!58 [sync] PR-56: 【Mainline】Fix heap corruption

From: @openeuler-sync-bot 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee

0003-Prevent-double-free-of-RC4-context.patch

@@ -1,34 +0,0 @@
-From ca6c587cc9da51235b125a97e841fa786aaad7ff Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo@redhat.com>
-Date: Tue, 16 Apr 2019 10:18:43 -0400
-Subject: [PATCH 3/3] Prevent double free of RC4 context
-
-Signed-off-by: Simo Sorce <simo@redhat.com>
----
- plugins/digestmd5.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c
-index f184c16..df35093 100644
---- a/plugins/digestmd5.c
-+++ b/plugins/digestmd5.c
-@@ -1224,8 +1224,14 @@ static void free_rc4(context_t *text)
- {
-     /* free rc4 context structures */
- 
--    if(text->cipher_enc_context) text->utils->free(text->cipher_enc_context);
--    if(text->cipher_dec_context) text->utils->free(text->cipher_dec_context);
-+    if (text->cipher_enc_context) {
-+        text->utils->free(text->cipher_enc_context);
-+        text->cipher_enc_context = NULL;
-+    }
-+    if (text->cipher_dec_context) {
-+        text->utils->free(text->cipher_dec_context);
-+        text->cipher_dec_context = NULL;
-+    }
- }
- 
- static int init_rc4(context_t *text, 
--- 
-2.7.4
-

backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch

@@ -1,82 +0,0 @@
-From 9eff746c9daecbcc0041b09a5a51ba30738cdcbc Mon Sep 17 00:00:00 2001
-From: Klaus Espenlaub <klaus@espenlaub.com>
-Date: Tue, 8 Feb 2022 20:34:40 +0000
-Subject: [PATCH] CVE-2022-24407 Escape password for SQL insert/update
- commands.
-
-Signed-off-by: Klaus Espenlaub <klaus@espenlaub.com>
----
- plugins/sql.c | 26 +++++++++++++++++++++++---
- 1 file changed, 23 insertions(+), 3 deletions(-)
-
-diff --git a/plugins/sql.c b/plugins/sql.c
-index 31b54a7..6ac81c2 100644
---- a/plugins/sql.c
-+++ b/plugins/sql.c
-@@ -1151,6 +1151,7 @@ static int sql_auxprop_store(void *glob_context,
-     char *statement = NULL;
-     char *escap_userid = NULL;
-     char *escap_realm = NULL;
-+    char *escap_passwd = NULL;
-     const char *cmd;
-     
-     sql_settings_t *settings;
-@@ -1222,6 +1223,11 @@ static int sql_auxprop_store(void *glob_context,
- 			    "Unable to begin transaction\n");
-     }
-     for (cur = to_store; ret == SASL_OK && cur->name; cur++) {
-+	/* Free the buffer, current content is from previous loop. */
-+	if (escap_passwd) {
-+	    sparams->utils->free(escap_passwd);
-+	    escap_passwd = NULL;
-+	}
- 
- 	if (cur->name[0] == '*') {
- 	    continue;
-@@ -1243,19 +1249,32 @@ static int sql_auxprop_store(void *glob_context,
- 	}
- 	sparams->utils->free(statement);
- 
-+	if (cur->values[0]) {
-+	    escap_passwd = (char *)sparams->utils->malloc(strlen(cur->values[0])*2+1);
-+	    if (!escap_passwd) {
-+		ret = SASL_NOMEM;
-+		break;
-+	    }
-+	    settings->sql_engine->sql_escape_str(escap_passwd, cur->values[0]);
-+	}
-+
- 	/* create a statement that we will use */
- 	statement = sql_create_statement(cmd, cur->name, escap_userid,
- 					 escap_realm,
--					 cur->values && cur->values[0] ?
--					 cur->values[0] : SQL_NULL_VALUE,
-+					 escap_passwd ?
-+					 escap_passwd : SQL_NULL_VALUE,
- 					 sparams->utils);
-+	if (!statement) {
-+	    ret = SASL_NOMEM;
-+	    break;
-+	}
- 	
- 	{
- 	    char *log_statement =
- 		sql_create_statement(cmd, cur->name,
- 				     escap_userid,
- 				     escap_realm,
--				     cur->values && cur->values[0] ?
-+				     escap_passwd ?
- 				     "<omitted>" : SQL_NULL_VALUE,
- 				     sparams->utils);
- 	    sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG,
-@@ -1288,6 +1307,7 @@ static int sql_auxprop_store(void *glob_context,
-   done:
-     if (escap_userid) sparams->utils->free(escap_userid);
-     if (escap_realm) sparams->utils->free(escap_realm);
-+    if (escap_passwd) sparams->utils->free(escap_passwd);
-     if (conn) settings->sql_engine->sql_close(conn);
-     if (userid) sparams->utils->free(userid);
-     if (realm) sparams->utils->free(realm);
--- 
-1.8.3.1
-

backport-Fix-earlier-554-commit-to-use-fetch_errno-instead-of.patch

@@ -0,0 +1,27 @@
+From 92be047033d56c29473223c44985592b1290a701 Mon Sep 17 00:00:00 2001
+From: Quanah Gibson-Mount <quanah@symas.com>
+Date: Tue, 3 May 2022 16:31:37 +0000
+Subject: [PATCH] Fix earlier #554 commit to use fetch_errno instead of
+ gdbm_errno
+
+Signed-off-by: Quanah Gibson-Mount <quanah@symas.com>
+---
+ sasldb/db_gdbm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c
+index 5f658ce2..59e8fd74 100644
+--- a/sasldb/db_gdbm.c
++++ b/sasldb/db_gdbm.c
+@@ -119,7 +119,7 @@ int _sasldb_getdata(const sasl_utils_t *utils,
+       } else {
+ 	  utils->seterror(conn, 0,
+ 			  "Couldn't fetch entry from %s: gdbm_errno=%d",
+-			  path, gdbm_errno);
++			  path, fetch_errno);
+ 	  result = SASL_FAIL;
+       }
+       goto cleanup;
+-- 
+2.27.0
+

backport-Fix-heap-corruption.patch

@@ -0,0 +1,33 @@
+From e04a67610adeea29541078cbc9e0cf9dab659e6b Mon Sep 17 00:00:00 2001
+From: Guido Kiener <guido.kiener@rohde-schwarz.com>
+Date: Fri, 1 Dec 2023 16:19:27 +0100
+Subject: [PATCH] Fix heap corruption
+
+Calculation of resultlen is wrong. E.g. if server allows
+only one mechanism SCRAM-SHA-256, the expected string for the
+mechlist_buf is "SCRAM-SHA-256-PLUS SCRAM-SHA-256" with a required
+size of 33 bytes and not 32 bytes.
+Note that (strlen(mysep) * (s_conn->mech_length - 1) * 2) = 0
+when s_conn->mech_length = 1.
+
+Signed-off-by: Guido Kiener <guido.kiener@rohde-schwarz.com>
+---
+ lib/server.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/server.c b/lib/server.c
+index c69e58b8..b44155f4 100644
+--- a/lib/server.c
++++ b/lib/server.c
+@@ -1764,7 +1764,7 @@ int _sasl_server_listmech(sasl_conn_t *conn,
+       INTERROR(conn, SASL_NOMECH);
+ 
+   resultlen = (prefix ? strlen(prefix) : 0)
+-            + (strlen(mysep) * (s_conn->mech_length - 1) * 2)
++            + (strlen(mysep) * (s_conn->mech_length * 2 - 1))
+ 	    + (mech_names_len(s_conn->mech_list) * 2) /* including -PLUS variant */
+ 	    + (s_conn->mech_length * (sizeof("-PLUS") - 1))
+             + (suffix ? strlen(suffix) : 0)
+-- 
+2.33.0
+

backport-Fix-time.h-check.patch

@@ -0,0 +1,60 @@
+From 783804f41bf410e225b8c221f3e963fc34aee478 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Wed, 23 Feb 2022 00:45:15 +0000
+Subject: [PATCH] Fix <time.h> check
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We're conditionally including based on HAVE_TIME_H in a bunch of places,
+but we're not actually checking for time.h, so that's never going to be defined.
+
+While at it, add in a missing include in the cram plugin.
+
+This fixes a bunch of implicit declaration warnings:
+```
+ * cyrus-sasl-2.1.28/lib/saslutil.c:280:3: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/lib/saslutil.c:364:41: warning: implicit declaration of function ‘clock’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/plugins/cram.c:132:7: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/lib/saslutil.c:280:3: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/lib/saslutil.c:364:41: warning: implicit declaration of function ‘clock’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/plugins/cram.c:132:7: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration]
+```
+
+Signed-off-by: Sam James <sam@gentoo.org>
+---
+ configure.ac   | 2 +-
+ plugins/cram.c | 4 ++++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 2d89fdaa..2e1e697d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1231,7 +1231,7 @@ AC_CHECK_HEADERS_ONCE([sys/time.h])
+ 
+ AC_HEADER_DIRENT
+ AC_HEADER_SYS_WAIT
+-AC_CHECK_HEADERS(crypt.h des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h krb5.h)
++AC_CHECK_HEADERS(crypt.h des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h time.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h krb5.h)
+ 
+ IPv6_CHECK_SS_FAMILY()
+ IPv6_CHECK_SA_LEN()
+diff --git a/plugins/cram.c b/plugins/cram.c
+index d02e9baa..695aaa91 100644
+--- a/plugins/cram.c
++++ b/plugins/cram.c
+@@ -53,6 +53,10 @@
+ #endif
+ #include <fcntl.h>
+ 
++#ifdef HAVE_TIME_H
++#include <time.h>
++#endif
++
+ #include <sasl.h>
+ #include <saslplug.h>
+ #include <saslutil.h>
+-- 
+2.41.0.windows.1
+

backport-Use-int-instead-of-char-for-variable-c.patch

@@ -0,0 +1,29 @@
+From 4013caeda28f67980df1bc8fcd95e80135d248e8 Mon Sep 17 00:00:00 2001
+From: yixiangzhike <yixiangzhike007@163.com>
+Date: Mon, 16 Jan 2023 20:28:28 +0800
+Subject: [PATCH] Use int instead of char for variable c
+
+In some systems, char is compiled as unsigned char by default,
+as a result, testsuite always fails in abnormal process.
+
+Signed-off-by: yixiangzhike <yixiangzhike007@163.com>
+---
+ utils/testsuite.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/utils/testsuite.c b/utils/testsuite.c
+index 12da7f74..79e861d2 100644
+--- a/utils/testsuite.c
++++ b/utils/testsuite.c
+@@ -2938,7 +2938,7 @@ void usage(void)
+ 
+ int main(int argc, char **argv)
+ {
+-    char c;
++    int c;
+     int random_tests = -1;
+     int do_all = 0;
+     int skip_do_correct = 0;
+-- 
+2.33.0
+

backport-configure-fix-check-for-dlsym-underscore.patch

@@ -1,28 +0,0 @@
-From 999255e05719f61bdbce8125be2ee774493aa64a Mon Sep 17 00:00:00 2001
-From: Ignacio Casal Quinteiro <qignacio@amazon.com>
-Date: Wed, 3 Mar 2021 09:18:09 +0100
-Subject: [PATCH] configure: fix check for dlsym underscore
-
-The exit function requires to include stdlib otherwise
-this will fail on new versions of MacOS
-
-Signed-off-by: Ignacio Casal Quinteiro <qignacio@amazon.com>
----
- configure.ac | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/configure.ac b/configure.ac
-index a106d35..f3e5ddc 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -216,6 +216,7 @@ if test $sasl_cv_uscore = yes; then
- 	AC_CACHE_VAL(sasl_cv_dlsym_adds_uscore,AC_TRY_RUN( [
- #include <dlfcn.h>
- #include <stdio.h>
-+#include <stdlib.h>
- void foo() { int i=0;}
- int main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY);
-     if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo");
--- 
-1.8.3.1
-

backport-configure.ac-avoid-side-effects-in-AC_CACHE_VAL.patch

@@ -1,37 +0,0 @@
-From 15cbc14aeb4b754b1b3db65f7c892c7deabaab41 Mon Sep 17 00:00:00 2001
-From: Pavel Raiskup <praiskup@redhat.com>
-Date: Thu, 1 Apr 2021 17:17:52 +0200
-Subject: [PATCH] configure.ac: avoid side-effects in AC_CACHE_VAL
-
-In the COMMANDS-TO-SET-IT argument, per Autoconf docs:
-https://www.gnu.org/software/autoconf/manual/autoconf-2.63/html_node/Caching-Results.html
-
-Signed-off-by: Pavel Raiskup <praiskup@redhat.com>
----
- configure.ac | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index f3e5ddc..79c93c8 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -221,11 +221,14 @@ void foo() { int i=0;}
- int main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY);
-     if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo");
-     if(ptr1 && !ptr2) exit(0); } exit(1); } 
--], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no
--	AC_DEFINE(DLSYM_NEEDS_UNDERSCORE, [], [Do we need a leading _ for dlsym?]),
-+], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no,
- 	AC_MSG_WARN(cross-compiler, we'll do our best)))
- 	LIBS="$cmu_save_LIBS"
-       AC_MSG_RESULT($sasl_cv_dlsym_adds_uscore)
-+
-+      if test "$sasl_cv_dlsym_adds_uscore" = no; then
-+        AC_DEFINE(DLSYM_NEEDS_UNDERSCORE, [], [Do we need a leading _ for dlsym?])
-+      fi
-   fi
- fi
- 
--- 
-1.8.3.1
-

backport-configure.ac-properly-quote-macro-arguments.patch

@@ -1,48 +0,0 @@
-From 5664c3f535289ce9efb513a2897991b5c436bb44 Mon Sep 17 00:00:00 2001
-From: Pavel Raiskup <praiskup@redhat.com>
-Date: Thu, 1 Apr 2021 17:26:28 +0200
-Subject: [PATCH] configure.ac: properly quote macro arguments
-
-Autoconf 2.70+ is more picky about the quotation (even though with
-previous versions the arguments should have been quoted, too).  When we
-don't quote macros inside the AC_CACHE_VAL macro - some of the Autoconf
-initialization is wrongly ordered in ./configure script and we keep
-seeing bugs like:
-
-    ./configure: line 2165: ac_fn_c_try_run: command not found
-
-Original report: https://bugzilla.redhat.com/1943013
-
-Signed-off-by: Pavel Raiskup <praiskup@redhat.com>
----
- configure.ac | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 79c93c8..aa0dc38 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -213,7 +213,8 @@ if test $sasl_cv_uscore = yes; then
- 	AC_MSG_CHECKING(whether dlsym adds the underscore for us)
- 	cmu_save_LIBS="$LIBS"
- 	LIBS="$LIBS $SASL_DL_LIB"
--	AC_CACHE_VAL(sasl_cv_dlsym_adds_uscore,AC_TRY_RUN( [
-+	AC_CACHE_VAL([sasl_cv_dlsym_adds_uscore],
-+	             [AC_TRY_RUN([
- #include <dlfcn.h>
- #include <stdio.h>
- #include <stdlib.h>
-@@ -221,8 +222,8 @@ void foo() { int i=0;}
- int main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY);
-     if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo");
-     if(ptr1 && !ptr2) exit(0); } exit(1); } 
--], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no,
--	AC_MSG_WARN(cross-compiler, we'll do our best)))
-+], [sasl_cv_dlsym_adds_uscore=yes], [sasl_cv_dlsym_adds_uscore=no],
-+	[AC_MSG_WARN(cross-compiler, we'll do our best)])])
- 	LIBS="$cmu_save_LIBS"
-       AC_MSG_RESULT($sasl_cv_dlsym_adds_uscore)
- 
--- 
-1.8.3.1
-

backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch

@@ -1,32 +0,0 @@
-From af48f6fec9a7b6374d4153c5db894d4a1f349645 Mon Sep 17 00:00:00 2001
-From: Jonas Jelten <jj@sft.mx>
-Date: Sat, 2 Feb 2019 20:53:37 +0100
-Subject: [PATCH] db_gdbm: fix gdbm_errno overlay from gdbm_close
-
-`gdbm_close` also sets gdbm_errno since version 1.17.
-This leads to a problem in `libsasl` as the `gdbm_close` incovation overlays
-the `gdbm_errno` value which is then later used for the error handling.
----
- sasldb/db_gdbm.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c
-index ee56a6b..c908808 100644
---- a/sasldb/db_gdbm.c
-+++ b/sasldb/db_gdbm.c
-@@ -107,9 +107,11 @@ int _sasldb_getdata(const sasl_utils_t *utils,
-   gkey.dptr = key;
-   gkey.dsize = key_len;
-   gvalue = gdbm_fetch(db, gkey);
-+  int fetch_errno = gdbm_errno;
-+
-   gdbm_close(db);
-   if (! gvalue.dptr) {
--      if (gdbm_errno == GDBM_ITEM_NOT_FOUND) {
-+      if (fetch_errno == GDBM_ITEM_NOT_FOUND) {
-           utils->seterror(conn, SASL_NOLOG,
- 			  "user: %s@%s property: %s not found in %s",
- 			  authid, realm, propName, path);
--- 
-1.8.3.1
-

backport-sample-Rename-dprint-function.patch

@@ -0,0 +1,157 @@
+From b0a587383e0d4e9852ec973accc0854a10b0f128 Mon Sep 17 00:00:00 2001
+From: Bastian Germann <bage@debian.org>
+Date: Fri, 21 Jul 2023 23:20:45 +0200
+Subject: [PATCH] sample: Rename dprint function
+
+The function name collides with a macro defined by glibc for gcc < 4.3
+and clang. Rename to prevent that.
+
+Fixes #657
+
+Signed-off-by: Bastian Germann <bage@debian.org>
+---
+ sample/client.c | 12 ++++++------
+ sample/common.c |  2 +-
+ sample/common.h |  2 +-
+ sample/server.c | 16 ++++++++--------
+ 4 files changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/sample/client.c b/sample/client.c
+index bc8e3dc2..acb289fb 100644
+--- a/sample/client.c
++++ b/sample/client.c
+@@ -252,9 +252,9 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn)
+     int r, c;
+ 
+     /* get the capability list */
+-    dprintf(0, "receiving capability list... ");
++    debug_printf(0, "receiving capability list... ");
+     len = recv_string(in, buf, sizeof buf);
+-    dprintf(0, "%s\n", buf);
++    debug_printf(0, "%s\n", buf);
+ 
+     if (mech) {
+ 	/* make sure that 'mech' appears in 'buf' */
+@@ -273,7 +273,7 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn)
+ 	return -1;
+     }
+     
+-    dprintf(1, "using mechanism %s\n", chosenmech);
++    debug_printf(1, "using mechanism %s\n", chosenmech);
+ 
+     /* we send up to 3 strings;
+        the mechanism chosen, the presence of initial response,
+@@ -287,7 +287,7 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn)
+     }
+ 
+     for (;;) {
+-	dprintf(2, "waiting for server reply...\n");
++	debug_printf(2, "waiting for server reply...\n");
+ 
+ 	c = fgetc(in);
+ 	switch (c) {
+@@ -314,10 +314,10 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn)
+ 	}
+ 
+ 	if (data) {
+-	    dprintf(2, "sending response length %d...\n", len);
++	    debug_printf(2, "sending response length %d...\n", len);
+ 	    send_string(out, data, len);
+ 	} else {
+-	    dprintf(2, "sending null response...\n");
++	    debug_printf(2, "sending null response...\n");
+ 	    send_string(out, "", 0);
+ 	}
+     }
+diff --git a/sample/common.c b/sample/common.c
+index 712549fd..9ae1cc3f 100644
+--- a/sample/common.c
++++ b/sample/common.c
+@@ -127,7 +127,7 @@ int recv_string(FILE *f, char *buf, int buflen)
+ 
+ int debuglevel = 0;
+ 
+-int dprintf(int lvl, const char *fmt, ...)
++int debug_printf(int lvl, const char *fmt, ...)
+ {
+     va_list ap;
+     int ret = 0;
+diff --git a/sample/common.h b/sample/common.h
+index 819d0101..9f53e724 100644
+--- a/sample/common.h
++++ b/sample/common.h
+@@ -43,7 +43,7 @@ extern int send_string(FILE *f, const char *s, int l);
+ extern int recv_string(FILE *f, char *buf, int buflen);
+ 
+ extern int debuglevel;
+-extern int dprintf(int lvl, const char *fmt, ...);
++extern int debug_printf(int lvl, const char *fmt, ...);
+ 
+ extern void saslerr(int why, const char *what);
+ extern void saslfail(int why, const char *what);
+diff --git a/sample/server.c b/sample/server.c
+index 262b0178..43974765 100644
+--- a/sample/server.c
++++ b/sample/server.c
+@@ -227,17 +227,17 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn)
+     
+     /* generate the capability list */
+     if (mech) {
+-	dprintf(2, "forcing use of mechanism %s\n", mech);
++	debug_printf(2, "forcing use of mechanism %s\n", mech);
+ 	data = strdup(mech);
+ 	len = strlen(data);
+     } else {
+ 	int count;
+ 
+-	dprintf(1, "generating client mechanism list... ");
++	debug_printf(1, "generating client mechanism list... ");
+ 	r = sasl_listmech(conn, NULL, NULL, " ", NULL,
+ 			  &data, (unsigned int *) &len, &count);
+ 	if (r != SASL_OK) saslfail(r, "generating mechanism list");
+-	dprintf(1, "%d mechanisms\n", count);
++	debug_printf(1, "%d mechanisms\n", count);
+     }
+ 
+     /* send capability list to client */
+@@ -245,7 +245,7 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn)
+     if (mech)
+ 	free((void *) data);
+ 
+-    dprintf(1, "waiting for client mechanism...\n");
++    debug_printf(1, "waiting for client mechanism...\n");
+     len = recv_string(in, chosenmech, sizeof chosenmech);
+     if (len <= 0) {
+ 	printf("client didn't choose mechanism\n");
+@@ -290,16 +290,16 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn)
+ 
+     while (r == SASL_CONTINUE) {
+ 	if (data) {
+-	    dprintf(2, "sending response length %d...\n", len);
++	    debug_printf(2, "sending response length %d...\n", len);
+ 	    fputc('C', out); /* send CONTINUE to client */
+ 	    send_string(out, data, len);
+ 	} else {
+-	    dprintf(2, "sending null response...\n");
++	    debug_printf(2, "sending null response...\n");
+ 	    fputc('C', out); /* send CONTINUE to client */
+ 	    send_string(out, "", 0);
+ 	}
+ 
+-	dprintf(1, "waiting for client reply...\n");
++	debug_printf(1, "waiting for client reply...\n");
+ 	len = recv_string(in, buf, sizeof buf);
+ 	if (len < 0) {
+ 	    printf("client disconnected\n");
+@@ -324,7 +324,7 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn)
+ 
+     fputc('O', out); /* send OK to client */
+     fflush(out);
+-    dprintf(1, "negotiation complete\n");
++    debug_printf(1, "negotiation complete\n");
+ 
+     r = sasl_getprop(conn, SASL_USERNAME, (const void **) &userid);
+     printf("successful authentication '%s'\n", userid);
+-- 
+2.42.0.windows.2
+

cyrus-sasl.spec

@@ -5,23 +5,21 @@
 %global bootstrap_cyrus_sasl 0
 
 Name: cyrus-sasl
-Version: 2.1.27
-Release: 15
+Version: 2.1.28
+Release: 5
 Summary: The Cyrus SASL API Implementation
 
 License: BSD with advertising
 URL: https://www.cyrusimap.org/sasl/
-Source0: https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-2.1.27/cyrus-sasl-2.1.27.tar.gz
+Source0: https://github.com/cyrusimap/cyrus-sasl/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
 Source1: saslauthd.service
 Source2: saslauthd.sysconfig
 
-Patch0: 0003-Prevent-double-free-of-RC4-context.patch
-Patch1: fix-CVE-2019-19906.patch
-Patch2: backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch
-Patch3: backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
-Patch4: backport-configure-fix-check-for-dlsym-underscore.patch
-Patch5: backport-configure.ac-avoid-side-effects-in-AC_CACHE_VAL.patch  
-Patch6: backport-configure.ac-properly-quote-macro-arguments.patch
+Patch1:  backport-Fix-earlier-554-commit-to-use-fetch_errno-instead-of.patch
+Patch2:  backport-sample-Rename-dprint-function.patch
+Patch3:  backport-Fix-time.h-check.patch
+Patch4:  backport-Use-int-instead-of-char-for-variable-c.patch
+Patch5:  backport-Fix-heap-corruption.patch
 
 BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
 BuildRequires: krb5-devel >= 1.2.2, openssl-devel, pam-devel, pkgconfig
@@ -264,6 +262,21 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}
 
 
 %changelog
+* Thu Dec 19 2024 yixiangzhike <yixiangzhike007@163.com> - 2.1.28-5
+- backport upstream patch to fix heap corruption
+
+* Fri Oct 11 2024 yixiangzhike <yixiangzhike007@163.com> - 2.1.28-4
+- backport upstream patch to fix char overflow
+
+* Sat Jul 27 2024 yanying<201250106@smail.nju.edu.cn> - 2.1.28-3
+- backport fix for time.h check
+
+* Thu Feb 1 2024 liyunfei<liyunfei33@huawei.com> - 2.1.28-2
+- backport fix for dprintf
+
+* Tue Oct 25 2022 yixiangzhike <yixiangzhike007@163.com> - 2.1.28-1
+- update to 2.1.28
+
 * Tue Sep 20 2022 yixiangzhike <yixiangzhike007@163.com> - 2.1.27-15
 - saslauthd always restart with 1s
 

fix-CVE-2019-19906.patch

@@ -1,26 +0,0 @@
-From 58aa420b5a0f5e7e5e88f2228f318fb12da5bb13 Mon Sep 17 00:00:00 2001
-From: guoxiaoqi2 <guoxiaoqi2@huawei.com>
-Date: Tue, 21 Jan 2020 17:59:49 -0500
-Subject: [PATCH] fix CVE-2019-19906
-
-Signed-off-by: guoxiaoqi2 <guoxiaoqi2@huawei.com>
----
- lib/common.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/common.c b/lib/common.c
-index 305311d..445c5d5 100644
---- a/lib/common.c
-+++ b/lib/common.c
-@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
- 
-   if (add==NULL) add = "(null)";
- 
--  addlen=strlen(add); /* only compute once */
-+  addlen=strlen(add)+1; /* only compute once */
-   if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
-     return SASL_NOMEM;
- 
--- 
-1.8.3.1
-