!37 [sync] PR-35: 【openEuler-22.03-LTS-Next】update to 2.1.28

From: @openeuler-sync-bot Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee
2022-10-28 03:09:57 +00:00 · 2022-10-28 03:09:57 +00:00 · 1d843965cc
commit 1d843965cc
parent 53e2e7a240 35a2495202
11 changed files with 34 additions and 297 deletions
--- a/0003-Prevent-double-free-of-RC4-context.patch
+++ b/0003-Prevent-double-free-of-RC4-context.patch
@ -1,34 +0,0 @@
 From ca6c587cc9da51235b125a97e841fa786aaad7ff Mon Sep 17 00:00:00 2001
 From: Simo Sorce <simo@redhat.com>
 Date: Tue, 16 Apr 2019 10:18:43 -0400
 Subject: [PATCH 3/3] Prevent double free of RC4 context
 Signed-off-by: Simo Sorce <simo@redhat.com>
 ---
 plugins/digestmd5.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)
 diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c
 index f184c16..df35093 100644
 --- a/plugins/digestmd5.c
 +++ b/plugins/digestmd5.c
@@ -1224,8 +1224,14 @@ static void free_rc4(context_t *text)
 {
     /* free rc4 context structures */
 -    if(text->cipher_enc_context) text->utils->free(text->cipher_enc_context);
 -    if(text->cipher_dec_context) text->utils->free(text->cipher_dec_context);
 +    if (text->cipher_enc_context) {
 +        text->utils->free(text->cipher_enc_context);
 +        text->cipher_enc_context = NULL;
 +    }
 +    if (text->cipher_dec_context) {
 +        text->utils->free(text->cipher_dec_context);
 +        text->cipher_dec_context = NULL;
 +    }
 }
 static int init_rc4(context_t *text, 
 -- 
 2.7.4
--- a/backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
+++ b/backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
@ -1,82 +0,0 @@
 From 9eff746c9daecbcc0041b09a5a51ba30738cdcbc Mon Sep 17 00:00:00 2001
 From: Klaus Espenlaub <klaus@espenlaub.com>
 Date: Tue, 8 Feb 2022 20:34:40 +0000
 Subject: [PATCH] CVE-2022-24407 Escape password for SQL insert/update
 commands.
 Signed-off-by: Klaus Espenlaub <klaus@espenlaub.com>
 ---
 plugins/sql.c | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)
 diff --git a/plugins/sql.c b/plugins/sql.c
 index 31b54a7..6ac81c2 100644
 --- a/plugins/sql.c
 +++ b/plugins/sql.c
@@ -1151,6 +1151,7 @@ static int sql_auxprop_store(void *glob_context,
     char *statement = NULL;
     char *escap_userid = NULL;
     char *escap_realm = NULL;
 +    char *escap_passwd = NULL;
     const char *cmd;
     sql_settings_t *settings;
@@ -1222,6 +1223,11 @@ static int sql_auxprop_store(void *glob_context,
 			    "Unable to begin transaction\n");
     }
     for (cur = to_store; ret == SASL_OK && cur->name; cur++) {
 +	/* Free the buffer, current content is from previous loop. */
 +	if (escap_passwd) {
 +	    sparams->utils->free(escap_passwd);
 +	    escap_passwd = NULL;
 +	}
 	if (cur->name[0] == '*') {
 	    continue;
@@ -1243,19 +1249,32 @@ static int sql_auxprop_store(void *glob_context,
 	}
 	sparams->utils->free(statement);
 +	if (cur->values[0]) {
 +	    escap_passwd = (char *)sparams->utils->malloc(strlen(cur->values[0])*2+1);
 +	    if (!escap_passwd) {
 +		ret = SASL_NOMEM;
 +		break;
 +	    }
 +	    settings->sql_engine->sql_escape_str(escap_passwd, cur->values[0]);
 +	}
 +
 	/* create a statement that we will use */
 	statement = sql_create_statement(cmd, cur->name, escap_userid,
 					 escap_realm,
 -					 cur->values && cur->values[0] ?
 -					 cur->values[0] : SQL_NULL_VALUE,
 +					 escap_passwd ?
 +					 escap_passwd : SQL_NULL_VALUE,
 					 sparams->utils);
 +	if (!statement) {
 +	    ret = SASL_NOMEM;
 +	    break;
 +	}
 	{
 	    char *log_statement =
 		sql_create_statement(cmd, cur->name,
 				     escap_userid,
 				     escap_realm,
 -				     cur->values && cur->values[0] ?
 +				     escap_passwd ?
 				     "<omitted>" : SQL_NULL_VALUE,
 				     sparams->utils);
 	    sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG,
@@ -1288,6 +1307,7 @@ static int sql_auxprop_store(void *glob_context,
   done:
     if (escap_userid) sparams->utils->free(escap_userid);
     if (escap_realm) sparams->utils->free(escap_realm);
 +    if (escap_passwd) sparams->utils->free(escap_passwd);
     if (conn) settings->sql_engine->sql_close(conn);
     if (userid) sparams->utils->free(userid);
     if (realm) sparams->utils->free(realm);
 -- 
 1.8.3.1
--- a/backport-Fix-earlier-554-commit-to-use-fetch_errno-instead-of.patch
+++ b/backport-Fix-earlier-554-commit-to-use-fetch_errno-instead-of.patch
@ -0,0 +1,27 @@
 From 92be047033d56c29473223c44985592b1290a701 Mon Sep 17 00:00:00 2001
 From: Quanah Gibson-Mount <quanah@symas.com>
 Date: Tue, 3 May 2022 16:31:37 +0000
 Subject: [PATCH] Fix earlier #554 commit to use fetch_errno instead of
 gdbm_errno
 Signed-off-by: Quanah Gibson-Mount <quanah@symas.com>
 ---
 sasldb/db_gdbm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c
 index 5f658ce2..59e8fd74 100644
 --- a/sasldb/db_gdbm.c
 +++ b/sasldb/db_gdbm.c
@@ -119,7 +119,7 @@ int _sasldb_getdata(const sasl_utils_t *utils,
       } else {
 	  utils->seterror(conn, 0,
 			  "Couldn't fetch entry from %s: gdbm_errno=%d",
 -			  path, gdbm_errno);
 +			  path, fetch_errno);
 	  result = SASL_FAIL;
       }
       goto cleanup;
 -- 
 2.27.0
--- a/backport-configure-fix-check-for-dlsym-underscore.patch
+++ b/backport-configure-fix-check-for-dlsym-underscore.patch
@ -1,28 +0,0 @@
 From 999255e05719f61bdbce8125be2ee774493aa64a Mon Sep 17 00:00:00 2001
 From: Ignacio Casal Quinteiro <qignacio@amazon.com>
 Date: Wed, 3 Mar 2021 09:18:09 +0100
 Subject: [PATCH] configure: fix check for dlsym underscore
 The exit function requires to include stdlib otherwise
 this will fail on new versions of MacOS
 Signed-off-by: Ignacio Casal Quinteiro <qignacio@amazon.com>
 ---
 configure.ac | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/configure.ac b/configure.ac
 index a106d35..f3e5ddc 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -216,6 +216,7 @@ if test $sasl_cv_uscore = yes; then
 	AC_CACHE_VAL(sasl_cv_dlsym_adds_uscore,AC_TRY_RUN( [
 #include <dlfcn.h>
 #include <stdio.h>
 +#include <stdlib.h>
 void foo() { int i=0;}
 int main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY);
     if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo");
 -- 
 1.8.3.1
--- a/backport-configure.ac-avoid-side-effects-in-AC_CACHE_VAL.patch
+++ b/backport-configure.ac-avoid-side-effects-in-AC_CACHE_VAL.patch
@ -1,37 +0,0 @@
 From 15cbc14aeb4b754b1b3db65f7c892c7deabaab41 Mon Sep 17 00:00:00 2001
 From: Pavel Raiskup <praiskup@redhat.com>
 Date: Thu, 1 Apr 2021 17:17:52 +0200
 Subject: [PATCH] configure.ac: avoid side-effects in AC_CACHE_VAL
 In the COMMANDS-TO-SET-IT argument, per Autoconf docs:
 https://www.gnu.org/software/autoconf/manual/autoconf-2.63/html_node/Caching-Results.html
 Signed-off-by: Pavel Raiskup <praiskup@redhat.com>
 ---
 configure.ac | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
 diff --git a/configure.ac b/configure.ac
 index f3e5ddc..79c93c8 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -221,11 +221,14 @@ void foo() { int i=0;}
 int main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY);
     if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo");
     if(ptr1 && !ptr2) exit(0); } exit(1); } 
 -], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no
 -	AC_DEFINE(DLSYM_NEEDS_UNDERSCORE, [], [Do we need a leading _ for dlsym?]),
 +], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no,
 	AC_MSG_WARN(cross-compiler, we'll do our best)))
 	LIBS="$cmu_save_LIBS"
       AC_MSG_RESULT($sasl_cv_dlsym_adds_uscore)
 +
 +      if test "$sasl_cv_dlsym_adds_uscore" = no; then
 +        AC_DEFINE(DLSYM_NEEDS_UNDERSCORE, [], [Do we need a leading _ for dlsym?])
 +      fi
   fi
 fi
 -- 
 1.8.3.1
--- a/backport-configure.ac-properly-quote-macro-arguments.patch
+++ b/backport-configure.ac-properly-quote-macro-arguments.patch
@ -1,48 +0,0 @@
 From 5664c3f535289ce9efb513a2897991b5c436bb44 Mon Sep 17 00:00:00 2001
 From: Pavel Raiskup <praiskup@redhat.com>
 Date: Thu, 1 Apr 2021 17:26:28 +0200
 Subject: [PATCH] configure.ac: properly quote macro arguments
 Autoconf 2.70+ is more picky about the quotation (even though with
 previous versions the arguments should have been quoted, too).  When we
 don't quote macros inside the AC_CACHE_VAL macro - some of the Autoconf
 initialization is wrongly ordered in ./configure script and we keep
 seeing bugs like:
    ./configure: line 2165: ac_fn_c_try_run: command not found
 Original report: https://bugzilla.redhat.com/1943013
 Signed-off-by: Pavel Raiskup <praiskup@redhat.com>
 ---
 configure.ac | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
 diff --git a/configure.ac b/configure.ac
 index 79c93c8..aa0dc38 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -213,7 +213,8 @@ if test $sasl_cv_uscore = yes; then
 	AC_MSG_CHECKING(whether dlsym adds the underscore for us)
 	cmu_save_LIBS="$LIBS"
 	LIBS="$LIBS $SASL_DL_LIB"
 -	AC_CACHE_VAL(sasl_cv_dlsym_adds_uscore,AC_TRY_RUN( [
 +	AC_CACHE_VAL([sasl_cv_dlsym_adds_uscore],
 +	             [AC_TRY_RUN([
 #include <dlfcn.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -221,8 +222,8 @@ void foo() { int i=0;}
 int main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY);
     if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo");
     if(ptr1 && !ptr2) exit(0); } exit(1); } 
 -], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no,
 -	AC_MSG_WARN(cross-compiler, we'll do our best)))
 +], [sasl_cv_dlsym_adds_uscore=yes], [sasl_cv_dlsym_adds_uscore=no],
 +	[AC_MSG_WARN(cross-compiler, we'll do our best)])])
 	LIBS="$cmu_save_LIBS"
       AC_MSG_RESULT($sasl_cv_dlsym_adds_uscore)
 -- 
 1.8.3.1
--- a/backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch
+++ b/backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch
@ -1,32 +0,0 @@
 From af48f6fec9a7b6374d4153c5db894d4a1f349645 Mon Sep 17 00:00:00 2001
 From: Jonas Jelten <jj@sft.mx>
 Date: Sat, 2 Feb 2019 20:53:37 +0100
 Subject: [PATCH] db_gdbm: fix gdbm_errno overlay from gdbm_close
 `gdbm_close` also sets gdbm_errno since version 1.17.
 This leads to a problem in `libsasl` as the `gdbm_close` incovation overlays
 the `gdbm_errno` value which is then later used for the error handling.
 ---
 sasldb/db_gdbm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
 diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c
 index ee56a6b..c908808 100644
 --- a/sasldb/db_gdbm.c
 +++ b/sasldb/db_gdbm.c
@@ -107,9 +107,11 @@ int _sasldb_getdata(const sasl_utils_t *utils,
   gkey.dptr = key;
   gkey.dsize = key_len;
   gvalue = gdbm_fetch(db, gkey);
 +  int fetch_errno = gdbm_errno;
 +
   gdbm_close(db);
   if (! gvalue.dptr) {
 -      if (gdbm_errno == GDBM_ITEM_NOT_FOUND) {
 +      if (fetch_errno == GDBM_ITEM_NOT_FOUND) {
           utils->seterror(conn, SASL_NOLOG,
 			  "user: %s@%s property: %s not found in %s",
 			  authid, realm, propName, path);
 -- 
 1.8.3.1
--- a/cyrus-sasl-2.1.27.tar.gz
+++ b/cyrus-sasl-2.1.27.tar.gz
--- a/cyrus-sasl-2.1.28.tar.gz
+++ b/cyrus-sasl-2.1.28.tar.gz
--- a/cyrus-sasl.spec
+++ b/cyrus-sasl.spec
@ -5,23 +5,17 @@
 %global bootstrap_cyrus_sasl 0
 Name: cyrus-sasl
-Version: 2.1.27
+Version: 2.1.28
-Release: 15
+Release: 1
 Summary: The Cyrus SASL API Implementation
 License: BSD with advertising
 URL: https://www.cyrusimap.org/sasl/
-Source0: https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-2.1.27/cyrus-sasl-2.1.27.tar.gz
+Source0: https://github.com/cyrusimap/cyrus-sasl/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
 Source1: saslauthd.service
 Source2: saslauthd.sysconfig
-Patch0: 0003-Prevent-double-free-of-RC4-context.patch
+Patch1:  backport-Fix-earlier-554-commit-to-use-fetch_errno-instead-of.patch
 Patch1: fix-CVE-2019-19906.patch
 Patch2: backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch
 Patch3: backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
 Patch4: backport-configure-fix-check-for-dlsym-underscore.patch
 Patch5: backport-configure.ac-avoid-side-effects-in-AC_CACHE_VAL.patch  
 Patch6: backport-configure.ac-properly-quote-macro-arguments.patch
 BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
 BuildRequires: krb5-devel >= 1.2.2, openssl-devel, pam-devel, pkgconfig
@ -264,6 +258,9 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}
 %changelog
 * Tue Oct 25 2022 yixiangzhike <yixiangzhike007@163.com> - 2.1.28-1
 - update to 2.1.28
 * Tue Sep 20 2022 yixiangzhike <yixiangzhike007@163.com> - 2.1.27-15
 - saslauthd always restart with 1s
--- a/fix-CVE-2019-19906.patch
+++ b/fix-CVE-2019-19906.patch
@ -1,26 +0,0 @@
 From 58aa420b5a0f5e7e5e88f2228f318fb12da5bb13 Mon Sep 17 00:00:00 2001
 From: guoxiaoqi2 <guoxiaoqi2@huawei.com>
 Date: Tue, 21 Jan 2020 17:59:49 -0500
 Subject: [PATCH] fix CVE-2019-19906
 Signed-off-by: guoxiaoqi2 <guoxiaoqi2@huawei.com>
 ---
 lib/common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/lib/common.c b/lib/common.c
 index 305311d..445c5d5 100644
 --- a/lib/common.c
 +++ b/lib/common.c
@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
   if (add==NULL) add = "(null)";
 -  addlen=strlen(add); /* only compute once */
 +  addlen=strlen(add)+1; /* only compute once */
   if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
     return SASL_NOMEM;
 -- 
 1.8.3.1