libsasl: update to 2.1.27.

2025-08-02 10:52:57 +02:00 · 2019-01-14 17:47:42 +01:00 · 2019-01-14 17:47:42 +01:00 · 30746ac99d
commit 30746ac99d
parent ecb7484b24
16 changed files with 181 additions and 463 deletions
--- a/srcpkgs/libsasl/patches/0010_maintainer_mode.patch
+++ b/srcpkgs/libsasl/patches/0010_maintainer_mode.patch
@ -1,19 +0,0 @@
 #! /bin/sh /usr/share/dpatch/dpatch-run
 ## 0010_maintainer_mode.dpatch by  <fabbe@debian.org>
 ##
 ## All lines beginning with `## DP:' are a description of the patch.
 ## DP: Enable maintainer mode to avoid auto* problems.
@DPATCH@
 diff -urNad trunk~/configure.in trunk/configure.in
 --- trunk~/configure.in	2006-05-29 22:52:46.000000000 +0300
 +++ trunk/configure.in	2006-11-01 23:24:55.000000000 +0200
@@ -62,6 +62,8 @@
 AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.22)
 CMU_INIT_AUTOMAKE
 +AM_MAINTAINER_MODE
 +
 # and include our config dir scripts
 ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config"
--- a/srcpkgs/libsasl/patches/0011_saslauthd_ac_prog_libtool.patch
+++ b/srcpkgs/libsasl/patches/0011_saslauthd_ac_prog_libtool.patch
@ -1,15 +0,0 @@
 0011_saslauthd_ac_prog_libtool.dpatch by  <fabbe@debian.org>
 Enable libtool use.
 diff -urNad trunk~/saslauthd/configure.in trunk/saslauthd/configure.in
 --- trunk~/saslauthd/configure.in	2006-05-29 22:52:42.000000000 +0300
 +++ trunk/saslauthd/configure.in	2006-11-01 23:41:51.000000000 +0200
@@ -25,6 +25,7 @@
 AC_PROG_MAKE_SET
 AC_PROG_LN_S
 AC_PROG_INSTALL
 +AC_PROG_LIBTOOL
 dnl Checks for build foo
 CMU_C___ATTRIBUTE__
--- a/srcpkgs/libsasl/patches/0012-fix-ac_cv_names.patch
+++ b/srcpkgs/libsasl/patches/0012-fix-ac_cv_names.patch
@ -1,48 +0,0 @@
 --- a/saslauthd/configure.in	2015-11-20 16:22:07.295862770 +0100
 +++ b/saslauthd/configure.in	2015-11-20 16:23:35.581855882 +0100
@@ -164,30 +164,30 @@
 dnl Checks for which function macros exist
 AC_MSG_CHECKING(whether $CC implements __func__)
 -AC_CACHE_VAL(have_func,
 +AC_CACHE_VAL(ac_cv_have_func,
 [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __func__);],
 -have_func=yes,
 -have_func=no)])
 -AC_MSG_RESULT($have_func)
 -if test "$have_func" = yes; then
 +ac_cv_have_func=yes,
 +ac_cv_have_func=no)])
 +AC_MSG_RESULT($ac_cv_have_func)
 +if test "$ac_cv_have_func" = yes; then
        AC_DEFINE(HAVE_FUNC,[],[Does the compiler understand __func__])
 else
        AC_MSG_CHECKING(whether $CC implements __PRETTY_FUNCTION__)
 -       AC_CACHE_VAL(have_pretty_function,
 +       AC_CACHE_VAL(ac_cv_have_pretty_function,
        [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __PRETTY_FUNCTION__);],
 -       have_pretty_function=yes,
 -       have_pretty_function=no)])
 -       AC_MSG_RESULT($have_pretty_function)
 -       if test "$have_pretty_function" = yes; then
 +       ac_cv_have_pretty_function=yes,
 +       ac_cv_have_pretty_function=no)])
 +       AC_MSG_RESULT($ac_cv_have_pretty_function)
 +       if test "$ac_cv_have_pretty_function" = yes; then
                AC_DEFINE(HAVE_PRETTY_FUNCTION,[],[Does compiler understand __PRETTY_FUNCTION__])
        else
                AC_MSG_CHECKING(whether $CC implements __FUNCTION__)
 -               AC_CACHE_VAL(have_function,
 +               AC_CACHE_VAL(ac_cv_have_function,
                [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __FUNCTION__);],
 -               have_function=yes,
 -               have_function=no)])
 -               AC_MSG_RESULT($have_function)
 -               if test "$have_function" = yes; then
 +               ac_cv_have_function=yes,
 +               ac_cv_have_function=no)])
 +               AC_MSG_RESULT($ac_cv_have_function)
 +               if test "$ac_cv_have_function" = yes; then
                        AC_DEFINE(HAVE_FUNCTION,[],[Does compiler understand __FUNCTION__])
                fi
        fi
--- a/srcpkgs/libsasl/patches/0025_ld_as_needed.patch
+++ b/srcpkgs/libsasl/patches/0025_ld_as_needed.patch
@ -1,27 +0,0 @@
 Author: Matthias Klose <doko@ubuntu.com>
 Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
 it.
 --- a/saslauthd/Makefile.am
 +++ b/saslauthd/Makefile.am
@@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c
 saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@
 saslauthd_LDADD	= @SASL_KRB_LIB@ \
 		  @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
 -		  @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
 +		  @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
 testsaslauthd_SOURCES = testsaslauthd.c utils.c
 testsaslauthd_LDADD = @LIB_SOCKET@
 --- a/sasldb/Makefile.am
 +++ b/sasldb/Makefile.am
@@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a
 libsasldb_la_SOURCES = allockey.c sasldb.h
 EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
 -libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
 -libsasldb_la_LIBADD = $(SASL_DB_BACKEND) 
 +libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
 +libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
 # Prevent make dist stupidity
 libsasldb_a_SOURCES =
--- a/srcpkgs/libsasl/patches/0026_drop_krb5support_dependency.patch
+++ b/srcpkgs/libsasl/patches/0026_drop_krb5support_dependency.patch
@ -1,14 +0,0 @@
 Author: Roberto C. Sanchez <roberto@connexer.com>
 Description: Drop gratuitous dependency on krb5support
 --- a/cmulocal/sasl2.m4
 +++ b/cmulocal/sasl2.m4
@@ -112,9 +112,6 @@ if test "$gssapi" != no; then
   fi
   if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
 -    # check for libkrb5support first
 -    AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
 -
     gss_failed=0
     AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
                  ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})
--- a/srcpkgs/libsasl/patches/0030-dont_use_la_files_for_opening_plugins.patch
+++ b/srcpkgs/libsasl/patches/0030-dont_use_la_files_for_opening_plugins.patch
@ -1,134 +0,0 @@
 --- a/lib/dlopen.c
 +++ b/lib/dlopen.c
@@ -247,105 +247,6 @@ static int _sasl_plugin_load(char *plugi
     return result;
 }
 -/* this returns the file to actually open.
 - *  out should be a buffer of size PATH_MAX
 - *  and may be the same as in. */
 -
 -/* We'll use a static buffer for speed unless someone complains */
 -#define MAX_LINE 2048
 -
 -static int _parse_la(const char *prefix, const char *in, char *out) 
 -{
 -    FILE *file;
 -    size_t length;
 -    char line[MAX_LINE];
 -    char *ntmp = NULL;
 -
 -    if(!in || !out || !prefix || out == in) return SASL_BADPARAM;
 -
 -    /* Set this so we can detect failure */
 -    *out = '\0';
 -
 -    length = strlen(in);
 -
 -    if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) {
 -	if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) {
 -	    /* check for a .la file */
 -	    strcpy(line, prefix);
 -	    strcat(line, in);
 -	    length = strlen(line);
 -	    *(line + (length - strlen(SO_SUFFIX))) = '\0';
 -	    strcat(line, LA_SUFFIX);
 -	    file = fopen(line, "r");
 -	    if(file) {
 -		/* We'll get it on the .la open */
 -		fclose(file);
 -		return SASL_FAIL;
 -	    }
 -	}
 -	strcpy(out, prefix);
 -	strcat(out, in);
 -	return SASL_OK;
 -    }
 -
 -    strcpy(line, prefix);
 -    strcat(line, in);
 -
 -    file = fopen(line, "r");
 -    if(!file) {
 -	_sasl_log(NULL, SASL_LOG_WARN,
 -		  "unable to open LA file: %s", line);
 -	return SASL_FAIL;
 -    }
 -    
 -    while(!feof(file)) {
 -	if(!fgets(line, MAX_LINE, file)) break;
 -	if(line[strlen(line) - 1] != '\n') {
 -	    _sasl_log(NULL, SASL_LOG_WARN,
 -		      "LA file has too long of a line: %s", in);
 -	    return SASL_BUFOVER;
 -	}
 -	if(line[0] == '\n' || line[0] == '#') continue;
 -	if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) {
 -	    /* We found the line with the name in it */
 -	    char *end;
 -	    char *start;
 -	    size_t len;
 -	    end = strrchr(line, '\'');
 -	    if(!end) continue;
 -	    start = &line[sizeof("dlname=")-1];
 -	    len = strlen(start);
 -	    if(len > 3 && start[0] == '\'') {
 -		ntmp=&start[1];
 -		*end='\0';
 -		/* Do we have dlname="" ? */
 -		if(ntmp == end) {
 -		    _sasl_log(NULL, SASL_LOG_DEBUG,
 -			      "dlname is empty in .la file: %s", in);
 -		    return SASL_FAIL;
 -		}
 -		strcpy(out, prefix);
 -		strcat(out, ntmp);
 -	    }
 -	    break;
 -	}
 -    }
 -    if(ferror(file) || feof(file)) {
 -	_sasl_log(NULL, SASL_LOG_WARN,
 -		  "Error reading .la: %s\n", in);
 -	fclose(file);
 -	return SASL_FAIL;
 -    }
 -    fclose(file);
 -
 -    if(!(*out)) {
 -	_sasl_log(NULL, SASL_LOG_WARN,
 -		  "Could not find a dlname line in .la file: %s", in);
 -	return SASL_FAIL;
 -    }
 -
 -    return SASL_OK;
 -}
 #endif /* DO_DLOPEN */
 /* loads a plugin library */
@@ -499,18 +400,18 @@ int _sasl_load_plugins(const add_plugin_
 		if (length + pos>=PATH_MAX) continue; /* too big */
 		if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)),
 -			   SO_SUFFIX)
 -		    && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)),
 -			   LA_SUFFIX))
 +			   SO_SUFFIX))
 		    continue;
 +		/* We only use .so files for loading plugins */
 +
 		memcpy(name,dir->d_name,length);
 		name[length]='\0';
 -		result = _parse_la(prefix, name, tmp);
 -		if(result != SASL_OK)
 -		    continue;
 -		
 +		/* Create full name with path */
 +		strncpy(tmp, prefix, PATH_MAX);
 +		strncat(tmp, name, PATH_MAX);
 +
 		/* skip "lib" and cut off suffix --
 		   this only need be approximate */
 		strcpy(plugname, name + 3);
--- a/srcpkgs/libsasl/patches/CVE-2013-4122.patch
+++ b/srcpkgs/libsasl/patches/CVE-2013-4122.patch
@ -1,116 +0,0 @@
 From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001
 From: mancha <mancha1@hush.com>
 Date: Thu, 11 Jul 2013 09:08:07 +0000
 Subject: Handle NULL returns from glibc 2.17+ crypt()
 Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
 (w/ NULL return) if the salt violates specifications. Additionally,
 on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
 passed to crypt() fail with EPERM (w/ NULL return).
 When using glibc's crypt(), check return value to avoid a possible
 NULL pointer dereference.
 Patch by mancha1@hush.com.
 ---
 diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c
 index 4b34222..400289c 100644
 --- a/pwcheck/pwcheck_getpwnam.c
 +++ b/pwcheck/pwcheck_getpwnam.c
@@ -32,6 +32,7 @@ char *userid;
 char *password;
 {
     char* r;
 +    char* crpt_passwd;
     struct passwd *pwd;
     pwd = getpwnam(userid);
@@ -41,7 +42,7 @@ char *password;
     else if (pwd->pw_passwd[0] == '*') {
 	r = "Account disabled";
     }
 -    else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
 +    else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
 	r = "Incorrect password";
     }
     else {
 diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c
 index 2b11286..6d607bb 100644
 --- a/pwcheck/pwcheck_getspnam.c
 +++ b/pwcheck/pwcheck_getspnam.c
@@ -32,13 +32,15 @@ char *userid;
 char *password;
 {
     struct spwd *pwd;
 +    char *crpt_passwd;
     pwd = getspnam(userid);
     if (!pwd) {
 	return "Userid not found";
     }
 -    if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
 +    crpt_passwd = crypt(password, pwd->sp_pwdp);
 +    if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
 	return "Incorrect password";
     }
     else {
 diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c
 index fc8029d..d4ebe54 100644
 --- a/saslauthd/auth_getpwent.c
 +++ b/saslauthd/auth_getpwent.c
@@ -77,6 +77,7 @@ auth_getpwent (
 {
     /* VARIABLES */
     struct passwd *pw;			/* pointer to passwd file entry */
 +    char *crpt_passwd;			/* encrypted password */
     int errnum;
     /* END VARIABLES */
@@ -105,7 +106,8 @@ auth_getpwent (
 	}
     }
 -    if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
 +    crpt_passwd = crypt(password, pw->pw_passwd);
 +    if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
 	if (flags & VERBOSE) {
 	    syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
 	}
 diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c
 index 677131b..1988afd 100644
 --- a/saslauthd/auth_shadow.c
 +++ b/saslauthd/auth_shadow.c
@@ -210,8 +210,8 @@ auth_shadow (
 	RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
     }
 -    cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
 -    if (strcmp(sp->sp_pwdp, cpw)) {
 +    cpw = crypt(password, sp->sp_pwdp);
 +    if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
 	if (flags & VERBOSE) {
 	    /*
 	     * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
@@ -221,10 +221,8 @@ auth_shadow (
 	    syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
 		   sp->sp_pwdp, cpw);
 	}
 -	free(cpw);
 	RETURN("NO Incorrect password");
     }
 -    free(cpw);
     /*
      * The following fields will be set to -1 if:
@@ -286,7 +284,7 @@ auth_shadow (
 	RETURN("NO Invalid username");
     }
 -    if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
 +    if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
 	if (flags & VERBOSE) {
 	    syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
 		   password, upw->upw_passwd);
 --
 cgit v0.9.2
--- a/srcpkgs/libsasl/patches/cross.patch
+++ b/srcpkgs/libsasl/patches/cross.patch
@ -0,0 +1,41 @@
 Upstream: No
 Reason: Tries to run cross compiled binary
 diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
 index 56e0504..c1d8e35 100644
 --- a/m4/sasl2.m4
 +++ b/m4/sasl2.m4
@@ -315,31 +315,8 @@ if test "$gssapi" != no; then
   LIBS="$LIBS $GSSAPIBASE_LIBS"
   AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
 -  AC_TRY_RUN([
 -#ifdef HAVE_GSSAPI_H
 -#include <gssapi.h>
 -#else
 -#include <gssapi/gssapi.h>
 -#endif
 -
 -int main(void)
 -{
 -    gss_OID_desc spnego_oid = { 6, (void *) "\x2b\x06\x01\x05\x05\x02" };
 -    gss_OID_set mech_set;
 -    OM_uint32 min_stat;
 -    int have_spnego = 0;
 -                                                                               
 -    if (gss_indicate_mechs(&min_stat, &mech_set) == GSS_S_COMPLETE) {
 -	gss_test_oid_set_member(&min_stat, &spnego_oid, mech_set, &have_spnego);
 -	gss_release_oid_set(&min_stat, &mech_set);
 -    }
 -
 -    return (!have_spnego);  // 0 = success, 1 = failure
 -}
 -],	
 -	[ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
 -	AC_MSG_RESULT(yes) ],
 -	AC_MSG_RESULT(no))
 +  AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
 +  AC_MSG_RESULT(yes)
   LIBS="$cmu_save_LIBS"
 else
--- a/srcpkgs/libsasl/patches/cyrus-sasl-2.1.22-qa.patch
+++ b/srcpkgs/libsasl/patches/cyrus-sasl-2.1.22-qa.patch
@ -1,22 +0,0 @@
 fix missing prototype warnings
 --- cyrus-sasl-2.1.22/lib/auxprop.c
 +++ cyrus-sasl-2.1.22/lib/auxprop.c
@@ -43,6 +43,7 @@
  */
 #include <config.h>
 +#include <stdio.h>
 #include <sasl.h>
 #include <prop.h>
 #include <ctype.h>
 --- cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
 +++ cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
@@ -24,6 +24,7 @@ OF OR IN CONNECTION WITH THE USE OR PERF
 ******************************************************************/
 #include <shadow.h>
 +#include <string.h>
 extern char *crypt();
--- a/srcpkgs/libsasl/patches/cyrus-sasl-2.1.26-size_t.patch
+++ b/srcpkgs/libsasl/patches/cyrus-sasl-2.1.26-size_t.patch
@ -1,11 +0,0 @@
 --- cyrus-sasl-2.1.26/include/sasl.h	2012-10-12 09:05:48.000000000 -0500
 +++ cyrus-sasl-2.1.26/include/sasl.h	2013-01-31 13:21:04.007739327 -0600
@@ -223,6 +223,8 @@ extern "C" {
  * they must be called before all other SASL functions:
  */
 +#include <sys/types.h>
 +
 /* memory allocation functions which may optionally be replaced:
  */
 typedef void *sasl_malloc_t(size_t);
--- a/srcpkgs/libsasl/patches/cyrus-sasl-2.1.27-as_needed.patch
+++ b/srcpkgs/libsasl/patches/cyrus-sasl-2.1.27-as_needed.patch
@ -0,0 +1,29 @@
 Source: https://git.alpinelinux.org/aports/tree/main/cyrus-sasl/cyrus-sasl-2.1.27-as_needed.patch
 Upstream: No
 Reason: FTBFS
 Author: Matthias Klose <doko@ubuntu.com>
 Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
 it.
 --- cyrus-sasl-2.1.27/saslauthd/Makefile.am
 +++ cyrus-sasl-2.1.27/saslauthd/Makefile.am
@@ -25,7 +25,7 @@
 saslauthd_DEPENDENCIES = saslauthd-main.o $(LTLIBOBJS_FULL)
 saslauthd_LDADD	= @SASL_KRB_LIB@ \
 		  @GSSAPIBASE_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
 -		  @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
 +		  @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
 testsaslauthd_SOURCES = testsaslauthd.c utils.c
 testsaslauthd_LDADD = @LIB_SOCKET@
 --- cyrus-sasl-2.1.27/sasldb/Makefile.am
 +++ cyrus-sasl-2.1.27/sasldb/Makefile.am
@@ -54,6 +54,6 @@
 libsasldb_la_SOURCES = allockey.c sasldb.h
 EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
 -libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
 -libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
 +libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
 +libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
 libsasldb_la_LDFLAGS = -no-undefined
--- a/srcpkgs/libsasl/patches/cyrus-sasl-2.1.27-autotools_fixes.patch
+++ b/srcpkgs/libsasl/patches/cyrus-sasl-2.1.27-autotools_fixes.patch
@ -0,0 +1,35 @@
 Source: https://git.alpinelinux.org/aports/tree/main/cyrus-sasl/cyrus-sasl-2.1.27-autotools_fixes.patch
 Upstream: No
 Reason: FTBFS
 --- cyrus-sasl-2.1.27/configure.ac
 +++ cyrus-sasl-2.1.27/configure.ac
@@ -44,6 +44,8 @@
 AC_PREREQ(2.63)
 +AC_CONFIG_MACRO_DIR([config])
 +
 dnl
 dnl REMINDER: When changing the version number here, please also update
 dnl the values in win32/include/config.h and include/sasl.h as well.
 --- cyrus-sasl-2.1.27/Makefile.am
 +++ cyrus-sasl-2.1.27/Makefile.am
@@ -44,6 +44,8 @@
 #
 ################################################################
 +ACLOCAL_AMFLAGS = -I config
 +
 if SASLAUTHD
 SAD = saslauthd
 else
 --- cyrus-sasl-2.1.27/saslauthd/Makefile.am
 +++ cyrus-sasl-2.1.27/saslauthd/Makefile.am
@@ -1,4 +1,6 @@
 AUTOMAKE_OPTIONS = 1.7
 +ACLOCAL_AMFLAGS = -I ../config
 +
 sbin_PROGRAMS	= saslauthd testsaslauthd
 EXTRA_PROGRAMS  = saslcache
--- a/srcpkgs/libsasl/patches/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch
+++ b/srcpkgs/libsasl/patches/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch
@ -1,27 +1,20 @@
 Source: https://git.alpinelinux.org/aports/tree/main/cyrus-sasl/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch
 Upstream: No
 Author: Fabian Fagerholm <fabbe@debian.org>
 Description: This patch makes sure the non-PIC version of libsasldb.a, which
 is created out of non-PIC objects, is not going to overwrite the PIC version,
 which is created out of PIC objects. The PIC version is placed in .libs, and
 the non-PIC version in the current directory.  This ensures that both non-PIC
 and PIC versions are available in the correct locations.
--- cyrus-sasl2.orig/lib/Makefile.am
+--- cyrus-sasl-2.1.27/lib/Makefile.am
-+++ cyrus-sasl2/lib/Makefile.am
+++ cyrus-sasl-2.1.27/lib/Makefile.am
-@@ -80,7 +80,7 @@ endif
+@@ -98,7 +98,7 @@
 libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS)
 	@echo adding static plugins and dependencies
 -	$(AR) cru .libs/$@ $(SASL_STATIC_OBJS)
 +	$(AR) cru $@ $(SASL_STATIC_OBJS)
- 	@for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
+ 	@for i in ./libsasl2.la ../common/libplugin_common.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
 	if test ! -f $$i; then continue; fi; . $$i; \
 	for j in $$dependency_libs foo; do \
 --- cyrus-sasl2.orig/sasldb/Makefile.am
 +++ cyrus-sasl2/sasldb/Makefile.am
@@ -63,6 +63,6 @@ libsasldb_a_SOURCES =
 EXTRA_libsasldb_a_SOURCES =
 libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC)
 -	$(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC)
 +	$(AR) cru $@ $(SASL_DB_BACKEND_STATIC)
--- a/srcpkgs/libsasl/patches/fix-pkgconfig.patch
+++ b/srcpkgs/libsasl/patches/fix-pkgconfig.patch
@ -1,8 +0,0 @@
 --- a/libsasl2.pc.in	2012-10-12 16:05:48.000000000 +0200
 +++ b/libsasl2.pc.in	2016-03-27 09:53:17.711282336 +0200
@@ -1,3 +1,5 @@
 +prefix = @prefix@
 +exec_prefix = @exec_prefix@
 libdir = @libdir@
 Name: Cyrus SASL
--- a/srcpkgs/libsasl/patches/libressl.patch
+++ b/srcpkgs/libsasl/patches/libressl.patch
@ -0,0 +1,61 @@
 Source: https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/security/cyrus-sasl2/patches/patch-saslauthd_lak_c
 Upstream: No
 Reason: LibreSSL compatibility
 $OpenBSD: patch-saslauthd_lak_c,v 1.1 2018/11/19 08:24:23 ajacoutot Exp $
 64-bit time_t
 Fix for LibreSSL
 Index: saslauthd/lak.c
 --- a/saslauthd/lak.c.orig
 +++ b/saslauthd/lak.c
@@ -841,12 +841,12 @@ static int lak_connect(
 	rc = ldap_set_option(lak->ld, LDAP_OPT_NETWORK_TIMEOUT, &(lak->conf->timeout));
 	if (rc != LDAP_OPT_SUCCESS) {
 -		syslog(LOG_WARNING|LOG_AUTH, "Unable to set LDAP_OPT_NETWORK_TIMEOUT %ld.%ld.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);
 +		syslog(LOG_WARNING|LOG_AUTH, "Unable to set LDAP_OPT_NETWORK_TIMEOUT %lld.%ld.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);
 	}
 	rc = ldap_set_option(lak->ld, LDAP_OPT_TIMEOUT, &(lak->conf->timeout));
 	if (rc != LDAP_OPT_SUCCESS) {
 -		syslog(LOG_WARNING|LOG_AUTH, "Unable to set LDAP_OPT_TIMEOUT %ld.%ld.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);
 +		syslog(LOG_WARNING|LOG_AUTH, "Unable to set LDAP_OPT_TIMEOUT %lld.%ld.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);
 	}
 	rc = ldap_set_option(lak->ld, LDAP_OPT_TIMELIMIT, &(lak->conf->time_limit));
@@ -1749,28 +1749,28 @@ static int lak_base64_decode(
 	int rc, i, tlen = 0;
 	char *text;
 -	EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new();
 +	EVP_ENCODE_CTX *enc_ctx = calloc(1, sizeof(EVP_ENCODE_CTX));
 	if (enc_ctx == NULL)
 		return LAK_NOMEM;
 	text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
 	if (text == NULL) {
 -		EVP_ENCODE_CTX_free(enc_ctx);
 +		free(enc_ctx);
 		return LAK_NOMEM;
 	}
 	EVP_DecodeInit(enc_ctx);
 	rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src));
 	if (rc < 0) {
 -		EVP_ENCODE_CTX_free(enc_ctx);
 +		free(enc_ctx);
 		free(text);
 		return LAK_FAIL;
 	}
 	tlen += i;
 	EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i);
 -	EVP_ENCODE_CTX_free(enc_ctx);
 +	free(enc_ctx);
 	*ret = text;
 	if (rlen != NULL)
--- a/srcpkgs/libsasl/template
+++ b/srcpkgs/libsasl/template
@ -1,7 +1,8 @@
 # Template file for 'libsasl'
 pkgname=libsasl
-version=2.1.26
+version=2.1.27
-revision=5
+revision=1
 wrksrc="cyrus-sasl-${version}"
 build_style=gnu-configure
 configure_args="--enable-cram --enable-digest --enable-auth-sasldb
 --enable-plain --enable-anon --enable-login --enable-gssapi --enable-ntlm
@ -10,46 +11,18 @@ configure_args="--enable-cram --enable-digest --enable-auth-sasldb
 --with-devrandom=/dev/random"
 hostmakedepends="automake libtool pkg-config"
 makedepends="db-devel"
 wrksrc="cyrus-sasl-${version}"
 short_desc="Cyrus SASL - runtime shared libraries"
 maintainer="Juan RP <xtraeme@voidlinux.org>"
-homepage="http://cyrusimap.web.cmu.edu/"
+license="BSD-3-Clause-Attribution"
-license="BSD"
+homepage="https://www.cyrusimap.org/sasl/"
 distfiles="https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-${version}/cyrus-sasl-${version}.tar.gz"
-checksum=8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3
+checksum=26866b1549b00ffd020f188a43c258017fa1c382b3ddadd8201536f72efb05d5
 patch_args="-Np1"
 # Seems to be cured with libtool>=2.4.6
 # disable_parallel_build=yes
 pre_configure() {
-	# XXX
+	autoreconf -fi
 	if [ "$CROSS_BUILD" ]; then
 		sed 's,AC_TRY_RUN,AC_TRY_LINK_FUNC,' -i cmulocal/sasl2.m4
 	fi
 	# Remove outdated files
 	rm -f config/config.{guess,sub}
 	rm -f config/lt{config,main.sh} config/libtool.m4
 	# Rename configure.in for fewer warnings
 	mv configure.{in,ac}
 	# Avoid picking up the target LDFLAGS for makemd5
 	sed -i include/Makefile.am -e "/^CFLAGS/a LDFLAGS ="
 	# Rename configure.in for fewer warnings
 	mv saslauthd/configure.{in,ac}
 	# Remove check for KRB4; otherwise we would need mt-krb4-devel
 	rm -f config/kerberos_v4.m4
 	# Remove placeholder for KRB4 library
 	find -name Makefile.am -exec sed -i "{}" -e "s;= @SASL_KRB_LIB@;= ;" \;
 	autoreconf -I $(pwd)/config -I $(pwd)/cmulocal -i -f
 }
 post_install() {
 	# We are only interested in libsasl.
 	rm -rf ${DESTDIR}/usr/{bin,sbin,share,lib/sasl2}