--- cyrus-sasl2-2.1.19.dfsg1.orig/p/06_testsuite.diff +++ cyrus-sasl2-2.1.19.dfsg1/p/06_testsuite.diff @@ -0,0 +1,33 @@ +diff -urN cyrus-sasl-2.1.19/utils/testsuite.c cyrus-sasl-2.1.19.new/utils/testsuite.c +--- cyrus-sasl-2.1.19/utils/testsuite.c 2004-02-20 23:52:58.000000000 +0000 ++++ cyrus-sasl-2.1.19.new/utils/testsuite.c 2004-03-20 22:56:20.000000000 +0000 +@@ -467,9 +467,9 @@ + *len = strlen("sasldb"); + return SASL_OK; + } else if (!strcmp(option, "sasldb_path")) { +- *result = "./sasldb"; ++ *result = "/etc/sasldb2"; + if (len) +- *len = strlen("./sasldb"); ++ *len = strlen("/etc/sasldb2"); + return SASL_OK; + } else if (!strcmp(option, "canon_user_plugin")) { + *result = cu_plugin; +@@ -2870,7 +2870,7 @@ + void usage(void) + { + printf("Usage:\n" \ +- " testsuite [-g name] [-s seed] [-r tests] -a -M\n" \ ++ " sasltestsuite [-g name] [-s seed] [-r tests] -a -M\n" \ + " g -- gssapi service name to use (default: host)\n" \ + " r -- # of random tests to do (default: 25)\n" \ + " a -- do all corruption tests (and ignores random ones unless -r specified)\n" \ +@@ -2883,7 +2883,7 @@ + + int main(int argc, char **argv) + { +- char c; ++ int c; + int random_tests = -1; + int do_all = 0; + int skip_do_correct = 0; --- cyrus-sasl2-2.1.19.dfsg1.orig/p/11_remove_rpath.diff +++ cyrus-sasl2-2.1.19.dfsg1/p/11_remove_rpath.diff @@ -0,0 +1,27 @@ +diff -urN cyrus-sasl-2.1.19/configure.in cyrus-sasl-2.1.19.new/configure.in +--- cyrus-sasl-2.1.19/configure.in 2004-04-19 11:41:35.000000000 +0100 ++++ cyrus-sasl-2.1.19.new/configure.in 2004-04-19 11:41:20.000000000 +0100 +@@ -612,9 +612,9 @@ + elif test -d ${with_mysql}/mysql/lib; then + LIB_MYSQL="-L${with_mysql}/mysql/lib -R${with_mysql}/mysql/lib" + elif test -d ${with_mysql}/lib; then +- LIB_MYSQL="-L${with_mysql}/lib -R${with_mysql}/lib" ++ LIB_MYSQL="" + else +- LIB_MYSQL="-L${with_mysql} -R${with_mysql}" ++ LIB_MYSQL="" + fi + + LIB_MYSQL_DIR=$LIB_MYSQL +@@ -672,9 +672,9 @@ + elif test -d ${with_pgsql}/pgsql/lib; then + LIB_PGSQL="-L${with_pgsql}/pgsql/lib -R${with_pgsql}/pgsql/lib" + elif test -d ${with_pgsql}/lib; then +- LIB_PGSQL="-L${with_pgsql}/lib -R${with_pgsql}/lib" ++ LIB_PGSQL="" + else +- LIB_PGSQL="-L${with_pgsql} -R${with_pgsql}" ++ LIB_PGSQL="" + fi + + LIB_PGSQL_DIR=$LIB_PGSQL --- cyrus-sasl2-2.1.19.dfsg1.orig/p/05_dbconverter.diff +++ cyrus-sasl2-2.1.19.dfsg1/p/05_dbconverter.diff @@ -0,0 +1,37 @@ +diff -urN cyrus-sasl-2.1.19/utils/Makefile.am cyrus-sasl-2.1.19.new/utils/Makefile.am +--- cyrus-sasl-2.1.19/utils/Makefile.am 2004-03-10 15:54:52.000000000 +0000 ++++ cyrus-sasl-2.1.19.new/utils/Makefile.am 2004-03-13 16:10:13.000000000 +0000 +@@ -45,10 +45,10 @@ + all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) + all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) + +-sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ ++sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ dbconverter-2 + EXTRA_PROGRAMS = saslpasswd2 sasldblistusers2 testsuite testsuitestatic smtptest + +-noinst_PROGRAMS = dbconverter-2 ++#noinst_PROGRAMS = dbconverter-2 + + if NO_SASL_DB_MANS + man_MANS = +diff -urN cyrus-sasl-2.1.19/utils/dbconverter-2.c cyrus-sasl-2.1.19.new/utils/dbconverter-2.c +--- cyrus-sasl-2.1.19/utils/dbconverter-2.c 2003-02-13 19:56:17.000000000 +0000 ++++ cyrus-sasl-2.1.19.new/utils/dbconverter-2.c 2004-03-13 16:09:53.000000000 +0000 +@@ -385,7 +385,7 @@ + + int main(int argc, char **argv) + { +- const char *db="/etc/sasldb"; ++ const char *db="/etc/sasldb2"; + int result; + + if (argc > 1) { +@@ -421,7 +421,7 @@ + + printf("\nThis program will take the sasldb file specified on the\n" + "command line and convert it to a new sasldb file in the default\n" +- "location (usually /etc/sasldb). It is STRONGLY RECOMMENDED that you\n" ++ "location (usually /etc/sasldb2). It is STRONGLY RECOMMENDED that you\n" + "backup sasldb before allowing this program to run\n\n" + "We are going to convert %s and our output will be in %s\n\n" + "Press return to continue\n", db, db_new); --- cyrus-sasl2-2.1.19.dfsg1.orig/p/02_versioned_symbols.diff +++ cyrus-sasl2-2.1.19.dfsg1/p/02_versioned_symbols.diff @@ -0,0 +1,25 @@ +diff -urN cyrus-sasl-2.1.19/lib/Makefile.am cyrus-sasl-2.1.19.new/lib/Makefile.am +--- cyrus-sasl-2.1.19/lib/Makefile.am 2004-03-09 16:54:17.000000000 +0000 ++++ cyrus-sasl-2.1.19.new/lib/Makefile.am 2004-03-13 13:32:28.000000000 +0000 +@@ -59,8 +59,8 @@ + lib_LTLIBRARIES = libsasl2.la + + libsasl2_la_SOURCES = $(common_sources) $(common_headers) +-libsasl2_la_LDFLAGS = -version-info $(sasl_version) +-libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) ++libsasl2_la_LDFLAGS = -version-info $(sasl_version) -Wl,--version-script=Versions ++libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) Versions + libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) + + if MACOSX +@@ -91,3 +91,10 @@ + libsasl2.la >TMP.$$ && mv TMP.$$ libsasl2.la + rm -f $@ + ln -s .libs/$@ $@ ++ ++Versions: $(libsasl2_la_OBJECTS) ++ rm -f $@ ++ echo "SASL2 {" > $@ ++ echo " global:" >> $@ ++ nm $(patsubst %.lo,%.o,$(libsasl2_la_OBJECTS)) | grep " [Tt] " | cut -d" " -f3 | sed -e 's/$$/;/' >>$@ ++ echo "};" >> $@ --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/control +++ cyrus-sasl2-2.1.19.dfsg1/debian/control @@ -0,0 +1,89 @@ +Source: cyrus-sasl2 +Build-Depends: autotools-dev, debhelper (>= 4), libpam0g-dev, zlib1g-dev, libdb4.3-dev, libopie-dev (>= 2.32-8), chrpath, heimdal-dev (>= 0.7.1-1), libssl-dev (>= 0.9.6d-1), libmysqlclient15-dev, libpq-dev, libldap2-dev (>= 2.1.21), automake1.7 (>= 1.7.9), autoconf (>=2.57), dbs, groff-base, comerr-dev, libtool (>= 1.5.6) +Build-Conflicts: autoconf2.13, automake1.4 +Section: devel +Priority: important +Maintainer: Dima Barsky +Standards-Version: 3.6.1 + +Package: sasl2-bin +Architecture: any +Section: utils +Depends: ${shlibs:Depends}, base-passwd (>= 3.4.2) +Description: Programs for manipulating the SASL users database + This is the Cyrus SASL API implementation, version 2. See package + libsasl2 and RFC 2222 for more information. + . + This package contains common binary files for plugin modules. + +Package: libsasl2-modules +Architecture: any +Section: libs +Replaces: libsasl2-digestmd5-plain, libsasl2-modules-plain +Conflicts: libsasl2-digestmd5-plain, libsasl2-modules-plain +Depends: libsasl2 (= ${Source-Version}), ${shlibs:Depends} +Description: Pluggable Authentication Modules for SASL + This is the Cyrus SASL API implementation, version 2. See package + libsasl2 and RFC 2222 for more information. + . + This package provides the following SASL modules: LOGIN, PLAIN, ANONYMOUS, + OTP, CRAM-MD5, and DIGEST-MD5 (with DES support). + +Package: libsasl2-modules-sql +Architecture: any +Priority: optional +Section: libs +Conflicts: libsasl2-modules (<< 2.1.14-1) +Replaces: libsasl2-modules-mysql +Depends: libsasl2 (= ${Source-Version}), ${shlibs:Depends} +Description: Pluggable Authentication Modules for SASL + This is the Cyrus SASL API implementation, version 2. See package + libsasl2 and RFC 2222 for more information. + . + This package provides the SQL plugin, which supports MySQL and PostgreSQL. + +Package: libsasl2-modules-gssapi-heimdal +Architecture: any +Priority: optional +Section: libs +Replaces: libsasl2-modules-plain (<= 2.1.5-6) +Conflicts: libsasl2-modules-plain (<= 2.1.5-6), libsasl2-gssapi-mit +Depends: libsasl2 (= ${Source-Version}), ${shlibs:Depends} +Description: Pluggable Authentication Modules for SASL + This is the Cyrus SASL API implementation, version 2. See package + libsasl2 and RFC 2222 for more information. + . + This package provides the GSSAPI plugin, compiled with the Heimdal library. + +Package: libsasl2 +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, libsasl2-modules (= ${Source-Version}) | libsasl2-modules-sql (= ${Source-Version}) | libsasl2-modules-gssapi-heimdal (= ${Source-Version}) | libsasl2-modules-kerberos-heimdal (= ${Source-Version}) +Conflicts: libsasl2-gssapi-mit (<< 2.1.18), libsasl2-krb4-mit (<< 2.1.18) +Description: Authentication abstraction library + SASL is the Simple Authentication and Security Layer, a method for + adding authentication support to connection-based protocols. To use + SASL, a protocol includes a command for identifying and + authenticating a user to a server and for optionally negotiating + protection of subsequent protocol interactions. If its use is + negotiated, a security layer is inserted between the protocol and the + connection. See RFC 2222 for more information. + . + This is the Cyrus SASL API implementation, version 2. + . + Any of: ANONYMOUS, CRAM-MD5, DIGEST-MD5, GSSAPI (MIT Kerberos 5 or Heimdal + Kerberos 5), OTP, PLAIN, or LOGIN can be used. This package is unusable + without the SASL plugins. Most likely you will need to install the + libsasl2-modules package. + +Package: libsasl2-dev +Architecture: any +Priority: optional +Section: libdevel +Depends: libsasl2 (= ${Source-Version}), libc6-dev +Conflicts: libsasl-dev +Description: Development files for authentication abstraction library + This is the Cyrus SASL API implementation, version 2. See package + libsasl2 and RFC 2222 for more information. + . + You need this package if you want to compile programs with SASL support. --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/rules +++ cyrus-sasl2-2.1.19.dfsg1/debian/rules @@ -0,0 +1,114 @@ +#!/usr/bin/make -f + +export DH_COMPAT := 4 + +# DBS options + +package := cyrus-sasl2 +PWD := $(shell pwd) + +SCRIPT_DIR = /usr/share/dbs + +# the dbs rules +TAR_DIR := cyrus-sasl-2.1.19.dfsg1 +include $(SCRIPT_DIR)/dbs-build.mk + +# dpkg-arch rules +ifeq (,$(DEB_BUILD_GNU_TYPE)) + include $(SCRIPT_DIR)/dpkg-arch.mk +endif + + +AUTOTOOLS=rm -f acinclude.m4 aclocal.m4 config/config.sub \ + config/config.guess config/ltmain.sh config/libtool.m4; \ + libtoolize --force; \ + aclocal-1.7 -I $(PWD)/$(BUILD_TREE)/cmulocal -I $(PWD)/$(BUILD_TREE)/config; \ + autoheader; \ + autoconf; \ + automake-1.7 --add-missing --include-deps; \ + touch stamp-h.in + +b := $(shell pwd)/debian/tmp + +arrange: $(STAMP_DIR)/arrange-stamp +$(STAMP_DIR)/arrange-stamp: install + dh_testdir + dh_movefiles -plibsasl2 + dh_movefiles -plibsasl2-modules-gssapi-heimdal + dh_movefiles -plibsasl2-modules-sql + dh_movefiles + touch $@ + +binary: $(STAMP_DIR)/binary-stamp +$(STAMP_DIR)/binary-stamp: binary-indep binary-arch + dh_testdir + touch $@ + +binary-arch: $(STAMP_DIR)/binary-arch-stamp +$(STAMP_DIR)/binary-arch-stamp: arrange + dh_testdir + dh_testroot + dh_installdocs -plibsasl2 $(BUILD_TREE)/NEWS $(BUILD_TREE)/README debian/README.Debian $(BUILD_TREE)/doc/*.html $(BUILD_TREE)/doc/draft*.txt $(BUILD_TREE)/doc/testing.txt + dh_installdocs -psasl2-bin $(BUILD_TREE)/saslauthd/LDAP_SASLAUTHD + dh_installdocs + dh_installexamples -plibsasl2-dev $(BUILD_TREE)/sample/*.c + dh_installinit --init-script=saslauthd + dh_installchangelogs $(BUILD_TREE)/ChangeLog + dh_strip + dh_compress + dh_fixperms + dh_makeshlibs -plibsasl2 -V + dh_installdeb + dh_shlibdeps -l$(shell pwd)/debian/libsasl2/usr/lib -- -Ldebian/libsasl2/DEBIAN/shlibs + dh_gencontrol + dh_md5sums + dh_builddeb + touch $@ + +binary-indep: $(STAMP_DIR)/binary-indep-stamp +$(STAMP_DIR)/binary-indep-stamp: arrange + dh_testdir + touch $@ + +build: $(STAMP_DIR)/build-stamp +$(STAMP_DIR)/build-stamp: config + dh_testdir + cd $(BUILD_TREE) && $(MAKE) + cd $(BUILD_TREE)/saslauthd && make testsaslauthd + cd $(BUILD_TREE)/utils && make testsuite + touch $@ + +clean: + dh_testdir + rm -rf $(STAMP_DIR) $(SOURCE_DIR) + perl $(SCRIPT_DIR)/dbs_split clean + dh_clean + +config: $(STAMP_DIR)/config-stamp +$(STAMP_DIR)/config-stamp: $(patched) + dh_testdir + cd $(BUILD_TREE) && ( \ + $(AUTOTOOLS); \ + cd saslauthd; \ + $(AUTOTOOLS); \ + cd ..; \ + ./configure --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man --with-saslauthd=/var/run/saslauthd --enable-login --enable-auth-sasldb --with-ldap --enable-sql --enable-ntlm --enable-static --enable-alwaystrue --with-devrandom=/dev/urandom) + + touch $@ + +install: $(STAMP_DIR)/install-stamp +$(STAMP_DIR)/install-stamp: build + dh_testdir + cd $(BUILD_TREE) && $(MAKE) install DESTDIR=$(b) + cp $(BUILD_TREE)/lib/.libs/libsasl2.a $(b)/usr/lib/ + cp $(BUILD_TREE)/saslauthd/testsaslauthd $(b)/usr/sbin/ + cp $(BUILD_TREE)/utils/.libs/testsuite $(b)/usr/sbin/sasltestsuite + mv $(b)/usr/sbin/dbconverter-2 $(b)/usr/sbin/sasldbconverter2 + mkdir -p $(b)/usr/share/man/man8 + cp $(BUILD_TREE)/saslauthd/saslauthd.mdoc $(b)/usr/share/man/man8/saslauthd.8 + cp $(BUILD_TREE)/saslauthd/testsaslauthd.8 $(b)/usr/share/man/man8 + cp $(BUILD_TREE)/utils/*.8 $(b)/usr/share/man/man8 + chrpath -d $(b)/usr/sbin/sasldblistusers2 $(b)/usr/sbin/saslpasswd2 + touch $@ + +.PHONY: build clean binary-indep binary-arch binary install --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/changelog +++ cyrus-sasl2-2.1.19.dfsg1/debian/changelog @@ -0,0 +1,502 @@ +cyrus-sasl2 (2.1.19.dfsg1-0.1ubuntu3) dapper-proposed; urgency=low + + * debian/rules: configure with --with-devrandom=/dev/urandom to avoid + hanging/blocking applications when entropy is exhausted. (LP: #225333) + + -- Andrew Pollock Thu, 1 May 2008 10:03:51 -0700 + +cyrus-sasl2 (2.1.19.dfsg1-0.1ubuntu2) dapper; urgency=low + + * SECURITY UPDATE: Remote DoS with crafted realms during DIGEST-MD5 + negotiation. + * Add debian/patches/27_upstream_cvs_digest-md5-crash.diff: + - plugins/digestmd5.c: Check that the provided realm is valid to avoid + crash. + - Patch taken from upstream CVS, fixed upstream in 2.1.21: + https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/ + plugins/digestmd5.c.diff?r1=1.173&r2=1.175&f=u + * CVE-2006-1721 + + -- Martin Pitt Mon, 24 Apr 2006 11:58:30 +0200 + +cyrus-sasl2 (2.1.19.dfsg1-0.1ubuntu1) dapper; urgency=low + + * Synchronize to Debian (#28137) + * Reapply remaining Ubuntu changes to clean Debian package: + - debian/patches/13_libdb42_autotools.diff, debian/control: Build against + db4.3 instead of 4.2. + - debian/control: Since the libsasl2 package description so clearly states + that the library is "completely useless" without one of the + libsasl2-modules packages, upgrade the Recommends on a single package to + an ORd Depends on the complete list of them. (Ubuntu bug #8046) + [Adam Conrad] + + -- Martin Pitt Mon, 10 Apr 2006 11:46:53 +0200 + +cyrus-sasl2 (2.1.19.dfsg1-0.1) unstable; urgency=low + + * Non-maintainer upload. + * Remove dlcompat-20010505 subdirectory from source package as it + contains non-DFSG-free source. Required regeneration of the orig.tar.gz. + Closes: #357527. + + -- dann frazier Tue, 4 Apr 2006 16:38:20 -0600 + +cyrus-sasl2 (2.1.19-1.9) unstable; urgency=low + + * Non-maintainer upload. + * debian/patches/26_fix_hurd_build.diff: Fix FTBFS on hurd-i386. + Closes: #324288. + + -- Michael Banck Fri, 20 Jan 2006 15:45:30 +0100 + +cyrus-sasl2 (2.1.19-1.8) unstable; urgency=medium + + * Non-maintainer upload. + * Medium-urgency upload for RC bugfixes. + * Rebuild against current heimdal packages, dropping the build-dependency + on the obsolete and soon-to-be-removed krb4 package; also drop the + (misnamed) libsasl2-modules-kerberos-heimdal package as a result. + Closes: #345737, 345880. + * Drop mention of KERBEROS_V4 in the libsasl2 package description. + * Build against libmysqlclient15 instead of the obsolete libmysqlclient10 + for libsasl2-modules-sql. + * debian/patches/25_postgresql_pg_config.diff: + Use pg-config --includedir in configure.in, so that cyrus-sasl2 continues + to build when the postgresql include path changes as the postgresql + maintainers are planning to do; and adjust the include path in + plugins/sql.c accordingly. Closes: #315177. + + -- Steve Langasek Sat, 7 Jan 2006 04:18:58 -0800 + +cyrus-sasl2 (2.1.19-1.7) unstable; urgency=low + + * Non-maintainer upload. + * fix FTBFS in plugins/ntlm.c with patch 24. Closes: #332703 + + -- Andreas Barth Sat, 5 Nov 2005 20:07:50 +0100 + +cyrus-sasl2 (2.1.19-1.6) unstable; urgency=medium + + * Non-maintainer upload. + * Medium-urgency upload for RC bugfixes. + * Drop the extern declaration of a static variable global_callbacks, + allowing the package to build with gcc-4.0 (closes: #285605). + * Build-Depend on libpq-dev instead of on postgresql-dev, as the + latter package name is obsolete. (Ref: #315177) + + -- Steve Langasek Wed, 24 Aug 2005 17:41:57 -0700 + +cyrus-sasl2 (2.1.19-1.5) unstable; urgency=emergency + + * NMU + * Clean-up 2.1.19-1.4 NMU: + + Since we were using an upstream CVS patch, add another patch + fixing it instead of changing the (bad) upstream CVS patch; + Sent this new patch upstream + + Set *path to NULL, not to 0 + * Add Build-Conflicts: autoconf2.13, automake1.4 + * We want something easy to merge/further fix in sarge, so this cleanup + is a good idea + + -- Henrique de Moraes Holschuh Sat, 16 Oct 2004 17:50:19 -0300 + +cyrus-sasl2 (2.1.19-1.4) unstable; urgency=low + + * NMU + * fix the security fix: Initialize *path with 0. + Closes: #276637. + + -- Andreas Barth Fri, 15 Oct 2004 20:26:41 +0200 + +cyrus-sasl2 (2.1.19-1.3) unstable; urgency=high + + * NMU + * Fix minor issue with -1.2 in patch 15, to squash a compiler + warning (just in case it becomes more than a warning in some arch): + add missing "int" to extern declaration + + -- Henrique de Moraes Holschuh Fri, 8 Oct 2004 13:06:28 -0300 + +cyrus-sasl2 (2.1.19-1.2) unstable; urgency=high + + * NMU, since I am not sure Dima is back yet + * SECURITY FIX: SASL_PATH environment variable must not be honoured on + setuid environments, otherwise we have a local privilege escalation + exploit (CVE: CAN-2004-0884), related advisories: RHSA-2004:546-02; + GLSA 200410-05 + * upstream CVS: lib/common.c: don't honor SASL_PATH in setuid + environment. from Gentoo (CVE CAN-2004-0884); (closes: #275431) + * upstream CVS: plugins/kerberos4.c: document weirdness with openssl DES + * upstream CVS: plugins/cram.c,plugins/anonymous.c,plugins/login.c, + plugins/plain.c,plugins/sasldb.c: Fixed several 64 bit portability + warnings + * Forward port sasl_set_alloc locking patch from SASL 1.5, to avoid + problems with the braindead idea of globals SASL has, and with libraries + that think they can get around mucking with them (hello openldap!) + (closes: #274087) + + -- Henrique de Moraes Holschuh Fri, 8 Oct 2004 11:15:39 -0300 + +cyrus-sasl2 (2.1.19-1.1) unstable; urgency=medium + + * NMU with permission from the maintainer + * Release Manager: + SASL 2.1.18 (currently in sarge) is very unusable. Please accept + this upload for sarge. The main reasons justifying this are: + * Security fixes from upstream: at least one buffer overflow + was plugged in 2.1.19, and the code was made more secure, which may + have plugged other latent security bugs. + * Essential feature: 2.1.18 has a very bad regression in that saslauthd + cannot support realms embedded inside the username as previous + versions did. However, that regression is exactly how it should be + behaving since day one, never mind that too many setups are hopeless + with the realm information out-of-band. 2.1.19 adds a "-r" option to + saslauthd which restores the former behaviour. Both behaviours are + needed, depending on the SASL mechs being used (one sends the realm + out-of-band, the other in-band). Users have complained loudly about + this issue, not only in Debian, but in the SASL and Cyrus IMAP + mailinglists as well. For way too many people and setups, "-r" is + essential + * Essential bug fixes: Digest-MD5 and GSSAPI are quite broken in + 2.1.18, and extensive fixes were applied on them in 2.1.19. In fact, + 2.1.18 GSSAPI does _not_ work completely right against Heimdall and + MIT kerberos. + * ABI version issue: the 2.1.19-1 Debian package was uploaded to + _unstable_ before the freeze. Maybe because of that, the maintainer + did upgrade the shlibs dependency to 2.1.19 (I have confirmed that to be + required for SASL modules, so it appears to be really required). + Packages built in _unstable_ since them are being held back due to + this issue. The best fix for packages that use libsasl2 *is* getting + this new version into sarge, due to all other fixes. + * Bugs closed in 2.1.19-1, but not ackwnoleged before: + * Fix FTBFS in hppa, due to broken libtool usage, thanks to Steve Langasek + for the patch (closes: #245818) + * 2.1.19 supports saslauthd "-r" option (closes: #248333, #256808) + * Changes in this NMU: + * upstream CVS: plugins/digestmd5.c: Fix handling of client realm callback + * upstream CVS: plugins/gssapi.c: Memory management cleanup + * upstream CVS: configure.in, plugins/gssapi.c: Wrap all GSS calls + in mutexes when required by the implementation (closes: #202836) + THIS PATCH PROBABLY SHOULD BE SET TO DISABLED BY DEFAULT WHEN MIT + KERBEROS 1.3.5 ENTERS UNSTABLE + (see https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2255) + * Libtool is refreshed at every build, so this upload closes: #262339 + * debian/control: build-depend on debhelper (>= 4) + * debian/control: build-depend on libtool (>= 1.5.6) instead of (>= + 1.5.2-1) + * Fix initscript to return status 0 if stop called when daemon is + already stopped (closes: #242184) + + -- Henrique de Moraes Holschuh Sat, 14 Aug 2004 13:04:38 -0300 + +cyrus-sasl2 (2.1.19-1) unstable; urgency=medium + + * New upstream version (Closes: #259503, #259658) + * Acknowledge the last NMU (closes: #254818) + * Build against libdb4.2 (closes: #253894) + * Fixed the path to saslauthd.conf in the saslauthd + man page (Closes: #254454) + + -- Dima Barsky Sun, 4 Jul 2004 20:38:53 +0100 + +cyrus-sasl2 (2.1.18-4.1) unstable; urgency=low + + * NMU. + * Fix FTBFS, non-PIC in shared lib (closes: #254818). + + -- Matthias Klose Fri, 21 May 2004 08:02:44 +0200 + +cyrus-sasl2 (2.1.18-4) unstable; urgency=medium + + * Added the build dependency on libtool + + -- Dima Barsky Mon, 19 Apr 2004 13:46:23 +0100 + +cyrus-sasl2 (2.1.18-3) unstable; urgency=medium + + * Update config.{sub,guess} at the build time + * Added conflict with old MIT kerberos packages (Closes: #240714) + + -- Dima Barsky Sun, 18 Apr 2004 18:02:48 +0100 + +cyrus-sasl2 (2.1.18-2) unstable; urgency=low + + * Renamed libsasl2-modules-mysql to libsasl2-modules-sql + * Reduced some packages' priority to optional, only the core remain important. + * Enabled KRB4 (should've done it in 2.1.18-1). + + -- Dima Barsky Sun, 21 Mar 2004 01:07:40 +0000 + +cyrus-sasl2 (2.1.18-1) unstable; urgency=low + + * New upstream release (Closes: #232086) + * Revised Build-Depends list (Closes: #212615) + * Fixed typo in debian/control, thanks to hmh@debian.org (Closes: #213521) + * Fixed mutex handling (Closes: #223253) + * Use single -a for several mechanisms in /etc/init.d/saslauthd + (Closes: #202354) + * Fixed sasltestsuite (Closes: #217538) + + -- Dima Barsky Sat, 13 Mar 2004 16:16:26 +0000 + +cyrus-sasl2 (2.1.15-6) unstable; urgency=low + + * Acknowledging the last two NMUs (Closes: #213510, #212945, #212318, #211958) + * Added -fno-strict-aliasing flag (Closes: #215862) + + -- Dima Barsky Sun, 26 Oct 2003 01:26:53 +0100 + +cyrus-sasl2 (2.1.15-5.2) unstable; urgency=low + + * NMU + * Eeek, kill acinclude.m4 (what the FUCK is it doing there anyway?!) + so as to correctly update the libtool environment (Closes: #213510) + * While at it fix some stuff in the control file: + + Section: libs for libsasl2-* since SASL runtime environment is NOT + a devel suite + * Document rather bluntly the extreme need for sasl modules for this + lib to actually work in README.Debian + + -- Henrique de Moraes Holschuh Tue, 30 Sep 2003 21:14:56 -0300 + +cyrus-sasl2 (2.1.15-5.1) unstable; urgency=low + + * NMU + * Rebuild, to get correct heimdal dependencies. Also add comerr-dev to + build-dependency list (Closes: #212945) + * Build-depend on libtool1.4 (Closes: #212318) + + -- Henrique de Moraes Holschuh Tue, 30 Sep 2003 13:56:28 -0300 + +cyrus-sasl2 (2.1.15-5) unstable; urgency=low + + * Set priority to "important" (Closes: #202876) + * Run aclocal,autoconf,automake, and autoheader in saslauthd + directory as well as the top one (Closes: #203096) + * Registered a conflict between *-heimdal packages and *-mit ones + (Closes: #202838) + * Grabbed doc/components.html from the SASL CVS (Closes: #202642) + -- Dima Barsky Thu, 31 Jul 2003 21:17:09 +0100 + +cyrus-sasl2 (2.1.15-4) unstable; urgency=low + + * Removed build dependency on libopenafs-dev, it was only required for + SASL1. SASL2 can take the DES library from libssl-dev (Closes: #202569). + + -- Dima Barsky Wed, 23 Jul 2003 12:50:59 +0100 + +cyrus-sasl2 (2.1.15-3) unstable; urgency=low + + * Added build dependency on groff-base + + -- Dima Barsky Mon, 21 Jul 2003 12:39:50 +0100 + +cyrus-sasl2 (2.1.15-2) unstable; urgency=low + + * Added build dependency on dbs and libopenafs-dev + + -- Dima Barsky Mon, 21 Jul 2003 11:43:38 +0100 + +cyrus-sasl2 (2.1.15-1) unstable; urgency=low + + * New upstream release + * Added LDAP_SASLAUTHD doc file to sasl2-bin (Closes: #201893) + * Added build dependency on automake1.4 and autoconf2.13 + + -- Dima Barsky Tue, 15 Jul 2003 21:39:08 +0100 + +cyrus-sasl2 (2.1.14-1) unstable; urgency=low + + * New upstream release + * Changed the build system to dbs. + * THe GSSAPI segfault has been fixed upstream (Closes: #192502) + * Fixed a typo in the sasl2-bin description (Closes: #197070, #193958) + * Made a separate package for the MYSQL plugin (Closes: #188716, #166702, #190673) + * Moved libsasldb plugin into the libsasl2 package. + + -- Dima Barsky Mon, 14 Jul 2003 07:04:47 +0100 + +cyrus-sasl2 (2.1.12-1) unstable; urgency=low + + * New upstream release + * Changed variable 'c' in testsuite.c:2871 from char to int + (Closes: #177426) + * Recompiled with the latest heimdal libraries (Closes: #179810) + * Removed RFC documents from libsasl2 (Closes: #178987) + + -- Dima Barsky Sat, 15 Mar 2003 22:29:25 +0000 + +cyrus-sasl2 (2.1.10-1) unstable; urgency=low + + * New upstream release (Closes: #172453) + * Included sasldbconverter2 (Closes: #170740) + * Removed duplicate "--with-ldap" from debian/rules (Closes: #167858) + * Added "--sysconfdir=/etc" to debian/rules (Closes: #167855) + * Changed libsasl2 -> libsasl2-modules dependency from Suggests to + Recommends (Closes: #171938) + * Added "--enable-alwaystrue" to debian/rules (Closes: #170495) + * Included testsaslauthd (Closes: #167876) + * Included sasltestsuite (Closes: #166538) + + -- Dima Barsky Mon, 23 Dec 2002 16:07:31 +0000 + +cyrus-sasl2 (2.1.9-5) unstable; urgency=low + + * Updated libtool files inside saslauthd/config/ (Closes: #166810) + * Enabled NTLM module + * Enabled LDAP support for saslauthd + + -- Dima Barsky Mon, 28 Oct 2002 21:12:56 +0000 + +cyrus-sasl2 (2.1.9-4) unstable; urgency=low + + * Enabled DO_DLOPEN unconditionally in configure.in + + -- Dima Barsky Mon, 28 Oct 2002 00:20:55 +0000 + +cyrus-sasl2 (2.1.9-3) unstable; urgency=low + + * Added AM_MAINTAINER_MODE to configure.in + + -- Dima Barsky Sat, 26 Oct 2002 01:46:13 +0100 + +cyrus-sasl2 (2.1.9-2) unstable; urgency=low + + * Added dbconverter-2 as /usr/sbin/sasldbconverter-2 + * Added build dependency on zlib1g-dev + + -- Dima Barsky Fri, 25 Oct 2002 22:28:30 +0100 + +cyrus-sasl2 (2.1.9-1) unstable; urgency=low + + * New upstream release + * shlibs now refers to the current version (Closes: #163845) + * sasl2-bin now uses dpkg-statoverride to manage permissions of + /var/run/saslauthd and /etc/sasldb2 (Closes: #163042, #164393) + + -- Dima Barsky Mon, 21 Oct 2002 22:01:01 +0100 + +cyrus-sasl2 (2.1.7-3) unstable; urgency=low + + * Added shlibs file (Closes: #162927) + + -- Dima Barsky Tue, 1 Oct 2002 17:44:36 +0100 + +cyrus-sasl2 (2.1.7-2) unstable; urgency=low + + * Build with versioned symbols + * Another split: KERBEROS mechanism is now in a separate module (Closes: #154153) + * README.Debian has been updated a while ago, we can + close bug 146543 now. (Closes: #146543) + + -- Dima Barsky Mon, 30 Sep 2002 17:23:12 +0100 + +cyrus-sasl2 (2.1.7-1) unstable; urgency=low + + * New upstream version (Closes: #156286, #158296) + * Enabled ldap and mysql (Closes: #155025, #154965) + * /etc/sasldb2 and /var/run/saslauthd now belong to the group "sasl" + and are group-readable (Closes: #151798) + + -- Dima Barsky Thu, 25 Sep 2002 15:51:12 +0100 + +cyrus-sasl2 (2.1.6-1) unstable; urgency=low + + * New upstream version + * Make sure autoheader is not invoked at the build stage (Closes: #153127) + + -- Dima Barsky Wed, 17 Jul 2002 12:19:29 +0100 + +cyrus-sasl2 (2.1.5-7) unstable; urgency=low + + * Separated heimdal-dependent plugins into the + libsasl2-modules-gssapi-heimdal package + * Updated libtool to the latest version (Closes: #146229) + * Changed permissions on /var/run/saslauthd to 711 (Closes: #151796) + + -- Dima Barsky Thu, 4 Jul 2002 09:24:42 +0100 + +cyrus-sasl2 (2.1.5-6) unstable; urgency=low + + * Removed build dependency on automake + + -- Dima Barsky Wed, 3 Jul 2002 09:51:47 +0100 + +cyrus-sasl2 (2.1.5-5) unstable; urgency=low + + * Added a few packages to the Build-Depends list + + -- Dima Barsky Tue, 2 Jul 2002 16:22:57 +0100 + +cyrus-sasl2 (2.1.5-4) unstable; urgency=low + + * Enabled DES, KERBEROS, and GSSAPI + * Merged all modules into the package libsasl2-modules + + -- Dima Barsky Tue, 2 Jul 2002 13:10:10 +0100 + +cyrus-sasl2 (2.1.5-3) unstable; urgency=low + + * Enabled sasldb in saslauthd (Closes: 146791) + + -- Dima Barsky Tue, 2 Jul 2002 11:50:03 +0100 + +cyrus-sasl2 (2.1.5-2) unstable; urgency=low + + * Preserve /usr/lib/sasl2/*.la (Closes: #151567) + + -- Dima Barsky Mon, 1 Jul 2002 19:24:21 +0100 + +cyrus-sasl2 (2.1.5-1) unstable; urgency=low + + * New upstream version (Closes: #133458, #148693, #131792, #150957) + * Added explicit rule for building libsasl2.a (Closes: #144200) + * Added a warning about /dev/random to README.Debian (Closes: #146982) + * /var/run/saslauthd/mux is now world-readable (Closes: #147484) + * Modified sasl2-bin.default to make it clear that MECHANISMS is a + space separated lists, so it should be quoted if there is more + than one item in it (Closes: #146790) + + -- Dima Barsky Sun, 30 Jun 2002 01:19:16 +0100 + +cyrus-sasl2 (2.1.2-2) unstable; urgency=low + + * Fixed saslauthd man page (Closes: #131791) + + -- Dima Barsky Wed, 27 Mar 2002 15:27:39 +0000 + +cyrus-sasl2 (2.1.2-1) unstable; urgency=low + + * New upstream version + * Changed --without-gssapi to --disable-gssapi + * Closes: #131792 + + -- Dima Barsky Tue, 26 Mar 2002 22:29:12 +0000 + +cyrus-sasl2 (2.1.1-0.2) unstable; urgency=low + + * Fix a naming problem with the init script. + * Fix problems with the init script itself. + + -- Michael Alan Dorman Sun, 17 Mar 2002 15:44:45 -0500 + +cyrus-sasl2 (2.1.1-0.1) unstable; urgency=low + + * New upstream version + * Total rewrite of debian/rules, fold everything into nice, standard debhelper usage + * Functionality to auto-start saslauthd, which configury through /etc/default/saslauthd + + -- Michael Alan Dorman Sun, 17 Mar 2002 15:09:55 -0500 + +cyrus-sasl2 (2.1.0-2) unstable; urgency=low + + * Added build dependency on libopie-dev + + -- Dima Barsky Sun, 27 Jan 2002 20:07:15 +0000 + +cyrus-sasl2 (2.1.0-1) unstable; urgency=low + + * Initial release of cyrus-sasl2 + + -- Dima Barsky Sun, 20 Jan 2002 14:36:45 +0000 --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/sasl2-bin.default +++ cyrus-sasl2-2.1.19.dfsg1/debian/sasl2-bin.default @@ -0,0 +1,9 @@ +# This needs to be uncommented before saslauthd will be run automatically +# START=yes + +# You must specify the authentication mechanisms you wish to use. +# This defaults to "pam" for PAM support, but may also include +# "shadow" or "sasldb", like this: +# MECHANISMS="pam shadow" + +MECHANISMS="pam" --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/sasl2-bin.files +++ cyrus-sasl2-2.1.19.dfsg1/debian/sasl2-bin.files @@ -0,0 +1,7 @@ +usr/sbin/saslauthd +usr/sbin/sasltestsuite +usr/sbin/testsaslauthd +usr/sbin/sasldblistusers2 +usr/sbin/saslpasswd2 +usr/sbin/sasldbconverter2 +usr/share/man/man8/* --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/13_libdb42_autotools.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/13_libdb42_autotools.diff @@ -0,0 +1,22 @@ +diff -Nru3 ./cyrus-sasl-2.1.18/cmulocal/berkdb.m4 ../build-tree.new/cyrus-sasl-2.1.18/cmulocal/berkdb.m4 +--- ./cyrus-sasl-2.1.18/cmulocal/berkdb.m4 2004-02-14 21:13:03.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.18/cmulocal/berkdb.m4 2004-07-04 12:42:28.000000000 +0100 +@@ -211,11 +211,13 @@ + BDB_LIBADD="" + fi + +- for dbname in db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db +- do +- AC_CHECK_LIB($dbname, db_create, BDB_LIBADD="$BDB_LIBADD -l$dbname"; +- dblib="berkeley"; break, dblib="no") +- done ++# for dbname in db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db ++# do ++# AC_CHECK_LIB($dbname, db_create, BDB_LIBADD="$BDB_LIBADD -l$dbname"; ++# dblib="berkeley"; break, dblib="no") ++# done ++ BDB_LIBADD="$BDB_LIBADD -ldb-4.2"; ++ dblib="berkeley"; + if test "$dblib" = "no"; then + AC_CHECK_LIB(db, db_open, BDB_LIBADD="$BDB_LIBADD -ldb"; + dblib="berkeley"; dbname=db, --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/README.Debian +++ cyrus-sasl2-2.1.19.dfsg1/debian/README.Debian @@ -0,0 +1,26 @@ +================================================================== + +IMPORTANT: +You MUST install one of the libsasl2-modules* packages for SASL to +work. Otherwise postfix-tls won't speak TLS, Cyrus IMAPd won't +ever allow any users to login, and other SASL apps will malfuntion +in weird ways and there will be even more pain and sorrow in the +world (yours). + +================================================================== + +SASL2 uses /dev/random, which can block on a machine with too many +connections. If you are going to use it on a busy machine, consider +installing an entropy gathering card. + +Use dpkg-statoverride to change the permission and the ownership +of /var/run/saslauthd and /etc/sasldb2. + +The following RFC documents used to included into the libsasl2 package + +rfc1321.txt rfc1939.txt rfc2104.txt rfc2195.txt rfc2222.txt +rfc2243.txt rfc2245.txt rfc2289.txt rfc2444.txt rfc2595.txt +rfc2831.txt rfc2945.txt rfc3174.txt + +They are not part of any cyrus-sasl package any more, you can find +them in doc-rfc-std or doc-rfc-std-proposed Debian packages. --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/libsasl2-modules-gssapi-heimdal.files +++ cyrus-sasl2-2.1.19.dfsg1/debian/libsasl2-modules-gssapi-heimdal.files @@ -0,0 +1 @@ +usr/lib/sasl2/libgssapi* --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/libsasl2-dev.files +++ cyrus-sasl2-2.1.19.dfsg1/debian/libsasl2-dev.files @@ -0,0 +1,4 @@ +usr/include/sasl +usr/lib/libsasl2.?? +usr/lib/libsasl2.a +usr/share/man/man3 --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/libsasl2-modules-sql.files +++ cyrus-sasl2-2.1.19.dfsg1/debian/libsasl2-modules-sql.files @@ -0,0 +1 @@ +usr/lib/sasl2/libsql* --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/sasl2-bin.init +++ cyrus-sasl2-2.1.19.dfsg1/debian/sasl2-bin.init @@ -0,0 +1,87 @@ +#!/bin/sh -e + +NAME=saslauthd +DAEMON="/usr/sbin/${NAME}" +DESC="SASL Authentication Daemon" +DEFAULTS=/etc/default/saslauthd +PWDIR=/var/run/saslauthd +PIDFILE="/var/run/${NAME}/saslauthd.pid" + +createdir() { +# $1 = user +# $2 = group +# $3 = permissions (octal) +# $4 = path to directory + [ -d "$4" ] || mkdir -p "$4" + chown -c -h "$1:$2" "$4" + chmod -c "$3" "$4" +} + +test -f "${DAEMON}" || exit 0 + +# Source defaults file; edit that file to configure this script. +if [ -e "${DEFAULTS}" ]; then + . "${DEFAULTS}" +fi + +# If we're not to start the daemon, simply exit +if [ "${START}" != "yes" ]; then + exit 0 +fi + +# If we have no mechanisms defined +if [ "x${MECHANISMS}" = "x" ]; then + echo "You need to configure ${DEFAULTS} with mechanisms to be used" + exit 0 +fi + +# Add our mechanimsms with the necessary flag +PARAMS="${PARAMS} -a ${MECHANISMS}" + +START="--start --quiet --pidfile ${PIDFILE} --startas ${DAEMON} --name ${NAME} -- ${PARAMS}" + +# Consider our options +case "${1}" in + start) + echo -n "Starting ${DESC}: " + dir=`dpkg-statoverride --list $PWDIR` + test -z "$dir" || createdir $dir + if start-stop-daemon ${START} >/dev/null 2>&1 ; then + echo "${NAME}." + else + if start-stop-daemon --test ${START} >/dev/null 2>&1; then + echo "(failed)." + exit 1 + else + echo "${DAEMON} already running." + exit 0 + fi + fi + ;; + stop) + echo -n "Stopping ${DESC}: " + if start-stop-daemon --stop --quiet --pidfile "${PIDFILE}" \ + --startas ${DAEMON} --retry 10 --name ${NAME} \ + >/dev/null 2>&1 ; then + echo "${NAME}." + else + if start-stop-daemon --test ${START} >/dev/null 2>&1; then + echo "(not running)." + exit 0 + else + echo "(failed)." + exit 1 + fi + fi + ;; + restart|force-reload) + $0 stop + exec $0 start + ;; + *) + echo "Usage: /etc/init.d/${NAME} {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/24_openssl098.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/24_openssl098.diff @@ -0,0 +1,11 @@ +diff -ruN cyrus-sasl-2.1.19.dfsg1-old/plugins/ntlm.c cyrus-sasl-2.1.19.dfsg1/plugins/ntlm.c +--- cyrus-sasl-2.1.19.dfsg1-old/plugins/ntlm.c 2004-06-30 14:50:04.000000000 +0000 ++++ cyrus-sasl-2.1.19.dfsg1/plugins/ntlm.c 2005-10-20 14:05:26.000000000 +0000 +@@ -74,6 +74,7 @@ + #endif /* WIN32 */ + + #include ++#include + #include + #include + #include --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/01_maintainer_mode.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/01_maintainer_mode.diff @@ -0,0 +1,11 @@ +diff -urN cyrus-sasl-2.1.19.dfsg1/configure.in cyrus-sasl-2.1.19.dfsg1.new/configure.in +--- cyrus-sasl-2.1.19.dfsg1/configure.in 2004-03-13 13:26:35.000000000 +0000 ++++ cyrus-sasl-2.1.19.dfsg1.new/configure.in 2004-03-13 13:26:28.000000000 +0000 +@@ -61,6 +61,7 @@ + dnl + AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.19) + CMU_INIT_AUTOMAKE ++AM_MAINTAINER_MODE + + # and include our config dir scripts + ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config" --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/22_237x_3_sasl_upstream_cvs-FIX.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/22_237x_3_sasl_upstream_cvs-FIX.diff @@ -0,0 +1,11 @@ +diff -ruN cyrus-sasl-2.1.19.dfsg1.orig/lib/common.c cyrus-sasl-2.1.19.dfsg1/lib/common.c +--- cyrus-sasl-2.1.19.dfsg1.orig/lib/common.c 2004-10-16 17:48:04.000000000 -0300 ++++ cyrus-sasl-2.1.19.dfsg1/lib/common.c 2004-10-16 17:48:56.000000000 -0300 +@@ -1846,6 +1846,7 @@ + if (! path) + return SASL_BADPARAM; + ++ *path = NULL; + /* Honor external variable only in a safe environment */ + if (getuid() == geteuid() && getgid() == getegid()) + *path = getenv(SASL_PATH_ENV_VAR); --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/26_fix_hurd_build.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/26_fix_hurd_build.diff @@ -0,0 +1,10 @@ +--- cyrus-sasl-2.1.19.dfsg1/saslauthd/auth_sasldb.c.orig 2005-01-25 11:13:48.000000000 +0100 ++++ cyrus-sasl-2.1.19.dfsg1/saslauthd/auth_sasldb.c 2005-01-25 11:14:15.000000000 +0100 +@@ -41,6 +41,7 @@ + #include + #include + #include ++#include + /* END PUBLIC DEPENDENCIES */ + + #define RETURN(x) return strdup(x) --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/20_2373_sasl_upstream_cvs.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/20_2373_sasl_upstream_cvs.diff @@ -0,0 +1,47 @@ +--------------------- +PatchSet 2373 +Date: 2004/08/06 19:29:44 +Author: shadow +Branch: HEAD +Tag: (none) +Log: +initialize authid to null so stack garbage is not pushed into _sasl_canon_user + +Members: + plugins/cram.c:1.83->1.84 + +Index: cyrus-sasl-2.1.19.dfsg1/plugins/cram.c +=================================================================== +RCS file: /cvs/src/sasl/plugins/cram.c,v +retrieving revision 1.83 +retrieving revision 1.84 +diff -u -r1.83 -r1.84 +--- cyrus-sasl-2.1.19.dfsg1/plugins/cram.c 15 Dec 2003 20:04:22 -0000 1.83 ++++ cyrus-sasl-2.1.19.dfsg1/plugins/cram.c 6 Aug 2004 20:29:44 -0000 1.84 +@@ -1,7 +1,7 @@ + /* CRAM-MD5 SASL plugin + * Rob Siemborski + * Tim Martin +- * $Id: cram.c,v 1.83 2003/12/15 20:04:22 rjs3 Exp $ ++ * $Id: cram.c,v 1.84 2004/08/06 20:29:44 shadow Exp $ + */ + /* + * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. +@@ -65,7 +65,7 @@ + + /***************************** Common Section *****************************/ + +-static const char plugin_id[] = "$Id: cram.c,v 1.83 2003/12/15 20:04:22 rjs3 Exp $"; ++static const char plugin_id[] = "$Id: cram.c,v 1.84 2004/08/06 20:29:44 shadow Exp $"; + + /* convert a string of 8bit chars to it's representation in hex + * using lowercase letters +@@ -507,7 +507,7 @@ + sasl_out_params_t *oparams) + { + client_context_t *text = (client_context_t *) conn_context; +- const char *authid; ++ const char *authid = NULL; + sasl_secret_t *password = NULL; + unsigned int free_password = 0; /* set if we need to free password */ + int auth_result = SASL_OK; --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/00_strict-aliasing.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/00_strict-aliasing.diff @@ -0,0 +1,12 @@ +diff -urN cyrus-sasl-2.1.19.dfsg1/configure.in cyrus-sasl-2.1.19.dfsg1.new/configure.in +--- cyrus-sasl-2.1.19.dfsg1/configure.in 2004-03-09 16:54:13.000000000 +0000 ++++ cyrus-sasl-2.1.19.dfsg1.new/configure.in 2004-03-13 13:13:25.000000000 +0000 +@@ -115,7 +115,7 @@ + fi + + if test "$ac_cv_prog_gcc" = yes; then +- CFLAGS="-Wall -W ${CFLAGS}" ++ CFLAGS="-Wall -W -fno-strict-aliasing ${CFLAGS}" + fi + + AC_ARG_WITH(purecov,[ --with-purecov link with purecov]) --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/20_2372_sasl_upstream_cvs.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/20_2372_sasl_upstream_cvs.diff @@ -0,0 +1,175 @@ +--------------------- +PatchSet 2372 +Date: 2004/07/29 18:21:56 +Author: rjs3 +Branch: HEAD +Tag: (none) +Log: +fix handling of digest-md5 realm callback (Alexey Melnikov ) + +Members: + ChangeLog:1.688->1.689 + plugins/digestmd5.c:1.172->1.173 + +Index: cyrus-sasl-2.1.19.dfsg1/ChangeLog +=================================================================== +RCS file: /cvs/src/sasl/ChangeLog,v +retrieving revision 1.688 +retrieving revision 1.689 +diff -u -r1.688 -r1.689 +--- cyrus-sasl-2.1.19.dfsg1/ChangeLog 21 Jul 2004 14:39:49 -0000 1.688 ++++ cyrus-sasl-2.1.19.dfsg1/ChangeLog 29 Jul 2004 19:21:56 -0000 1.689 +@@ -1,3 +1,7 @@ ++2004-07-29 Rob Siemborski ++ * plugins/digestmd5.c: Fix handling of client realm callback ++ (Alexey Melnikov ) ++ + 2004-07-21 Rob Siemborski + * plugins/gssapi.c: Memory management cleanup + (Alexey Melnikov ) +Index: cyrus-sasl-2.1.19.dfsg1/plugins/digestmd5.c +=================================================================== +RCS file: /cvs/src/sasl/plugins/digestmd5.c,v +retrieving revision 1.172 +retrieving revision 1.173 +diff -u -r1.172 -r1.173 +--- cyrus-sasl-2.1.19.dfsg1/plugins/digestmd5.c 6 Jul 2004 14:03:49 -0000 1.172 ++++ cyrus-sasl-2.1.19.dfsg1/plugins/digestmd5.c 29 Jul 2004 19:21:57 -0000 1.173 +@@ -3,7 +3,7 @@ + * Rob Siemborski + * Tim Martin + * Alexey Melnikov +- * $Id: digestmd5.c,v 1.172 2004/07/06 14:03:49 rjs3 Exp $ ++ * $Id: digestmd5.c,v 1.173 2004/07/29 19:21:57 rjs3 Exp $ + */ + /* + * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. +@@ -120,7 +120,7 @@ + + /***************************** Common Section *****************************/ + +-static const char plugin_id[] = "$Id: digestmd5.c,v 1.172 2004/07/06 14:03:49 rjs3 Exp $"; ++static const char plugin_id[] = "$Id: digestmd5.c,v 1.173 2004/07/29 19:21:57 rjs3 Exp $"; + + /* Definitions */ + #define NONCE_SIZE (32) /* arbitrary */ +@@ -153,6 +153,8 @@ + + #define NEED_ESCAPING "\"\\" + ++#define REALM_CHAL_PREFIX "Available realms:" ++ + static char *quote (char *str); + + struct context; +@@ -223,6 +225,10 @@ + unsigned int nonce_count; + unsigned char *cnonce; + ++ /* only used by the client */ ++ char ** realms; ++ int realm_cnt; ++ + char *response_value; + + unsigned int seqnum; +@@ -1521,11 +1527,21 @@ + const sasl_utils_t *utils) + { + context_t *text = (context_t *) conn_context; ++ int lup; + + if (!text || !utils) return; + + if (text->authid) utils->free(text->authid); + if (text->realm) utils->free(text->realm); ++ ++ if (text->realms) { ++ /* need to free all the realms */ ++ for (lup = 0; lup < text->realm_cnt; lup++) ++ utils->free (text->realms[lup]); ++ ++ utils->free(text->realms); ++ } ++ + if (text->nonce) utils->free(text->nonce); + if (text->cnonce) utils->free(text->cnonce); + +@@ -3497,6 +3513,8 @@ + int auth_result = SASL_OK; + int pass_result = SASL_OK; + int realm_result = SASL_FAIL; ++ int i; ++ size_t len; + + /* try to get the authid */ + if (oparams->authid == NULL) { +@@ -3562,12 +3580,29 @@ + (pass_result == SASL_INTERACT) || (realm_result == SASL_INTERACT)) { + + /* make our default realm */ +- if ((realm_result == SASL_INTERACT) && params->serverFQDN) { +- realm_chal = params->utils->malloc(3+strlen(params->serverFQDN)); +- if (realm_chal) { +- sprintf(realm_chal, "{%s}", params->serverFQDN); +- } else { +- return SASL_NOMEM; ++ if (realm_result == SASL_INTERACT) { ++ if (realms) { ++ len = strlen(REALM_CHAL_PREFIX); ++ for (i = 0; i < nrealm; i++) { ++ len += strlen(realms[i]) + 4 /* " {}," */; ++ } ++ realm_chal = params->utils->malloc(len + 1); ++ strcpy (realm_chal, REALM_CHAL_PREFIX); ++ for (i = 0; i < nrealm; i++) { ++ strcat (realm_chal, " {"); ++ strcat (realm_chal, realms[i]); ++ strcat (realm_chal, "},"); ++ } ++ /* Replace the terminating comma with dot */ ++ realm_chal[len-1] = '.'; ++ ++ } else if (params->serverFQDN) { ++ realm_chal = params->utils->malloc(3+strlen(params->serverFQDN)); ++ if (realm_chal) { ++ sprintf(realm_chal, "{%s}", params->serverFQDN); ++ } else { ++ return SASL_NOMEM; ++ } + } + } + +@@ -3738,7 +3773,15 @@ + /* free realms */ + params->utils->free(realms); + realms = NULL; ++ } else { ++ /* Save realms for later use */ ++ text->realms = realms; ++ text->realm_cnt = nrealm; + } ++ } else { ++ /* Restore the list of realms */ ++ realms = text->realms; ++ nrealm = text->realm_cnt; + } + + result = ask_user_info(ctext, params, realms, nrealm, +@@ -3761,16 +3804,6 @@ + result = SASL_CONTINUE; + + FreeAllocatedMem: +- if (realms) { +- int lup; +- +- /* need to free all the realms */ +- for (lup = 0;lup < nrealm; lup++) +- params->utils->free(realms[lup]); +- +- params->utils->free(realms); +- } +- + return result; + } + --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/06_testsuite.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/06_testsuite.diff @@ -0,0 +1,33 @@ +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/utils/testsuite.c ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/utils/testsuite.c +--- ./cyrus-sasl-2.1.19.dfsg1/utils/testsuite.c 2004-06-30 20:40:27.000000000 +0100 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/utils/testsuite.c 2004-07-17 19:19:51.000000000 +0100 +@@ -467,9 +467,9 @@ + *len = strlen("sasldb"); + return SASL_OK; + } else if (!strcmp(option, "sasldb_path")) { +- *result = "./sasldb"; ++ *result = "/etc/sasldb2"; + if (len) +- *len = strlen("./sasldb"); ++ *len = strlen("/etc/sasldb2"); + return SASL_OK; + } else if (!strcmp(option, "canon_user_plugin")) { + *result = cu_plugin; +@@ -2867,7 +2867,7 @@ + void usage(void) + { + printf("Usage:\n" \ +- " testsuite [-g name] [-s seed] [-r tests] -a -M\n" \ ++ " sasltestsuite [-g name] [-s seed] [-r tests] -a -M\n" \ + " g -- gssapi service name to use (default: host)\n" \ + " r -- # of random tests to do (default: 25)\n" \ + " a -- do all corruption tests (and ignores random ones unless -r specified)\n" \ +@@ -2880,7 +2880,7 @@ + + int main(int argc, char **argv) + { +- char c; ++ int c; + int random_tests = -1; + int do_all = 0; + int skip_do_correct = 0; --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/27_upstream_cvs_digest-md5-crash.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/27_upstream_cvs_digest-md5-crash.diff @@ -0,0 +1,13 @@ +diff -ruN cyrus-sasl-2.1.19.dfsg1-old/plugins/digestmd5.c cyrus-sasl-2.1.19.dfsg1/plugins/digestmd5.c +--- cyrus-sasl-2.1.19.dfsg1-old/plugins/digestmd5.c 2006-04-24 11:56:11.000000000 +0200 ++++ cyrus-sasl-2.1.19.dfsg1/plugins/digestmd5.c 2006-04-24 11:57:04.000000000 +0200 +@@ -2242,7 +2242,8 @@ + } + + /* Sanity check the parameters */ +- if (strcmp(realm, text->realm) != 0) { ++ if (((realm != NULL) && (strcmp(realm, text->realm) != 0)) && ++ (text->realm[0] != 0)) { + SETERROR(sparams->utils, + "realm changed: authentication aborted"); + result = SASL_BADAUTH; --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/20_2371_sasl_upstream_cvs.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/20_2371_sasl_upstream_cvs.diff @@ -0,0 +1,28 @@ +--------------------- +PatchSet 2371 +Date: 2004/07/21 14:39:49 +Author: rjs3 +Branch: HEAD +Tag: (none) +Log: +updated + +Members: + ChangeLog:1.687->1.688 + +Index: cyrus-sasl-2.1.19.dfsg1/ChangeLog +=================================================================== +RCS file: /cvs/src/sasl/ChangeLog,v +retrieving revision 1.687 +retrieving revision 1.688 +diff -u -r1.687 -r1.688 +--- cyrus-sasl-2.1.19.dfsg1/ChangeLog 15 Jul 2004 18:01:57 -0000 1.687 ++++ cyrus-sasl-2.1.19.dfsg1/ChangeLog 21 Jul 2004 14:39:49 -0000 1.688 +@@ -1,3 +1,7 @@ ++2004-07-21 Rob Siemborski ++ * plugins/gssapi.c: Memory management cleanup ++ (Alexey Melnikov ) ++ + 2004-07-15 Rob Siemborski + * configure.in, plugins/gssapi.c: Wrap all GSS calls + in mutexes when required by the implementation. --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/13_libdb42_autotools.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/13_libdb42_autotools.diff @@ -0,0 +1,22 @@ +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/cmulocal/berkdb.m4 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/cmulocal/berkdb.m4 +--- ./cyrus-sasl-2.1.19.dfsg1/cmulocal/berkdb.m4 2004-02-14 21:13:03.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/cmulocal/berkdb.m4 2004-07-04 12:42:28.000000000 +0100 +@@ -211,11 +211,13 @@ + BDB_LIBADD="" + fi + +- for dbname in db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db +- do +- AC_CHECK_LIB($dbname, db_create, BDB_LIBADD="$BDB_LIBADD -l$dbname"; +- dblib="berkeley"; break, dblib="no") +- done ++# for dbname in db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db ++# do ++# AC_CHECK_LIB($dbname, db_create, BDB_LIBADD="$BDB_LIBADD -l$dbname"; ++# dblib="berkeley"; break, dblib="no") ++# done ++ BDB_LIBADD="$BDB_LIBADD -ldb-4.3"; ++ dblib="berkeley"; + if test "$dblib" = "no"; then + AC_CHECK_LIB(db, db_open, BDB_LIBADD="$BDB_LIBADD -ldb"; + dblib="berkeley"; dbname=db, --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/20_2370_sasl_upstream_cvs.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/20_2370_sasl_upstream_cvs.diff @@ -0,0 +1,83 @@ +--------------------- +PatchSet 2370 +Date: 2004/07/21 13:39:06 +Author: rjs3 +Branch: HEAD +Tag: (none) +Log: +1). Don't try to free something which is not allocated +2). Prevent some memory leaks on failure. +3). Use consistent memory allocator. +(Alexey Melnikov ) + +Members: + plugins/gssapi.c:1.91->1.92 + +Index: cyrus-sasl-2.1.19.dfsg1/plugins/gssapi.c +=================================================================== +RCS file: /cvs/src/sasl/plugins/gssapi.c,v +retrieving revision 1.91 +retrieving revision 1.92 +diff -u -r1.91 -r1.92 +--- cyrus-sasl-2.1.19.dfsg1/plugins/gssapi.c 15 Jul 2004 18:02:03 -0000 1.91 ++++ cyrus-sasl-2.1.19.dfsg1/plugins/gssapi.c 21 Jul 2004 14:39:06 -0000 1.92 +@@ -1,7 +1,7 @@ + /* GSSAPI SASL plugin + * Leif Johansson + * Rob Siemborski (SASL v2 Conversion) +- * $Id: gssapi.c,v 1.91 2004/07/15 18:02:03 rjs3 Exp $ ++ * $Id: gssapi.c,v 1.92 2004/07/21 14:39:06 rjs3 Exp $ + */ + /* + * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. +@@ -82,7 +82,7 @@ + + /***************************** Common Section *****************************/ + +-static const char plugin_id[] = "$Id: gssapi.c,v 1.91 2004/07/15 18:02:03 rjs3 Exp $"; ++static const char plugin_id[] = "$Id: gssapi.c,v 1.92 2004/07/21 14:39:06 rjs3 Exp $"; + + static const char * GSSAPI_BLANK_STRING = ""; + +@@ -804,14 +804,6 @@ + GSS_UNLOCK_MUTEX(params->utils); + + if (GSS_ERROR(maj_stat)) { +- if (name_without_realm.value) +- params->utils->free(name_without_realm.value); +- +- if (name_token.value) { +- GSS_LOCK_MUTEX(params->utils); +- gss_release_buffer(&min_stat, &name_token); +- GSS_UNLOCK_MUTEX(params->utils); +- } + if (without) { + GSS_LOCK_MUTEX(params->utils); + gss_release_name(&min_stat, &without); +@@ -829,8 +821,13 @@ + if (strchr((char *) name_token.value, (int) '@') != NULL) { + /* NOTE: libc malloc, as it is freed below by a gssapi internal + * function! */ +- name_without_realm.value = malloc(strlen(name_token.value)+1); ++ name_without_realm.value = params->utils->malloc(strlen(name_token.value)+1); + if (name_without_realm.value == NULL) { ++ if (name_token.value) { ++ GSS_LOCK_MUTEX(params->utils); ++ gss_release_buffer(&min_stat, &name_token); ++ GSS_UNLOCK_MUTEX(params->utils); ++ } + MEMERROR(text->utils); + return SASL_NOMEM; + } +@@ -860,11 +857,6 @@ + if (name_token.value) { + GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, &name_token); +- GSS_UNLOCK_MUTEX(params->utils); +- } +- if (without) { +- GSS_LOCK_MUTEX(params->utils); +- gss_release_name(&min_stat, &without); + GSS_UNLOCK_MUTEX(params->utils); + } + SETERROR(text->utils, "GSSAPI Failure"); --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/10_fix_sasldb.al.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/10_fix_sasldb.al.diff @@ -0,0 +1,11 @@ +--- cyrus-sasl-2.1.19.dfsg1/saslauthd/configure.in 2004-03-21 12:40:16.000000000 -0500 ++++ cyrus-sasl-2.1.19.dfsg1.new/saslauthd/configure.in 2004-03-21 12:39:44.000000000 -0500 +@@ -77,7 +77,7 @@ + AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support]) + SASL_DB_PATH_CHECK() + SASL_DB_CHECK() +- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al" ++ SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.a" + fi + + AC_ARG_WITH(pam, [ --with-pam=DIR use PAM (rooted in DIR) [yes] ], --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/25_postgresql_pg_config.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/25_postgresql_pg_config.diff @@ -0,0 +1,41 @@ +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/configure.in ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/configure.in +--- ./cyrus-sasl-2.1.19.dfsg1/configure.in 2006-01-07 06:04:03.000000000 -0800 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/configure.in 2006-01-07 06:03:53.000000000 -0800 +@@ -701,14 +701,19 @@ + LIB_PGSQL_DIR=$LIB_PGSQL + LIB_PGSQL="$LIB_PGSQL -lpq" + +- if test -d ${with_pgsql}/include/pgsql; then +- CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql" +- elif test -d ${with_pgsql}/pgsql/include; then +- CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include" ++ if test -d ${with_pgsql}/include/pgsql/postgresql; then ++ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql/postgresql" ++ elif test -d ${with_pgsql}/pgsql/include/postgresql; then ++ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include/postgresql" + elif test -d ${with_pgsql}/include; then +- CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include" ++ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql" + else +- CPPFLAGS="${CPPFLAGS} -I${with_pgsql}" ++ pg_config_flags=$(pg_config --includedir) ++ if test x"$pg_config_flags" != x; then ++ CPPFLAGS="${CPPFLAGS} -I$pg_config_flags" ++ else ++ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/postgresql" ++ fi + fi + + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/plugins/sql.c ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/plugins/sql.c +--- ./cyrus-sasl-2.1.19.dfsg1/plugins/sql.c 2006-01-07 06:04:02.000000000 -0800 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/plugins/sql.c 2006-01-07 05:51:20.000000000 -0800 +@@ -180,7 +180,7 @@ + #endif /* HAVE_MYSQL */ + + #ifdef HAVE_PGSQL +-#include ++#include + + static void *_pgsql_open(char *host, char *port, int usessl, + const char *user, const char *password, --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/11_remove_rpath.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/11_remove_rpath.diff @@ -0,0 +1,21 @@ +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/cmulocal/cyrus.m4 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/cmulocal/cyrus.m4 +--- ./cyrus-sasl-2.1.19.dfsg1/cmulocal/cyrus.m4 2003-10-20 16:39:43.000000000 +0100 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/cmulocal/cyrus.m4 2004-08-01 15:26:07.000000000 +0100 +@@ -14,7 +14,7 @@ + if test "$andrew_runpath_switch" = "none" ; then + LDFLAGS="-L$1 ${LDFLAGS}" + else +- LDFLAGS="-L$1 $andrew_runpath_switch$1 ${LDFLAGS}" ++ LDFLAGS="-L$1 ${LDFLAGS}" + fi + ]) + +@@ -25,7 +25,7 @@ + if test "$andrew_runpath_switch" = "none" ; then + $2="-L$1 ${$2}" + else +- $2="-L$1 ${$2} $andrew_runpath_switch$1" ++ $2="-L$1 ${$2}" + fi + ]) + --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/04_missing_man_pages.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/04_missing_man_pages.diff @@ -0,0 +1,73 @@ +diff -urN cyrus-sasl-2.1.19.dfsg1/saslauthd/testsaslauthd.8 cyrus-sasl-2.1.19.dfsg1.1/saslauthd/testsaslauthd.8 +--- cyrus-sasl-2.1.19.dfsg1/saslauthd/testsaslauthd.8 1970-01-01 01:00:00.000000000 +0100 ++++ cyrus-sasl-2.1.19.dfsg1.1/saslauthd/testsaslauthd.8 2004-03-13 13:54:45.000000000 +0000 +@@ -0,0 +1,16 @@ ++.\" testsaslauthd - SASL2 test tool ++.\" Dima Barsky 23/12/2002 ++.\" ++ ++.\" ++.TH TESTSASLAUTHD 8 "December 23, 2002" "CMU SASL" ++.SH NAME ++testsaslauthd \- a test tool for saslauthd ++.SH SYNOPSIS ++.B testsaslauthd -u username -p password ++ [-r realm] [-s servicename] ++ [-f socket path] [-R repeatnum] ++ ++.SH DESCRIPTION ++This tool is for testing the saslauthd daemon. Do not use it unless you ++know what you are doing. Read the source code if you need more information. +diff -urN cyrus-sasl-2.1.19.dfsg1/utils/sasldbconverter2.8 cyrus-sasl-2.1.19.dfsg1.1/utils/sasldbconverter2.8 +--- cyrus-sasl-2.1.19.dfsg1/utils/sasldbconverter2.8 1970-01-01 01:00:00.000000000 +0100 ++++ cyrus-sasl-2.1.19.dfsg1.1/utils/sasldbconverter2.8 2004-03-13 13:54:30.000000000 +0000 +@@ -0,0 +1,23 @@ ++.\" sasldbconverter-2 - Convert sasldb file into the new format ++.\" Dima Barsky 25/10/2002 ++.\" ++ ++.\" ++.TH SASLDBCONVERTER2 8 "October 25, 2002" "CMU SASL" ++.SH NAME ++sasldbconverter2 \- Convert sasldb file into the new format ++.SH SYNOPSIS ++.B sasldbconverter2 [sasldb_file] ++.SH DESCRIPTION ++.I sasldbconverter2 ++takes the sasldb file specified on the ++command line and convert it to a new sasldb file in the default ++location (usually /etc/sasldb2). It is STRONGLY RECOMMENDED that you ++backup sasldb before allowing this program to run ++.SH OPTIONS ++.TP ++.SH KNOWN BUGS ++This only works for sasldb files that use the gdbm library. ++.TP ++.SH SEE ALSO ++rfc2222 \- Simple Authentication and Security Layer (SASL) +diff -urN cyrus-sasl-2.1.19.dfsg1/utils/sasltestsuite.8 cyrus-sasl-2.1.19.dfsg1.1/utils/sasltestsuite.8 +--- cyrus-sasl-2.1.19.dfsg1/utils/sasltestsuite.8 1970-01-01 01:00:00.000000000 +0100 ++++ cyrus-sasl-2.1.19.dfsg1.1/utils/sasltestsuite.8 2004-03-13 13:54:45.000000000 +0000 +@@ -0,0 +1,22 @@ ++.\" sasltestsuite - SASL2 test tool ++.\" Dima Barsky 23/11/2002 ++.\" ++ ++.\" ++.TH SASLTESTSUITE 8 "December 23, 2002" "CMU SASL" ++.SH NAME ++sasltestsuite \- SASL2 test tool ++.SH SYNOPSIS ++.B sasltestsuite [-g name] [-s seed] [-r tests] -a -M ++ g -- gssapi service name to use (default: host) ++ r -- # of random tests to do (default: 25) ++ a -- do all corruption tests (and ignores random ones unless -r specified) ++ n -- skip the initial "do correctly" tests ++ h -- show this screen ++ s -- random seed to use ++ M -- detailed memory debugging ON ++ ++.SH DESCRIPTION ++This tool is for testing the SASL2 installation. Do not use it ++unless you know what you are doing. Read the source code if you need ++more information. --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/09_postgres_header.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/09_postgres_header.diff @@ -0,0 +1,12 @@ +diff -urN cyrus-sasl-2.1.19.dfsg1/plugins/sql.c cyrus-sasl-2.1.19.dfsg1.new/plugins/sql.c +--- cyrus-sasl-2.1.19.dfsg1/plugins/sql.c 2004-01-08 15:30:26.000000000 +0000 ++++ cyrus-sasl-2.1.19.dfsg1.new/plugins/sql.c 2004-03-21 01:01:51.000000000 +0000 +@@ -180,7 +180,7 @@ + #endif /* HAVE_MYSQL */ + + #ifdef HAVE_PGSQL +-#include ++#include + + static void *_pgsql_open(char *host, char *port, int usessl, + const char *user, const char *password, --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/15_lock_sasl_set_alloc.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/15_lock_sasl_set_alloc.diff @@ -0,0 +1,71 @@ +Refer to: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139568 (#139568) + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=274087 (#274087) + + This patch will divert all allocations to whomever called + sasl_set_alloc first, hopefully that will be the application. If + not, we sure *hope* the fucking library doing stupid things (hello + OpenLDAP!) has sane sasl_set_alloc semantics... + + It will also deny any futher tries to sasl_set_alloc after one + of the _init functions are called. + + This works fine in SASL 1.5, and no applications started behaving + in insane ways, so chances are it will also work with SASL 2.1 + +diff -ruN cyrus-sasl-2.1.19.dfsg1.orig/lib/client.c cyrus-sasl-2.1.19.dfsg1/lib/client.c +--- cyrus-sasl-2.1.19.dfsg1.orig/lib/client.c 2003-11-14 14:48:43.000000000 -0200 ++++ cyrus-sasl-2.1.19.dfsg1/lib/client.c 2004-10-08 11:11:56.000000000 -0300 +@@ -204,6 +204,9 @@ + { NULL, NULL } + }; + ++ /* lock allocation type */ ++ _sasl_allocation_locked++; ++ + if(_sasl_client_active) { + /* We're already active, just increase our refcount */ + /* xxx do something with the callback structure? */ +diff -ruN cyrus-sasl-2.1.19.dfsg1.orig/lib/common.c cyrus-sasl-2.1.19.dfsg1/lib/common.c +--- cyrus-sasl-2.1.19.dfsg1.orig/lib/common.c 2004-10-08 10:59:42.000000000 -0300 ++++ cyrus-sasl-2.1.19.dfsg1/lib/common.c 2004-10-08 11:09:02.000000000 -0300 +@@ -93,6 +93,7 @@ + (sasl_realloc_t *) &realloc, + (sasl_free_t *) &free + }; ++int _sasl_allocation_locked = 0; + + /* Intenal mutex functions do as little as possible (no thread protection) */ + static void *sasl_mutex_alloc(void) +@@ -318,6 +319,8 @@ + sasl_realloc_t *r, + sasl_free_t *f) + { ++ if (_sasl_allocation_locked++) return; ++ + _sasl_allocation_utils.malloc=m; + _sasl_allocation_utils.calloc=c; + _sasl_allocation_utils.realloc=r; +diff -ruN cyrus-sasl-2.1.19.dfsg1.orig/lib/saslint.h cyrus-sasl-2.1.19.dfsg1/lib/saslint.h +--- cyrus-sasl-2.1.19.dfsg1.orig/lib/saslint.h 2004-07-06 10:42:23.000000000 -0300 ++++ cyrus-sasl-2.1.19.dfsg1/lib/saslint.h 2004-10-08 11:09:41.000000000 -0300 +@@ -306,6 +306,7 @@ + + extern sasl_allocation_utils_t _sasl_allocation_utils; + extern sasl_mutex_utils_t _sasl_mutex_utils; ++extern int _sasl_allocation_locked; + + /* + * checkpw.c +diff -ruN cyrus-sasl-2.1.19.dfsg1.orig/lib/server.c cyrus-sasl-2.1.19.dfsg1/lib/server.c +--- cyrus-sasl-2.1.19.dfsg1.orig/lib/server.c 2004-07-06 10:42:23.000000000 -0300 ++++ cyrus-sasl-2.1.19.dfsg1/lib/server.c 2004-10-08 11:11:08.000000000 -0300 +@@ -676,6 +676,9 @@ + { NULL, NULL } + }; + ++ /* lock allocation type */ ++ _sasl_allocation_locked++; ++ + /* we require the appname (if present) to be short enough to be a path */ + if (appname != NULL && strlen(appname) >= PATH_MAX) + return SASL_BADPARAM; --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/03_saslauthd_mdoc.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/03_saslauthd_mdoc.diff @@ -0,0 +1,30 @@ +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/saslauthd/saslauthd.mdoc ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/saslauthd/saslauthd.mdoc +--- ./cyrus-sasl-2.1.19.dfsg1/saslauthd/saslauthd.mdoc 2004-07-04 22:30:00.000000000 +0100 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/saslauthd/saslauthd.mdoc 2004-07-04 22:29:40.000000000 +0100 +@@ -10,7 +10,7 @@ + .\" manpage in saslauthd.8 whenever you change this source + .\" version. Only the pre-formatted manpage is installed. + .\" +-.Dd 10 24 2002 ++.Dd October 24, 2002 + .Dt SASLAUTHD 8 + .Os "CMU-SASL" + .Sh NAME +@@ -216,7 +216,7 @@ + .Em (All platforms that support OpenLDAP 2.0 or higher) + .Pp + Authenticate against an ldap server. The ldap configuration parameters are +-read from /usr/local/etc/saslauthd.conf. The location of this file can be ++read from /etc/saslauthd.conf. The location of this file can be + changed with the -O parameter. See the LDAP_SASLAUTHD file included with the + distribution for the list of available parameters. + .It Li sia +@@ -249,7 +249,7 @@ + .Bl -tag -width "/var/run/saslauthd/mux" + .It Pa /var/run/saslauthd/mux + The default communications socket. +-.It Pa /usr/local/etc/saslauthd.conf ++.It Pa /etc/saslauthd.conf + The default configuration file for ldap support. + .El + .Sh SEE ALSO --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/20_2369_sasl_upstream_cvs.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/20_2369_sasl_upstream_cvs.diff @@ -0,0 +1,923 @@ +--------------------- +PatchSet 2369 +Date: 2004/07/15 18:01:57 +Author: rjs3 +Branch: HEAD +Tag: (none) +Log: + * configure.in, plugins/gssapi.c: Wrap all GSS calls + in mutexes when required by the implementation. + (based on a patch by Simon Wilkinson ) + +Members: + ChangeLog:1.686->1.687 + plugins/gssapi.c:1.90->1.91 + +Index: cyrus-sasl-2.1.19.dfsg1/ChangeLog +=================================================================== +RCS file: /cvs/src/sasl/ChangeLog,v +retrieving revision 1.686 +retrieving revision 1.687 +diff -u -r1.686 -r1.687 +--- cyrus-sasl-2.1.19.dfsg1/ChangeLog 6 Jul 2004 14:06:24 -0000 1.686 ++++ cyrus-sasl-2.1.19.dfsg1/ChangeLog 15 Jul 2004 18:01:57 -0000 1.687 +@@ -1,3 +1,8 @@ ++2004-07-15 Rob Siemborski ++ * configure.in, plugins/gssapi.c: Wrap all GSS calls ++ in mutexes when required by the implementation. ++ (based on a patch by Simon Wilkinson ) ++ + 2004-07-06 Rob Siemborski + * plugins/digestmd5.c: Fix potential buffer overflow, call + add_to_challenge in 2 more places (Alexey Melnikov +Index: cyrus-sasl-2.1.19.dfsg1/plugins/gssapi.c +=================================================================== +RCS file: /cvs/src/sasl/plugins/gssapi.c,v +retrieving revision 1.90 +retrieving revision 1.91 +diff -u -r1.90 -r1.91 +--- cyrus-sasl-2.1.19.dfsg1/plugins/gssapi.c 6 Jul 2004 21:55:47 -0000 1.90 ++++ cyrus-sasl-2.1.19.dfsg1/plugins/gssapi.c 15 Jul 2004 18:02:03 -0000 1.91 +@@ -1,7 +1,7 @@ + /* GSSAPI SASL plugin + * Leif Johansson + * Rob Siemborski (SASL v2 Conversion) +- * $Id: gssapi.c,v 1.90 2004/07/06 21:55:47 rjs3 Exp $ ++ * $Id: gssapi.c,v 1.91 2004/07/15 18:02:03 rjs3 Exp $ + */ + /* + * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. +@@ -82,7 +82,7 @@ + + /***************************** Common Section *****************************/ + +-static const char plugin_id[] = "$Id: gssapi.c,v 1.90 2004/07/06 21:55:47 rjs3 Exp $"; ++static const char plugin_id[] = "$Id: gssapi.c,v 1.91 2004/07/15 18:02:03 rjs3 Exp $"; + + static const char * GSSAPI_BLANK_STRING = ""; + +@@ -122,6 +122,23 @@ + * CyberSafe (http://www.cybersafe.com/) and SEAM. + */ + ++#ifdef GSS_USE_MUTEXES ++#define GSS_LOCK_MUTEX(utils) \ ++ if(((sasl_utils_t *)(utils))->mutex_lock(gss_mutex) != 0) { \ ++ return SASL_FAIL; \ ++ } ++ ++#define GSS_UNLOCK_MUTEX(utils) \ ++ if(((sasl_utils_t *)(utils))->mutex_unlock(gss_mutex) != 0) { \ ++ return SASL_FAIL; \ ++ } ++ ++static void *gss_mutex = NULL; ++#else ++#define GSS_LOCK_MUTEX(utils) ++#define GSS_UNLOCK_MUTEX(utils) ++#endif ++ + typedef struct context { + int state; + +@@ -164,9 +181,9 @@ + #define sasl_gss_log(x,y,z) sasl_gss_seterror_(x,y,z,1) + #define sasl_gss_seterror(x,y,z) sasl_gss_seterror_(x,y,z,0) + +-static void ++static int + sasl_gss_seterror_(const sasl_utils_t *utils, OM_uint32 maj, OM_uint32 min, +- int logonly) ++ int logonly) + { + OM_uint32 maj_stat, min_stat; + gss_buffer_desc msg; +@@ -176,19 +193,20 @@ + size_t len, curlen = 0; + const char prefix[] = "GSSAPI Error: "; + +- if(!utils) return; +- + len = sizeof(prefix); + ret = _plug_buf_alloc(utils, &out, &curlen, 256); +- if(ret != SASL_OK) return; ++ if(ret != SASL_OK) return SASL_OK; + + strcpy(out, prefix); + + msg_ctx = 0; + while (1) { ++ GSS_LOCK_MUTEX(utils); + maj_stat = gss_display_status(&min_stat, maj, + GSS_C_GSS_CODE, GSS_C_NULL_OID, + &msg_ctx, &msg); ++ GSS_UNLOCK_MUTEX(utils); ++ + if(GSS_ERROR(maj_stat)) { + if (logonly) { + utils->log(utils->conn, SASL_LOG_FAIL, +@@ -199,7 +217,7 @@ + "(could not get major error message)"); + } + utils->free(out); +- return; ++ return SASL_OK; + } + + len += len + msg.length; +@@ -207,12 +225,14 @@ + + if(ret != SASL_OK) { + utils->free(out); +- return; ++ return SASL_OK; + } + + strcat(out, msg.value); + ++ GSS_LOCK_MUTEX(utils); + gss_release_buffer(&min_stat, &msg); ++ GSS_UNLOCK_MUTEX(utils); + + if (!msg_ctx) + break; +@@ -224,16 +244,19 @@ + ret = _plug_buf_alloc(utils, &out, &curlen, len); + if(ret != SASL_OK) { + utils->free(out); +- return; ++ return SASL_NOMEM; + } + + strcat(out, " ("); + + msg_ctx = 0; + while (1) { ++ GSS_LOCK_MUTEX(utils); + maj_stat = gss_display_status(&min_stat, min, + GSS_C_MECH_CODE, GSS_C_NULL_OID, + &msg_ctx, &msg); ++ GSS_UNLOCK_MUTEX(utils); ++ + if(GSS_ERROR(maj_stat)) { + if (logonly) { + utils->log(utils->conn, SASL_LOG_FAIL, +@@ -244,20 +267,22 @@ + "(could not get minor error message)"); + } + utils->free(out); +- return; ++ return SASL_OK; + } + + len += len + msg.length; ++ + ret = _plug_buf_alloc(utils, &out, &curlen, len); +- + if(ret != SASL_OK) { + utils->free(out); +- return; ++ return SASL_NOMEM; + } + + strcat(out, msg.value); + ++ GSS_LOCK_MUTEX(utils); + gss_release_buffer(&min_stat, &msg); ++ GSS_UNLOCK_MUTEX(utils); + + if (!msg_ctx) + break; +@@ -267,7 +292,7 @@ + ret = _plug_buf_alloc(utils, &out, &curlen, len); + if(ret != SASL_OK) { + utils->free(out); +- return; ++ return SASL_NOMEM; + } + + strcat(out, ")"); +@@ -278,6 +303,8 @@ + utils->seterror(utils->conn, 0, out); + } + utils->free(out); ++ ++ return SASL_OK; + } + + static int +@@ -314,6 +341,7 @@ + output_token->value = NULL; + output_token->length = 0; + ++ GSS_LOCK_MUTEX(text->utils); + maj_stat = gss_wrap (&min_stat, + text->gss_ctx, + privacy, +@@ -321,12 +349,16 @@ + input_token, + NULL, + output_token); ++ GSS_UNLOCK_MUTEX(text->utils); + + if (GSS_ERROR(maj_stat)) + { + sasl_gss_seterror(text->utils, maj_stat, min_stat); +- if (output_token->value) ++ if (output_token->value) { ++ GSS_LOCK_MUTEX(text->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(text->utils); ++ } + return SASL_FAIL; + } + +@@ -337,7 +369,9 @@ + &(text->encode_buf_len), output_token->length + 4); + + if (ret != SASL_OK) { ++ GSS_LOCK_MUTEX(text->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(text->utils); + return ret; + } + +@@ -352,9 +386,11 @@ + + *output = text->encode_buf; + +- if (output_token->value) ++ if (output_token->value) { ++ GSS_LOCK_MUTEX(text->utils); + gss_release_buffer(&min_stat, output_token); +- ++ GSS_UNLOCK_MUTEX(text->utils); ++ } + return SASL_OK; + } + +@@ -395,18 +431,23 @@ + output_token->value = NULL; + output_token->length = 0; + ++ GSS_LOCK_MUTEX(text->utils); + maj_stat = gss_unwrap (&min_stat, + text->gss_ctx, + input_token, + output_token, + NULL, + NULL); ++ GSS_UNLOCK_MUTEX(text->utils); + + if (GSS_ERROR(maj_stat)) + { + sasl_gss_seterror(text->utils,maj_stat,min_stat); +- if (output_token->value) ++ if (output_token->value) { ++ GSS_LOCK_MUTEX(text->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(text->utils); ++ } + return SASL_FAIL; + } + +@@ -419,13 +460,17 @@ + &text->decode_once_buf_len, + *outputlen); + if(result != SASL_OK) { ++ GSS_LOCK_MUTEX(text->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(text->utils); + return result; + } + *output = text->decode_once_buf; + memcpy(*output, output_token->value, *outputlen); + } ++ GSS_LOCK_MUTEX(text->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(text->utils); + } + + return SASL_OK; +@@ -447,7 +492,7 @@ + return ret; + } + +-static context_t *gss_new_context(const sasl_utils_t *utils) ++static context_t *sasl_gss_new_context(const sasl_utils_t *utils) + { + context_t *ret; + +@@ -460,14 +505,17 @@ + return ret; + } + +-static void sasl_gss_free_context_contents(context_t *text) ++static int sasl_gss_free_context_contents(context_t *text) + { + OM_uint32 maj_stat, min_stat; + +- if (!text) return; ++ if (!text) return SASL_OK; + ++ GSS_LOCK_MUTEX(text->utils); ++ + if (text->gss_ctx != GSS_C_NO_CONTEXT) { +- maj_stat = gss_delete_sec_context (&min_stat,&text->gss_ctx,GSS_C_NO_BUFFER); ++ maj_stat = gss_delete_sec_context(&min_stat,&text->gss_ctx, ++ GSS_C_NO_BUFFER); + text->gss_ctx = GSS_C_NO_CONTEXT; + } + +@@ -490,6 +538,8 @@ + maj_stat = gss_release_cred(&min_stat, &text->client_creds); + text->client_creds = GSS_C_NO_CREDENTIAL; + } ++ ++ GSS_UNLOCK_MUTEX(text->utils); + + if (text->out_buf) { + text->utils->free(text->out_buf); +@@ -523,6 +573,9 @@ + text->utils->free(text->authid); + text->authid = NULL; + } ++ ++ return SASL_OK; ++ + } + + static void gssapi_common_mech_dispose(void *conn_context, +@@ -532,6 +585,17 @@ + utils->free(conn_context); + } + ++static void gssapi_common_mech_free(void *global_context __attribute__((unused)), ++ const sasl_utils_t *utils) ++{ ++#ifdef GSS_USE_MUTEXES ++ if (gss_mutex) { ++ utils->mutex_free(gss_mutex); ++ gss_mutex=NULL; ++ } ++#endif ++} ++ + /***************************** Server Section *****************************/ + + static int +@@ -543,7 +607,7 @@ + { + context_t *text; + +- text = gss_new_context(params->utils); ++ text = sasl_gss_new_context(params->utils); + if (text == NULL) { + MEMERROR(params->utils); + return SASL_NOMEM; +@@ -604,10 +668,12 @@ + } + sprintf(name_token.value,"%s@%s", params->service, params->serverFQDN); + ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_import_name (&min_stat, + &name_token, + GSS_C_NT_HOSTBASED_SERVICE, + &text->server_name); ++ GSS_UNLOCK_MUTEX(params->utils); + + params->utils->free(name_token.value); + name_token.value = NULL; +@@ -619,10 +685,13 @@ + } + + if ( text->server_creds != GSS_C_NO_CREDENTIAL) { ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_release_cred(&min_stat, &text->server_creds); ++ GSS_UNLOCK_MUTEX(params->utils); + text->server_creds = GSS_C_NO_CREDENTIAL; + } + ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_acquire_cred(&min_stat, + text->server_name, + GSS_C_INDEFINITE, +@@ -631,6 +700,7 @@ + &text->server_creds, + NULL, + NULL); ++ GSS_UNLOCK_MUTEX(params->utils); + + if (GSS_ERROR(maj_stat)) { + sasl_gss_seterror(text->utils, maj_stat, min_stat); +@@ -645,6 +715,7 @@ + } + + ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = + gss_accept_sec_context(&min_stat, + &(text->gss_ctx), +@@ -657,12 +728,15 @@ + &out_flags, + NULL, + &(text->client_creds)); ++ GSS_UNLOCK_MUTEX(params->utils); + + if (GSS_ERROR(maj_stat)) { + sasl_gss_log(text->utils, maj_stat, min_stat); + text->utils->seterror(text->utils->conn, SASL_NOLOG, "GSSAPI Failure: gss_accept_sec_context"); + if (output_token->value) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); + } + sasl_gss_free_context_contents(text); + return SASL_BADAUTH; +@@ -673,7 +747,8 @@ + (!(out_flags & GSS_C_DELEG_FLAG) || + text->client_creds == GSS_C_NO_CREDENTIAL) ) + { +- text->utils->seterror(text->utils->conn, SASL_LOG_WARN, "GSSAPI warning: no credentials were passed"); ++ text->utils->seterror(text->utils->conn, SASL_LOG_WARN, ++ "GSSAPI warning: no credentials were passed"); + /* continue with authentication */ + } + +@@ -684,14 +759,18 @@ + ret = _plug_buf_alloc(text->utils, &(text->out_buf), + &(text->out_buf_len), *serveroutlen); + if(ret != SASL_OK) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); + return ret; + } + memcpy(text->out_buf, output_token->value, *serveroutlen); + *serverout = text->out_buf; + } + ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); + } else { + /* No output token, send an empty string */ + *serverout = GSSAPI_BLANK_STRING; +@@ -717,19 +796,27 @@ + + /* We ignore whatever the client sent us at this stage */ + ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_display_name (&min_stat, + text->client_name, + &name_token, + NULL); ++ GSS_UNLOCK_MUTEX(params->utils); + + if (GSS_ERROR(maj_stat)) { + if (name_without_realm.value) + params->utils->free(name_without_realm.value); + +- if (name_token.value) ++ if (name_token.value) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, &name_token); +- if (without) ++ GSS_UNLOCK_MUTEX(params->utils); ++ } ++ if (without) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_name(&min_stat, &without); ++ GSS_UNLOCK_MUTEX(params->utils); ++ } + SETERROR(text->utils, "GSSAPI Failure"); + sasl_gss_free_context_contents(text); + return SASL_BADAUTH; +@@ -755,6 +842,7 @@ + + name_without_realm.length = strlen( (char *) name_without_realm.value ); + ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_import_name (&min_stat, + &name_without_realm, + /* Solaris 8/9 gss_import_name doesn't accept GSS_C_NULL_OID here, +@@ -765,35 +853,53 @@ + GSS_C_NULL_OID, + #endif + &without); ++ GSS_UNLOCK_MUTEX(params->utils); + + if (GSS_ERROR(maj_stat)) { + params->utils->free(name_without_realm.value); +- if (name_token.value) ++ if (name_token.value) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, &name_token); +- if (without) ++ GSS_UNLOCK_MUTEX(params->utils); ++ } ++ if (without) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_name(&min_stat, &without); ++ GSS_UNLOCK_MUTEX(params->utils); ++ } + SETERROR(text->utils, "GSSAPI Failure"); + sasl_gss_free_context_contents(text); + return SASL_BADAUTH; + } + ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_compare_name(&min_stat, + text->client_name, + without, + &equal); ++ GSS_UNLOCK_MUTEX(params->utils); + + if (GSS_ERROR(maj_stat)) { + params->utils->free(name_without_realm.value); +- if (name_token.value) ++ if (name_token.value) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, &name_token); +- if (without) ++ GSS_UNLOCK_MUTEX(params->utils); ++ } ++ if (without) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_name(&min_stat, &without); ++ GSS_UNLOCK_MUTEX(params->utils); ++ } + SETERROR(text->utils, "GSSAPI Failure"); + sasl_gss_free_context_contents(text); + return SASL_BADAUTH; + } + ++ GSS_LOCK_MUTEX(params->utils); + gss_release_name(&min_stat,&without); ++ GSS_UNLOCK_MUTEX(params->utils); ++ + } else { + equal = 0; + } +@@ -814,11 +920,14 @@ + } + } + +- if (name_token.value) ++ if (name_token.value) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, &name_token); +- if (name_without_realm.value) ++ GSS_UNLOCK_MUTEX(params->utils); ++ } ++ if (name_without_realm.value) { + params->utils->free(name_without_realm.value); +- ++ } + + /* we have to decide what sort of encryption/integrity/etc., + we support */ +@@ -865,6 +974,7 @@ + real_input_token.value = (void *)sasldata; + real_input_token.length = 4; + ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_wrap(&min_stat, + text->gss_ctx, + 0, /* Just integrity checking here */ +@@ -872,11 +982,15 @@ + input_token, + NULL, + output_token); ++ GSS_UNLOCK_MUTEX(params->utils); + + if (GSS_ERROR(maj_stat)) { + sasl_gss_seterror(text->utils, maj_stat, min_stat); +- if (output_token->value) ++ if (output_token->value) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); ++ } + sasl_gss_free_context_contents(text); + return SASL_FAIL; + } +@@ -889,14 +1003,18 @@ + ret = _plug_buf_alloc(text->utils, &(text->out_buf), + &(text->out_buf_len), *serveroutlen); + if(ret != SASL_OK) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); + return ret; + } + memcpy(text->out_buf, output_token->value, *serveroutlen); + *serverout = text->out_buf; + } + ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); + } + + /* Wait for ssf request and authid */ +@@ -911,12 +1029,14 @@ + real_input_token.value = (void *)clientin; + real_input_token.length = clientinlen; + ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_unwrap(&min_stat, + text->gss_ctx, + input_token, + output_token, + NULL, + NULL); ++ GSS_UNLOCK_MUTEX(params->utils); + + if (GSS_ERROR(maj_stat)) { + sasl_gss_seterror(text->utils, maj_stat, min_stat); +@@ -946,8 +1066,11 @@ + "protocol violation: client requested invalid layer"); + /* Mark that we attempted negotiation */ + oparams->mech_ssf = 2; +- if (output_token->value) ++ if (output_token->value) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); ++ } + sasl_gss_free_context_contents(text); + return SASL_FAIL; + } +@@ -990,7 +1113,9 @@ + } else { + SETERROR(text->utils, + "token too short"); ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); + sasl_gss_free_context_contents(text); + return SASL_FAIL; + } +@@ -1026,7 +1151,9 @@ + } + } + ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); + + text->state = SASL_GSSAPI_STATE_AUTHENTICATED; + +@@ -1065,7 +1192,7 @@ + &gssapi_server_mech_new, /* mech_new */ + &gssapi_server_mech_step, /* mech_step */ + &gssapi_common_mech_dispose, /* mech_dispose */ +- NULL, /* mech_free */ ++ &gssapi_common_mech_free, /* mech_free */ + NULL, /* setpass */ + NULL, /* user_query */ + NULL, /* idle */ +@@ -1125,6 +1252,15 @@ + *out_version = SASL_SERVER_PLUG_VERSION; + *pluglist = gssapi_server_plugins; + *plugcount = 1; ++ ++#ifdef GSS_USE_MUTEXES ++ if (!gss_mutex) { ++ gss_mutex = utils->mutex_alloc(); ++ if (!gss_mutex) { ++ return SASL_FAIL; ++ } ++ } ++#endif + + return SASL_OK; + } +@@ -1138,7 +1274,7 @@ + context_t *text; + + /* holds state are in */ +- text = gss_new_context(params->utils); ++ text = sasl_gss_new_context(params->utils); + if (text == NULL) { + MEMERROR(params->utils); + return SASL_NOMEM; +@@ -1234,10 +1370,12 @@ + + sprintf(name_token.value,"%s@%s", params->service, params->serverFQDN); + ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_import_name (&min_stat, + &name_token, + GSS_C_NT_HOSTBASED_SERVICE, + &text->server_name); ++ GSS_UNLOCK_MUTEX(params->utils); + + params->utils->free(name_token.value); + name_token.value = NULL; +@@ -1261,7 +1399,9 @@ + * and no input from the server. However, thanks to Imap, + * which discards our first output, this happens all the time. + * Throw away the context and try again. */ ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_delete_sec_context (&min_stat,&text->gss_ctx,GSS_C_NO_BUFFER); ++ GSS_UNLOCK_MUTEX(params->utils); + text->gss_ctx = GSS_C_NO_CONTEXT; + } + +@@ -1282,6 +1422,7 @@ + if (params->props.security_flags & SASL_SEC_PASS_CREDENTIALS) + req_flags = req_flags | GSS_C_DELEG_FLAG; + ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_init_sec_context(&min_stat, + GSS_C_NO_CREDENTIAL, + &text->gss_ctx, +@@ -1295,11 +1436,15 @@ + output_token, + &out_req_flags, + NULL); ++ GSS_UNLOCK_MUTEX(params->utils); + + if (GSS_ERROR(maj_stat)) { + sasl_gss_seterror(text->utils, maj_stat, min_stat); +- if (output_token->value) ++ if (output_token->value) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); ++ } + sasl_gss_free_context_contents(text); + return SASL_FAIL; + } +@@ -1316,17 +1461,22 @@ + ret = _plug_buf_alloc(text->utils, &(text->out_buf), + &(text->out_buf_len), *clientoutlen); + if(ret != SASL_OK) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); + return ret; + } + memcpy(text->out_buf, output_token->value, *clientoutlen); + *clientout = text->out_buf; + } + ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); + } + + if (maj_stat == GSS_S_COMPLETE) { ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_inquire_context(&min_stat, + text->gss_ctx, + &text->client_name, +@@ -1337,6 +1487,7 @@ + NULL, /* flags */ + NULL, /* local init */ + NULL); /* open */ ++ GSS_UNLOCK_MUTEX(params->utils); + + if (GSS_ERROR(maj_stat)) { + sasl_gss_seterror(text->utils, maj_stat, min_stat); +@@ -1345,14 +1496,19 @@ + } + + name_token.length = 0; ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_display_name(&min_stat, + text->client_name, + &name_token, + NULL); ++ GSS_UNLOCK_MUTEX(params->utils); + + if (GSS_ERROR(maj_stat)) { +- if (name_token.value) ++ if (name_token.value) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, &name_token); ++ GSS_UNLOCK_MUTEX(params->utils); ++ } + SETERROR(text->utils, "GSSAPI Failure"); + sasl_gss_free_context_contents(text); + return SASL_FAIL; +@@ -1372,7 +1528,9 @@ + SASL_CU_AUTHID | SASL_CU_AUTHZID, + oparams); + } ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, &name_token); ++ GSS_UNLOCK_MUTEX(params->utils); + + if (ret != SASL_OK) return ret; + +@@ -1391,18 +1549,23 @@ + real_input_token.value = (void *) serverin; + real_input_token.length = serverinlen; + ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_unwrap(&min_stat, + text->gss_ctx, + input_token, + output_token, + NULL, + NULL); ++ GSS_UNLOCK_MUTEX(params->utils); + + if (GSS_ERROR(maj_stat)) { + sasl_gss_seterror(text->utils, maj_stat, min_stat); + sasl_gss_free_context_contents(text); +- if (output_token->value) ++ if (output_token->value) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); ++ } + return SASL_FAIL; + } + +@@ -1477,7 +1640,9 @@ + } + } + ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); + + /* oparams->user is always set, due to canon_user requirements. + * Make sure the client actually requested it though, by checking +@@ -1516,6 +1681,7 @@ + } + ((unsigned char *)input_token->value)[0] = mychoice; + ++ GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_wrap (&min_stat, + text->gss_ctx, + 0, /* Just integrity checking here */ +@@ -1523,14 +1689,18 @@ + input_token, + NULL, + output_token); ++ GSS_UNLOCK_MUTEX(params->utils); + + params->utils->free(input_token->value); + input_token->value = NULL; + + if (GSS_ERROR(maj_stat)) { + sasl_gss_seterror(text->utils, maj_stat, min_stat); +- if (output_token->value) ++ if (output_token->value) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); ++ } + sasl_gss_free_context_contents(text); + return SASL_FAIL; + } +@@ -1542,14 +1712,19 @@ + ret = _plug_buf_alloc(text->utils, &(text->out_buf), + &(text->out_buf_len), *clientoutlen); + if (ret != SASL_OK) { ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); + return ret; + } + memcpy(text->out_buf, output_token->value, *clientoutlen); + *clientout = text->out_buf; + } + ++ GSS_LOCK_MUTEX(params->utils); + gss_release_buffer(&min_stat, output_token); ++ GSS_UNLOCK_MUTEX(params->utils); ++ + } + + text->state = SASL_GSSAPI_STATE_AUTHENTICATED; +@@ -1595,7 +1770,7 @@ + &gssapi_client_mech_new, /* mech_new */ + &gssapi_client_mech_step, /* mech_step */ + &gssapi_common_mech_dispose, /* mech_dispose */ +- NULL, /* mech_free */ ++ &gssapi_common_mech_free, /* mech_free */ + NULL, /* idle */ + NULL, /* spare */ + NULL /* spare */ +@@ -1616,6 +1791,15 @@ + *out_version = SASL_CLIENT_PLUG_VERSION; + *pluglist = gssapi_client_plugins; + *plugcount = 1; ++ ++#ifdef GSS_USE_MUTEXES ++ if(!gss_mutex) { ++ gss_mutex = utils->mutex_alloc(); ++ if(!gss_mutex) { ++ return SASL_FAIL; ++ } ++ } ++#endif + + return SASL_OK; + } --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/05_dbconverter.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/05_dbconverter.diff @@ -0,0 +1,37 @@ +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/utils/Makefile.am ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/utils/Makefile.am +--- ./cyrus-sasl-2.1.19.dfsg1/utils/Makefile.am 2004-05-27 20:11:25.000000000 +0100 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/utils/Makefile.am 2004-07-17 19:17:56.000000000 +0100 +@@ -45,10 +45,10 @@ + all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) + all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) + +-sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ ++sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ dbconverter-2 + EXTRA_PROGRAMS = saslpasswd2 sasldblistusers2 testsuite testsuitestatic smtptest + +-noinst_PROGRAMS = dbconverter-2 ++#noinst_PROGRAMS = dbconverter-2 + + if NO_SASL_DB_MANS + man_MANS = +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/utils/dbconverter-2.c ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/utils/dbconverter-2.c +--- ./cyrus-sasl-2.1.19.dfsg1/utils/dbconverter-2.c 2003-12-15 19:25:14.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/utils/dbconverter-2.c 2004-07-17 19:17:56.000000000 +0100 +@@ -385,7 +385,7 @@ + + int main(int argc, char **argv) + { +- const char *db="/etc/sasldb"; ++ const char *db="/etc/sasldb2"; + int result; + + if (argc > 1) { +@@ -421,7 +421,7 @@ + + printf("\nThis program will take the sasldb file specified on the\n" + "command line and convert it to a new sasldb file in the default\n" +- "location (usually /etc/sasldb). It is STRONGLY RECOMMENDED that you\n" ++ "location (usually /etc/sasldb2). It is STRONGLY RECOMMENDED that you\n" + "backup sasldb before allowing this program to run\n\n" + "We are going to convert %s and our output will be in %s\n\n" + "Press return to continue\n", db, db_new); --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/14_manpages_section.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/14_manpages_section.diff @@ -0,0 +1,504 @@ +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl.3 2002-01-10 22:48:50.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl.3 2004-07-04 14:38:49.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH SASL "10 July 2001" SASL "SASL man pages" ++.TH SASL 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + SASL \- SASL authentication library + .SH DESCRIPTION +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_authorize_t.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_authorize_t.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_authorize_t.3 2001-12-04 02:06:43.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_authorize_t.3 2004-07-04 14:38:49.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_authorize_t "10 July 2001" SASL "SASL man pages" ++.TH sasl_authorize_t 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_authorize_t \- The SASL authorization callback + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_auxprop.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_auxprop.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_auxprop.3 2001-12-04 02:06:43.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_auxprop.3 2004-07-04 14:38:48.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_auxprop "10 July 2001" SASL "SASL man pages" ++.TH sasl_auxprop 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_auxprop \- How to work with SASL auxilliary properties + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_auxprop_getctx.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_auxprop_getctx.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_auxprop_getctx.3 2001-12-04 02:06:43.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_auxprop_getctx.3 2004-07-04 14:38:48.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_auxprop_getctx "10 July 2001" SASL "SASL man pages" ++.TH sasl_auxprop_getctx 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_auxprop_getctx \- Acquire an auxilliary property context + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_auxprop_request.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_auxprop_request.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_auxprop_request.3 2001-12-04 02:06:43.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_auxprop_request.3 2004-07-04 14:38:48.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_auxprop_request "10 July 2001" SASL "SASL man pages" ++.TH sasl_auxprop_request 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_auxprop_request \- Request Auxilliary Properties from SASL + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_callbacks.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_callbacks.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_callbacks.3 2001-12-04 02:06:43.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_callbacks.3 2004-07-04 14:38:47.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_callbacks "10 July 2001" SASL "SASL man pages" ++.TH sasl_callbacks 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_callbacks \- How to work with SASL callbacks + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_canon_user_t.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_canon_user_t.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_canon_user_t.3 2001-12-10 18:35:59.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_canon_user_t.3 2004-07-04 14:38:47.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_server_userdb_checkpass_t "10 July 2001" SASL "SASL man pages" ++.TH sasl_server_userdb_checkpass_t 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_server_userdb_checkpass_t \- Plaintext Password Verification Callback + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_chalprompt_t.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_chalprompt_t.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_chalprompt_t.3 2001-12-04 02:06:43.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_chalprompt_t.3 2004-07-04 14:38:47.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_chalprompt_t "10 July 2001" SASL "SASL man pages" ++.TH sasl_chalprompt_t 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_chalprompt_t \- Realm Acquisition Callback + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_checkapop.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_checkapop.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_checkapop.3 2001-12-04 02:06:43.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_checkapop.3 2004-07-04 14:38:47.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_checkapop "29 June 2001" SASL "SASL man pages" ++.TH sasl_checkapop 3 "29 June 2001" SASL "SASL man pages" + .SH NAME + sasl_checkapop \- Check an APOP challenge/response + .SH SYNOPSIS +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_checkpass.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_checkpass.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_checkpass.3 2001-12-04 02:06:43.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_checkpass.3 2004-07-04 14:38:47.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_checkpass "10 July 2001" SASL "SASL man pages" ++.TH sasl_checkpass 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_checkpass \- Check a plaintext password + .SH SYNOPSIS +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_client_init.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_client_init.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_client_init.3 2001-12-04 02:06:43.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_client_init.3 2004-07-04 14:38:47.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_client_init "21 June 2001" SASL "SASL man pages" ++.TH sasl_client_init 3 "21 June 2001" SASL "SASL man pages" + .SH NAME + sasl_client_init \- SASL client authentication initialization + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_client_new.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_client_new.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_client_new.3 2003-06-11 22:34:17.000000000 +0100 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_client_new.3 2004-07-04 14:38:47.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_client_new "21 June 2001" SASL "SASL man pages" ++.TH sasl_client_new 3 "21 June 2001" SASL "SASL man pages" + .SH NAME + sasl_client_new \- Create a new client authentication object + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_client_start.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_client_start.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_client_start.3 2001-12-04 02:06:43.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_client_start.3 2004-07-04 14:38:46.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_client_start "10 July 2001" SASL "SASL man pages" ++.TH sasl_client_start 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_client_start \- Begin an authentication negotiation + .SH SYNOPSIS +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_client_step.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_client_step.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_client_step.3 2001-12-04 02:06:43.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_client_step.3 2004-07-04 14:38:46.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_client_step "10 July 2001" SASL "SASL man pages" ++.TH sasl_client_step 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_client_step \- Perform a step in the authentication negotiation + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_decode.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_decode.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_decode.3 2001-12-04 02:06:43.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_decode.3 2004-07-04 14:38:46.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_decode "10 July 2001" SASL "SASL man pages" ++.TH sasl_decode 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_decode \- Decode data received + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_dispose.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_dispose.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_dispose.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_dispose.3 2004-07-04 14:38:46.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_dispose "10 July 2001" SASL "SASL man pages" ++.TH sasl_dispose 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_dispose \- Dispose of a SASL connection object + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_done.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_done.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_done.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_done.3 2004-07-04 14:38:45.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_done "10 July 2001" SASL "SASL man pages" ++.TH sasl_done 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_done \- Dispose of a SASL connection object + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_encode.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_encode.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_encode.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_encode.3 2004-07-04 14:38:45.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_encode "10 July 2001" SASL "SASL man pages" ++.TH sasl_encode 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_encode \- Encode data for transport to authenticated host + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_encodev.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_encodev.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_encodev.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_encodev.3 2004-07-04 14:38:45.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_encode "10 July 2001" SASL "SASL man pages" ++.TH sasl_encode 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_encode \- Encode data for transport to authenticated host + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_errdetail.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_errdetail.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_errdetail.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_errdetail.3 2004-07-04 14:38:44.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_errdetail "10 July 2001" SASL "SASL man pages" ++.TH sasl_errdetail 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_errdetail \- Retrieve detailed information about an error + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_errors.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_errors.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_errors.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_errors.3 2004-07-04 14:38:44.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_errors "10 July 2001" SASL "SASL man pages" ++.TH sasl_errors 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_errors \- SASL error codes + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_errstring.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_errstring.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_errstring.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_errstring.3 2004-07-04 14:38:43.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_errstring "10 July 2001" SASL "SASL man pages" ++.TH sasl_errstring 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_errstring \- Translate a SASL return code to a human-readable form + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_getopt_t.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_getopt_t.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_getopt_t.3 2002-07-06 18:21:18.000000000 +0100 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_getopt_t.3 2004-07-04 14:38:43.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_getopt_t "10 July 2001" SASL "SASL man pages" ++.TH sasl_getopt_t 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_getopt_t \- The SASL get option callback + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_getpath_t.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_getpath_t.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_getpath_t.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_getpath_t.3 2004-07-04 14:38:43.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_getpath_t "10 July 2001" SASL "SASL man pages" ++.TH sasl_getpath_t 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_getpath_t \- The SASL callback to indicate location of the mechanism drivers + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_getprop.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_getprop.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_getprop.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_getprop.3 2004-07-04 14:38:43.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_getprop "10 July 2001" SASL "SASL man pages" ++.TH sasl_getprop 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_getprop \- Get a SASL property + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_getrealm_t.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_getrealm_t.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_getrealm_t.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_getrealm_t.3 2004-07-04 14:38:43.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_getrealm_t "10 July 2001" SASL "SASL man pages" ++.TH sasl_getrealm_t 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_getrealm_t \- Realm Acquisition Callback + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_getsecret_t.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_getsecret_t.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_getsecret_t.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_getsecret_t.3 2004-07-04 14:38:43.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_getsecret_t "10 July 2001" SASL "SASL man pages" ++.TH sasl_getsecret_t 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_getsecret_t \- The SASL callback for secrets (passwords) + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_getsimple_t.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_getsimple_t.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_getsimple_t.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_getsimple_t.3 2004-07-04 14:38:43.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_getsimple_t "10 July 2001" SASL "SASL man pages" ++.TH sasl_getsimple_t 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_getsimple_t \- The SASL callback for username/authname/realm + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_global_listmech.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_global_listmech.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_global_listmech.3 2002-01-10 22:48:50.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_global_listmech.3 2004-07-04 14:38:42.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_listmech "10 July 2001" SASL "SASL man pages" ++.TH sasl_listmech 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_listmech \- Retrieve a list of the supported SASL mechanisms + .SH SYNOPSIS +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_idle.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_idle.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_idle.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_idle.3 2004-07-04 14:38:42.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_idle "10 July 2001" SASL "SASL man pages" ++.TH sasl_idle 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_idle \- Perform precalculations during an idle period + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_listmech.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_listmech.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_listmech.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_listmech.3 2004-07-04 14:38:42.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_listmech "10 July 2001" SASL "SASL man pages" ++.TH sasl_listmech 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_listmech \- Retrieve a list of the supported SASL mechanisms + .SH SYNOPSIS +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_log_t.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_log_t.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_log_t.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_log_t.3 2004-07-04 14:38:42.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_log_t "10 July 2001" SASL "SASL man pages" ++.TH sasl_log_t 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_log_t \- The SASL logging callback + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_server_init.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_server_init.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_server_init.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_server_init.3 2004-07-04 14:38:41.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_server_init "10 July 2001" SASL "SASL man pages" ++.TH sasl_server_init 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_server_init \- SASL server authentication initialization + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_server_new.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_server_new.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_server_new.3 2003-06-11 20:07:41.000000000 +0100 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_server_new.3 2004-07-04 14:38:41.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_server_new "16 May 2001" SASL "SASL man pages" ++.TH sasl_server_new 3 "16 May 2001" SASL "SASL man pages" + .SH NAME + sasl_server_new \- Create a new server authentication object + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_server_start.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_server_start.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_server_start.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_server_start.3 2004-07-04 14:38:41.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_server_start "10 July 2001" SASL "SASL man pages" ++.TH sasl_server_start 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_server_start \- Begin an authentication negotiation + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_server_step.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_server_step.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_server_step.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_server_step.3 2004-07-04 14:38:41.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_server_step "10 July 2001" SASL "SASL man pages" ++.TH sasl_server_step 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_server_step \- Perform a step in the authentication negotiation + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_server_userdb_checkpass_t.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_server_userdb_checkpass_t.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_server_userdb_checkpass_t.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_server_userdb_checkpass_t.3 2004-07-04 14:38:41.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_server_userdb_checkpass_t "10 July 2001" SASL "SASL man pages" ++.TH sasl_server_userdb_checkpass_t 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_server_userdb_checkpass_t \- Plaintext Password Verification Callback + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_server_userdb_setpass_t.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_server_userdb_setpass_t.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_server_userdb_setpass_t.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_server_userdb_setpass_t.3 2004-07-04 14:38:41.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_server_userdb_setpass_t "10 July 2001" SASL "SASL man pages" ++.TH sasl_server_userdb_setpass_t 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_server_userdb_setpass_t \- UserDB Plaintext Password Setting Callback + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_setpass.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_setpass.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_setpass.3 2001-12-04 02:06:44.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_setpass.3 2004-07-04 14:38:40.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_setpass "10 July 2001" SASL "SASL man pages" ++.TH sasl_setpass 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_setpass \- Check a plaintext password + .SH SYNOPSIS +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_setprop.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_setprop.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_setprop.3 2002-01-09 19:07:06.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_setprop.3 2004-07-04 14:38:36.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_setprop "10 July 2001" SASL "SASL man pages" ++.TH sasl_setprop 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_setprop \- Set a SASL property + .SH SYNOPSIS +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_user_exists.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_user_exists.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_user_exists.3 2002-07-03 21:29:48.000000000 +0100 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_user_exists.3 2004-07-04 14:38:36.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_user_exists "10 July 2001" SASL "SASL man pages" ++.TH sasl_user_exists 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_user_exists \- Check if a user exists on server + +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/man/sasl_verifyfile_t.3 ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_verifyfile_t.3 +--- ./cyrus-sasl-2.1.19.dfsg1/man/sasl_verifyfile_t.3 2001-12-04 02:06:45.000000000 +0000 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/man/sasl_verifyfile_t.3 2004-07-04 14:38:36.000000000 +0100 +@@ -38,7 +38,7 @@ + .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + .\" +-.TH sasl_verifyfile_t "10 July 2001" SASL "SASL man pages" ++.TH sasl_verifyfile_t 3 "10 July 2001" SASL "SASL man pages" + .SH NAME + sasl_verifyfile_t \- The SASL file verification + --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/20_2368_sasl_upstream_cvs.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/20_2368_sasl_upstream_cvs.diff @@ -0,0 +1,61 @@ +--------------------- +PatchSet 2368 +Date: 2004/07/15 17:01:57 +Author: rjs3 +Branch: HEAD +Tag: (none) +Log: + * configure.in, plugins/gssapi.c: Wrap all GSS calls + in mutexes when required by the implementation. + (based on a patch by Simon Wilkinson ) + +Members: + configure.in:1.195->1.196 + +Index: cyrus-sasl-2.1.19.dfsg1/configure.in +=================================================================== +RCS file: /cvs/src/sasl/configure.in,v +retrieving revision 1.195 +retrieving revision 1.196 +diff -u -r1.195 -r1.196 +--- cyrus-sasl-2.1.19.dfsg1/configure.in 2 Jul 2004 19:39:34 -0000 1.195 ++++ cyrus-sasl-2.1.19.dfsg1/configure.in 15 Jul 2004 18:01:57 -0000 1.196 +@@ -1,7 +1,7 @@ + dnl configure.in for the SASL library + dnl Rob Siemborski + dnl Rob Earhart +-dnl $Id: configure.in,v 1.195 2004/07/02 19:39:34 rjs3 Exp $ ++dnl $Id: configure.in,v 1.196 2004/07/15 18:01:57 rjs3 Exp $ + dnl + dnl Copyright (c) 2001 Carnegie Mellon University. All rights reserved. + dnl +@@ -481,13 +481,28 @@ + AC_MSG_RESULT(disabled) + fi + ++dnl Kerberos based Mechanisms + SASL_KERBEROS_V4_CHK + SASL_GSSAPI_CHK +-SASL_PLAIN_CHK + + if test "$gssapi" != "no"; then + AC_DEFINE(STATIC_GSSAPIV2,[],[Link GSSAPI Staticly]) ++ mutex_default="no" ++ if test "$gss_impl" = "mit"; then ++ mutex_default="yes" ++ fi ++ AC_MSG_CHECKING(to use mutexes aroung GSS calls) ++ AC_ARG_ENABLE(gss_mutexes, [ --enable-gss_mutexes use mutexes around calls to the GSS library], ++ use_gss_mutexes=$enableval, ++ use_gss_mutexes=$mutex_default) ++ if test $use_gss_mutexes = "yes"; then ++ AC_DEFINE(GSS_USE_MUTEXES, [], [should we mutex-wrap calls into the GSS library?]) ++ fi ++ AC_MSG_RESULT($use_gss_mutexes) + fi ++ ++dnl PLAIN ++SASL_PLAIN_CHK + + dnl ANONYMOUS + AC_ARG_ENABLE(anon, [ --enable-anon enable ANONYMOUS authentication [yes] ], --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/02_versioned_symbols.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/02_versioned_symbols.diff @@ -0,0 +1,25 @@ +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/lib/Makefile.am ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/lib/Makefile.am +--- ./cyrus-sasl-2.1.19.dfsg1/lib/Makefile.am 2004-07-02 20:39:36.000000000 +0100 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/lib/Makefile.am 2004-07-17 19:07:03.000000000 +0100 +@@ -60,8 +60,8 @@ + lib_LTLIBRARIES = libsasl2.la + + libsasl2_la_SOURCES = $(common_sources) $(common_headers) +-libsasl2_la_LDFLAGS = -version-info $(sasl_version) +-libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) ++libsasl2_la_LDFLAGS = -version-info $(sasl_version) -Wl,--version-script=Versions ++libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) Versions + libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) + + if MACOSX +@@ -92,3 +92,10 @@ + libsasl2.la >TMP.$$ && mv TMP.$$ libsasl2.la + rm -f $@ + ln -s .libs/$@ $@ ++ ++Versions: $(libsasl2_la_OBJECTS) ++ rm -f $@ ++ echo "SASL2 {" > $@ ++ echo " global:" >> $@ ++ nm $(patsubst %.lo,%.o,$(libsasl2_la_OBJECTS)) | grep " [Tt] " | cut -d" " -f3 | sed -e 's/$$/;/' >>$@ ++ echo "};" >> $@ --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/12_pr245818.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/12_pr245818.diff @@ -0,0 +1,24 @@ +diff -urN cyrus-sasl-2.1.19.dfsg1/sasldb/Makefile.am cyrus-sasl-2.1.19.dfsg1.new/sasldb/Makefile.am +--- cyrus-sasl-2.1.19.dfsg1/sasldb/Makefile.am 2004-03-10 09:51:36.000000000 -0600 ++++ cyrus-sasl-2.1.19.dfsg1.new/sasldb/Makefile.am 2004-05-12 23:49:15.000000000 -0500 +@@ -51,20 +51,8 @@ + EXTRA_DIST = NTMakefile + + noinst_LTLIBRARIES = libsasldb.la +-noinst_LIBRARIES = libsasldb.a + + libsasldb_la_SOURCES = allockey.c sasldb.h + EXTRA_libsasldb_la_SOURCES = $(extra_common_sources) + libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) + libsasldb_la_LIBADD = $(SASL_DB_BACKEND) +- +-LOCAL_SASL_DB_BACKEND_STATIC := $(shell echo $(SASL_DB_BACKEND_STATIC) | sed -e "s%\.\./sasldb/%%g") +- +-# Prevent make dist stupidity +-libsasldb_a_SOURCES = +-EXTRA_libsasldb_a_SOURCES = +- +-libsasldb.a: libsasldb.la $(LOCAL_SASL_DB_BACKEND_STATIC) +- $(AR) cru .libs/$@ $(LOCAL_SASL_DB_BACKEND_STATIC) +- +- --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/21_237x_3_sasl_upstream_cvs.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/21_237x_3_sasl_upstream_cvs.diff @@ -0,0 +1,41 @@ +--------------------- +PatchSet 2377 +Date: 2004/09/22 20:35:34 +Author: shadow +Branch: HEAD +Tag: (none) +Log: +don't honor SASL_PATH in setuid environment. from Gentoo. + +Members: + lib/common.c:1.103->1.104 + +Index: cyrus-sasl-2.1.19.dfsg1/lib/common.c +=================================================================== +RCS file: /cvs/src/sasl/lib/common.c,v +retrieving revision 1.103 +retrieving revision 1.104 +diff -u -r1.103 -r1.104 +--- cyrus-sasl-2.1.19.dfsg1/lib/common.c 6 Jul 2004 16:03:05 -0000 1.103 ++++ cyrus-sasl-2.1.19.dfsg1/lib/common.c 22 Sep 2004 21:35:34 -0000 1.104 +@@ -1,7 +1,7 @@ + /* common.c - Functions that are common to server and clinet + * Rob Siemborski + * Tim Martin +- * $Id: common.c,v 1.103 2004/07/06 16:03:05 rjs3 Exp $ ++ * $Id: common.c,v 1.104 2004/09/22 21:35:34 shadow Exp $ + */ + /* + * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. +@@ -1838,7 +1838,10 @@ + if (! path) + return SASL_BADPARAM; + +- *path = getenv(SASL_PATH_ENV_VAR); ++ /* Honor external variable only in a safe environment */ ++ if (getuid() == geteuid() && getgid() == getegid()) ++ *path = getenv(SASL_PATH_ENV_VAR); ++ + if (! *path) + *path = PLUGINDIR; + --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/08_mutex.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/08_mutex.diff @@ -0,0 +1,24 @@ +diff -urN cyrus-sasl-2.1.19.dfsg1/lib/common.c cyrus-sasl-2.1.19.dfsg1.new/lib/common.c +--- cyrus-sasl-2.1.19.dfsg1/lib/common.c 2004-03-10 15:51:35.000000000 +0000 ++++ cyrus-sasl-2.1.19.dfsg1.new/lib/common.c 2004-03-20 21:58:39.000000000 +0000 +@@ -440,7 +440,7 @@ + result = sasl_canonuser_add_plugin("INTERNAL", internal_canonuser_init); + if(result != SASL_OK) return result; + +- if (!free_mutex) ++ if (!free_mutex || free_mutex == 0x1) + free_mutex = sasl_MUTEX_ALLOC(); + if (!free_mutex) return SASL_FAIL; + +@@ -459,6 +459,11 @@ + + /* serialize disposes. this is necessary because we can't + dispose of conn->mutex if someone else is locked on it */ ++ ++ if (! free_mutex || free_mutex == 0x1) ++ free_mutex = sasl_MUTEX_ALLOC(); ++ if (! free_mutex) return SASL_FAIL; ++ + result = sasl_MUTEX_LOCK(free_mutex); + if (result!=SASL_OK) return; + --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/21_237x_2_sasl_upstream_cvs.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/21_237x_2_sasl_upstream_cvs.diff @@ -0,0 +1,312 @@ +--------------------- +PatchSet 2374 +Date: 2004/09/08 09:57:56 +Author: mel +Branch: HEAD +Tag: (none) +Log: +Fixed several 64 bit portability warnings + +Members: + plugins/cram.c:1.84->1.85 + +Index: cyrus-sasl-2.1.19.dfsg1/plugins/cram.c +=================================================================== +RCS file: /cvs/src/sasl/plugins/cram.c,v +retrieving revision 1.84 +retrieving revision 1.85 +diff -u -r1.84 -r1.85 +--- cyrus-sasl-2.1.19.dfsg1/plugins/cram.c 6 Aug 2004 20:29:44 -0000 1.84 ++++ cyrus-sasl-2.1.19.dfsg1/plugins/cram.c 8 Sep 2004 10:57:56 -0000 1.85 +@@ -1,7 +1,7 @@ + /* CRAM-MD5 SASL plugin + * Rob Siemborski + * Tim Martin +- * $Id: cram.c,v 1.84 2004/08/06 20:29:44 shadow Exp $ ++ * $Id: cram.c,v 1.85 2004/09/08 10:57:56 mel Exp $ + */ + /* + * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. +@@ -65,7 +65,7 @@ + + /***************************** Common Section *****************************/ + +-static const char plugin_id[] = "$Id: cram.c,v 1.84 2004/08/06 20:29:44 shadow Exp $"; ++static const char plugin_id[] = "$Id: cram.c,v 1.85 2004/09/08 10:57:56 mel Exp $"; + + /* convert a string of 8bit chars to it's representation in hex + * using lowercase letters +@@ -198,7 +198,7 @@ + sparams->serverFQDN); + + *serverout = text->challenge; +- *serveroutlen = strlen(text->challenge); ++ *serveroutlen = (unsigned) strlen(text->challenge); + + /* free stuff */ + sparams->utils->free(time); +@@ -221,7 +221,7 @@ + char *userid = NULL; + sasl_secret_t *sec = NULL; + int pos; +- unsigned len; ++ size_t len; + int result = SASL_FAIL; + const char *password_request[] = { SASL_AUX_PASSWORD, + "*cmusaslsecretCRAM-MD5", +@@ -286,8 +286,8 @@ + sec = sparams->utils->malloc(sizeof(sasl_secret_t) + len); + if (!sec) goto done; + +- sec->len = len; +- strncpy(sec->data, auxprop_values[0].values[0], len + 1); ++ sec->len = (unsigned) len; ++ strncpy((char *)sec->data, auxprop_values[0].values[0], len + 1); + + clear_md5state = 1; + /* Do precalculation on plaintext secret */ +@@ -317,7 +317,7 @@ + sparams->utils->hmac_md5_import(&tmphmac, (HMAC_MD5_STATE *) &md5state); + sparams->utils->MD5Update(&(tmphmac.ictx), + (const unsigned char *) text->challenge, +- strlen(text->challenge)); ++ (unsigned) strlen(text->challenge)); + sparams->utils->hmac_md5_final((unsigned char *) &digest, &tmphmac); + + /* convert to base 16 with lower case letters */ +@@ -513,7 +513,7 @@ + int auth_result = SASL_OK; + int pass_result = SASL_OK; + int result; +- int maxsize; ++ size_t maxsize; + char *in16 = NULL; + + *clientout = NULL; +@@ -597,13 +597,13 @@ + + maxsize = 32+1+strlen(oparams->authid)+30; + result = _plug_buf_alloc(params->utils, &(text->out_buf), +- &(text->out_buf_len), maxsize); ++ &(text->out_buf_len), (unsigned) maxsize); + if (result != SASL_OK) goto cleanup; + + snprintf(text->out_buf, maxsize, "%s %s", oparams->authid, in16); + + *clientout = text->out_buf; +- *clientoutlen = strlen(*clientout); ++ *clientoutlen = (unsigned) strlen(*clientout); + + /* set oparams */ + oparams->doneflag = 1; +--------------------- +PatchSet 2375 +Date: 2004/09/08 10:10:52 +Author: mel +Branch: HEAD +Tag: (none) +Log: +Fixed several 64 bit portability warnings + +Members: + plugins/anonymous.c:1.50->1.51 + plugins/login.c:1.26->1.27 + plugins/plain.c:1.63->1.64 + plugins/sasldb.c:1.8->1.9 + +Index: cyrus-sasl-2.1.19.dfsg1/plugins/anonymous.c +=================================================================== +RCS file: /cvs/src/sasl/plugins/anonymous.c,v +retrieving revision 1.50 +retrieving revision 1.51 +diff -u -r1.50 -r1.51 +--- cyrus-sasl-2.1.19.dfsg1/plugins/anonymous.c 13 Feb 2003 19:56:03 -0000 1.50 ++++ cyrus-sasl-2.1.19.dfsg1/plugins/anonymous.c 8 Sep 2004 11:10:52 -0000 1.51 +@@ -1,7 +1,7 @@ + /* Anonymous SASL plugin + * Rob Siemborski + * Tim Martin +- * $Id: anonymous.c,v 1.50 2003/02/13 19:56:03 rjs3 Exp $ ++ * $Id: anonymous.c,v 1.51 2004/09/08 11:10:52 mel Exp $ + */ + /* + * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. +@@ -60,7 +60,7 @@ + + /***************************** Common Section *****************************/ + +-static const char plugin_id[] = "$Id: anonymous.c,v 1.50 2003/02/13 19:56:03 rjs3 Exp $"; ++static const char plugin_id[] = "$Id: anonymous.c,v 1.51 2004/09/08 11:10:52 mel Exp $"; + + static const char anonymous_id[] = "anonymous"; + +@@ -233,7 +233,7 @@ + sasl_out_params_t *oparams) + { + client_context_t *text = (client_context_t *) conn_context; +- unsigned userlen; ++ size_t userlen; + char hostname[256]; + const char *user = NULL; + int user_result = SASL_OK; +@@ -308,7 +308,7 @@ + gethostname(hostname, sizeof(hostname)); + hostname[sizeof(hostname)-1] = '\0'; + +- *clientoutlen = userlen + strlen(hostname) + 1; ++ *clientoutlen = (unsigned) (userlen + strlen(hostname) + 1); + + result = _plug_buf_alloc(cparams->utils, &text->out_buf, + &text->out_buf_len, *clientoutlen); +Index: cyrus-sasl-2.1.19.dfsg1/plugins/login.c +=================================================================== +RCS file: /cvs/src/sasl/plugins/login.c,v +retrieving revision 1.26 +retrieving revision 1.27 +diff -u -r1.26 -r1.27 +--- cyrus-sasl-2.1.19.dfsg1/plugins/login.c 25 Jul 2003 16:11:15 -0000 1.26 ++++ cyrus-sasl-2.1.19.dfsg1/plugins/login.c 8 Sep 2004 11:09:10 -0000 1.27 +@@ -2,7 +2,7 @@ + * Rob Siemborski (SASLv2 Conversion) + * contributed by Rainer Schoepf + * based on PLAIN, by Tim Martin +- * $Id: login.c,v 1.26 2003/07/25 16:11:15 ken3 Exp $ ++ * $Id: login.c,v 1.27 2004/09/08 11:09:10 mel Exp $ + */ + /* + * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. +@@ -54,7 +54,7 @@ + + /***************************** Common Section *****************************/ + +-static const char plugin_id[] = "$Id: login.c,v 1.26 2003/07/25 16:11:15 ken3 Exp $"; ++static const char plugin_id[] = "$Id: login.c,v 1.27 2004/09/08 11:09:10 mel Exp $"; + + /***************************** Server Section *****************************/ + +@@ -62,7 +62,7 @@ + int state; + + char *username; +- size_t username_len; ++ unsigned username_len; + } server_context_t; + + static int login_server_mech_new(void *glob_context __attribute__((unused)), +@@ -115,7 +115,7 @@ + if (clientinlen == 0) { + /* demand username */ + +- *serveroutlen = strlen(USERNAME_CHALLENGE); ++ *serveroutlen = (unsigned) strlen(USERNAME_CHALLENGE); + *serverout = USERNAME_CHALLENGE; + + return SASL_CONTINUE; +@@ -142,7 +142,7 @@ + text->username[clientinlen] = '\0'; + + /* demand password */ +- *serveroutlen = strlen(PASSWORD_CHALLENGE); ++ *serveroutlen = (unsigned) strlen(PASSWORD_CHALLENGE); + *serverout = PASSWORD_CHALLENGE; + + text->state = 3; +Index: cyrus-sasl-2.1.19.dfsg1/plugins/plain.c +=================================================================== +RCS file: /cvs/src/sasl/plugins/plain.c,v +retrieving revision 1.63 +retrieving revision 1.64 +diff -u -r1.63 -r1.64 +--- cyrus-sasl-2.1.19.dfsg1/plugins/plain.c 14 Apr 2004 17:51:27 -0000 1.63 ++++ cyrus-sasl-2.1.19.dfsg1/plugins/plain.c 8 Sep 2004 11:06:11 -0000 1.64 +@@ -1,7 +1,7 @@ + /* Plain SASL plugin + * Rob Siemborski + * Tim Martin +- * $Id: plain.c,v 1.63 2004/04/14 17:51:27 ken3 Exp $ ++ * $Id: plain.c,v 1.64 2004/09/08 11:06:11 mel Exp $ + */ + /* + * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. +@@ -57,7 +57,7 @@ + + /***************************** Common Section *****************************/ + +-static const char plugin_id[] = "$Id: plain.c,v 1.63 2004/04/14 17:51:27 ken3 Exp $"; ++static const char plugin_id[] = "$Id: plain.c,v 1.64 2004/09/08 11:06:11 mel Exp $"; + + /***************************** Server Section *****************************/ + +@@ -89,7 +89,7 @@ + const char *author; + const char *authen; + const char *password; +- size_t password_len; ++ unsigned password_len; + unsigned lup=0; + int result; + char *passcopy; +@@ -124,7 +124,7 @@ + password = clientin + lup; + while ((lup < clientinlen) && (clientin[lup] != 0)) ++lup; + +- password_len = clientin + lup - password; ++ password_len = (unsigned) (clientin + lup - password); + + if (lup != clientinlen) { + SETERROR(params->utils, +Index: cyrus-sasl-2.1.19.dfsg1/plugins/sasldb.c +=================================================================== +RCS file: /cvs/src/sasl/plugins/sasldb.c,v +retrieving revision 1.8 +retrieving revision 1.9 +diff -u -r1.8 -r1.9 +--- cyrus-sasl-2.1.19.dfsg1/plugins/sasldb.c 17 Jul 2003 19:04:22 -0000 1.8 ++++ cyrus-sasl-2.1.19.dfsg1/plugins/sasldb.c 8 Sep 2004 11:12:33 -0000 1.9 +@@ -1,7 +1,7 @@ + /* SASL server API implementation + * Rob Siemborski + * Tim Martin +- * $Id: sasldb.c,v 1.8 2003/07/17 19:04:22 ken3 Exp $ ++ * $Id: sasldb.c,v 1.9 2004/09/08 11:12:33 mel Exp $ + */ + /* + * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. +@@ -119,7 +119,7 @@ + } + + sparams->utils->prop_set(sparams->propctx, cur->name, +- value, value_len); ++ value, (unsigned) value_len); + } + + done: +--------------------- +PatchSet 2376 +Date: 2004/09/10 13:07:08 +Author: mel +Branch: HEAD +Tag: (none) +Log: +Fixed several 64 bit portability warnings + +Members: + ChangeLog:1.689->1.690 + +Index: cyrus-sasl-2.1.19.dfsg1/ChangeLog +=================================================================== +RCS file: /cvs/src/sasl/ChangeLog,v +retrieving revision 1.689 +retrieving revision 1.690 +diff -u -r1.689 -r1.690 +--- cyrus-sasl-2.1.19.dfsg1/ChangeLog 29 Jul 2004 19:21:56 -0000 1.689 ++++ cyrus-sasl-2.1.19.dfsg1/ChangeLog 10 Sep 2004 14:07:08 -0000 1.690 +@@ -1,3 +1,8 @@ ++2004-09-08 Alexey Melnikov ++ * plugins/cram.c, plugins/anonymous.c, plugins/login.c, ++ plugins/plain.c, plugins/sasldb.c: Fixed several 64 bit ++ portability warnings ++ + 2004-07-29 Rob Siemborski + * plugins/digestmd5.c: Fix handling of client realm callback + (Alexey Melnikov ) --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/21_237x_1_sasl_upstream_cvs.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/21_237x_1_sasl_upstream_cvs.diff @@ -0,0 +1,51 @@ +--------------------- +PatchSet 2373 +Date: 2004/09/02 14:24:01 +Author: shadow +Branch: HEAD +Tag: (none) +Log: +simple explanation in the code of one possible error you might see in strange +circumstances; i should probably make openssl's des unable to be used if +mit krb5 is being used. + +Members: + plugins/kerberos4.c:1.97->1.98 + +Index: cyrus-sasl-2.1.19.dfsg1/plugins/kerberos4.c +=================================================================== +RCS file: /cvs/src/sasl/plugins/kerberos4.c,v +retrieving revision 1.97 +retrieving revision 1.98 +diff -u -r1.97 -r1.98 +--- cyrus-sasl-2.1.19.dfsg1/plugins/kerberos4.c 6 Feb 2004 17:23:51 -0000 1.97 ++++ cyrus-sasl-2.1.19.dfsg1/plugins/kerberos4.c 2 Sep 2004 15:24:01 -0000 1.98 +@@ -1,7 +1,7 @@ + /* Kerberos4 SASL plugin + * Rob Siemborski + * Tim Martin +- * $Id: kerberos4.c,v 1.97 2004/02/06 17:23:51 rjs3 Exp $ ++ * $Id: kerberos4.c,v 1.98 2004/09/02 15:24:01 shadow Exp $ + */ + /* + * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. +@@ -115,7 +115,7 @@ + + /***************************** Common Section *****************************/ + +-static const char plugin_id[] = "$Id: kerberos4.c,v 1.97 2004/02/06 17:23:51 rjs3 Exp $"; ++static const char plugin_id[] = "$Id: kerberos4.c,v 1.98 2004/09/02 15:24:01 shadow Exp $"; + + #ifndef KEYFILE + #define KEYFILE "/etc/srvtab"; +@@ -237,6 +237,10 @@ + KRB_LOCK_MUTEX(text->utils); + + if (text->sec_type == KRB_SEC_ENCRYPTION) { ++ /* Type incompatibility on 4th arg probably means you're ++ building against krb4 in MIT krb5, but got the OpenSSL ++ headers in your way. You need to not use openssl/des.h with ++ MIT kerberos. */ + len=krb_mk_priv(inblob->data, (text->encode_buf+4), + inblob->curlen, text->init_keysched, + &text->session, &text->ip_local, --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/patches/23_gcc40_static.diff +++ cyrus-sasl2-2.1.19.dfsg1/debian/patches/23_gcc40_static.diff @@ -0,0 +1,12 @@ +diff -Nru3 ./cyrus-sasl-2.1.19.dfsg1/lib/saslint.h ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/lib/saslint.h +--- ./cyrus-sasl-2.1.19.dfsg1/lib/saslint.h 2005-08-24 17:38:52.299266488 -0700 ++++ ../build-tree.new/cyrus-sasl-2.1.19.dfsg1/lib/saslint.h 2005-08-24 17:38:42.804506097 -0700 +@@ -109,8 +109,6 @@ + const char *appname; + } sasl_global_callbacks_t; + +-extern sasl_global_callbacks_t global_callbacks; +- + typedef struct _sasl_external_properties + { + sasl_ssf_t ssf; --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/libsasl2.files +++ cyrus-sasl2-2.1.19.dfsg1/debian/libsasl2.files @@ -0,0 +1,2 @@ +usr/lib/libsasl2.so.* +usr/lib/sasl2/libsasldb* --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/copyright +++ cyrus-sasl2-2.1.19.dfsg1/debian/copyright @@ -0,0 +1,78 @@ +The package was downloaded from +http://ftp.andrew.cmu.edu/pub/cyrus-mail/ + +Author(s): + + Tim Martin wrote, debugged, and + tested most of the code. + + Rob Siemborski wrote and tested the + conversion to the SASLv2 API. + + Ken Murchison worked on the OTP and SRP plugins. + + Rob Earhart wrote the build/installation + procedure, wrote and tested some of the code, and provided + general guidance and coding advice. + + Leif Johansson wrote the GSSAPI plugin, + with contributions from Sam Hartman . + + Alexey Melnikov wrote the first pass of + the DIGEST-MD5 plugin and continues to work on it. + + Rainer Schoepf contributed the LOGIN + plugin, based on Tim Martin's PLAIN plugin. + + Larry Greenfield complained. a lot. + + Chris Newman wrote the initial version + of the SASL API, as well as the version 2 SASL API (documented in + sasl.h, saslutil.h, saslplug.h, and prop.h). + +Copyright: + +/* CMU libsasl + * Tim Martin + * Rob Earhart + * Rob Siemborski + */ +/* + * Copyright (c) 2001 Carnegie Mellon University. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name "Carnegie Mellon University" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For permission or any other legal + * details, please contact + * Office of Technology Transfer + * Carnegie Mellon University + * 5000 Forbes Avenue + * Pittsburgh, PA 15213-3890 + * (412) 268-4387, fax: (412) 268-7395 + * tech-transfer@andrew.cmu.edu + * + * 4. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Computing Services + * at Carnegie Mellon University (http://www.cmu.edu/computing/)." + * + * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE + * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/sasl2-bin.postinst +++ cyrus-sasl2-2.1.19.dfsg1/debian/sasl2-bin.postinst @@ -0,0 +1,22 @@ +#!/bin/sh -e + +PWDIR=/var/run/saslauthd +DBFILE=/etc/sasldb2 + +if [ "$1" = "configure" ]; then + + test -d $PWDIR || mkdir $PWDIR + dpkg-statoverride --list $PWDIR 2>&1 >/dev/null || + dpkg-statoverride --update --add root sasl 710 $PWDIR + + if [ ! -f $DBFILE ]; then + # Creating /etc/sasldb2: + echo 'very_long_secret_password' | \ + saslpasswd2 -c 'no:such:user' + saslpasswd2 -d 'no:such:user' + fi + dpkg-statoverride --list $DBFILE 2>&1 >/dev/null || + dpkg-statoverride --update --add root sasl 660 $DBFILE +fi + +#DEBHELPER# --- cyrus-sasl2-2.1.19.dfsg1.orig/debian/libsasl2-modules.files +++ cyrus-sasl2-2.1.19.dfsg1/debian/libsasl2-modules.files @@ -0,0 +1 @@ +usr/lib/sasl2