -+#define LIBCRYPTO_COMPAT_H -+ -+#include <config.h> -+ -+#ifdef HAVE_OPENSSL -+ -+#include <openssl/opensslv.h> -+ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ -+#include <openssl/rsa.h> -+#include <openssl/dsa.h> -+#include <openssl/ecdsa.h> -+#include <openssl/dh.h> -+#include <openssl/evp.h> -+#include <openssl/hmac.h> -+ -+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); -+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); -+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); -+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); -+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); -+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp); -+ -+void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); -+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); -+void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key); -+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); -+ -+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); -+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); -+ -+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); -+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); -+ -+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); -+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); -+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); -+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); -+int DH_set_length(DH *dh, long length); -+ -+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); -+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); -+EVP_MD_CTX *EVP_MD_CTX_new(void); -+void EVP_MD_CTX_free(EVP_MD_CTX *ctx); -+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); -+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); -+#define EVP_CIPHER_impl_ctx_size(e) e->ctx_size -+#define EVP_CIPHER_CTX_get_cipher_data(ctx) ctx->cipher_data -+ -+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); -+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); -+#define RSA_meth_get_finish(meth) meth->finish -+int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); -+int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); -+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)); -+void RSA_meth_free(RSA_METHOD *meth); -+ -+int RSA_bits(const RSA *r); -+ -+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); -+ -+HMAC_CTX *HMAC_CTX_new(void); -+void HMAC_CTX_free(HMAC_CTX *ctx); -+int HMAC_CTX_reset(HMAC_CTX *ctx); -+ -+ -+#endif /* OPENSSL_VERSION_NUMBER */ -+ -+#endif /* HAVE_OPENSSL */ -+ -+#endif /* LIBCRYPTO_COMPAT_H */ diff --git a/security/cyrus-sasl2/files/patch-include__sasl.h b/security/cyrus-sasl2/files/patch-include__sasl.h deleted file mode 100644 index 8647ba06a5c2..000000000000 --- a/security/cyrus-sasl2/files/patch-include__sasl.h +++ /dev/null @@ -1,23 +0,0 @@ -From 67a188693796a14e3a76ac603104807fbbfddfc4 Mon Sep 17 00:00:00 2001 -From: Ken Murchison <murch@andrew.cmu.edu> -Date: Thu, 20 Dec 2012 23:14:50 +0000 -Subject: sasl.h: #include <stddef.h> for size_t on NetBSD - ---- -(limited to 'include/sasl.h') - -diff --git a/include/sasl.h b/include/sasl.h -index fef4d51..8b8a63f 100755 ---- include/sasl.h -+++ include/sasl.h -@@ -121,6 +121,8 @@ - #ifndef SASL_H - #define SASL_H 1 - -+#include <stddef.h> /* For size_t */ -+ - /* Keep in sync with win32/common.mak */ - #define SASL_VERSION_MAJOR 2 - #define SASL_VERSION_MINOR 1 --- -cgit v0.9.0.2 diff --git a/security/cyrus-sasl2/files/patch-lib_Makefile.am b/security/cyrus-sasl2/files/patch-lib_Makefile.am deleted file mode 100644 index 8c58ba16044d..000000000000 --- a/security/cyrus-sasl2/files/patch-lib_Makefile.am +++ /dev/null @@ -1,13 +0,0 @@ ---- lib/Makefile.am.orig 2012-10-12 14:05:48 UTC -+++ lib/Makefile.am -@@ -65,8 +65,8 @@ lib_LTLIBRARIES = libsasl2.la - - libsasl2_la_SOURCES = $(common_sources) $(common_headers) - libsasl2_la_LDFLAGS = -version-info $(sasl_version) --libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) --libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) -+libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) $(CRYPTO_COMPAT_OBJS) -+libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(CRYPTO_COMPAT_OBJS) - - if MACOSX - framedir = /Library/Frameworks/SASL2.framework diff --git a/security/cyrus-sasl2/files/patch-libsasl2.pc.in b/security/cyrus-sasl2/files/patch-libsasl2.pc.in deleted file mode 100644 index e03da73a3191..000000000000 --- a/security/cyrus-sasl2/files/patch-libsasl2.pc.in +++ /dev/null @@ -1,17 +0,0 @@ -Index: libsasl2.pc.in -diff -u libsasl2.pc.in.orig libsasl2.pc.in ---- libsasl2.pc.in.orig 2012-10-12 23:05:48.000000000 +0900 -+++ libsasl2.pc.in 2014-03-22 02:41:33.668062061 +0900 -@@ -1,8 +1,12 @@ -+prefix = @prefix@ -+exec_prefix = @exec_prefix@ -+includedir = @includedir@ - libdir = @libdir@ - - Name: Cyrus SASL - Description: Cyrus SASL implementation - URL: http://www.cyrussasl.org/ - Version: @VERSION@ -+Cflags: -I${includedir} - Libs: -L${libdir} -lsasl2 - Libs.private: @LIB_DOOR@ @SASL_DL_LIB@ @LIBS@ diff --git a/security/cyrus-sasl2/files/patch-plugins_Makefile.am b/security/cyrus-sasl2/files/patch-plugins_Makefile.am deleted file mode 100644 index 3dd2607dacc7..000000000000 --- a/security/cyrus-sasl2/files/patch-plugins_Makefile.am +++ /dev/null @@ -1,37 +0,0 @@ ---- plugins/Makefile.am.orig 2012-10-12 14:05:48 UTC -+++ plugins/Makefile.am -@@ -53,6 +53,7 @@ INCLUDES=-I$(top_srcdir)/include -I$(top - AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version) - - COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@ -+CRYPTO_COMPAT_OBJS = $(top_builddir)/common/libcrypto_compat.la - - EXTRA_DIST = makeinit.sh NTMakefile - noinst_SCRIPTS = makeinit.sh -@@ -106,20 +107,20 @@ liblogin_la_DEPENDENCIES = $(COMPAT_OBJS - liblogin_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS) - - libsrp_la_SOURCES = srp.c srp_init.c $(common_sources) --libsrp_la_DEPENDENCIES = $(COMPAT_OBJS) --libsrp_la_LIBADD = $(SRP_LIBS) $(COMPAT_OBJS) -+libsrp_la_DEPENDENCIES = $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS) -+libsrp_la_LIBADD = $(SRP_LIBS) $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS) - - libotp_la_SOURCES = otp.c otp_init.c otp.h $(common_sources) - libotp_la_DEPENDENCIES = $(COMPAT_OBJS) - libotp_la_LIBADD = $(OTP_LIBS) $(COMPAT_OBJS) - - libntlm_la_SOURCES = ntlm.c ntlm_init.c $(common_sources) --libntlm_la_DEPENDENCIES = $(COMPAT_OBJS) --libntlm_la_LIBADD = $(NTLM_LIBS) $(COMPAT_OBJS) -+libntlm_la_DEPENDENCIES = $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS) -+libntlm_la_LIBADD = $(NTLM_LIBS) $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS) - - libpassdss_la_SOURCES = passdss.c passdss_init.c $(common_sources) --libpassdss_la_DEPENDENCIES = $(COMPAT_OBJS) --libpassdss_la_LIBADD = $(PASSDSS_LIBS) $(COMPAT_OBJS) -+libpassdss_la_DEPENDENCIES = $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS) -+libpassdss_la_LIBADD = $(PASSDSS_LIBS) $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS) - - # Auxprop Plugins - libsasldb_la_SOURCES = sasldb.c sasldb_init.c $(common_sources) diff --git a/security/cyrus-sasl2/files/patch-plugins__ldapdb.c b/security/cyrus-sasl2/files/patch-plugins__ldapdb.c deleted file mode 100644 index 23a7df8b3a57..000000000000 --- a/security/cyrus-sasl2/files/patch-plugins__ldapdb.c +++ /dev/null @@ -1,13 +0,0 @@ -Index: plugins/ldapdb.c -diff -u -p plugins/ldapdb.c.orig plugins/ldapdb.c ---- plugins/ldapdb.c.orig 2011-05-12 04:25:55.000000000 +0900 -+++ plugins/ldapdb.c 2011-09-24 17:25:23.465329876 +0900 -@@ -251,6 +251,8 @@ static int ldapdb_auxprop_lookup(void *g - - #if defined(LDAP_PROXY_AUTHZ_FAILURE) - case LDAP_PROXY_AUTHZ_FAILURE: -+#else -+ case LDAP_X_PROXY_AUTHZ_FAILURE: - #endif - case LDAP_INAPPROPRIATE_AUTH: - case LDAP_INVALID_CREDENTIALS: diff --git a/security/cyrus-sasl2/files/patch-plugins_gssapi.c b/security/cyrus-sasl2/files/patch-plugins_gssapi.c index 62998ce8d985..73bb550c7d6b 100644 --- a/security/cyrus-sasl2/files/patch-plugins_gssapi.c +++ b/security/cyrus-sasl2/files/patch-plugins_gssapi.c @@ -1,11 +1,11 @@ ---- plugins/gssapi.c.orig +--- plugins/gssapi.c.orig 2016-01-30 14:06:08 UTC +++ plugins/gssapi.c -@@ -1490,8 +1490,10 @@ +@@ -1531,8 +1531,10 @@ static int gssapi_client_mech_step(void *clientout = NULL; *clientoutlen = 0; +#if 0 - params->utils->log(NULL, SASL_LOG_DEBUG, + params->utils->log(params->utils->conn, SASL_LOG_DEBUG, "GSSAPI client step %d", text->state); +#endif diff --git a/security/cyrus-sasl2/files/patch-plugins_ntlm.c b/security/cyrus-sasl2/files/patch-plugins_ntlm.c deleted file mode 100644 index e28fed1c2034..000000000000 --- a/security/cyrus-sasl2/files/patch-plugins_ntlm.c +++ /dev/null @@ -1,76 +0,0 @@ ---- plugins/ntlm.c.orig 2018-02-14 13:10:38 UTC -+++ plugins/ntlm.c -@@ -420,6 +420,29 @@ static unsigned char *P24(unsigned char - return P24; - } - -+static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils) -+{ -+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()"); -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ return HMAC_CTX_new(); -+#else -+ return utils->malloc(sizeof(EVP_MD_CTX)); -+#endif -+} -+ -+static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils) -+{ -+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()"); -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ HMAC_CTX_free(ctx); -+#else -+ HMAC_cleanup(ctx); -+ utils->free(ctx); -+#endif -+} -+ - static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, - const char *authid, const char *target, - const unsigned char *challenge, -@@ -427,7 +450,7 @@ static unsigned char *V2(unsigned char * - const sasl_utils_t *utils, - char **buf, unsigned *buflen, int *result) - { -- HMAC_CTX ctx; -+ HMAC_CTX *ctx = NULL; - unsigned char hash[EVP_MAX_MD_SIZE]; - char *upper; - unsigned int len; -@@ -438,6 +461,10 @@ static unsigned char *V2(unsigned char * - SETERROR(utils, "cannot allocate NTLMv2 hash"); - *result = SASL_NOMEM; - } -+ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) { -+ SETERROR(utils, "cannot allocate HMAC CTX"); -+ *result = SASL_NOMEM; -+ } - else { - /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */ - P16_nt(hash, passwd, utils, buf, buflen, result); -@@ -453,17 +480,18 @@ static unsigned char *V2(unsigned char * - (unsigned char *) *buf, 2 * len, hash, &len); - - /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */ -- HMAC_Init(&ctx, hash, len, EVP_md5()); -- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH); -- HMAC_Update(&ctx, blob, bloblen); -- HMAC_Final(&ctx, V2, &len); -- HMAC_cleanup(&ctx); -+ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL); -+ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH); -+ HMAC_Update(ctx, blob, bloblen); -+ HMAC_Final(ctx, V2, &len); - - /* the blob is concatenated outside of this function */ - - *result = SASL_OK; - } - -+ if (ctx) _plug_HMAC_CTX_free(ctx, utils); -+ - return V2; - } - diff --git a/security/cyrus-sasl2/files/patch-plugins_otp.c b/security/cyrus-sasl2/files/patch-plugins_otp.c deleted file mode 100644 index fe7b7db7f8a4..000000000000 --- a/security/cyrus-sasl2/files/patch-plugins_otp.c +++ /dev/null @@ -1,235 +0,0 @@ ---- plugins/otp.c.orig 2018-02-14 13:16:37 UTC -+++ plugins/otp.c -@@ -98,6 +98,28 @@ static algorithm_option_t algorithm_opti - {NULL, 0, NULL} - }; - -+static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils) -+{ -+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()"); -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ return EVP_MD_CTX_new(); -+#else -+ return utils->malloc(sizeof(EVP_MD_CTX)); -+#endif -+} -+ -+static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils) -+{ -+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()"); -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ EVP_MD_CTX_free(ctx); -+#else -+ utils->free(ctx); -+#endif -+} -+ - /* Convert the binary data into ASCII hex */ - void bin2hex(unsigned char *bin, int binlen, char *hex) - { -@@ -118,17 +140,16 @@ void bin2hex(unsigned char *bin, int bin - * swabbing bytes if necessary. - */ - static void otp_hash(const EVP_MD *md, char *in, size_t inlen, -- unsigned char *out, int swab) -+ unsigned char *out, int swab, EVP_MD_CTX *mdctx) - { -- EVP_MD_CTX mdctx; - char hash[EVP_MAX_MD_SIZE]; - unsigned int i; - int j; - unsigned hashlen; - -- EVP_DigestInit(&mdctx, md); -- EVP_DigestUpdate(&mdctx, in, inlen); -- EVP_DigestFinal(&mdctx, hash, &hashlen); -+ EVP_DigestInit(mdctx, md); -+ EVP_DigestUpdate(mdctx, in, inlen); -+ EVP_DigestFinal(mdctx, hash, &hashlen); - - /* Fold the result into 64 bits */ - for (i = OTP_HASH_SIZE; i < hashlen; i++) { -@@ -151,31 +172,42 @@ static int generate_otp(const sasl_utils - char *secret, char *otp) - { - const EVP_MD *md; -- char *key; -+ EVP_MD_CTX *mdctx = NULL; -+ char *key = NULL; -+ int r = SASL_OK; - - if (!(md = EVP_get_digestbyname(alg->evp_name))) { - utils->seterror(utils->conn, 0, - "OTP algorithm %s is not available", alg->evp_name); - return SASL_FAIL; - } -- -+ -+ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { -+ SETERROR(utils, "cannot allocate MD CTX"); -+ r = SASL_NOMEM; -+ goto done; -+ } -+ - if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) { - SETERROR(utils, "cannot allocate OTP key"); -- return SASL_NOMEM; -+ r = SASL_NOMEM; -+ goto done; - } - - /* initial step */ - strcpy(key, seed); - strcat(key, secret); -- otp_hash(md, key, strlen(key), otp, alg->swab); -+ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx); - - /* computation step */ - while (seq-- > 0) -- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab); -- -- utils->free(key); -+ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx); -+ -+ done: -+ if (key) utils->free(key); -+ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); - -- return SASL_OK; -+ return r; - } - - static int parse_challenge(const sasl_utils_t *utils, -@@ -695,7 +727,8 @@ static int strptrcasecmp(const void *arg - - /* Convert the 6 words into binary data */ - static int word2bin(const sasl_utils_t *utils, -- char *words, unsigned char *bin, const EVP_MD *md) -+ char *words, unsigned char *bin, const EVP_MD *md, -+ EVP_MD_CTX *mdctx) - { - int i, j; - char *c, *word, buf[OTP_RESPONSE_MAX+1]; -@@ -754,13 +787,12 @@ static int word2bin(const sasl_utils_t * - - /* alternate dictionary */ - if (alt_dict) { -- EVP_MD_CTX mdctx; - char hash[EVP_MAX_MD_SIZE]; - int hashlen; - -- EVP_DigestInit(&mdctx, md); -- EVP_DigestUpdate(&mdctx, word, strlen(word)); -- EVP_DigestFinal(&mdctx, hash, &hashlen); -+ EVP_DigestInit(mdctx, md); -+ EVP_DigestUpdate(mdctx, word, strlen(word)); -+ EVP_DigestFinal(mdctx, hash, &hashlen); - - /* use lowest 11 bits */ - x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1]; -@@ -804,6 +836,7 @@ static int verify_response(server_contex - char *response) - { - const EVP_MD *md; -+ EVP_MD_CTX *mdctx = NULL; - char *c; - int do_init = 0; - unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE]; -@@ -817,6 +850,11 @@ static int verify_response(server_contex - return SASL_FAIL; - } - -+ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { -+ SETERROR(utils, "cannot allocate MD CTX"); -+ return SASL_NOMEM; -+ } -+ - /* eat leading whitespace */ - c = response; - while (isspace((int) *c)) c++; -@@ -826,7 +864,7 @@ static int verify_response(server_contex - r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE); - } - else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) { -- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md); -+ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx); - } - else if (!strncasecmp(c, OTP_INIT_HEX_TYPE, - strlen(OTP_INIT_HEX_TYPE))) { -@@ -836,7 +874,7 @@ static int verify_response(server_contex - else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, - strlen(OTP_INIT_WORD_TYPE))) { - do_init = 1; -- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md); -+ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx); - } - else { - SETERROR(utils, "unknown OTP extended response type"); -@@ -852,7 +890,8 @@ static int verify_response(server_contex - - if (r == SASL_OK) { - /* do one more hash (previous otp) and compare to stored otp */ -- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab); -+ otp_hash(md, cur_otp, OTP_HASH_SIZE, -+ prev_otp, text->alg->swab, mdctx); - - if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) { - /* update the secret with this seq/otp */ -@@ -881,23 +920,28 @@ static int verify_response(server_contex - *new_resp++ = '\0'; - } - -- if (!(new_chal && new_resp)) -- return SASL_BADAUTH; -+ if (!(new_chal && new_resp)) { -+ r = SASL_BADAUTH; -+ goto done; -+ } - - if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1)) - != SASL_OK) { -- return r; -+ goto done; - } - -- if (seq < 1 || !strcasecmp(seed, text->seed)) -- return SASL_BADAUTH; -+ if (seq < 1 || !strcasecmp(seed, text->seed)) { -+ r = SASL_BADAUTH; -+ goto done; -+ } - - /* find the MDA */ - if (!(md = EVP_get_digestbyname(alg->evp_name))) { - utils->seterror(utils->conn, 0, - "OTP algorithm %s is not available", - alg->evp_name); -- return SASL_BADAUTH; -+ r = SASL_BADAUTH; -+ goto done; - } - - if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) { -@@ -905,7 +949,7 @@ static int verify_response(server_contex - } - else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, - strlen(OTP_INIT_WORD_TYPE))) { -- r = word2bin(utils, new_resp, new_otp, md); -+ r = word2bin(utils, new_resp, new_otp, md, mdctx); - } - - if (r == SASL_OK) { -@@ -916,7 +960,10 @@ static int verify_response(server_contex - memcpy(text->otp, new_otp, OTP_HASH_SIZE); - } - } -- -+ -+ done: -+ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); -+ - return r; - } - diff --git a/security/cyrus-sasl2/files/patch-plugins_passdss.c b/security/cyrus-sasl2/files/patch-plugins_passdss.c deleted file mode 100644 index 89c4c44b35ea..000000000000 --- a/security/cyrus-sasl2/files/patch-plugins_passdss.c +++ /dev/null @@ -1,721 +0,0 @@ ---- plugins/passdss.c.orig 2012-01-27 23:31:36 UTC -+++ plugins/passdss.c -@@ -71,6 +71,9 @@ - #include <openssl/sha.h> - #include <openssl/dsa.h> - -+/* for legacy libcrypto support */ -+#include "crypto-compat.h" -+ - #include <sasl.h> - #define MD5_H /* suppress internal MD5 */ - #include <saslplug.h> -@@ -110,23 +113,23 @@ typedef struct context { - const sasl_utils_t *utils; - - /* per-step mem management */ -- char *out_buf; -+ unsigned char *out_buf; - unsigned out_buf_len; - - /* security layer foo */ - unsigned char secmask; /* bitmask of enabled security layers */ - unsigned char padding[EVP_MAX_BLOCK_LENGTH]; /* block of NULs */ - -- HMAC_CTX hmac_send_ctx; -- HMAC_CTX hmac_recv_ctx; -+ HMAC_CTX *hmac_send_ctx; -+ HMAC_CTX *hmac_recv_ctx; - - unsigned char send_integrity_key[4 + EVP_MAX_MD_SIZE]; /* +4 for pktnum */ - unsigned char recv_integrity_key[4 + EVP_MAX_MD_SIZE]; /* +4 for pktnum */ - unsigned char *cs_integrity_key; /* ptr to bare key in send/recv key */ - unsigned char *sc_integrity_key; /* ptr to bare key in send/recv key */ - -- EVP_CIPHER_CTX cipher_enc_ctx; -- EVP_CIPHER_CTX cipher_dec_ctx; -+ EVP_CIPHER_CTX *cipher_enc_ctx; -+ EVP_CIPHER_CTX *cipher_dec_ctx; - unsigned blk_siz; - - unsigned char cs_encryption_iv[EVP_MAX_MD_SIZE]; -@@ -139,7 +142,7 @@ typedef struct context { - uint32_t pktnum_in; - - /* for encoding/decoding mem management */ -- char *encode_buf, *decode_buf, *decode_pkt_buf; -+ unsigned char *encode_buf, *decode_buf, *decode_pkt_buf; - unsigned encode_buf_len, decode_buf_len, decode_pkt_buf_len; - - /* layers buffering */ -@@ -171,7 +174,7 @@ static int passdss_encode(void *context, - inputlen += invec[i].iov_len; - - /* allocate a buffer for the output */ -- ret = _plug_buf_alloc(text->utils, &text->encode_buf, -+ ret = _plug_buf_alloc(text->utils, (char **) &text->encode_buf, - &text->encode_buf_len, - 4 + /* length */ - inputlen + /* content */ -@@ -186,19 +189,19 @@ static int passdss_encode(void *context, - memcpy(text->send_integrity_key, &tmpnum, 4); - - /* key the HMAC */ -- HMAC_Init_ex(&text->hmac_send_ctx, text->send_integrity_key, -+ HMAC_Init_ex(text->hmac_send_ctx, text->send_integrity_key, - 4+SHA_DIGEST_LENGTH, EVP_sha1(), NULL); - - /* operate on each iovec */ - for (i = 0; i < numiov; i++) { - /* hash the content */ -- HMAC_Update(&text->hmac_send_ctx, invec[i].iov_base, invec[i].iov_len); -+ HMAC_Update(text->hmac_send_ctx, invec[i].iov_base, invec[i].iov_len); - - if (text->secmask & PRIVACY_LAYER_FLAG) { -- unsigned enclen; -+ int enclen; - - /* encrypt the data into the output buffer */ -- EVP_EncryptUpdate(&text->cipher_enc_ctx, -+ EVP_EncryptUpdate(text->cipher_enc_ctx, - text->encode_buf + *outputlen, &enclen, - invec[i].iov_base, invec[i].iov_len); - *outputlen += enclen; -@@ -212,14 +215,14 @@ static int passdss_encode(void *context, - } - - /* calculate the HMAC */ -- HMAC_Final(&text->hmac_send_ctx, hmac, &hmaclen); -+ HMAC_Final(text->hmac_send_ctx, hmac, &hmaclen); - - if (text->secmask & PRIVACY_LAYER_FLAG) { -- unsigned enclen; -+ int enclen; - unsigned char padlen; - - /* encrypt the HMAC into the output buffer */ -- EVP_EncryptUpdate(&text->cipher_enc_ctx, -+ EVP_EncryptUpdate(text->cipher_enc_ctx, - text->encode_buf + *outputlen, &enclen, - hmac, hmaclen); - *outputlen += enclen; -@@ -227,17 +230,17 @@ static int passdss_encode(void *context, - /* pad output buffer to multiple of blk_siz - with padlen-1 as last octet */ - padlen = text->blk_siz - ((inputlen + hmaclen) % text->blk_siz) - 1; -- EVP_EncryptUpdate(&text->cipher_enc_ctx, -+ EVP_EncryptUpdate(text->cipher_enc_ctx, - text->encode_buf + *outputlen, &enclen, - text->padding, padlen); - *outputlen += enclen; -- EVP_EncryptUpdate(&text->cipher_enc_ctx, -+ EVP_EncryptUpdate(text->cipher_enc_ctx, - text->encode_buf + *outputlen, &enclen, - &padlen, 1); - *outputlen += enclen; - - /* encrypt the last block of data into the output buffer */ -- EVP_EncryptFinal_ex(&text->cipher_enc_ctx, -+ EVP_EncryptFinal_ex(text->cipher_enc_ctx, - text->encode_buf + *outputlen, &enclen); - *outputlen += enclen; - } -@@ -252,7 +255,7 @@ static int passdss_encode(void *context, - tmpnum = htonl(tmpnum); - memcpy(text->encode_buf, &tmpnum, 4); - -- *output = text->encode_buf; -+ *output = (char *) text->encode_buf; - - return SASL_OK; - } -@@ -271,25 +274,25 @@ static int passdss_decode_packet(void *c - int ret; - - if (text->secmask & PRIVACY_LAYER_FLAG) { -- unsigned declen, padlen; -+ int declen, padlen; - - /* allocate a buffer for the output */ -- ret = _plug_buf_alloc(text->utils, &(text->decode_pkt_buf), -+ ret = _plug_buf_alloc(text->utils, (char **) &(text->decode_pkt_buf), - &(text->decode_pkt_buf_len), inputlen); - if (ret != SASL_OK) return ret; - - /* decrypt the data into the output buffer */ -- ret = EVP_DecryptUpdate(&text->cipher_dec_ctx, -+ ret = EVP_DecryptUpdate(text->cipher_dec_ctx, - text->decode_pkt_buf, &declen, -- (char *) input, inputlen); -+ (unsigned char *) input, inputlen); - if (ret) -- EVP_DecryptFinal_ex(&text->cipher_dec_ctx, /* should be no output */ -+ EVP_DecryptFinal_ex(text->cipher_dec_ctx, /* should be no output */ - text->decode_pkt_buf + declen, &declen); - if (!ret) { - SETERROR(text->utils, "Error decrypting input"); - return SASL_BADPROT; - } -- input = text->decode_pkt_buf; -+ input = (char *) text->decode_pkt_buf; - - /* trim padding */ - padlen = text->decode_pkt_buf[inputlen - 1] + 1; -@@ -305,7 +308,7 @@ static int passdss_decode_packet(void *c - - /* calculate the HMAC */ - HMAC(EVP_sha1(), text->recv_integrity_key, 4+SHA_DIGEST_LENGTH, -- input, inputlen, hmac, &hmaclen); -+ (unsigned char *) input, inputlen, hmac, &hmaclen); - - /* verify HMAC */ - if (memcmp(hmac, input+inputlen, hmaclen)) { -@@ -326,12 +329,12 @@ static int passdss_decode(void *context, - { - context_t *text = (context_t *) context; - int ret; -- -+ - ret = _plug_decode(&text->decode_context, input, inputlen, -- &text->decode_buf, &text->decode_buf_len, outputlen, -- passdss_decode_packet, text); -+ (char **) &text->decode_buf, &text->decode_buf_len, -+ outputlen, passdss_decode_packet, text); - -- *output = text->decode_buf; -+ *output = (const char *) text->decode_buf; - - return ret; - } -@@ -342,7 +345,8 @@ static int passdss_decode(void *context, - /* - * Create/append to a PASSDSS buffer from the data specified by the fmt string. - */ --static int MakeBuffer(const sasl_utils_t *utils, char **buf, unsigned offset, -+static int MakeBuffer(const sasl_utils_t *utils, -+ unsigned char **buf, unsigned offset, - unsigned *buflen, unsigned *outlen, const char *fmt, ...) - { - va_list ap; -@@ -425,10 +429,10 @@ static int MakeBuffer(const sasl_utils_t - } - va_end(ap); - -- r = _plug_buf_alloc(utils, buf, buflen, alloclen); -+ r = _plug_buf_alloc(utils, (char **) buf, buflen, alloclen); - if (r != SASL_OK) return r; - -- out = *buf + offset; -+ out = (char *) *buf + offset; - - /* second pass to fill buffer */ - va_start(ap, fmt); -@@ -463,7 +467,7 @@ static int MakeBuffer(const sasl_utils_t - case 'm': - /* MPI */ - mpi = va_arg(ap, BIGNUM *); -- len = BN_bn2bin(mpi, out+4); -+ len = BN_bn2bin(mpi, (unsigned char *) out+4); - nl = htonl(len); - memcpy(out, &nl, 4); /* add 4 byte len (network order) */ - out += len + 4; -@@ -515,7 +519,7 @@ static int MakeBuffer(const sasl_utils_t - done: - va_end(ap); - -- *outlen = out - *buf; -+ *outlen = out - (char *) *buf; - - return r; - } -@@ -600,8 +604,8 @@ static int UnBuffer(const sasl_utils_t * - - if (mpi) { - if (!*mpi) *mpi = BN_new(); -- BN_init(*mpi); -- BN_bin2bn(buf, len, *mpi); -+ BN_clear(*mpi); -+ BN_bin2bn((unsigned char *) buf, len, *mpi); - } - break; - -@@ -716,16 +720,16 @@ static int UnBuffer(const sasl_utils_t * - } - - #define DOHASH(out, in1, len1, in2, len2, in3, len3) \ -- EVP_DigestInit(&mdctx, EVP_sha1()); \ -- EVP_DigestUpdate(&mdctx, in1, len1); \ -- EVP_DigestUpdate(&mdctx, in2, len2); \ -- EVP_DigestUpdate(&mdctx, in3, len3); \ -- EVP_DigestFinal(&mdctx, out, NULL) -+ EVP_DigestInit(mdctx, EVP_sha1()); \ -+ EVP_DigestUpdate(mdctx, in1, len1); \ -+ EVP_DigestUpdate(mdctx, in2, len2); \ -+ EVP_DigestUpdate(mdctx, in3, len3); \ -+ EVP_DigestFinal(mdctx, out, NULL) - --void CalcLayerParams(context_t *text, char *K, unsigned Klen, -- char *hash, unsigned hashlen) -+void CalcLayerParams(context_t *text, unsigned char *K, unsigned Klen, -+ unsigned char *hash, unsigned hashlen) - { -- EVP_MD_CTX mdctx; -+ EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); - - DOHASH(text->cs_encryption_iv, K, Klen, "A", 1, hash, hashlen); - DOHASH(text->sc_encryption_iv, K, Klen, "B", 1, hash, hashlen); -@@ -737,6 +741,8 @@ void CalcLayerParams(context_t *text, ch - text->sc_encryption_key, hashlen); - DOHASH(text->cs_integrity_key, K, Klen, "E", 1, hash, hashlen); - DOHASH(text->sc_integrity_key, K, Klen, "F", 1, hash, hashlen); -+ -+ EVP_MD_CTX_free(mdctx); - } - - /* -@@ -755,11 +761,11 @@ static void passdss_common_mech_dispose( - - if (text->dh) DH_free(text->dh); - -- HMAC_CTX_cleanup(&text->hmac_send_ctx); -- HMAC_CTX_cleanup(&text->hmac_recv_ctx); -+ HMAC_CTX_free(text->hmac_send_ctx); -+ HMAC_CTX_free(text->hmac_recv_ctx); - -- EVP_CIPHER_CTX_cleanup(&text->cipher_enc_ctx); -- EVP_CIPHER_CTX_cleanup(&text->cipher_dec_ctx); -+ EVP_CIPHER_CTX_free(text->cipher_enc_ctx); -+ EVP_CIPHER_CTX_free(text->cipher_dec_ctx); - - _plug_decode_free(&text->decode_context); - -@@ -809,15 +815,17 @@ passdss_server_mech_step1(context_t *tex - unsigned *serveroutlen, - sasl_out_params_t *oparams __attribute__((unused))) - { -- BIGNUM *X = NULL; -+ BIGNUM *X = NULL, *dh_p = NULL, *dh_g = NULL; - DSA *dsa = NULL; -+ const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key, *dh_pub_key; - unsigned char *K = NULL; - unsigned Klen, hashlen; - int need, musthave; -- EVP_MD_CTX mdctx; -+ EVP_MD_CTX *mdctx; - unsigned char hash[EVP_MAX_MD_SIZE]; - DSA_SIG *sig = NULL; -- int result; -+ const BIGNUM *sig_r, *sig_s; -+ int r = 0, result; - - /* Expect: - * -@@ -835,8 +843,18 @@ passdss_server_mech_step1(context_t *tex - } - - /* Fetch DSA (XXX create one for now) */ -- dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL); -+ dsa = DSA_new(); - if (!dsa) { -+ params->utils->log(NULL, -+ SASL_LOG_ERR, "Error creating DSA\n"); -+ result = SASL_FAIL; -+ goto cleanup; -+ } -+ -+ r = DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL); -+ if (!r) { -+ params->utils->log(NULL, -+ SASL_LOG_ERR, "Error generating DSA parameters\n"); - result = SASL_FAIL; - goto cleanup; - } -@@ -844,8 +862,9 @@ passdss_server_mech_step1(context_t *tex - - /* Create Diffie-Hellman parameters */ - text->dh = DH_new(); -- BN_hex2bn(&text->dh->p, N); -- BN_hex2bn(&text->dh->g, g); -+ BN_hex2bn(&dh_p, N); -+ BN_hex2bn(&dh_g, g); -+ DH_set0_pqg(text->dh, dh_p, NULL, dh_g); - DH_generate_key(text->dh); - - /* Alloc space for shared secret K as mpint */ -@@ -897,10 +916,13 @@ passdss_server_mech_step1(context_t *tex - */ - - /* Items (4) - (7) */ -+ DSA_get0_pqg(dsa, &dsa_p, &dsa_q, &dsa_g); -+ DSA_get0_key(dsa, &dsa_pub_key, NULL); -+ DH_get0_key(text->dh, &dh_pub_key, NULL); - result = MakeBuffer(text->utils, &text->out_buf, 0, &text->out_buf_len, - serveroutlen, "%5a%s%m%m%m%m%m%1o%3u", -- "ssh-dss", dsa->p, dsa->q, dsa->g, dsa->pub_key, -- text->dh->pub_key, &text->secmask, -+ "ssh-dss", dsa_p, dsa_q, dsa_g, dsa_pub_key, -+ dh_pub_key, &text->secmask, - (params->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF : - params->props.maxbufsize); - if (result) { -@@ -909,26 +931,29 @@ passdss_server_mech_step1(context_t *tex - } - - /* Hash (1) - (7) and K */ -- EVP_DigestInit(&mdctx, EVP_sha1()); -+ mdctx = EVP_MD_CTX_new(); -+ EVP_DigestInit(mdctx, EVP_sha1()); - /* (1) - (3) */ -- EVP_DigestUpdate(&mdctx, clientin, clientinlen); -+ EVP_DigestUpdate(mdctx, clientin, clientinlen); - /* (4) - (7) */ -- EVP_DigestUpdate(&mdctx, text->out_buf, *serveroutlen); -+ EVP_DigestUpdate(mdctx, text->out_buf, *serveroutlen); - /* K */ -- EVP_DigestUpdate(&mdctx, K, Klen); -- EVP_DigestFinal(&mdctx, hash, &hashlen); -+ EVP_DigestUpdate(mdctx, K, Klen); -+ EVP_DigestFinal(mdctx, hash, &hashlen); -+ EVP_MD_CTX_free(mdctx); - - /* Calculate security layer params */ - CalcLayerParams(text, K, Klen, hash, hashlen); - - /* Start cli-hmac */ -- HMAC_CTX_init(&text->hmac_recv_ctx); -- HMAC_Init_ex(&text->hmac_recv_ctx, text->cs_integrity_key, -+ text->hmac_recv_ctx = HMAC_CTX_new(); -+ HMAC_CTX_reset(text->hmac_recv_ctx); -+ HMAC_Init_ex(text->hmac_recv_ctx, text->cs_integrity_key, - SHA_DIGEST_LENGTH, EVP_sha1(), NULL); - /* (1) - (3) */ -- HMAC_Update(&text->hmac_recv_ctx, clientin, clientinlen); -+ HMAC_Update(text->hmac_recv_ctx, (unsigned char *) clientin, clientinlen); - /* (4) - (7) */ -- HMAC_Update(&text->hmac_recv_ctx, text->out_buf, *serveroutlen); -+ HMAC_Update(text->hmac_recv_ctx, text->out_buf, *serveroutlen); - - /* Sign the hash */ - sig = DSA_do_sign(hash, hashlen, dsa); -@@ -940,14 +965,15 @@ passdss_server_mech_step1(context_t *tex - } - - /* Item (8) */ -+ DSA_SIG_get0(sig, &sig_r, &sig_s); - result = MakeBuffer(text->utils, &text->out_buf, *serveroutlen, - &text->out_buf_len, serveroutlen, -- "%3a%s%m%m", "ssh-dss", sig->r, sig->s); -+ "%3a%s%m%m", "ssh-dss", sig_r, sig_s); - if (result) { - params->utils->log(NULL, SASL_LOG_ERR, "Error making output buffer\n"); - goto cleanup; - } -- *serverout = text->out_buf; -+ *serverout = (char *) text->out_buf; - - text->state = 2; - result = SASL_CONTINUE; -@@ -971,10 +997,10 @@ passdss_server_mech_step2(context_t *tex - sasl_out_params_t *oparams) - { - char *password = NULL; -- unsigned declen, hmaclen; -+ unsigned hmaclen; - unsigned char *csecmask, *cli_hmac, hmac[EVP_MAX_MD_SIZE]; - uint32_t cbufsiz; -- int r, result = SASL_OK; -+ int declen, r, result = SASL_OK; - - /* Expect (3DES encrypted): - * -@@ -985,7 +1011,7 @@ passdss_server_mech_step2(context_t *tex - */ - - /* Alloc space for the decrypted input */ -- result = _plug_buf_alloc(text->utils, &text->decode_pkt_buf, -+ result = _plug_buf_alloc(text->utils, (char **) &text->decode_pkt_buf, - &text->decode_pkt_buf_len, clientinlen); - if (result) { - params->utils->log(NULL, SASL_LOG_ERR, -@@ -994,25 +1020,28 @@ passdss_server_mech_step2(context_t *tex - } - - /* Initialize decrypt cipher */ -- EVP_CIPHER_CTX_init(&text->cipher_dec_ctx); -- EVP_DecryptInit_ex(&text->cipher_dec_ctx, EVP_des_ede3_cbc(), NULL, -+ text->cipher_dec_ctx = EVP_CIPHER_CTX_new(); -+ EVP_CIPHER_CTX_init(text->cipher_dec_ctx); -+ EVP_DecryptInit_ex(text->cipher_dec_ctx, EVP_des_ede3_cbc(), NULL, - text->cs_encryption_key, text->cs_encryption_iv); -- EVP_CIPHER_CTX_set_padding(&text->cipher_dec_ctx, 0); -- text->blk_siz = EVP_CIPHER_CTX_block_size(&text->cipher_dec_ctx); -+ EVP_CIPHER_CTX_set_padding(text->cipher_dec_ctx, 0); -+ text->blk_siz = EVP_CIPHER_CTX_block_size(text->cipher_dec_ctx); - - /* Decrypt the blob */ -- r = EVP_DecryptUpdate(&text->cipher_dec_ctx, text->decode_pkt_buf, &declen, -- clientin, clientinlen); -+ r = EVP_DecryptUpdate(text->cipher_dec_ctx, -+ text->decode_pkt_buf, &declen, -+ (unsigned char *) clientin, clientinlen); - if (r) -- r = EVP_DecryptFinal_ex(&text->cipher_dec_ctx, /* should be no output */ -- text->decode_pkt_buf + declen, &declen); -+ r = EVP_DecryptFinal_ex(text->cipher_dec_ctx, /* should be no output */ -+ text->decode_pkt_buf + declen, -+ &declen); - if (!r) { - params->utils->seterror(params->utils->conn, 0, - "Error decrypting input in step 2"); - result = SASL_BADPROT; - goto cleanup; - } -- clientin = text->decode_pkt_buf; -+ clientin = (char *) text->decode_pkt_buf; - - result = UnBuffer(params->utils, clientin, clientinlen, - "%-1o%3u%s%-*o%*p", &csecmask, &cbufsiz, &password, -@@ -1026,8 +1055,8 @@ passdss_server_mech_step2(context_t *tex - /* Finish cli-hmac */ - /* (1) - (7) hashed in step 1 */ - /* 1st 4 bytes of (9) */ -- HMAC_Update(&text->hmac_recv_ctx, clientin, 4); -- HMAC_Final(&text->hmac_recv_ctx, hmac, &hmaclen); -+ HMAC_Update(text->hmac_recv_ctx, (unsigned char *) clientin, 4); -+ HMAC_Final(text->hmac_recv_ctx, hmac, &hmaclen); - - /* Verify cli-hmac */ - if (memcmp(cli_hmac, hmac, hmaclen)) { -@@ -1089,16 +1118,18 @@ passdss_server_mech_step2(context_t *tex - oparams->decode = &passdss_decode; - oparams->maxoutbuf = cbufsiz - 4 - SHA_DIGEST_LENGTH; /* -len -HMAC */ - -- HMAC_CTX_init(&text->hmac_send_ctx); -+ text->hmac_send_ctx = HMAC_CTX_new(); -+ HMAC_CTX_reset(text->hmac_send_ctx); - - if (oparams->mech_ssf > 1) { - oparams->maxoutbuf -= text->blk_siz-1; /* padding */ - - /* Initialize encrypt cipher */ -- EVP_CIPHER_CTX_init(&text->cipher_enc_ctx); -- EVP_EncryptInit_ex(&text->cipher_enc_ctx, EVP_des_ede3_cbc(), NULL, -+ text->cipher_enc_ctx = EVP_CIPHER_CTX_new(); -+ EVP_CIPHER_CTX_init(text->cipher_enc_ctx); -+ EVP_EncryptInit_ex(text->cipher_enc_ctx, EVP_des_ede3_cbc(), NULL, - text->sc_encryption_key, text->sc_encryption_iv); -- EVP_CIPHER_CTX_set_padding(&text->cipher_enc_ctx, 0); -+ EVP_CIPHER_CTX_set_padding(text->cipher_enc_ctx, 0); - } - - _plug_decode_init(&text->decode_context, text->utils, -@@ -1247,6 +1278,8 @@ passdss_client_mech_step1(context_t *tex - int auth_result = SASL_OK; - int pass_result = SASL_OK; - int result; -+ BIGNUM *dh_p = NULL, *dh_g = NULL; -+ const BIGNUM *dh_pub_key; - - /* Expect: absolutely nothing */ - if (serverinlen > 0) { -@@ -1334,8 +1367,9 @@ passdss_client_mech_step1(context_t *tex - - /* create Diffie-Hellman parameters */ - text->dh = DH_new(); -- BN_hex2bn(&text->dh->p, N); -- BN_hex2bn(&text->dh->g, g); -+ BN_hex2bn(&dh_p, N); -+ BN_hex2bn(&dh_g, g); -+ DH_set0_pqg(text->dh, dh_p, NULL, dh_g); - DH_generate_key(text->dh); - - -@@ -1346,15 +1380,16 @@ passdss_client_mech_step1(context_t *tex - * (3) mpint X ; Diffie-Hellman parameter X - */ - -+ DH_get0_key(text->dh, &dh_pub_key, NULL); - result = MakeBuffer(text->utils, &text->out_buf, 0, &text->out_buf_len, - clientoutlen, "%s%s%m", - (user && *user) ? (char *) oparams->user : "", -- (char *) oparams->authid, text->dh->pub_key); -+ (char *) oparams->authid, dh_pub_key); - if (result) { - params->utils->log(NULL, SASL_LOG_ERR, "Error making output buffer\n"); - goto cleanup; - } -- *clientout = text->out_buf; -+ *clientout = (char *) text->out_buf; - - text->state = 2; - result = SASL_CONTINUE; -@@ -1376,15 +1411,16 @@ passdss_client_mech_step2(context_t *tex - { - DSA *dsa = DSA_new(); - DSA_SIG *sig = DSA_SIG_new(); -- BIGNUM *Y = NULL; -+ BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL, *dsa_pub_key = NULL; -+ BIGNUM *Y = NULL, *sig_r = NULL, *sig_s = NULL; - uint32_t siglen; - unsigned char *K = NULL; -- unsigned Klen, hashlen, enclen; -+ unsigned Klen, hashlen; - unsigned char *ssecmask; - uint32_t sbufsiz; -- EVP_MD_CTX mdctx; -+ EVP_MD_CTX *mdctx; - unsigned char hash[EVP_MAX_MD_SIZE]; -- int need, musthave; -+ int enclen, need, musthave; - int result, r; - - /* Expect: -@@ -1406,14 +1442,18 @@ passdss_client_mech_step2(context_t *tex - - result = UnBuffer(params->utils, serverin, serverinlen, - "%u%3p\7ssh-dss%m%m%m%m%m%-1o%3u%u%3p\7ssh-dss%m%m", -- NULL, &dsa->p, &dsa->q, &dsa->g, &dsa->pub_key, -- &Y, &ssecmask, &sbufsiz, &siglen, &sig->r, &sig->s); -+ NULL, &dsa_p, &dsa_q, &dsa_g, &dsa_pub_key, -+ &Y, &ssecmask, &sbufsiz, &siglen, &sig_r, &sig_s); - if (result) { - params->utils->seterror(params->utils->conn, 0, - "Error UnBuffering input in step 2"); - goto cleanup; - } - -+ DSA_set0_pqg(dsa, dsa_p, dsa_q, dsa_g); -+ DSA_set0_key(dsa, dsa_pub_key, NULL); -+ DSA_SIG_set0(sig, sig_r, sig_s); -+ - /* XXX Validate server DSA public key */ - - /* Alloc space for shared secret K as mpint */ -@@ -1432,14 +1472,16 @@ passdss_client_mech_step2(context_t *tex - Klen += 4; - - /* Hash (1) - (7) and K */ -- EVP_DigestInit(&mdctx, EVP_sha1()); -+ mdctx = EVP_MD_CTX_new(); -+ EVP_DigestInit(mdctx, EVP_sha1()); - /* (1) - (3) (output from step 1 still in buffer) */ -- EVP_DigestUpdate(&mdctx, text->out_buf, text->out_buf_len); -+ EVP_DigestUpdate(mdctx, text->out_buf, text->out_buf_len); - /* (4) - (7) */ -- EVP_DigestUpdate(&mdctx, serverin, serverinlen - siglen - 4); -+ EVP_DigestUpdate(mdctx, serverin, serverinlen - siglen - 4); - /* K */ -- EVP_DigestUpdate(&mdctx, K, Klen); -- EVP_DigestFinal(&mdctx, hash, &hashlen); -+ EVP_DigestUpdate(mdctx, K, Klen); -+ EVP_DigestFinal(mdctx, hash, &hashlen); -+ EVP_MD_CTX_free(mdctx); - - /* Verify signature on the hash */ - result = DSA_do_verify(hash, hashlen, sig, dsa); -@@ -1455,11 +1497,12 @@ passdss_client_mech_step2(context_t *tex - CalcLayerParams(text, K, Klen, hash, hashlen); - - /* Initialize encrypt cipher */ -- EVP_CIPHER_CTX_init(&text->cipher_enc_ctx); -- EVP_EncryptInit_ex(&text->cipher_enc_ctx, EVP_des_ede3_cbc(), NULL, -+ text->cipher_enc_ctx = EVP_CIPHER_CTX_new(); -+ EVP_CIPHER_CTX_init(text->cipher_enc_ctx); -+ EVP_EncryptInit_ex(text->cipher_enc_ctx, EVP_des_ede3_cbc(), NULL, - text->cs_encryption_key, text->cs_encryption_iv); -- EVP_CIPHER_CTX_set_padding(&text->cipher_enc_ctx, 0); -- text->blk_siz = EVP_CIPHER_CTX_block_size(&text->cipher_enc_ctx); -+ EVP_CIPHER_CTX_set_padding(text->cipher_enc_ctx, 0); -+ text->blk_siz = EVP_CIPHER_CTX_block_size(text->cipher_enc_ctx); - - /* pick a layer */ - if (params->props.maxbufsize < 32) { -@@ -1490,13 +1533,15 @@ passdss_client_mech_step2(context_t *tex - } - - /* Start cli-hmac */ -- HMAC_CTX_init(&text->hmac_send_ctx); -- HMAC_Init_ex(&text->hmac_send_ctx, text->cs_integrity_key, -+ text->hmac_send_ctx = HMAC_CTX_new(); -+ HMAC_CTX_reset(text->hmac_send_ctx); -+ HMAC_Init_ex(text->hmac_send_ctx, text->cs_integrity_key, - SHA_DIGEST_LENGTH, EVP_sha1(), NULL); - /* (1) - (3) (output from step 1 still in buffer) */ -- HMAC_Update(&text->hmac_send_ctx, text->out_buf, text->out_buf_len); -+ HMAC_Update(text->hmac_send_ctx, text->out_buf, text->out_buf_len); - /* (4) - (7) */ -- HMAC_Update(&text->hmac_send_ctx, serverin, serverinlen - siglen - 4); -+ HMAC_Update(text->hmac_send_ctx, -+ (unsigned char *) serverin, serverinlen - siglen - 4); - - - /* Send out (3DES encrypted): -@@ -1520,8 +1565,8 @@ passdss_client_mech_step2(context_t *tex - - /* Finish cli-hmac */ - /* 1st 4 bytes of (9) */ -- HMAC_Update(&text->hmac_send_ctx, text->out_buf, 4); -- HMAC_Final(&text->hmac_send_ctx, hash, &hashlen); -+ HMAC_Update(text->hmac_send_ctx, text->out_buf, 4); -+ HMAC_Final(text->hmac_send_ctx, hash, &hashlen); - - /* Add HMAC and pad to fill no more than current block */ - result = MakeBuffer(text->utils, &text->out_buf, *clientoutlen, -@@ -1533,7 +1578,7 @@ passdss_client_mech_step2(context_t *tex - } - - /* Alloc space for the encrypted output */ -- result = _plug_buf_alloc(text->utils, &text->encode_buf, -+ result = _plug_buf_alloc(text->utils, (char **) &text->encode_buf, - &text->encode_buf_len, *clientoutlen); - if (result) { - params->utils->log(NULL, SASL_LOG_ERR, -@@ -1542,19 +1587,20 @@ passdss_client_mech_step2(context_t *tex - } - - /* Encrypt (9) (here we calculate the exact number of full blocks) */ -- r = EVP_EncryptUpdate(&text->cipher_enc_ctx, text->encode_buf, -- clientoutlen, text->out_buf, -+ r = EVP_EncryptUpdate(text->cipher_enc_ctx, -+ text->encode_buf, (int *) clientoutlen, text->out_buf, - text->blk_siz * (*clientoutlen / text->blk_siz)); - if (r) -- r = EVP_EncryptFinal_ex(&text->cipher_enc_ctx, /* should be no output */ -- text->encode_buf + *clientoutlen, &enclen); -+ r = EVP_EncryptFinal_ex(text->cipher_enc_ctx, /* should be no output */ -+ text->encode_buf + *clientoutlen, -+ &enclen); - if (!r) { - params->utils->seterror(params->utils->conn, 0, - "Error encrypting output in step 2"); - result = SASL_FAIL; - goto cleanup; - } -- *clientout = text->encode_buf; -+ *clientout = (char *) text->encode_buf; - - /* Set oparams */ - oparams->doneflag = 1; -@@ -1565,16 +1611,18 @@ passdss_client_mech_step2(context_t *tex - oparams->decode = &passdss_decode; - oparams->maxoutbuf = sbufsiz - 4 - SHA_DIGEST_LENGTH; /* -len -HMAC */ - -- HMAC_CTX_init(&text->hmac_recv_ctx); -+ text->hmac_recv_ctx = HMAC_CTX_new(); -+ HMAC_CTX_reset(text->hmac_recv_ctx); - - if (oparams->mech_ssf > 1) { - oparams->maxoutbuf -= text->blk_siz-1; /* padding */ - - /* Initialize decrypt cipher */ -- EVP_CIPHER_CTX_init(&text->cipher_dec_ctx); -- EVP_DecryptInit_ex(&text->cipher_dec_ctx, EVP_des_ede3_cbc(), NULL, -+ text->cipher_dec_ctx = EVP_CIPHER_CTX_new(); -+ EVP_CIPHER_CTX_init(text->cipher_dec_ctx); -+ EVP_DecryptInit_ex(text->cipher_dec_ctx, EVP_des_ede3_cbc(), NULL, - text->sc_encryption_key, text->sc_encryption_iv); -- EVP_CIPHER_CTX_set_padding(&text->cipher_dec_ctx, 0); -+ EVP_CIPHER_CTX_set_padding(text->cipher_dec_ctx, 0); - } - - _plug_decode_init(&text->decode_context, text->utils, diff --git a/security/cyrus-sasl2/files/patch-plugins_srp.c b/security/cyrus-sasl2/files/patch-plugins_srp.c deleted file mode 100644 index 90327ee52af4..000000000000 --- a/security/cyrus-sasl2/files/patch-plugins_srp.c +++ /dev/null @@ -1,1044 +0,0 @@ ---- plugins/srp.c.orig 2012-10-12 14:05:48 UTC -+++ plugins/srp.c -@@ -89,6 +89,9 @@ typedef unsigned short uint32; - #include <openssl/hmac.h> - #include <openssl/md5.h> - -+/* for legacy libcrypto support */ -+#include "crypto-compat.h" -+ - #include <sasl.h> - #define MD5_H /* suppress internal MD5 */ - #include <saslplug.h> -@@ -216,22 +219,22 @@ typedef struct srp_options_s { - typedef struct context { - int state; - -- BIGNUM N; /* safe prime modulus */ -- BIGNUM g; /* generator */ -+ BIGNUM *N; /* safe prime modulus */ -+ BIGNUM *g; /* generator */ - -- BIGNUM v; /* password verifier */ -+ BIGNUM *v; /* password verifier */ - -- BIGNUM b; /* server private key */ -- BIGNUM B; /* server public key */ -+ BIGNUM *b; /* server private key */ -+ BIGNUM *B; /* server public key */ - -- BIGNUM a; /* client private key */ -- BIGNUM A; /* client public key */ -+ BIGNUM *a; /* client private key */ -+ BIGNUM *A; /* client public key */ - -- char K[EVP_MAX_MD_SIZE]; /* shared context key */ -- int Klen; -+ unsigned char K[EVP_MAX_MD_SIZE]; /* shared context key */ -+ unsigned int Klen; - -- char M1[EVP_MAX_MD_SIZE]; /* client evidence */ -- int M1len; -+ unsigned char M1[EVP_MAX_MD_SIZE]; /* client evidence */ -+ unsigned int M1len; - - char *authid; /* authentication id (server) */ - char *userid; /* authorization id (server) */ -@@ -242,7 +245,7 @@ typedef struct context { - char *server_options; - - srp_options_t client_opts; /* cache between client steps */ -- char cIV[SRP_MAXBLOCKSIZE]; /* cache between client steps */ -+ unsigned char cIV[SRP_MAXBLOCKSIZE]; /* cache between client steps */ - - char *salt; /* password salt */ - int saltlen; -@@ -259,12 +262,12 @@ typedef struct context { - /* Layer foo */ - unsigned layer; /* bitmask of enabled layers */ - const EVP_MD *hmac_md; /* HMAC for integrity */ -- HMAC_CTX hmac_send_ctx; -- HMAC_CTX hmac_recv_ctx; -+ HMAC_CTX *hmac_send_ctx; -+ HMAC_CTX *hmac_recv_ctx; - - const EVP_CIPHER *cipher; /* cipher for confidentiality */ -- EVP_CIPHER_CTX cipher_enc_ctx; -- EVP_CIPHER_CTX cipher_dec_ctx; -+ EVP_CIPHER_CTX *cipher_enc_ctx; -+ EVP_CIPHER_CTX *cipher_dec_ctx; - - /* replay detection sequence numbers */ - int seqnum_out; -@@ -317,12 +320,12 @@ static int srp_encode(void *context, - inputlen = invec[i].iov_len; - - if (text->layer & BIT_CONFIDENTIALITY) { -- unsigned enclen; -+ int enclen; - - /* encrypt the data into the output buffer */ -- EVP_EncryptUpdate(&text->cipher_enc_ctx, -- text->encode_buf + *outputlen, &enclen, -- input, inputlen); -+ EVP_EncryptUpdate(text->cipher_enc_ctx, -+ (unsigned char *) text->encode_buf + *outputlen, -+ &enclen, (unsigned char *) input, inputlen); - *outputlen += enclen; - - /* switch the input to the encrypted data */ -@@ -337,11 +340,12 @@ static int srp_encode(void *context, - } - - if (text->layer & BIT_CONFIDENTIALITY) { -- unsigned enclen; -+ int enclen; - - /* encrypt the last block of data into the output buffer */ -- EVP_EncryptFinal(&text->cipher_enc_ctx, -- text->encode_buf + *outputlen, &enclen); -+ EVP_EncryptFinal(text->cipher_enc_ctx, -+ (unsigned char *) text->encode_buf + *outputlen, -+ &enclen); - *outputlen += enclen; - } - -@@ -349,18 +353,20 @@ static int srp_encode(void *context, - unsigned hashlen; - - /* hash the content */ -- HMAC_Update(&text->hmac_send_ctx, text->encode_buf+4, *outputlen-4); -+ HMAC_Update(text->hmac_send_ctx, -+ (unsigned char *) text->encode_buf+4, *outputlen-4); - - if (text->layer & BIT_REPLAY_DETECTION) { - /* hash the sequence number */ - tmpnum = htonl(text->seqnum_out); -- HMAC_Update(&text->hmac_send_ctx, (char *) &tmpnum, 4); -+ HMAC_Update(text->hmac_send_ctx, (unsigned char *) &tmpnum, 4); - - text->seqnum_out++; - } - - /* append the HMAC into the output buffer */ -- HMAC_Final(&text->hmac_send_ctx, text->encode_buf + *outputlen, -+ HMAC_Final(text->hmac_send_ctx, -+ (unsigned char *) text->encode_buf + *outputlen, - &hashlen); - *outputlen += hashlen; - } -@@ -387,8 +393,8 @@ static int srp_decode_packet(void *conte - - if (text->layer & BIT_INTEGRITY) { - const char *hash; -- char myhash[EVP_MAX_MD_SIZE]; -- unsigned hashlen, myhashlen, i; -+ unsigned char myhash[EVP_MAX_MD_SIZE]; -+ unsigned hashlen; - unsigned long tmpnum; - - hashlen = EVP_MD_size(text->hmac_md); -@@ -405,25 +411,23 @@ static int srp_decode_packet(void *conte - hash = input + inputlen; - - /* create our own hash from the input */ -- HMAC_Update(&text->hmac_recv_ctx, input, inputlen); -+ HMAC_Update(text->hmac_recv_ctx, (unsigned char *) input, inputlen); - - if (text->layer & BIT_REPLAY_DETECTION) { - /* hash the sequence number */ - tmpnum = htonl(text->seqnum_in); -- HMAC_Update(&text->hmac_recv_ctx, (char *) &tmpnum, 4); -+ HMAC_Update(text->hmac_recv_ctx, (unsigned char *) &tmpnum, 4); - - text->seqnum_in++; - } - -- HMAC_Final(&text->hmac_recv_ctx, myhash, &myhashlen); -+ HMAC_Final(text->hmac_recv_ctx, myhash, &hashlen); - - /* compare hashes */ -- for (i = 0; i < hashlen; i++) { -- if ((myhashlen != hashlen) || (myhash[i] != hash[i])) { -- SETERROR(text->utils, "Hash is incorrect\n"); -- return SASL_BADMAC; -- } -- } -+ if (memcmp(hash, myhash, hashlen)) { -+ SETERROR(text->utils, "Hash is incorrect\n"); -+ return SASL_BADMAC; -+ } - } - - ret = _plug_buf_alloc(text->utils, &(text->decode_pkt_buf), -@@ -432,16 +436,17 @@ static int srp_decode_packet(void *conte - if (ret != SASL_OK) return ret; - - if (text->layer & BIT_CONFIDENTIALITY) { -- unsigned declen; -+ int declen; - - /* decrypt the data into the output buffer */ -- EVP_DecryptUpdate(&text->cipher_dec_ctx, -- text->decode_pkt_buf, &declen, -- (char *) input, inputlen); -+ EVP_DecryptUpdate(text->cipher_dec_ctx, -+ (unsigned char *) text->decode_pkt_buf, &declen, -+ (unsigned char *) input, inputlen); - *outputlen = declen; - -- EVP_DecryptFinal(&text->cipher_dec_ctx, -- text->decode_pkt_buf + declen, &declen); -+ EVP_DecryptFinal(text->cipher_dec_ctx, -+ (unsigned char *) text->decode_pkt_buf + declen, -+ &declen); - *outputlen += declen; - } else { - /* copy the raw input to the output */ -@@ -474,7 +479,8 @@ static int srp_decode(void *context, - /* - * Convert a big integer to it's byte representation - */ --static int BigIntToBytes(BIGNUM *num, char *out, int maxoutlen, int *outlen) -+static int BigIntToBytes(BIGNUM *num, unsigned char *out, int maxoutlen, -+ unsigned int *outlen) - { - int len; - -@@ -504,12 +510,12 @@ static int BigIntCmpWord(BIGNUM *a, BN_U - /* - * Generate a random big integer. - */ --static void GetRandBigInt(BIGNUM *out) -+static void GetRandBigInt(BIGNUM **out) - { -- BN_init(out); -+ *out = BN_new(); - - /* xxx likely should use sasl random funcs */ -- BN_rand(out, SRP_MAXBLOCKSIZE*8, 0, 0); -+ BN_rand(*out, SRP_MAXBLOCKSIZE*8, 0, 0); - } - - #define MAX_BUFFER_LEN 2147483643 -@@ -624,7 +630,8 @@ static int MakeBuffer(const sasl_utils_t - case 'm': - /* MPI */ - mpi = va_arg(ap, BIGNUM *); -- r = BigIntToBytes(mpi, out+2, BN_num_bytes(mpi), &len); -+ r = BigIntToBytes(mpi, (unsigned char *) out+2, -+ BN_num_bytes(mpi), (unsigned *) &len); - if (r) goto done; - ns = htons(len); - memcpy(out, &ns, 2); /* add 2 byte len (network order) */ -@@ -695,7 +702,7 @@ static int UnBuffer(const sasl_utils_t * - va_list ap; - char *p; - int r = SASL_OK, noalloc; -- BIGNUM *mpi; -+ BIGNUM **mpi; - char **os, **str; - uint32 *u; - unsigned short ns; -@@ -757,9 +764,12 @@ static int UnBuffer(const sasl_utils_t * - goto done; - } - -- mpi = va_arg(ap, BIGNUM *); -- BN_init(mpi); -- BN_bin2bn(buf, len, mpi); -+ mpi = va_arg(ap, BIGNUM **); -+ if (mpi) { -+ if (!*mpi) *mpi = BN_new(); -+ else BN_clear(*mpi); -+ BN_bin2bn((unsigned char *) buf, len, *mpi); -+ } - break; - - case 'o': -@@ -883,16 +893,17 @@ static int UnBuffer(const sasl_utils_t * - /* - * Apply the hash function to the data specifed by the fmt string. - */ --static int MakeHash(const EVP_MD *md, unsigned char hash[], int *hashlen, -+static int MakeHash(const EVP_MD *md, -+ unsigned char hash[], unsigned int *hashlen, - const char *fmt, ...) - { - va_list ap; - char *p, buf[4096], *in; -- int inlen; -- EVP_MD_CTX mdctx; -+ unsigned int inlen; -+ EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); - int r = 0, hflag; - -- EVP_DigestInit(&mdctx, md); -+ EVP_DigestInit(mdctx, md); - - va_start(ap, fmt); - for (p = (char *) fmt; *p; p++) { -@@ -910,7 +921,7 @@ static int MakeHash(const EVP_MD *md, un - BIGNUM *mval = va_arg(ap, BIGNUM *); - - in = buf; -- r = BigIntToBytes(mval, buf, sizeof(buf)-1, &inlen); -+ r = BigIntToBytes(mval, (unsigned char *) buf, sizeof(buf)-1, &inlen); - if (r) goto done; - break; - } -@@ -947,47 +958,52 @@ static int MakeHash(const EVP_MD *md, un - - if (hflag) { - /* hash data separately before adding to current hash */ -- EVP_MD_CTX tmpctx; -+ EVP_MD_CTX *tmpctx = EVP_MD_CTX_new(); - -- EVP_DigestInit(&tmpctx, md); -- EVP_DigestUpdate(&tmpctx, in, inlen); -- EVP_DigestFinal(&tmpctx, buf, &inlen); -+ EVP_DigestInit(tmpctx, md); -+ EVP_DigestUpdate(tmpctx, in, inlen); -+ EVP_DigestFinal(tmpctx, (unsigned char *) buf, &inlen); -+ EVP_MD_CTX_free(tmpctx); - in = buf; - } - -- EVP_DigestUpdate(&mdctx, in, inlen); -+ EVP_DigestUpdate(mdctx, in, inlen); - } - done: - va_end(ap); - -- EVP_DigestFinal(&mdctx, hash, hashlen); -+ EVP_DigestFinal(mdctx, hash, hashlen); -+ EVP_MD_CTX_free(mdctx); - - return r; - } - - static int CalculateX(context_t *text, const char *salt, int saltlen, -- const char *user, const char *pass, int passlen, -- BIGNUM *x) -+ const char *user, const unsigned char *pass, int passlen, -+ BIGNUM **x) - { -- char hash[EVP_MAX_MD_SIZE]; -- int hashlen; -+ unsigned char hash[EVP_MAX_MD_SIZE]; -+ unsigned int hashlen; - - /* x = H(salt | H(user | ':' | pass)) */ - MakeHash(text->md, hash, &hashlen, "%s:%o", user, passlen, pass); - MakeHash(text->md, hash, &hashlen, "%o%o", saltlen, salt, hashlen, hash); - -- BN_init(x); -- BN_bin2bn(hash, hashlen, x); -+ *x = BN_new(); -+ BN_bin2bn(hash, hashlen, *x); - - return SASL_OK; - } - - static int CalculateM1(context_t *text, BIGNUM *N, BIGNUM *g, - char *U, char *salt, int saltlen, -- BIGNUM *A, BIGNUM *B, char *K, int Klen, -- char *I, char *L, char *M1, int *M1len) -+ BIGNUM *A, BIGNUM *B, -+ unsigned char *K, unsigned int Klen, -+ char *I, char *L, -+ unsigned char *M1, unsigned int *M1len) - { -- int r, i, len; -+ int r; -+ unsigned int i, len; - unsigned char Nhash[EVP_MAX_MD_SIZE]; - unsigned char ghash[EVP_MAX_MD_SIZE]; - unsigned char Ng[EVP_MAX_MD_SIZE]; -@@ -1010,9 +1026,10 @@ static int CalculateM1(context_t *text, - } - - static int CalculateM2(context_t *text, BIGNUM *A, -- char *M1, int M1len, char *K, int Klen, -+ unsigned char *M1, unsigned int M1len, -+ unsigned char *K, unsigned int Klen, - char *I, char *o, char *sid, uint32 ttl, -- char *M2, int *M2len) -+ unsigned char *M2, unsigned int *M2len) - { - int r; - -@@ -1386,7 +1403,8 @@ static int SetMDA(srp_options_t *opts, c - * Setup the selected security layer. - */ - static int LayerInit(srp_options_t *opts, context_t *text, -- sasl_out_params_t *oparams, char *enc_IV, char *dec_IV, -+ sasl_out_params_t *oparams, -+ unsigned char *enc_IV, unsigned char *dec_IV, - unsigned maxbufsize) - { - layer_option_t *opt; -@@ -1431,8 +1449,10 @@ static int LayerInit(srp_options_t *opts - - /* Initialize the HMACs */ - text->hmac_md = EVP_get_digestbyname(opt->evp_name); -- HMAC_Init(&text->hmac_send_ctx, text->K, text->Klen, text->hmac_md); -- HMAC_Init(&text->hmac_recv_ctx, text->K, text->Klen, text->hmac_md); -+ text->hmac_send_ctx = HMAC_CTX_new(); -+ HMAC_Init_ex(text->hmac_send_ctx, text->K, text->Klen, text->hmac_md, NULL); -+ text->hmac_recv_ctx = HMAC_CTX_new(); -+ HMAC_Init_ex(text->hmac_recv_ctx, text->K, text->Klen, text->hmac_md, NULL); - - /* account for HMAC */ - oparams->maxoutbuf -= EVP_MD_size(text->hmac_md); -@@ -1456,11 +1476,13 @@ static int LayerInit(srp_options_t *opts - /* Initialize the ciphers */ - text->cipher = EVP_get_cipherbyname(opt->evp_name); - -- EVP_CIPHER_CTX_init(&text->cipher_enc_ctx); -- EVP_EncryptInit(&text->cipher_enc_ctx, text->cipher, text->K, enc_IV); -+ text->cipher_enc_ctx = EVP_CIPHER_CTX_new(); -+ EVP_CIPHER_CTX_init(text->cipher_enc_ctx); -+ EVP_EncryptInit(text->cipher_enc_ctx, text->cipher, text->K, enc_IV); - -- EVP_CIPHER_CTX_init(&text->cipher_dec_ctx); -- EVP_DecryptInit(&text->cipher_dec_ctx, text->cipher, text->K, dec_IV); -+ text->cipher_dec_ctx = EVP_CIPHER_CTX_new(); -+ EVP_CIPHER_CTX_init(text->cipher_dec_ctx); -+ EVP_DecryptInit(text->cipher_dec_ctx, text->cipher, text->K, dec_IV); - } - - return SASL_OK; -@@ -1469,13 +1491,13 @@ static int LayerInit(srp_options_t *opts - static void LayerCleanup(context_t *text) - { - if (text->layer & BIT_INTEGRITY) { -- HMAC_cleanup(&text->hmac_send_ctx); -- HMAC_cleanup(&text->hmac_recv_ctx); -+ HMAC_CTX_free(text->hmac_send_ctx); -+ HMAC_CTX_free(text->hmac_recv_ctx); - } - - if (text->layer & BIT_CONFIDENTIALITY) { -- EVP_CIPHER_CTX_cleanup(&text->cipher_enc_ctx); -- EVP_CIPHER_CTX_cleanup(&text->cipher_dec_ctx); -+ EVP_CIPHER_CTX_free(text->cipher_enc_ctx); -+ EVP_CIPHER_CTX_free(text->cipher_dec_ctx); - } - } - -@@ -1490,13 +1512,13 @@ static void srp_common_mech_dispose(void - - if (!text) return; - -- BN_clear_free(&text->N); -- BN_clear_free(&text->g); -- BN_clear_free(&text->v); -- BN_clear_free(&text->b); -- BN_clear_free(&text->B); -- BN_clear_free(&text->a); -- BN_clear_free(&text->A); -+ BN_clear_free(text->N); -+ BN_clear_free(text->g); -+ BN_clear_free(text->v); -+ BN_clear_free(text->b); -+ BN_clear_free(text->B); -+ BN_clear_free(text->a); -+ BN_clear_free(text->A); - - if (text->authid) utils->free(text->authid); - if (text->userid) utils->free(text->userid); -@@ -1534,16 +1556,16 @@ srp_common_mech_free(void *global_contex - * - * All arithmetic is done modulo N - */ --static int generate_N_and_g(BIGNUM *N, BIGNUM *g) -+static int generate_N_and_g(BIGNUM **N, BIGNUM **g) - { - int result; -- -- BN_init(N); -- result = BN_hex2bn(&N, Ng_tab[NUM_Ng-1].N); -+ -+ *N = BN_new(); -+ result = BN_hex2bn(N, Ng_tab[NUM_Ng-1].N); - if (!result) return SASL_FAIL; - -- BN_init(g); -- BN_set_word(g, Ng_tab[NUM_Ng-1].g); -+ *g = BN_new(); -+ BN_set_word(*g, Ng_tab[NUM_Ng-1].g); - - return SASL_OK; - } -@@ -1551,10 +1573,10 @@ static int generate_N_and_g(BIGNUM *N, B - static int CalculateV(context_t *text, - BIGNUM *N, BIGNUM *g, - const char *user, -- const char *pass, unsigned passlen, -- BIGNUM *v, char **salt, int *saltlen) -+ const unsigned char *pass, unsigned passlen, -+ BIGNUM **v, char **salt, int *saltlen) - { -- BIGNUM x; -+ BIGNUM *x = NULL; - BN_CTX *ctx = BN_CTX_new(); - int r; - -@@ -1572,40 +1594,41 @@ static int CalculateV(context_t *text, - } - - /* v = g^x % N */ -- BN_init(v); -- BN_mod_exp(v, g, &x, N, ctx); -+ *v = BN_new(); -+ BN_mod_exp(*v, g, x, N, ctx); - - BN_CTX_free(ctx); -- BN_clear_free(&x); -+ BN_clear_free(x); - - return r; - } - - static int CalculateB(context_t *text __attribute__((unused)), -- BIGNUM *v, BIGNUM *N, BIGNUM *g, BIGNUM *b, BIGNUM *B) -+ BIGNUM *v, BIGNUM *N, BIGNUM *g, BIGNUM **b, BIGNUM **B) - { -- BIGNUM v3; -+ BIGNUM *v3 = BN_new(); - BN_CTX *ctx = BN_CTX_new(); - - /* Generate b */ - GetRandBigInt(b); - - /* Per [SRP]: make sure b > log[g](N) -- g is always 2 */ -- BN_add_word(b, BN_num_bits(N)); -+ BN_add_word(*b, BN_num_bits(N)); - - /* B = (3v + g^b) % N */ -- BN_init(&v3); -- BN_set_word(&v3, 3); -- BN_mod_mul(&v3, &v3, v, N, ctx); -- BN_init(B); -- BN_mod_exp(B, g, b, N, ctx); -+ BN_set_word(v3, 3); -+ BN_mod_mul(v3, v3, v, N, ctx); -+ -+ *B = BN_new(); -+ BN_mod_exp(*B, g, *b, N, ctx); - #if OPENSSL_VERSION_NUMBER >= 0x00907000L -- BN_mod_add(B, B, &v3, N, ctx); -+ BN_mod_add(*B, *B, v3, N, ctx); - #else -- BN_add(B, B, &v3); -- BN_mod(B, B, N, ctx); -+ BN_add(*B, *B, v3); -+ BN_mod(*B, *B, N, ctx); - #endif - -+ BN_clear_free(v3); - BN_CTX_free(ctx); - - return SASL_OK; -@@ -1613,13 +1636,13 @@ static int CalculateB(context_t *text _ - - static int ServerCalculateK(context_t *text, BIGNUM *v, - BIGNUM *N, BIGNUM *A, BIGNUM *b, BIGNUM *B, -- char *K, int *Klen) -+ unsigned char *K, unsigned int *Klen) - { - unsigned char hash[EVP_MAX_MD_SIZE]; -- int hashlen; -- BIGNUM u; -- BIGNUM base; -- BIGNUM S; -+ unsigned int hashlen; -+ BIGNUM *u = BN_new(); -+ BIGNUM *base = BN_new(); -+ BIGNUM *S = BN_new(); - BN_CTX *ctx = BN_CTX_new(); - int r; - -@@ -1627,50 +1650,47 @@ static int ServerCalculateK(context_t *t - r = MakeHash(text->md, hash, &hashlen, "%m%m", A, B); - if (r) return r; - -- BN_init(&u); -- BN_bin2bn(hash, hashlen, &u); -+ BN_bin2bn(hash, hashlen, u); - - /* S = (Av^u) ^ b % N */ -- BN_init(&base); -- BN_mod_exp(&base, v, &u, N, ctx); -- BN_mod_mul(&base, &base, A, N, ctx); -+ BN_mod_exp(base, v, u, N, ctx); -+ BN_mod_mul(base, base, A, N, ctx); - -- BN_init(&S); -- BN_mod_exp(&S, &base, b, N, ctx); -+ BN_mod_exp(S, base, b, N, ctx); - - /* per Tom Wu: make sure Av^u != 1 (mod N) */ -- if (BN_is_one(&base)) { -+ if (BN_is_one(base)) { - SETERROR(text->utils, "Unsafe SRP value for 'Av^u'\n"); - r = SASL_BADPROT; - goto err; - } - - /* per Tom Wu: make sure Av^u != -1 (mod N) */ -- BN_add_word(&base, 1); -- if (BN_cmp(&S, N) == 0) { -+ BN_add_word(base, 1); -+ if (BN_cmp(S, N) == 0) { - SETERROR(text->utils, "Unsafe SRP value for 'Av^u'\n"); - r = SASL_BADPROT; - goto err; - } - - /* K = H(S) */ -- r = MakeHash(text->md, K, Klen, "%m", &S); -+ r = MakeHash(text->md, K, Klen, "%m", S); - if (r) goto err; - - r = SASL_OK; - - err: - BN_CTX_free(ctx); -- BN_clear_free(&u); -- BN_clear_free(&base); -- BN_clear_free(&S); -+ BN_clear_free(u); -+ BN_clear_free(base); -+ BN_clear_free(S); - - return r; - } - - static int ParseUserSecret(const sasl_utils_t *utils, - char *secret, size_t seclen, -- char **mda, BIGNUM *v, char **salt, int *saltlen) -+ char **mda, BIGNUM **v, char **salt, int *saltlen) - { - int r; - -@@ -1678,7 +1698,7 @@ static int ParseUserSecret(const sasl_ut - * - * { utf8(mda) mpi(v) os(salt) } (base64 encoded) - */ -- r = utils->decode64(secret, seclen, secret, seclen, &seclen); -+ r = utils->decode64(secret, seclen, secret, seclen, (unsigned *) &seclen); - - if (!r) - r = UnBuffer(utils, secret, seclen, "%s%m%o", mda, v, saltlen, salt); -@@ -1919,8 +1939,8 @@ static int srp_server_mech_step1(context - goto cleanup; - } - -- result = CalculateV(text, &text->N, &text->g, text->authid, -- auxprop_values[1].values[0], len, -+ result = CalculateV(text, text->N, text->g, text->authid, -+ (unsigned char *) auxprop_values[1].values[0], len, - &text->v, &text->salt, &text->saltlen); - if (result) { - params->utils->seterror(params->utils->conn, 0, -@@ -1938,8 +1958,7 @@ static int srp_server_mech_step1(context - params->utils->prop_erase(params->propctx, password_request[1]); - - /* Calculate B */ -- result = CalculateB(text, &text->v, &text->N, &text->g, -- &text->b, &text->B); -+ result = CalculateB(text, text->v, text->N, text->g, &text->b, &text->B); - if (result) { - params->utils->seterror(params->utils->conn, 0, - "Error calculating B"); -@@ -1967,8 +1986,8 @@ static int srp_server_mech_step1(context - */ - result = MakeBuffer(text->utils, &text->out_buf, &text->out_buf_len, - serveroutlen, "%c%m%m%o%m%s", -- 0x00, &text->N, &text->g, text->saltlen, text->salt, -- &text->B, text->server_options); -+ 0x00, text->N, text->g, text->saltlen, text->salt, -+ text->B, text->server_options); - if (result) { - params->utils->seterror(params->utils->conn, 0, - "Error creating SRP buffer from data in step 1"); -@@ -1997,15 +2016,15 @@ static int srp_server_mech_step2(context - sasl_out_params_t *oparams) - { - int result; -- char *M1 = NULL, *cIV = NULL; /* don't free */ -- int M1len, cIVlen; -+ unsigned char *M1 = NULL, *cIV = NULL; /* don't free */ -+ unsigned int M1len, cIVlen; - srp_options_t client_opts; -- char myM1[EVP_MAX_MD_SIZE]; -- int myM1len; -- int i; -- char M2[EVP_MAX_MD_SIZE]; -- int M2len; -- char sIV[SRP_MAXBLOCKSIZE]; -+ unsigned char myM1[EVP_MAX_MD_SIZE]; -+ unsigned int myM1len; -+ unsigned int i; -+ unsigned char M2[EVP_MAX_MD_SIZE]; -+ unsigned int M2len; -+ unsigned char sIV[SRP_MAXBLOCKSIZE]; - - /* Expect: - * -@@ -2027,7 +2046,7 @@ static int srp_server_mech_step2(context - } - - /* Per [SRP]: reject A <= 0 */ -- if (BigIntCmpWord(&text->A, 0) <= 0) { -+ if (BigIntCmpWord(text->A, 0) <= 0) { - SETERROR(params->utils, "Illegal value for 'A'\n"); - result = SASL_BADPROT; - goto cleanup; -@@ -2058,8 +2077,8 @@ static int srp_server_mech_step2(context - } - - /* Calculate K */ -- result = ServerCalculateK(text, &text->v, &text->N, &text->A, -- &text->b, &text->B, text->K, &text->Klen); -+ result = ServerCalculateK(text, text->v, text->N, text->A, -+ text->b, text->B, text->K, &text->Klen); - if (result) { - params->utils->seterror(params->utils->conn, 0, - "Error calculating K"); -@@ -2067,8 +2086,8 @@ static int srp_server_mech_step2(context - } - - /* See if M1 is correct */ -- result = CalculateM1(text, &text->N, &text->g, text->authid, -- text->salt, text->saltlen, &text->A, &text->B, -+ result = CalculateM1(text, text->N, text->g, text->authid, -+ text->salt, text->saltlen, text->A, text->B, - text->K, text->Klen, text->userid, - text->server_options, myM1, &myM1len); - if (result) { -@@ -2095,7 +2114,7 @@ static int srp_server_mech_step2(context - } - - /* calculate M2 to send */ -- result = CalculateM2(text, &text->A, M1, M1len, text->K, text->Klen, -+ result = CalculateM2(text, text->A, M1, M1len, text->K, text->Klen, - text->userid, text->client_options, "", 0, - M2, &M2len); - if (result) { -@@ -2105,7 +2124,7 @@ static int srp_server_mech_step2(context - } - - /* Create sIV (server initial vector) */ -- text->utils->rand(text->utils->rpool, sIV, sizeof(sIV)); -+ text->utils->rand(text->utils->rpool, (char *) sIV, sizeof(sIV)); - - /* - * Send out: -@@ -2230,20 +2249,20 @@ static int srp_setpass(void *glob_contex - r = _plug_make_fulluser(sparams->utils, &user, user_only, realm); - - if (r) { -- goto end; -+ goto cleanup; - } - - if ((flags & SASL_SET_DISABLE) || pass == NULL) { - sec = NULL; - } else { -- context_t *text; -- BIGNUM N; -- BIGNUM g; -- BIGNUM v; -+ context_t *text = NULL; -+ BIGNUM *N = NULL; -+ BIGNUM *g = NULL; -+ BIGNUM *v = NULL; - char *salt; - int saltlen; - char *buffer = NULL; -- int bufferlen, alloclen, encodelen; -+ unsigned int bufferlen, alloclen, encodelen; - - text = sparams->utils->malloc(sizeof(context_t)); - if (text == NULL) { -@@ -2264,7 +2283,8 @@ static int srp_setpass(void *glob_contex - } - - /* user is a full username here */ -- r = CalculateV(text, &N, &g, user, pass, passlen, &v, &salt, &saltlen); -+ r = CalculateV(text, N, g, user, -+ (unsigned char *) pass, passlen, &v, &salt, &saltlen); - if (r) { - sparams->utils->seterror(sparams->utils->conn, 0, - "Error calculating v"); -@@ -2296,16 +2316,16 @@ static int srp_setpass(void *glob_contex - r = SASL_NOMEM; - goto end; - } -- sparams->utils->encode64(buffer, bufferlen, sec->data, alloclen, -+ sparams->utils->encode64(buffer, bufferlen, (char *) sec->data, alloclen, - &encodelen); - sec->len = encodelen; - - /* Clean everything up */ - end: - if (buffer) sparams->utils->free((void *) buffer); -- BN_clear_free(&N); -- BN_clear_free(&g); -- BN_clear_free(&v); -+ BN_clear_free(N); -+ BN_clear_free(g); -+ BN_clear_free(v); - sparams->utils->free(text); - - if (r) return r; -@@ -2319,7 +2339,7 @@ static int srp_setpass(void *glob_contex - r = sparams->utils->prop_request(propctx, store_request); - if (!r) - r = sparams->utils->prop_set(propctx, "cmusaslsecretSRP", -- (sec ? sec->data : NULL), -+ (char *) (sec ? sec->data : NULL), - (sec ? sec->len : 0)); - if (!r) - r = sparams->utils->auxprop_store(sparams->utils->conn, propctx, user); -@@ -2475,7 +2495,7 @@ static int check_N_and_g(const sasl_util - } - - static int CalculateA(context_t *text __attribute__((unused)), -- BIGNUM *N, BIGNUM *g, BIGNUM *a, BIGNUM *A) -+ BIGNUM *N, BIGNUM *g, BIGNUM **a, BIGNUM **A) - { - BN_CTX *ctx = BN_CTX_new(); - -@@ -2483,11 +2503,11 @@ static int CalculateA(context_t *text _ - GetRandBigInt(a); - - /* Per [SRP]: make sure a > log[g](N) -- g is always 2 */ -- BN_add_word(a, BN_num_bits(N)); -+ BN_add_word(*a, BN_num_bits(N)); - - /* A = g^a % N */ -- BN_init(A); -- BN_mod_exp(A, g, a, N, ctx); -+ *A = BN_new(); -+ BN_mod_exp(*A, g, *a, N, ctx); - - BN_CTX_free(ctx); - -@@ -2495,30 +2515,30 @@ static int CalculateA(context_t *text _ - } - - static int ClientCalculateK(context_t *text, char *salt, int saltlen, -- char *user, char *pass, int passlen, -+ char *user, unsigned char *pass, int passlen, - BIGNUM *N, BIGNUM *g, BIGNUM *a, BIGNUM *A, -- BIGNUM *B, char *K, int *Klen) -+ BIGNUM *B, unsigned char *K, unsigned int *Klen) - { - int r; - unsigned char hash[EVP_MAX_MD_SIZE]; -- int hashlen; -- BIGNUM x; -- BIGNUM u; -- BIGNUM aux; -- BIGNUM gx; -- BIGNUM gx3; -- BIGNUM base; -- BIGNUM S; -+ unsigned int hashlen; -+ BIGNUM *x = NULL; -+ BIGNUM *u = BN_new(); -+ BIGNUM *aux = BN_new(); -+ BIGNUM *gx = BN_new(); -+ BIGNUM *gx3 = BN_new(); -+ BIGNUM *base = BN_new(); -+ BIGNUM *S = BN_new(); - BN_CTX *ctx = BN_CTX_new(); - - /* u = H(A | B) */ - r = MakeHash(text->md, hash, &hashlen, "%m%m", A, B); - if (r) goto err; -- BN_init(&u); -- BN_bin2bn(hash, hashlen, &u); -+ u = BN_new(); -+ BN_bin2bn(hash, hashlen, u); - - /* per Tom Wu: make sure u != 0 */ -- if (BN_is_zero(&u)) { -+ if (BN_is_zero(u)) { - SETERROR(text->utils, "SRP: Illegal value for 'u'\n"); - r = SASL_BADPROT; - goto err; -@@ -2530,48 +2550,43 @@ static int ClientCalculateK(context_t *t - if (r) return r; - - /* a + ux */ -- BN_init(&aux); -- BN_mul(&aux, &u, &x, ctx); -- BN_add(&aux, &aux, a); -+ BN_mul(aux, u, x, ctx); -+ BN_add(aux, aux, a); - - /* gx3 = 3(g^x) % N */ -- BN_init(&gx); -- BN_mod_exp(&gx, g, &x, N, ctx); -- BN_init(&gx3); -- BN_set_word(&gx3, 3); -- BN_mod_mul(&gx3, &gx3, &gx, N, ctx); -+ BN_mod_exp(gx, g, x, N, ctx); -+ BN_set_word(gx3, 3); -+ BN_mod_mul(gx3, gx3, gx, N, ctx); - - /* base = (B - 3(g^x)) % N */ -- BN_init(&base); - #if OPENSSL_VERSION_NUMBER >= 0x00907000L -- BN_mod_sub(&base, B, &gx3, N, ctx); -+ BN_mod_sub(base, B, gx3, N, ctx); - #else -- BN_sub(&base, B, &gx3); -- BN_mod(&base, &base, N, ctx); -- if (BigIntCmpWord(&base, 0) < 0) { -- BN_add(&base, &base, N); -+ BN_sub(base, B, gx3); -+ BN_mod(base, base, N, ctx); -+ if (BigIntCmpWord(base, 0) < 0) { -+ BN_add(base, base, N); - } - #endif - - /* S = base^aux % N */ -- BN_init(&S); -- BN_mod_exp(&S, &base, &aux, N, ctx); -+ BN_mod_exp(S, base, aux, N, ctx); - - /* K = H(S) */ -- r = MakeHash(text->md, K, Klen, "%m", &S); -+ r = MakeHash(text->md, K, Klen, "%m", S); - if (r) goto err; - - r = SASL_OK; - - err: - BN_CTX_free(ctx); -- BN_clear_free(&x); -- BN_clear_free(&u); -- BN_clear_free(&aux); -- BN_clear_free(&gx); -- BN_clear_free(&gx3); -- BN_clear_free(&base); -- BN_clear_free(&S); -+ BN_clear_free(x); -+ BN_clear_free(u); -+ BN_clear_free(aux); -+ BN_clear_free(gx); -+ BN_clear_free(gx3); -+ BN_clear_free(base); -+ BN_clear_free(S); - - return r; - } -@@ -2709,7 +2724,7 @@ static int srp_client_mech_new(void *glo - } - - memset(text, 0, sizeof(context_t)); -- -+ - text->state = 1; - text->utils = params->utils; - -@@ -2866,7 +2881,7 @@ srp_client_mech_step2(context_t *text, - } - - /* Check N and g to see if they are one of the recommended pairs */ -- result = check_N_and_g(params->utils, &text->N, &text->g); -+ result = check_N_and_g(params->utils, text->N, text->g); - if (result) { - params->utils->log(NULL, SASL_LOG_ERR, - "Values of 'N' and 'g' are not recommended\n"); -@@ -2874,7 +2889,7 @@ srp_client_mech_step2(context_t *text, - } - - /* Per [SRP]: reject B <= 0, B >= N */ -- if (BigIntCmpWord(&text->B, 0) <= 0 || BN_cmp(&text->B, &text->N) >= 0) { -+ if (BigIntCmpWord(text->B, 0) <= 0 || BN_cmp(text->B, text->N) >= 0) { - SETERROR(params->utils, "Illegal value for 'B'\n"); - result = SASL_BADPROT; - goto cleanup; -@@ -2913,7 +2928,7 @@ srp_client_mech_step2(context_t *text, - } - - /* Calculate A */ -- result = CalculateA(text, &text->N, &text->g, &text->a, &text->A); -+ result = CalculateA(text, text->N, text->g, &text->a, &text->A); - if (result) { - params->utils->seterror(params->utils->conn, 0, - "Error calculating A"); -@@ -2924,7 +2939,7 @@ srp_client_mech_step2(context_t *text, - result = ClientCalculateK(text, text->salt, text->saltlen, - (char *) oparams->authid, - text->password->data, text->password->len, -- &text->N, &text->g, &text->a, &text->A, &text->B, -+ text->N, text->g, text->a, text->A, text->B, - text->K, &text->Klen); - if (result) { - params->utils->log(NULL, SASL_LOG_ERR, -@@ -2933,8 +2948,8 @@ srp_client_mech_step2(context_t *text, - } - - /* Calculate M1 (client evidence) */ -- result = CalculateM1(text, &text->N, &text->g, (char *) oparams->authid, -- text->salt, text->saltlen, &text->A, &text->B, -+ result = CalculateM1(text, text->N, text->g, (char *) oparams->authid, -+ text->salt, text->saltlen, text->A, text->B, - text->K, text->Klen, (char *) oparams->user, - text->server_options, text->M1, &text->M1len); - if (result) { -@@ -2944,7 +2959,7 @@ srp_client_mech_step2(context_t *text, - } - - /* Create cIV (client initial vector) */ -- text->utils->rand(text->utils->rpool, text->cIV, sizeof(text->cIV)); -+ text->utils->rand(text->utils->rpool, (char *) text->cIV, sizeof(text->cIV)); - - /* Send out: - * -@@ -2957,7 +2972,7 @@ srp_client_mech_step2(context_t *text, - */ - result = MakeBuffer(text->utils, &text->out_buf, &text->out_buf_len, - clientoutlen, "%m%o%s%o", -- &text->A, text->M1len, text->M1, text->client_options, -+ text->A, text->M1len, text->M1, text->client_options, - sizeof(text->cIV), text->cIV); - if (result) { - params->utils->log(NULL, SASL_LOG_ERR, "Error making output buffer\n"); -@@ -2985,13 +3000,13 @@ srp_client_mech_step3(context_t *text, - sasl_out_params_t *oparams) - { - int result; -- char *M2 = NULL, *sIV = NULL; /* don't free */ -+ unsigned char *M2 = NULL, *sIV = NULL; /* don't free */ - char *sid = NULL; -- int M2len, sIVlen; -+ unsigned int M2len, sIVlen; - uint32 ttl; -- int i; -- char myM2[EVP_MAX_MD_SIZE]; -- int myM2len; -+ unsigned int i; -+ unsigned char myM2[EVP_MAX_MD_SIZE]; -+ unsigned int myM2len; - - /* Expect: - * -@@ -3012,7 +3027,7 @@ srp_client_mech_step3(context_t *text, - } - - /* calculate our own M2 */ -- result = CalculateM2(text, &text->A, text->M1, text->M1len, -+ result = CalculateM2(text, text->A, text->M1, text->M1len, - text->K, text->Klen, (char *) oparams->user, - text->client_options, "", 0, - myM2, &myM2len); diff --git a/security/cyrus-sasl2/files/patch-saslauthd_Makefile.am b/security/cyrus-sasl2/files/patch-saslauthd_Makefile.am deleted file mode 100644 index 17068c50a0f4..000000000000 --- a/security/cyrus-sasl2/files/patch-saslauthd_Makefile.am +++ /dev/null @@ -1,29 +0,0 @@ ---- saslauthd/Makefile.am.orig 2012-01-27 23:31:36 UTC -+++ saslauthd/Makefile.am -@@ -2,6 +2,8 @@ AUTOMAKE_OPTIONS = 1.7 - sbin_PROGRAMS = saslauthd testsaslauthd - EXTRA_PROGRAMS = saslcache - -+CRYPTO_COMPAT_OBJS = $(top_builddir)/common/libcrypto_compat.la -+ - saslauthd_SOURCES = mechanisms.c globals.h \ - mechanisms.h auth_dce.c auth_dce.h auth_getpwent.c \ - auth_getpwent.h auth_krb5.c auth_krb5.h auth_krb4.c \ -@@ -16,7 +18,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c - saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@ - saslauthd_LDADD = @SASL_KRB_LIB@ \ - @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \ -- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ -+ @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ $(CRYPTO_COMPAT_OBJS) - - testsaslauthd_SOURCES = testsaslauthd.c utils.c - testsaslauthd_LDADD = @LIB_SOCKET@ -@@ -25,7 +27,7 @@ saslcache_SOURCES = saslcache.c - - EXTRA_DIST = saslauthd.8 saslauthd.mdoc config include \ - getnameinfo.c getaddrinfo.c LDAP_SASLAUTHD --INCLUDES = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir)/../include -+INCLUDES = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir)/../include -I$(top_builddir)/common - DEFS = @DEFS@ -DSASLAUTHD_CONF_FILE_DEFAULT=\"@sysconfdir@/saslauthd.conf\" -I. -I$(srcdir) -I.. - - diff --git a/security/cyrus-sasl2/files/patch-saslauthd__configure b/security/cyrus-sasl2/files/patch-saslauthd__configure deleted file mode 100644 index f7dbb286e9d4..000000000000 --- a/security/cyrus-sasl2/files/patch-saslauthd__configure +++ /dev/null @@ -1,54 +0,0 @@ -Index: saslauthd/configure -diff -u saslauthd/configure.orig saslauthd/configure ---- saslauthd/configure.orig 2012-11-07 04:21:44.000000000 +0900 -+++ saslauthd/configure 2013-01-06 17:15:30.597678365 +0900 -@@ -2185,6 +2185,7 @@ - fi - { $as_echo "$as_me:$LINENO: result: yes" >&5 - $as_echo "yes" >&6; } -+program_prefix=NONE - test "$program_prefix" != NONE && - program_transform_name="s&^&$program_prefix&;$program_transform_name" - # Use a double $ so make ignores it. -@@ -8301,6 +8302,7 @@ - gssapi_dir="${gssapi}/lib" - GSSAPIBASE_LIBS="-L$gssapi_dir" - GSSAPIBASE_STATIC_LIBS="-L$gssapi_dir" -+ gssapi_bindir="${gssapi}/bin/" - else - # FIXME: This is only used for building cyrus, and then only as - # a real hack. it needs to be fixed. -@@ -8320,7 +8322,7 @@ - $as_echo_n "(cached) " >&6 - else - ac_check_lib_save_LIBS=$LIBS --LIBS="-lgssapi ${GSSAPIBASE_LIBS} -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err ${LIB_SOCKET} $LIBS" -+LIBS="${GSSAPIBASE_LIBS} `${gssapi_bindir}krb5-config --libs gssapi` $LIBS" - cat >conftest.$ac_ext <<_ACEOF - /* confdefs.h. */ - _ACEOF -@@ -8796,7 +8798,7 @@ - GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a ${K5SUPSTATIC}" - elif test "$gss_impl" = "heimdal"; then - CPPFLAGS="$CPPFLAGS -DKRB5_HEIMDAL" -- GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err" -+ GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS `${gssapi_bindir}krb5-config --libs gssapi`" - GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_STATIC_LIBS $gssapi_dir/libgssapi.a $gssapi_dir/libkrb5.a $gssapi_dir/libasn1.a $gssapi_dir/libroken.a $gssapi_dir/libcom_err.a ${LIB_CRYPT}" - elif test "$gss_impl" = "cybersafe03"; then - # Version of CyberSafe with two libraries -@@ -10065,6 +10067,7 @@ - cat confdefs.h >>conftest.$ac_ext - cat >>conftest.$ac_ext <<_ACEOF - /* end confdefs.h. */ -+#include <stdio.h> - #include <db.h> - _ACEOF - if { (ac_try="$ac_cpp conftest.$ac_ext" -@@ -10892,6 +10895,7 @@ - cat confdefs.h >>conftest.$ac_ext - cat >>conftest.$ac_ext <<_ACEOF - /* end confdefs.h. */ -+#include <stdio.h> - #include <db.h> - _ACEOF - if { (ac_try="$ac_cpp conftest.$ac_ext" diff --git a/security/cyrus-sasl2/files/patch-saslauthd__saslcache.c b/security/cyrus-sasl2/files/patch-saslauthd__saslcache.c deleted file mode 100644 index 7de41fe20d25..000000000000 --- a/security/cyrus-sasl2/files/patch-saslauthd__saslcache.c +++ /dev/null @@ -1,13 +0,0 @@ -Index: saslauthd/saslcache.c -diff -u -p saslauthd/saslcache.c.orig saslauthd/saslcache.c ---- saslauthd/saslcache.c.orig Sat Mar 29 04:59:24 2003 -+++ saslauthd/saslcache.c Thu Dec 14 13:44:41 2006 -@@ -137,7 +137,7 @@ int main(int argc, char **argv) { - } - - table_stats = shm_base + 64; -- (char *)table = (char *)table_stats + 128; -+ table = (struct bucket *)((char *)table_stats + 128); - - if (dump_stat_info == 0 && dump_user_info == 0) - dump_stat_info = 1; diff --git a/security/cyrus-sasl2/files/patch-saslauthd_lak.c b/security/cyrus-sasl2/files/patch-saslauthd_lak.c deleted file mode 100644 index f489a231581f..000000000000 --- a/security/cyrus-sasl2/files/patch-saslauthd_lak.c +++ /dev/null @@ -1,122 +0,0 @@ ---- saslauthd/lak.c.orig 2012-10-12 14:05:48 UTC -+++ saslauthd/lak.c -@@ -53,6 +53,46 @@ - #endif - #include <openssl/evp.h> - #include <openssl/des.h> -+ -+/* for legacy libcrypto support */ -+#include "crypto-compat.h" -+ -+#if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L) -+ -+#include <openssl/engine.h> -+ -+static void *OPENSSL_zalloc(size_t num) -+{ -+ void *ret = OPENSSL_malloc(num); -+ -+ if (ret != NULL) -+ memset(ret, 0, num); -+ return ret; -+} -+ -+EVP_MD_CTX *EVP_MD_CTX_new(void) -+{ -+ return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); -+} -+ -+void EVP_MD_CTX_free(EVP_MD_CTX *ctx) -+{ -+ EVP_MD_CTX_cleanup(ctx); -+ OPENSSL_free(ctx); -+} -+ -+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) -+{ -+ return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX)); -+} -+ -+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) -+{ -+ OPENSSL_free(ctx); -+} -+ -+#endif /* HAVE_OPENSSL && OPENSSL_VERSION_NUMBER */ -+ - #endif - - #define LDAP_DEPRECATED 1 -@@ -1715,20 +1755,28 @@ static int lak_base64_decode( - - int rc, i, tlen = 0; - char *text; -- EVP_ENCODE_CTX EVP_ctx; -+ EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new(); -+ -+ if (enc_ctx == NULL) -+ return LAK_NOMEM; - - text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1); -- if (text == NULL) -+ if (text == NULL) { -+ EVP_ENCODE_CTX_free(enc_ctx); - return LAK_NOMEM; -+ } - -- EVP_DecodeInit(&EVP_ctx); -- rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src)); -+ EVP_DecodeInit(enc_ctx); -+ rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src)); - if (rc < 0) { -+ EVP_ENCODE_CTX_free(enc_ctx); - free(text); - return LAK_FAIL; - } - tlen += i; -- EVP_DecodeFinal(&EVP_ctx, text, &i); -+ EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i); -+ -+ EVP_ENCODE_CTX_free(enc_ctx); - - *ret = text; - if (rlen != NULL) -@@ -1744,7 +1792,7 @@ static int lak_check_hashed( - { - int rc, clen; - LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock; -- EVP_MD_CTX mdctx; -+ EVP_MD_CTX *mdctx; - const EVP_MD *md; - unsigned char digest[EVP_MAX_MD_SIZE]; - char *cred; -@@ -1753,17 +1801,24 @@ static int lak_check_hashed( - if (!md) - return LAK_FAIL; - -+ mdctx = EVP_MD_CTX_new(); -+ if (!mdctx) -+ return LAK_NOMEM; -+ - rc = lak_base64_decode(hash, &cred, &clen); -- if (rc != LAK_OK) -+ if (rc != LAK_OK) { -+ EVP_MD_CTX_free(mdctx); - return rc; -+ } - -- EVP_DigestInit(&mdctx, md); -- EVP_DigestUpdate(&mdctx, passwd, strlen(passwd)); -+ EVP_DigestInit(mdctx, md); -+ EVP_DigestUpdate(mdctx, passwd, strlen(passwd)); - if (hrock->salted) { -- EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)], -+ EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)], - clen - EVP_MD_size(md)); - } -- EVP_DigestFinal(&mdctx, digest, NULL); -+ EVP_DigestFinal(mdctx, digest, NULL); -+ EVP_MD_CTX_free(mdctx); - - rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md)); - free(cred); diff --git a/security/cyrus-sasl2/files/patch-sasldb_db__ndbm.c b/security/cyrus-sasl2/files/patch-sasldb_db__ndbm.c deleted file mode 100644 index db7a4cd9da3d..000000000000 --- a/security/cyrus-sasl2/files/patch-sasldb_db__ndbm.c +++ /dev/null @@ -1,43 +0,0 @@ ---- sasldb/db_ndbm.c.orig 2012-01-27 23:31:36 UTC -+++ sasldb/db_ndbm.c -@@ -44,6 +44,7 @@ - */ - - #include <config.h> -+#include <errno.h> - #include <stdio.h> - #include <ndbm.h> - #include <fcntl.h> -@@ -101,7 +102,8 @@ int _sasldb_getdata(const sasl_utils_t * - } - db = dbm_open(path, O_RDONLY, S_IRUSR | S_IWUSR); - if (! db) { -- utils->seterror(cntxt, 0, "Could not open db"); -+ utils->seterror(cntxt, 0, "Could not open db `%s': %s", -+ path, strerror(errno)); - result = SASL_FAIL; - goto cleanup; - } -@@ -182,10 +184,11 @@ int _sasldb_putdata(const sasl_utils_t * - O_RDWR | O_CREAT, - S_IRUSR | S_IWUSR); - if (! db) { -+ utils->seterror(conn, 0, "Could not open db `%s' for writing: %s", -+ path, strerror(errno)); - utils->log(conn, SASL_LOG_ERR, - "SASL error opening password file. " - "Do you have write permissions?\n"); -- utils->seterror(conn, 0, "Could not open db for write"); - goto cleanup; - } - dkey.dptr = key; -@@ -322,7 +325,8 @@ sasldb_handle _sasldb_getkeyhandle(const - db = dbm_open(path, O_RDONLY, S_IRUSR | S_IWUSR); - - if(!db) { -- utils->seterror(conn, 0, "Could not open db"); -+ utils->seterror(conn, 0, "Could not open db `%s': %s", -+ path, strerror(errno)); - return NULL; - } - diff --git a/security/cyrus-sasl2/files/pkg-deinstall.in b/security/cyrus-sasl2/files/pkg-deinstall.in index 56ee6ecd3bec..23f0c12f6331 100644 --- a/security/cyrus-sasl2/files/pkg-deinstall.in +++ b/security/cyrus-sasl2/files/pkg-deinstall.in @@ -18,6 +18,9 @@ delete_sasldb() { if [ -f ${SASLDB_NAME} ] ; then if [ `${PKG_PREFIX}/sbin/sasldblistusers2 | wc -l` -eq 0 ]; then rm ${SASLDB_NAME} + if [ -f ${SASLDB_NAME}-lock ] ; then + rm ${SASLDB_NAME}-lock + fi else echo "WARNING: Users SASL passwords are in ${SASLDB_NAME}, keeping this file" fi diff --git a/security/cyrus-sasl2/files/pkg-install.in b/security/cyrus-sasl2/files/pkg-install.in index 5ca26a87880d..674684ac9967 100644 --- a/security/cyrus-sasl2/files/pkg-install.in +++ b/security/cyrus-sasl2/files/pkg-install.in @@ -78,6 +78,10 @@ create_sasldb() { ${PKG_PREFIX}/sbin/saslpasswd2 -d ${CYRUS_USER} chown ${CYRUS_USER}:mail ${SASLDB_NAME} chmod 640 ${SASLDB_NAME} + if [ -f ${SASLDB_NAME}-lock ]; then + chown ${CYRUS_USER}:mail ${SASLDB_NAME}-lock + chmod 640 ${SASLDB_NAME}-lock + fi fi fi } diff --git a/security/cyrus-sasl2/pkg-plist b/security/cyrus-sasl2/pkg-plist index c17ac623ca35..bb5d4ceb8808 100644 --- a/security/cyrus-sasl2/pkg-plist +++ b/security/cyrus-sasl2/pkg-plist @@ -105,53 +105,3 @@ man/man8/pluginviewer.8.gz sbin/pluginviewer %%SASLDB%%sbin/sasldblistusers2 %%SASLDB%%sbin/saslpasswd2 -%%PORTDOCS%%%%DOCSDIR%%/AUTHORS -%%PORTDOCS%%%%DOCSDIR%%/COPYING -%%PORTDOCS%%%%DOCSDIR%%/ChangeLog -%%PORTDOCS%%%%DOCSDIR%%/INSTALL -%%PORTDOCS%%%%DOCSDIR%%/INSTALL.TXT -%%PORTDOCS%%%%DOCSDIR%%/NEWS -%%PORTDOCS%%%%DOCSDIR%%/README -%%PORTDOCS%%%%DOCSDIR%%/ONEWS -%%PORTDOCS%%%%DOCSDIR%%/Sendmail.README -%%PORTDOCS%%%%DOCSDIR%%/TODO -%%PORTDOCS%%%%DOCSDIR%%/draft-burdis-cat-srp-sasl-xx.txt -%%PORTDOCS%%%%DOCSDIR%%/draft-ietf-sasl-anon-xx.txt -%%PORTDOCS%%%%DOCSDIR%%/draft-ietf-sasl-crammd5-xx.txt -%%PORTDOCS%%%%DOCSDIR%%/draft-ietf-sasl-gssapi-xx.txt -%%PORTDOCS%%%%DOCSDIR%%/draft-ietf-sasl-plain-xx.txt -%%PORTDOCS%%%%DOCSDIR%%/draft-ietf-sasl-rfc2222bis-xx.txt -%%PORTDOCS%%%%DOCSDIR%%/draft-ietf-sasl-rfc2831bis-xx.txt -%%PORTDOCS%%%%DOCSDIR%%/draft-ietf-sasl-saslprep-xx.txt -%%PORTDOCS%%%%DOCSDIR%%/draft-murchison-sasl-login-xx.txt -%%PORTDOCS%%%%DOCSDIR%%/draft-newman-sasl-c-api-xx.txt -%%PORTDOCS%%%%DOCSDIR%%/rfc1321.txt -%%PORTDOCS%%%%DOCSDIR%%/rfc1939.txt -%%PORTDOCS%%%%DOCSDIR%%/rfc2104.txt -%%PORTDOCS%%%%DOCSDIR%%/rfc2195.txt -%%PORTDOCS%%%%DOCSDIR%%/rfc2222.txt -%%PORTDOCS%%%%DOCSDIR%%/rfc2243.txt -%%PORTDOCS%%%%DOCSDIR%%/rfc2245.txt -%%PORTDOCS%%%%DOCSDIR%%/rfc2289.txt -%%PORTDOCS%%%%DOCSDIR%%/rfc2444.txt -%%PORTDOCS%%%%DOCSDIR%%/rfc2595.txt -%%PORTDOCS%%%%DOCSDIR%%/rfc2831.txt -%%PORTDOCS%%%%DOCSDIR%%/rfc2945.txt -%%PORTDOCS%%%%DOCSDIR%%/rfc3174.txt -%%PORTDOCS%%%%DOCSDIR%%/server-plugin-flow.fig -%%PORTDOCS%%%%DOCSDIR%%/testing.txt -%%PORTDOCS%%%%DOCSDIR%%/html/advanced.html -%%PORTDOCS%%%%DOCSDIR%%/html/appconvert.html -%%PORTDOCS%%%%DOCSDIR%%/html/components.html -%%PORTDOCS%%%%DOCSDIR%%/html/gssapi.html -%%PORTDOCS%%%%DOCSDIR%%/html/index.html -%%PORTDOCS%%%%DOCSDIR%%/html/install.html -%%PORTDOCS%%%%DOCSDIR%%/html/macosx.html -%%PORTDOCS%%%%DOCSDIR%%/html/mechanisms.html -%%PORTDOCS%%%%DOCSDIR%%/html/options.html -%%PORTDOCS%%%%DOCSDIR%%/html/plugprog.html -%%PORTDOCS%%%%DOCSDIR%%/html/programming.html -%%PORTDOCS%%%%DOCSDIR%%/html/readme.html -%%PORTDOCS%%%%DOCSDIR%%/html/sysadmin.html -%%PORTDOCS%%%%DOCSDIR%%/html/upgrading.html -%%PORTDOCS%%%%DOCSDIR%%/html/windows.html |