Upgrade courier-authlib to version 0.61.0 in order to fix CVE-2008-2667,

finally. While here, fix PLIST and depkglint a bit. Also, fix the horrid abuse of libtool. Changes since 0.60.2: * courier-authlib.spec: Dummy provides: for symlinks, to allow upgrade with older packages that require <libname>.so.0. * Makefile.am: Switch to versionless shared libraries. Install all shared libraries just as <libname>.so. make install manually removes *.so.0.0 files that were left over from previous versions, and installs a temporary *.so.0 symlink to *.so, for temporary binary ABI compatibility with 0.60. The symlinks will be removed in 0.62. * Cleanup: always compile md5, sha* and hmac stuff, and remove all conditionally-compiled cruft. Move SASL list to an internal header. Add client-side support for AUTH EXTERNAL. * authsasl.c (auth_sasl_ex): auth_sasl_ex() supercedes auth_sasl(), invokes auth_sasl() for non-EXTERNAL SASL methods, implements EXTERNAL by going through the motions, then setting up a dummy authentication request. * authdaemon.c (auth_generic): Check for the dummy EXTERNAL authentication request, and handle it by invoking auth_getuserinfo(), rather than sending it down the pipe. This avoid having to implement a stub in every authentication module. * authmysqllib.c: Use mysql_set_character_set() instead of SET NAMES * authmysqllib.c: Fix domain-less queries. * Makefile: Drop the unmaintained authvchkpw module. * authmysqllib.c: Cleanup. Use mysql_real_escape_string instead of crude filtering. * Makefile.am: Use _LIBADD properly. * configure.in: More portability fixes.
author: tonnerre <tonnerre@pkgsrc.org> 2008-09-28 22:15:30 +0000
committer: tonnerre <tonnerre@pkgsrc.org> 2008-09-28 22:15:30 +0000
commit: 46723b3a66e73ee8da8bfd861dfd5bb0cde7db1b (patch)
tree: 54c4df3531351c8be558cd9e27bf8c5cf3759ab4 /security
parent: 7143ed12d22abb86326998b6896de71749e1233f (diff)
download: pkgsrc-46723b3a66e73ee8da8bfd861dfd5bb0cde7db1b.tar.gz
5 files changed, 95 insertions, 61 deletions
diff --git a/security/courier-authlib/Makefile b/security/courier-authlib/Makefile
index f884cac6693..b66c3af553d 100644
--- a/security/courier-authlib/Makefile
+++ b/security/courier-authlib/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.28 2008/02/18 20:26:33 jlam Exp $
+# $NetBSD: Makefile,v 1.29 2008/09/28 22:15:30 tonnerre Exp $
 
 .include "Makefile.common"
 
-DISTNAME=	courier-authlib-0.60.2
-PKGREVISION=	1
+DISTNAME=	courier-authlib-0.61.0
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=courier/}
 EXTRACT_SUFX=	.tar.bz2
@@ -22,18 +21,22 @@ CONFLICTS+=	courier-authpgsql-[0-9]*
 PKG_DESTDIR_SUPPORT=	user-destdir
 
 USE_LIBTOOL=		yes
+LIBTOOLIZE_PLIST=	yes
 PKG_SYSCONFSUBDIR=	authlib
 
 REPLACE_PERL=		samplepipe.pl sysconftool
 
 USE_LANGUAGES=		c c++
 USE_TOOLS+=		cat:run gmake perl:run
-CONFIGURE_ENV+=		CAT=${TOOLS_CAT:Q}		# makedat
+CONFIGURE_ENV+=		CAT=${TOOLS_CAT}		# makedat
 
-CONFIGURE_ARGS+=	--localstatedir=${VARBASE:Q}
-CONFIGURE_ARGS+=	--with-pkgconfdir=${PKG_SYSCONFDIR:Q}
+BUILD_DEFS+=		VARBASE
+CONFIGURE_ARGS+=	--localstatedir=${VARBASE}
+CONFIGURE_ARGS+=	--with-pkgconfdir=${PKG_SYSCONFDIR}
 CONFIGURE_ARGS+=	--without-stdheaderdir
 
+.include "../../mk/bsd.prefs.mk"
+
 AUTHDAEMONVAR?=		${VARBASE}/authdaemon
 CONFIGURE_ARGS+=	--with-authdaemonvar=${AUTHDAEMONVAR:Q}
 OWN_DIRS_PERMS=		${AUTHDAEMONVAR} ${COURIER_USER} ${COURIER_GROUP} 0750
@@ -43,15 +46,15 @@ FILES_SUBST+=		AUTHDAEMONVAR=${AUTHDAEMONVAR:Q}
 # application (sqwebmail).  Assume that it's installed in the same prefix
 # as courier-authlib.
 #
-CONFIGURE_ENV+=		EXPECT=${PREFIX:Q}/bin/expect
+CONFIGURE_ENV+=		EXPECT=${PREFIX}/bin/expect
 CHECK_INTERPRETER_SKIP=	libexec/courier-authlib/authsystem.passwd
 
 AUTHLIBDIR=		lib/courier-authlib
 AUTHLIBEXECDIR=		libexec/courier-authlib
 AUTHEXAMPLEDIR=		share/examples/courier-authlib
 AUTHDOCDIR=		share/doc/courier-authlib
-FILES_SUBST+=		AUTHLIBEXECDIR=${AUTHLIBEXECDIR:Q}
-FILES_SUBST+=		AUTHEXAMPLEDIR=${AUTHEXAMPLEDIR:Q}
+FILES_SUBST+=		AUTHLIBEXECDIR=${AUTHLIBEXECDIR}
+FILES_SUBST+=		AUTHEXAMPLEDIR=${AUTHEXAMPLEDIR}
 
 PKG_SYSCONFSUBDIR?=	courier
 
@@ -75,14 +78,14 @@ POST_INSTALL_TARGETS=	post-install-common post-install-authdaemon
 .include "options.mk"
 .include "../../devel/libltdl/buildlink3.mk"
 
-.for _file_ in ${GEN_FILES}
-CONF_FILES_PERMS+=	${EGDIR}/${_file_}.dist ${PKG_SYSCONFDIR}/${_file_} \
+.for file in ${GEN_FILES}
+CONF_FILES_PERMS+=	${EGDIR}/${file}.dist ${PKG_SYSCONFDIR}/${file} \
 			${COURIER_USER} ${COURIER_GROUP} 0660
 .endfor
 
-.for _file_ in ${AUTHLIB_PLIST}
-GENERATE_PLIST+=	${TEST} -f ${DESTDIR}${PREFIX}/${_file_} &&	\
-			${ECHO} "${_file_}";
+.for file in ${AUTHLIB_PLIST}
+GENERATE_PLIST+=	${TEST} -f ${DESTDIR}${PREFIX}/${file} &&	\
+			${ECHO} "${file}";
 .endfor
 .if !empty(AUTHLIB_PLIST:M${AUTHEXAMPLEDIR}/*)
 GENERATE_PLIST+=	${ECHO} "@dirrm ${AUTHEXAMPLEDIR}";
diff --git a/security/courier-authlib/PLIST b/security/courier-authlib/PLIST
index e64cd774318..1d122cdd151 100644
--- a/security/courier-authlib/PLIST
+++ b/security/courier-authlib/PLIST
@@ -1,16 +1,21 @@
-@comment $NetBSD: PLIST,v 1.6 2007/08/10 17:57:21 jlam Exp $
+@comment $NetBSD: PLIST,v 1.7 2008/09/28 22:15:30 tonnerre Exp $
 bin/courierauthconfig
 include/courier_auth_config.h
 include/courierauth.h
 include/courierauthdebug.h
 include/courierauthsasl.h
 include/courierauthsaslclient.h
+lib/courier-authlib/libauthpam.la
+lib/courier-authlib/libauthpipe.la
+lib/courier-authlib/libauthpwd.la
+lib/courier-authlib/libauthuserdb.la
 lib/courier-authlib/libcourierauth.la
 lib/courier-authlib/libcourierauthcommon.la
 lib/courier-authlib/libcourierauthsasl.la
 lib/courier-authlib/libcourierauthsaslclient.la
 libexec/courier-authlib/authdaemond
 libexec/courier-authlib/authsystem.passwd
+libexec/courier-authlib/makedatprog
 man/man1/authpasswd.1
 man/man1/authtest.1
 man/man1/courierlogger.1
@@ -30,9 +35,20 @@ sbin/authenumerate
 sbin/authpasswd
 sbin/authtest
 sbin/courierlogger
+sbin/makeuserdb
+sbin/pw2userdb
 sbin/sysconftool
+sbin/userdb
+sbin/userdb-test-cram-md5
+sbin/userdbpw
 share/doc/courier-authlib/INSTALL.html
 share/doc/courier-authlib/README.authdebug.html
 share/doc/courier-authlib/README.html
 share/doc/courier-authlib/README_authlib.html
+share/examples/courier-authlib/authdaemonrc.dist
+share/examples/courier-authlib/samplepipe.pl
 share/examples/rc.d/authdaemond
+@dirrm share/examples/courier-authlib
+@dirrm share/doc/courier-authlib
+@dirrm libexec/courier-authlib
+@dirrm lib/courier-authlib
diff --git a/security/courier-authlib/distinfo b/security/courier-authlib/distinfo
index fda88cf9be7..90a938d92db 100644
--- a/security/courier-authlib/distinfo
+++ b/security/courier-authlib/distinfo
@@ -1,8 +1,7 @@
-$NetBSD: distinfo,v 1.11 2007/10/15 15:37:01 jlam Exp $
+$NetBSD: distinfo,v 1.12 2008/09/28 22:15:30 tonnerre Exp $
 
-SHA1 (courier-authlib-0.60.2.tar.bz2) = cd5969075de212ecfb406ffb1ac974ea939ddcc0
-RMD160 (courier-authlib-0.60.2.tar.bz2) = bdf6d68b7b6a5c6d13079477d83312f98dd7bd31
-Size (courier-authlib-0.60.2.tar.bz2) = 2158473 bytes
-SHA1 (patch-aa) = d7c863f698886753ac2be31c5ee0c3f56215b2b0
+SHA1 (courier-authlib-0.61.0.tar.bz2) = 0caf0f435411124b02fe2594b39feceff5b23159
+RMD160 (courier-authlib-0.61.0.tar.bz2) = 91fb8ac8960659b7cc4ea9574e1af11fa8f7dc86
+Size (courier-authlib-0.61.0.tar.bz2) = 2174172 bytes
+SHA1 (patch-aa) = ef77c9c240659f2a553735dcc8ec27bfb144f973
 SHA1 (patch-ab) = 7d9ffb781102b998a9bd5c9c7ec3d04aa44770d3
-SHA1 (patch-ad) = 01207ac33e17771c11ae94bf2d93e628a31ce448
diff --git a/security/courier-authlib/patches/patch-aa b/security/courier-authlib/patches/patch-aa
index 3da3f707ef7..fb2085d730f 100644
--- a/security/courier-authlib/patches/patch-aa
+++ b/security/courier-authlib/patches/patch-aa
@@ -1,17 +1,53 @@
-$NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $
+$NetBSD: patch-aa,v 1.6 2008/09/28 22:15:30 tonnerre Exp $
 
---- Makefile.in.orig	Sat Sep 29 14:43:44 2007
+--- Makefile.in.orig	2008-07-12 21:41:08.000000000 +0200
 +++ Makefile.in
-@@ -491,7 +491,7 @@ libcourierauthcommon_la_SOURCES = \
+@@ -453,7 +453,7 @@ CLEANFILES = authldaprc.h authmysqlrc.h 
+ 
+ DISTCLEANFILES = dbobj.config README_authlib.html
+ commonlibdep = libcourierauthcommon.la
+-commonldflags = -module -rpath $(pkglibdir) -export-symbols-regex 'courier_auth.*_init' -avoid-version
++commonldflags = -module -rpath $(pkglibdir) -export-symbols-regex 'courier_auth.*_init'
+ commonlibadd = libcourierauthcommon.la
+ libcourierauthcommon_t = @CRYPTLIBS@
+ libcourierauthcommon_la_SOURCES = \
+@@ -468,7 +468,7 @@ libcourierauthcommon_la_SOURCES = \
  
  libcourierauthcommon_la_DEPENDENCIES = libcourierauth.la
  libcourierauthcommon_la_LIBADD = libcourierauth.la
--libcourierauthcommon_la_LDFLAGS = $(libcourierauthcommon_t:%=-Wl,%)
+-libcourierauthcommon_la_LDFLAGS = $(libcourierauthcommon_t:%=-Wl,%) -avoid-version
 +libcourierauthcommon_la_LDFLAGS = $(libcourierauthcommon_t)
  libcourierauth_la_SOURCES = authdaemon.c authdaemonlib.c preauthdaemon.c \
  	authmoduser2.c authmoduser3.c debug.c \
  	courierauthdebug.h \
-@@ -643,9 +643,9 @@ authdaemondprog_DEPENDENCIES = libcourie
+@@ -477,7 +477,7 @@ libcourierauth_la_SOURCES = authdaemon.c
+ libcourierauth_la_LIBADD = libhmac/libhmac.la md5/libmd5.la sha1/libsha1.la numlib/libnumlib.la \
+ 	random128/librandom128.la rfc822/libencode.la
+ 
+-libcourierauth_la_LDFLAGS = @NETLIBS@ -avoid-version
++libcourierauth_la_LDFLAGS = @NETLIBS@
+ 
+ # The userdb module
+ libauthuserdb_t = userdb/libuserdb.la @dblibrary@ @LIBGDBM@ @LIBDB@
+@@ -569,7 +569,7 @@ libcourierauthsasl_la_SOURCES = \
+ 	authsaslfrombase64.c authsasltobase64.c
+ 
+ libcourierauthsasl_la_LIBADD = libcourierauth.la
+-libcourierauthsasl_la_LDFLAGS = -export-symbols-regex '^auth_sasl|auth_sasl_ex$$' -avoid-version
++libcourierauthsasl_la_LDFLAGS = -export-symbols-regex '^auth_sasl|auth_sasl_ex$$'
+ libcourierauthsaslclient_la_SOURCES = courierauthsaslclient.h \
+ 	authsaslclient.c authsaslclient.h authsaslclientcram.c \
+ 	authsaslclientcrammd5.c authsaslclientcramsha1.c \
+@@ -578,7 +578,7 @@ libcourierauthsaslclient_la_SOURCES = co
+ 	authsaslfrombase64.c authsasltobase64.c
+ 
+ libcourierauthsaslclient_la_LIBADD = libcourierauth.la
+-libcourierauthsaslclient_la_LDFLAGS = -export-symbols-regex '^auth_sasl_client$$' -avoid-version
++libcourierauthsaslclient_la_LDFLAGS = -export-symbols-regex '^auth_sasl_client$$'
+ include_HEADERS = courier_auth_config.h courierauth.h courierauthsasl.h \
+ 	courierauthsaslclient.h courierauthdebug.h
+ 
+@@ -609,9 +609,9 @@ authdaemondprog_DEPENDENCIES = libcourie
  
  authdaemondprog_LDADD = $(LIBLTDL) libcourierauthcommon.la liblock/liblock.la \
  	libhmac/libhmac.la md5/libmd5.la sha1/libsha1.la \
@@ -23,13 +59,7 @@ $NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $
  authdaemontest_SOURCES = authdaemontest.c
  authdaemontest_DEPENDENCIES = libcourierauthcommon.la
  authdaemontest_LDADD = libcourierauthcommon.la @NETLIBS@
-@@ -1549,19 +1549,19 @@ authvchkpw.lo: authvchkpw.c vpopmail_con
- preauthvchkpw.lo: preauthvchkpw.c vpopmail_config.h
- 
- vpopmail_config.h:
--	echo '#include "@vpopmail_home@/include/config.h"' >vpopmail_config.h
-+	echo '#include "$(vpopmail_home)/include/config.h"' >vpopmail_config.h
- 
+@@ -1517,14 +1517,14 @@ uninstall-man: uninstall-man1 uninstall-
  authpgsqllib.lo: authpgsqllib.c authpgsqlrc.h
  
  @HAVE_AUTHPGSQL_TRUE@install-authpgsqlrc:
@@ -49,7 +79,7 @@ $NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $
  
  @HAVE_AUTHPGSQL_FALSE@install-authpgsqlrc:
  @HAVE_AUTHPGSQL_FALSE@	@:
-@@ -1570,19 +1570,19 @@ authpgsqllib.lo: authpgsqllib.c authpgsq
+@@ -1533,19 +1533,19 @@ authpgsqllib.lo: authpgsqllib.c authpgsq
  @HAVE_AUTHPGSQL_FALSE@	@:
  
  authpgsqlrc.h:
@@ -75,7 +105,7 @@ $NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $
  
  @HAVE_LDAP_FALSE@install-authldaprc:
  @HAVE_LDAP_FALSE@	@:
-@@ -1591,19 +1591,19 @@ authldaplib.lo: authldaplib.c authldaprc
+@@ -1554,19 +1554,19 @@ authldaplib.lo: authldaplib.c authldaprc
  @HAVE_LDAP_FALSE@	@:
  
  authldaprc.h:
@@ -101,7 +131,7 @@ $NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $
  
  @HAVE_AUTHMYSQL_FALSE@install-authmysqlrc:
  @HAVE_AUTHMYSQL_FALSE@	@:
-@@ -1612,27 +1612,27 @@ authmysqllib.lo: authmysqllib.c authmysq
+@@ -1575,27 +1575,27 @@ authmysqllib.lo: authmysqllib.c authmysq
  @HAVE_AUTHMYSQL_FALSE@	@:
  
  authmysqlrc.h:
@@ -138,7 +168,7 @@ $NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $
  	echo "#define AUTHDAEMONPID AUTHDAEMONVAR \"/pid\"" >>authdaemonrc.h
  	echo "#define AUTHDAEMONSOCK AUTHDAEMONVAR \"/socket\"" >>authdaemonrc.h
  	echo "#define AUTHDAEMONLOCK AUTHDAEMONVAR \"/lock\"" >>authdaemonrc.h
-@@ -1650,20 +1650,20 @@ authchangepwdir.h: config.status
+@@ -1613,20 +1613,20 @@ authchangepwdir.h: config.status
  	echo '#define AUTHCHANGEPWDIR "$(pkglibexecdir)"' >authchangepwdir.h
  
  sbindir.h: config.status
@@ -163,7 +193,7 @@ $NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $
  
  dist-hook:
  	for f in $(BUILT1) ; do rm -f $(distdir)/$$f; done
-@@ -1679,10 +1679,10 @@ install-exec-hook:
+@@ -1642,10 +1642,10 @@ install-exec-hook:
  	$(mkinstalldirs) $(DESTDIR)$(sbindir) || :
  	$(mkinstalldirs) $(DESTDIR)$(pkglibexecdir) || :
  	$(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) authdaemondprog $(DESTDIR)$(pkglibexecdir)/authdaemond
@@ -178,7 +208,15 @@ $NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $
  	test "@LIBAUTHUSERDB@" = "" && exit 0 ;\
  		$(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) makedat/makedatprog \
  				$(DESTDIR)$(pkglibexecdir)/makedatprog ; \
-@@ -1785,13 +1785,13 @@ README_authlib.html: README_authlib.html
+@@ -1659,7 +1659,6 @@ install-exec-hook:
+ 				$(DESTDIR)$(sbindir)/userdbpw ; \
+ 		$(INSTALL_SCRIPT) userdb-test-cram-md5.pl \
+ 				$(DESTDIR)$(sbindir)/userdb-test-cram-md5
+-	for f in $(pkglib_LTLIBRARIES); do . $$f; rm -f $(DESTDIR)$(pkglibdir)/$$dlname.0 $(DESTDIR)$(pkglibdir)/$$dlname.0.0; ln -s $$dlname $(DESTDIR)$(pkglibdir)/$$dlname.0; done
+ 
+ uninstall-hook: uninstall-authldaprc uninstall-authdaemonrc uninstall-authmysqlrc uninstall-authpgsqlrc
+ 	rm -f $(DESTDIR)$(pkglibexecdir)/authdaemond
+@@ -1747,13 +1746,13 @@ README_authlib.html: README_authlib.html
  authdaemond.o: authdaemonrc.h authdaemond.c
  
  install-migrate: authmigrate
diff --git a/security/courier-authlib/patches/patch-ad b/security/courier-authlib/patches/patch-ad
deleted file mode 100644
index e95eda134dd..00000000000
--- a/security/courier-authlib/patches/patch-ad
+++ /dev/null
@@ -1,22 +0,0 @@
-$NetBSD: patch-ad,v 1.2 2007/10/15 15:37:01 jlam Exp $
-
---- authldaplib.c.orig	Sat Jan 20 17:03:22 2007
-+++ authldaplib.c
-@@ -126,7 +126,7 @@ authldap_free_config removed - no longer
- static char **l_get_values(LDAP *ld, LDAPMessage *entry, const char *attribut)
- {
- 	struct berval **p=ldap_get_values_len(ld, entry, attribut);
--	int n;
-+	int i, n;
- 	char **a;
- 
- 	if (!p)
-@@ -143,8 +143,6 @@ static char **l_get_values(LDAP *ld, LDA
- 		ldap_value_free_len(p);
- 		return NULL;
- 	}
--
--	int i;
- 
- 	for (i=0; i<n; i++)
- 	{
author	tonnerre <tonnerre@pkgsrc.org>	2008-09-28 22:15:30 +0000
committer	tonnerre <tonnerre@pkgsrc.org>	2008-09-28 22:15:30 +0000
commit	46723b3a66e73ee8da8bfd861dfd5bb0cde7db1b (patch)
tree	54c4df3531351c8be558cd9e27bf8c5cf3759ab4 /security
parent	7143ed12d22abb86326998b6896de71749e1233f (diff)
download	pkgsrc-46723b3a66e73ee8da8bfd861dfd5bb0cde7db1b.tar.gz