!37 [sync] PR-35: 【openEuler-22.03-LTS-Next】update to 2.1.28

From: @openeuler-sync-bot Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee
2022-10-28 03:09:57 +00:00 · 2022-10-28 03:09:57 +00:00 · 1d843965cc
commit 1d843965cc
parent 53e2e7a240 35a2495202
11 changed files with 34 additions and 297 deletions
--- a/0003-Prevent-double-free-of-RC4-context.patch
+++ b/0003-Prevent-double-free-of-RC4-context.patch
@ -1,34 +0,0 @@
-From ca6c587cc9da51235b125a97e841fa786aaad7ff Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo@redhat.com>
-Date: Tue, 16 Apr 2019 10:18:43 -0400
-Subject: [PATCH 3/3] Prevent double free of RC4 context
-
-Signed-off-by: Simo Sorce <simo@redhat.com>
---
- plugins/digestmd5.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c
-index f184c16..df35093 100644
--- a/plugins/digestmd5.c
-+++ b/plugins/digestmd5.c
-@@ -1224,8 +1224,14 @@ static void free_rc4(context_t *text)
- {
-     /* free rc4 context structures */
- 
-    if(text->cipher_enc_context) text->utils->free(text->cipher_enc_context);
-    if(text->cipher_dec_context) text->utils->free(text->cipher_dec_context);
-+    if (text->cipher_enc_context) {
-+        text->utils->free(text->cipher_enc_context);
-+        text->cipher_enc_context = NULL;
-+    }
-+    if (text->cipher_dec_context) {
-+        text->utils->free(text->cipher_dec_context);
-+        text->cipher_dec_context = NULL;
-+    }
- }
- 
- static int init_rc4(context_t *text, 
-- 
-2.7.4
-
--- a/backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
+++ b/backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
@ -1,82 +0,0 @@
-From 9eff746c9daecbcc0041b09a5a51ba30738cdcbc Mon Sep 17 00:00:00 2001
-From: Klaus Espenlaub <klaus@espenlaub.com>
-Date: Tue, 8 Feb 2022 20:34:40 +0000
-Subject: [PATCH] CVE-2022-24407 Escape password for SQL insert/update
- commands.
-
-Signed-off-by: Klaus Espenlaub <klaus@espenlaub.com>
---
- plugins/sql.c | 26 +++++++++++++++++++++++---
- 1 file changed, 23 insertions(+), 3 deletions(-)
-
-diff --git a/plugins/sql.c b/plugins/sql.c
-index 31b54a7..6ac81c2 100644
--- a/plugins/sql.c
-+++ b/plugins/sql.c
-@@ -1151,6 +1151,7 @@ static int sql_auxprop_store(void *glob_context,
-     char *statement = NULL;
-     char *escap_userid = NULL;
-     char *escap_realm = NULL;
-+    char *escap_passwd = NULL;
-     const char *cmd;
-     
-     sql_settings_t *settings;
-@@ -1222,6 +1223,11 @@ static int sql_auxprop_store(void *glob_context,
- 			    "Unable to begin transaction\n");
-     }
-     for (cur = to_store; ret == SASL_OK && cur->name; cur++) {
-+	/* Free the buffer, current content is from previous loop. */
-+	if (escap_passwd) {
-+	    sparams->utils->free(escap_passwd);
-+	    escap_passwd = NULL;
-+	}
- 
- 	if (cur->name[0] == '*') {
- 	    continue;
-@@ -1243,19 +1249,32 @@ static int sql_auxprop_store(void *glob_context,
- 	}
- 	sparams->utils->free(statement);
- 
-+	if (cur->values[0]) {
-+	    escap_passwd = (char *)sparams->utils->malloc(strlen(cur->values[0])*2+1);
-+	    if (!escap_passwd) {
-+		ret = SASL_NOMEM;
-+		break;
-+	    }
-+	    settings->sql_engine->sql_escape_str(escap_passwd, cur->values[0]);
-+	}
-+
- 	/* create a statement that we will use */
- 	statement = sql_create_statement(cmd, cur->name, escap_userid,
- 					 escap_realm,
-					 cur->values && cur->values[0] ?
-					 cur->values[0] : SQL_NULL_VALUE,
-+					 escap_passwd ?
-+					 escap_passwd : SQL_NULL_VALUE,
- 					 sparams->utils);
-+	if (!statement) {
-+	    ret = SASL_NOMEM;
-+	    break;
-+	}
- 	
- 	{
- 	    char *log_statement =
- 		sql_create_statement(cmd, cur->name,
- 				     escap_userid,
- 				     escap_realm,
-				     cur->values && cur->values[0] ?
-+				     escap_passwd ?
- 				     "<omitted>" : SQL_NULL_VALUE,
- 				     sparams->utils);
- 	    sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG,
-@@ -1288,6 +1307,7 @@ static int sql_auxprop_store(void *glob_context,
-   done:
-     if (escap_userid) sparams->utils->free(escap_userid);
-     if (escap_realm) sparams->utils->free(escap_realm);
-+    if (escap_passwd) sparams->utils->free(escap_passwd);
-     if (conn) settings->sql_engine->sql_close(conn);
-     if (userid) sparams->utils->free(userid);
-     if (realm) sparams->utils->free(realm);
-- 
-1.8.3.1
-
--- a/backport-Fix-earlier-554-commit-to-use-fetch_errno-instead-of.patch
+++ b/backport-Fix-earlier-554-commit-to-use-fetch_errno-instead-of.patch
@ -0,0 +1,27 @@
+From 92be047033d56c29473223c44985592b1290a701 Mon Sep 17 00:00:00 2001
+From: Quanah Gibson-Mount <quanah@symas.com>
+Date: Tue, 3 May 2022 16:31:37 +0000
+Subject: [PATCH] Fix earlier #554 commit to use fetch_errno instead of
+ gdbm_errno
+
+Signed-off-by: Quanah Gibson-Mount <quanah@symas.com>
+---
+ sasldb/db_gdbm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c
+index 5f658ce2..59e8fd74 100644
+--- a/sasldb/db_gdbm.c
+++ b/sasldb/db_gdbm.c
+@@ -119,7 +119,7 @@ int _sasldb_getdata(const sasl_utils_t *utils,
+       } else {
+ 	  utils->seterror(conn, 0,
+ 			  "Couldn't fetch entry from %s: gdbm_errno=%d",
+-			  path, gdbm_errno);
+			  path, fetch_errno);
+ 	  result = SASL_FAIL;
+       }
+       goto cleanup;
+-- 
+2.27.0
+
--- a/backport-configure-fix-check-for-dlsym-underscore.patch
+++ b/backport-configure-fix-check-for-dlsym-underscore.patch
@ -1,28 +0,0 @@
-From 999255e05719f61bdbce8125be2ee774493aa64a Mon Sep 17 00:00:00 2001
-From: Ignacio Casal Quinteiro <qignacio@amazon.com>
-Date: Wed, 3 Mar 2021 09:18:09 +0100
-Subject: [PATCH] configure: fix check for dlsym underscore
-
-The exit function requires to include stdlib otherwise
-this will fail on new versions of MacOS
-
-Signed-off-by: Ignacio Casal Quinteiro <qignacio@amazon.com>
---
- configure.ac | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/configure.ac b/configure.ac
-index a106d35..f3e5ddc 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -216,6 +216,7 @@ if test $sasl_cv_uscore = yes; then
- 	AC_CACHE_VAL(sasl_cv_dlsym_adds_uscore,AC_TRY_RUN( [
- #include <dlfcn.h>
- #include <stdio.h>
-+#include <stdlib.h>
- void foo() { int i=0;}
- int main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY);
-     if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo");
-- 
-1.8.3.1
-
--- a/backport-configure.ac-avoid-side-effects-in-AC_CACHE_VAL.patch
+++ b/backport-configure.ac-avoid-side-effects-in-AC_CACHE_VAL.patch
@ -1,37 +0,0 @@
-From 15cbc14aeb4b754b1b3db65f7c892c7deabaab41 Mon Sep 17 00:00:00 2001
-From: Pavel Raiskup <praiskup@redhat.com>
-Date: Thu, 1 Apr 2021 17:17:52 +0200
-Subject: [PATCH] configure.ac: avoid side-effects in AC_CACHE_VAL
-
-In the COMMANDS-TO-SET-IT argument, per Autoconf docs:
-https://www.gnu.org/software/autoconf/manual/autoconf-2.63/html_node/Caching-Results.html
-
-Signed-off-by: Pavel Raiskup <praiskup@redhat.com>
---
- configure.ac | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index f3e5ddc..79c93c8 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -221,11 +221,14 @@ void foo() { int i=0;}
- int main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY);
-     if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo");
-     if(ptr1 && !ptr2) exit(0); } exit(1); } 
-], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no
-	AC_DEFINE(DLSYM_NEEDS_UNDERSCORE, [], [Do we need a leading _ for dlsym?]),
-+], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no,
- 	AC_MSG_WARN(cross-compiler, we'll do our best)))
- 	LIBS="$cmu_save_LIBS"
-       AC_MSG_RESULT($sasl_cv_dlsym_adds_uscore)
-+
-+      if test "$sasl_cv_dlsym_adds_uscore" = no; then
-+        AC_DEFINE(DLSYM_NEEDS_UNDERSCORE, [], [Do we need a leading _ for dlsym?])
-+      fi
-   fi
- fi
- 
-- 
-1.8.3.1
-
--- a/backport-configure.ac-properly-quote-macro-arguments.patch
+++ b/backport-configure.ac-properly-quote-macro-arguments.patch
@ -1,48 +0,0 @@
-From 5664c3f535289ce9efb513a2897991b5c436bb44 Mon Sep 17 00:00:00 2001
-From: Pavel Raiskup <praiskup@redhat.com>
-Date: Thu, 1 Apr 2021 17:26:28 +0200
-Subject: [PATCH] configure.ac: properly quote macro arguments
-
-Autoconf 2.70+ is more picky about the quotation (even though with
-previous versions the arguments should have been quoted, too).  When we
-don't quote macros inside the AC_CACHE_VAL macro - some of the Autoconf
-initialization is wrongly ordered in ./configure script and we keep
-seeing bugs like:
-
-    ./configure: line 2165: ac_fn_c_try_run: command not found
-
-Original report: https://bugzilla.redhat.com/1943013
-
-Signed-off-by: Pavel Raiskup <praiskup@redhat.com>
---
- configure.ac | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 79c93c8..aa0dc38 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -213,7 +213,8 @@ if test $sasl_cv_uscore = yes; then
- 	AC_MSG_CHECKING(whether dlsym adds the underscore for us)
- 	cmu_save_LIBS="$LIBS"
- 	LIBS="$LIBS $SASL_DL_LIB"
-	AC_CACHE_VAL(sasl_cv_dlsym_adds_uscore,AC_TRY_RUN( [
-+	AC_CACHE_VAL([sasl_cv_dlsym_adds_uscore],
-+	             [AC_TRY_RUN([
- #include <dlfcn.h>
- #include <stdio.h>
- #include <stdlib.h>
-@@ -221,8 +222,8 @@ void foo() { int i=0;}
- int main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY);
-     if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo");
-     if(ptr1 && !ptr2) exit(0); } exit(1); } 
-], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no,
-	AC_MSG_WARN(cross-compiler, we'll do our best)))
-+], [sasl_cv_dlsym_adds_uscore=yes], [sasl_cv_dlsym_adds_uscore=no],
-+	[AC_MSG_WARN(cross-compiler, we'll do our best)])])
- 	LIBS="$cmu_save_LIBS"
-       AC_MSG_RESULT($sasl_cv_dlsym_adds_uscore)
- 
-- 
-1.8.3.1
-
--- a/backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch
+++ b/backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch
@ -1,32 +0,0 @@
-From af48f6fec9a7b6374d4153c5db894d4a1f349645 Mon Sep 17 00:00:00 2001
-From: Jonas Jelten <jj@sft.mx>
-Date: Sat, 2 Feb 2019 20:53:37 +0100
-Subject: [PATCH] db_gdbm: fix gdbm_errno overlay from gdbm_close
-
-`gdbm_close` also sets gdbm_errno since version 1.17.
-This leads to a problem in `libsasl` as the `gdbm_close` incovation overlays
-the `gdbm_errno` value which is then later used for the error handling.
---
- sasldb/db_gdbm.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c
-index ee56a6b..c908808 100644
--- a/sasldb/db_gdbm.c
-+++ b/sasldb/db_gdbm.c
-@@ -107,9 +107,11 @@ int _sasldb_getdata(const sasl_utils_t *utils,
-   gkey.dptr = key;
-   gkey.dsize = key_len;
-   gvalue = gdbm_fetch(db, gkey);
-+  int fetch_errno = gdbm_errno;
-+
-   gdbm_close(db);
-   if (! gvalue.dptr) {
-      if (gdbm_errno == GDBM_ITEM_NOT_FOUND) {
-+      if (fetch_errno == GDBM_ITEM_NOT_FOUND) {
-           utils->seterror(conn, SASL_NOLOG,
- 			  "user: %s@%s property: %s not found in %s",
- 			  authid, realm, propName, path);
-- 
-1.8.3.1
-
--- a/cyrus-sasl-2.1.27.tar.gz
+++ b/cyrus-sasl-2.1.27.tar.gz
--- a/cyrus-sasl-2.1.28.tar.gz
+++ b/cyrus-sasl-2.1.28.tar.gz
--- a/cyrus-sasl.spec
+++ b/cyrus-sasl.spec
@ -5,23 +5,17 @@
 %global bootstrap_cyrus_sasl 0

 Name: cyrus-sasl
-Version: 2.1.27
-Release: 15
+Version: 2.1.28
+Release: 1
 Summary: The Cyrus SASL API Implementation

 License: BSD with advertising
 URL: https://www.cyrusimap.org/sasl/
-Source0: https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-2.1.27/cyrus-sasl-2.1.27.tar.gz
+Source0: https://github.com/cyrusimap/cyrus-sasl/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
 Source1: saslauthd.service
 Source2: saslauthd.sysconfig

-Patch0: 0003-Prevent-double-free-of-RC4-context.patch
-Patch1: fix-CVE-2019-19906.patch
-Patch2: backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch
-Patch3: backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
-Patch4: backport-configure-fix-check-for-dlsym-underscore.patch
-Patch5: backport-configure.ac-avoid-side-effects-in-AC_CACHE_VAL.patch  
-Patch6: backport-configure.ac-properly-quote-macro-arguments.patch
+Patch1:  backport-Fix-earlier-554-commit-to-use-fetch_errno-instead-of.patch

 BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
 BuildRequires: krb5-devel >= 1.2.2, openssl-devel, pam-devel, pkgconfig
@ -264,6 +258,9 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}


 %changelog
+* Tue Oct 25 2022 yixiangzhike <yixiangzhike007@163.com> - 2.1.28-1
+- update to 2.1.28
+
 * Tue Sep 20 2022 yixiangzhike <yixiangzhike007@163.com> - 2.1.27-15
 - saslauthd always restart with 1s

--- a/fix-CVE-2019-19906.patch
+++ b/fix-CVE-2019-19906.patch
@ -1,26 +0,0 @@
-From 58aa420b5a0f5e7e5e88f2228f318fb12da5bb13 Mon Sep 17 00:00:00 2001
-From: guoxiaoqi2 <guoxiaoqi2@huawei.com>
-Date: Tue, 21 Jan 2020 17:59:49 -0500
-Subject: [PATCH] fix CVE-2019-19906
-
-Signed-off-by: guoxiaoqi2 <guoxiaoqi2@huawei.com>
---
- lib/common.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/common.c b/lib/common.c
-index 305311d..445c5d5 100644
--- a/lib/common.c
-+++ b/lib/common.c
-@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
- 
-   if (add==NULL) add = "(null)";
- 
-  addlen=strlen(add); /* only compute once */
-+  addlen=strlen(add)+1; /* only compute once */
-   if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
-     return SASL_NOMEM;
- 
-- 
-1.8.3.1
-