From 9b1c1f1d74175a109a01ed0a353134cf6d867ed9 Mon Sep 17 00:00:00 2001 From: tonnerre Date: Sun, 28 Sep 2008 22:15:30 +0000 Subject: Upgrade courier-authlib to version 0.61.0 in order to fix CVE-2008-2667, finally. While here, fix PLIST and depkglint a bit. Also, fix the horrid abuse of libtool. Changes since 0.60.2: * courier-authlib.spec: Dummy provides: for symlinks, to allow upgrade with older packages that require .so.0. * Makefile.am: Switch to versionless shared libraries. Install all shared libraries just as .so. make install manually removes *.so.0.0 files that were left over from previous versions, and installs a temporary *.so.0 symlink to *.so, for temporary binary ABI compatibility with 0.60. The symlinks will be removed in 0.62. * Cleanup: always compile md5, sha* and hmac stuff, and remove all conditionally-compiled cruft. Move SASL list to an internal header. Add client-side support for AUTH EXTERNAL. * authsasl.c (auth_sasl_ex): auth_sasl_ex() supercedes auth_sasl(), invokes auth_sasl() for non-EXTERNAL SASL methods, implements EXTERNAL by going through the motions, then setting up a dummy authentication request. * authdaemon.c (auth_generic): Check for the dummy EXTERNAL authentication request, and handle it by invoking auth_getuserinfo(), rather than sending it down the pipe. This avoid having to implement a stub in every authentication module. * authmysqllib.c: Use mysql_set_character_set() instead of SET NAMES * authmysqllib.c: Fix domain-less queries. * Makefile: Drop the unmaintained authvchkpw module. * authmysqllib.c: Cleanup. Use mysql_real_escape_string instead of crude filtering. * Makefile.am: Use _LIBADD properly. * configure.in: More portability fixes. --- security/courier-authlib/Makefile | 31 +++++++------ security/courier-authlib/PLIST | 18 +++++++- security/courier-authlib/distinfo | 11 +++-- security/courier-authlib/patches/patch-aa | 74 +++++++++++++++++++++++-------- security/courier-authlib/patches/patch-ad | 22 --------- 5 files changed, 95 insertions(+), 61 deletions(-) delete mode 100644 security/courier-authlib/patches/patch-ad (limited to 'security/courier-authlib') diff --git a/security/courier-authlib/Makefile b/security/courier-authlib/Makefile index f884cac6693..b66c3af553d 100644 --- a/security/courier-authlib/Makefile +++ b/security/courier-authlib/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.28 2008/02/18 20:26:33 jlam Exp $ +# $NetBSD: Makefile,v 1.29 2008/09/28 22:15:30 tonnerre Exp $ .include "Makefile.common" -DISTNAME= courier-authlib-0.60.2 -PKGREVISION= 1 +DISTNAME= courier-authlib-0.61.0 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=courier/} EXTRACT_SUFX= .tar.bz2 @@ -22,18 +21,22 @@ CONFLICTS+= courier-authpgsql-[0-9]* PKG_DESTDIR_SUPPORT= user-destdir USE_LIBTOOL= yes +LIBTOOLIZE_PLIST= yes PKG_SYSCONFSUBDIR= authlib REPLACE_PERL= samplepipe.pl sysconftool USE_LANGUAGES= c c++ USE_TOOLS+= cat:run gmake perl:run -CONFIGURE_ENV+= CAT=${TOOLS_CAT:Q} # makedat +CONFIGURE_ENV+= CAT=${TOOLS_CAT} # makedat -CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q} -CONFIGURE_ARGS+= --with-pkgconfdir=${PKG_SYSCONFDIR:Q} +BUILD_DEFS+= VARBASE +CONFIGURE_ARGS+= --localstatedir=${VARBASE} +CONFIGURE_ARGS+= --with-pkgconfdir=${PKG_SYSCONFDIR} CONFIGURE_ARGS+= --without-stdheaderdir +.include "../../mk/bsd.prefs.mk" + AUTHDAEMONVAR?= ${VARBASE}/authdaemon CONFIGURE_ARGS+= --with-authdaemonvar=${AUTHDAEMONVAR:Q} OWN_DIRS_PERMS= ${AUTHDAEMONVAR} ${COURIER_USER} ${COURIER_GROUP} 0750 @@ -43,15 +46,15 @@ FILES_SUBST+= AUTHDAEMONVAR=${AUTHDAEMONVAR:Q} # application (sqwebmail). Assume that it's installed in the same prefix # as courier-authlib. # -CONFIGURE_ENV+= EXPECT=${PREFIX:Q}/bin/expect +CONFIGURE_ENV+= EXPECT=${PREFIX}/bin/expect CHECK_INTERPRETER_SKIP= libexec/courier-authlib/authsystem.passwd AUTHLIBDIR= lib/courier-authlib AUTHLIBEXECDIR= libexec/courier-authlib AUTHEXAMPLEDIR= share/examples/courier-authlib AUTHDOCDIR= share/doc/courier-authlib -FILES_SUBST+= AUTHLIBEXECDIR=${AUTHLIBEXECDIR:Q} -FILES_SUBST+= AUTHEXAMPLEDIR=${AUTHEXAMPLEDIR:Q} +FILES_SUBST+= AUTHLIBEXECDIR=${AUTHLIBEXECDIR} +FILES_SUBST+= AUTHEXAMPLEDIR=${AUTHEXAMPLEDIR} PKG_SYSCONFSUBDIR?= courier @@ -75,14 +78,14 @@ POST_INSTALL_TARGETS= post-install-common post-install-authdaemon .include "options.mk" .include "../../devel/libltdl/buildlink3.mk" -.for _file_ in ${GEN_FILES} -CONF_FILES_PERMS+= ${EGDIR}/${_file_}.dist ${PKG_SYSCONFDIR}/${_file_} \ +.for file in ${GEN_FILES} +CONF_FILES_PERMS+= ${EGDIR}/${file}.dist ${PKG_SYSCONFDIR}/${file} \ ${COURIER_USER} ${COURIER_GROUP} 0660 .endfor -.for _file_ in ${AUTHLIB_PLIST} -GENERATE_PLIST+= ${TEST} -f ${DESTDIR}${PREFIX}/${_file_} && \ - ${ECHO} "${_file_}"; +.for file in ${AUTHLIB_PLIST} +GENERATE_PLIST+= ${TEST} -f ${DESTDIR}${PREFIX}/${file} && \ + ${ECHO} "${file}"; .endfor .if !empty(AUTHLIB_PLIST:M${AUTHEXAMPLEDIR}/*) GENERATE_PLIST+= ${ECHO} "@dirrm ${AUTHEXAMPLEDIR}"; diff --git a/security/courier-authlib/PLIST b/security/courier-authlib/PLIST index e64cd774318..1d122cdd151 100644 --- a/security/courier-authlib/PLIST +++ b/security/courier-authlib/PLIST @@ -1,16 +1,21 @@ -@comment $NetBSD: PLIST,v 1.6 2007/08/10 17:57:21 jlam Exp $ +@comment $NetBSD: PLIST,v 1.7 2008/09/28 22:15:30 tonnerre Exp $ bin/courierauthconfig include/courier_auth_config.h include/courierauth.h include/courierauthdebug.h include/courierauthsasl.h include/courierauthsaslclient.h +lib/courier-authlib/libauthpam.la +lib/courier-authlib/libauthpipe.la +lib/courier-authlib/libauthpwd.la +lib/courier-authlib/libauthuserdb.la lib/courier-authlib/libcourierauth.la lib/courier-authlib/libcourierauthcommon.la lib/courier-authlib/libcourierauthsasl.la lib/courier-authlib/libcourierauthsaslclient.la libexec/courier-authlib/authdaemond libexec/courier-authlib/authsystem.passwd +libexec/courier-authlib/makedatprog man/man1/authpasswd.1 man/man1/authtest.1 man/man1/courierlogger.1 @@ -30,9 +35,20 @@ sbin/authenumerate sbin/authpasswd sbin/authtest sbin/courierlogger +sbin/makeuserdb +sbin/pw2userdb sbin/sysconftool +sbin/userdb +sbin/userdb-test-cram-md5 +sbin/userdbpw share/doc/courier-authlib/INSTALL.html share/doc/courier-authlib/README.authdebug.html share/doc/courier-authlib/README.html share/doc/courier-authlib/README_authlib.html +share/examples/courier-authlib/authdaemonrc.dist +share/examples/courier-authlib/samplepipe.pl share/examples/rc.d/authdaemond +@dirrm share/examples/courier-authlib +@dirrm share/doc/courier-authlib +@dirrm libexec/courier-authlib +@dirrm lib/courier-authlib diff --git a/security/courier-authlib/distinfo b/security/courier-authlib/distinfo index fda88cf9be7..90a938d92db 100644 --- a/security/courier-authlib/distinfo +++ b/security/courier-authlib/distinfo @@ -1,8 +1,7 @@ -$NetBSD: distinfo,v 1.11 2007/10/15 15:37:01 jlam Exp $ +$NetBSD: distinfo,v 1.12 2008/09/28 22:15:30 tonnerre Exp $ -SHA1 (courier-authlib-0.60.2.tar.bz2) = cd5969075de212ecfb406ffb1ac974ea939ddcc0 -RMD160 (courier-authlib-0.60.2.tar.bz2) = bdf6d68b7b6a5c6d13079477d83312f98dd7bd31 -Size (courier-authlib-0.60.2.tar.bz2) = 2158473 bytes -SHA1 (patch-aa) = d7c863f698886753ac2be31c5ee0c3f56215b2b0 +SHA1 (courier-authlib-0.61.0.tar.bz2) = 0caf0f435411124b02fe2594b39feceff5b23159 +RMD160 (courier-authlib-0.61.0.tar.bz2) = 91fb8ac8960659b7cc4ea9574e1af11fa8f7dc86 +Size (courier-authlib-0.61.0.tar.bz2) = 2174172 bytes +SHA1 (patch-aa) = ef77c9c240659f2a553735dcc8ec27bfb144f973 SHA1 (patch-ab) = 7d9ffb781102b998a9bd5c9c7ec3d04aa44770d3 -SHA1 (patch-ad) = 01207ac33e17771c11ae94bf2d93e628a31ce448 diff --git a/security/courier-authlib/patches/patch-aa b/security/courier-authlib/patches/patch-aa index 3da3f707ef7..fb2085d730f 100644 --- a/security/courier-authlib/patches/patch-aa +++ b/security/courier-authlib/patches/patch-aa @@ -1,17 +1,53 @@ -$NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $ +$NetBSD: patch-aa,v 1.6 2008/09/28 22:15:30 tonnerre Exp $ ---- Makefile.in.orig Sat Sep 29 14:43:44 2007 +--- Makefile.in.orig 2008-07-12 21:41:08.000000000 +0200 +++ Makefile.in -@@ -491,7 +491,7 @@ libcourierauthcommon_la_SOURCES = \ +@@ -453,7 +453,7 @@ CLEANFILES = authldaprc.h authmysqlrc.h + + DISTCLEANFILES = dbobj.config README_authlib.html + commonlibdep = libcourierauthcommon.la +-commonldflags = -module -rpath $(pkglibdir) -export-symbols-regex 'courier_auth.*_init' -avoid-version ++commonldflags = -module -rpath $(pkglibdir) -export-symbols-regex 'courier_auth.*_init' + commonlibadd = libcourierauthcommon.la + libcourierauthcommon_t = @CRYPTLIBS@ + libcourierauthcommon_la_SOURCES = \ +@@ -468,7 +468,7 @@ libcourierauthcommon_la_SOURCES = \ libcourierauthcommon_la_DEPENDENCIES = libcourierauth.la libcourierauthcommon_la_LIBADD = libcourierauth.la --libcourierauthcommon_la_LDFLAGS = $(libcourierauthcommon_t:%=-Wl,%) +-libcourierauthcommon_la_LDFLAGS = $(libcourierauthcommon_t:%=-Wl,%) -avoid-version +libcourierauthcommon_la_LDFLAGS = $(libcourierauthcommon_t) libcourierauth_la_SOURCES = authdaemon.c authdaemonlib.c preauthdaemon.c \ authmoduser2.c authmoduser3.c debug.c \ courierauthdebug.h \ -@@ -643,9 +643,9 @@ authdaemondprog_DEPENDENCIES = libcourie +@@ -477,7 +477,7 @@ libcourierauth_la_SOURCES = authdaemon.c + libcourierauth_la_LIBADD = libhmac/libhmac.la md5/libmd5.la sha1/libsha1.la numlib/libnumlib.la \ + random128/librandom128.la rfc822/libencode.la + +-libcourierauth_la_LDFLAGS = @NETLIBS@ -avoid-version ++libcourierauth_la_LDFLAGS = @NETLIBS@ + + # The userdb module + libauthuserdb_t = userdb/libuserdb.la @dblibrary@ @LIBGDBM@ @LIBDB@ +@@ -569,7 +569,7 @@ libcourierauthsasl_la_SOURCES = \ + authsaslfrombase64.c authsasltobase64.c + + libcourierauthsasl_la_LIBADD = libcourierauth.la +-libcourierauthsasl_la_LDFLAGS = -export-symbols-regex '^auth_sasl|auth_sasl_ex$$' -avoid-version ++libcourierauthsasl_la_LDFLAGS = -export-symbols-regex '^auth_sasl|auth_sasl_ex$$' + libcourierauthsaslclient_la_SOURCES = courierauthsaslclient.h \ + authsaslclient.c authsaslclient.h authsaslclientcram.c \ + authsaslclientcrammd5.c authsaslclientcramsha1.c \ +@@ -578,7 +578,7 @@ libcourierauthsaslclient_la_SOURCES = co + authsaslfrombase64.c authsasltobase64.c + + libcourierauthsaslclient_la_LIBADD = libcourierauth.la +-libcourierauthsaslclient_la_LDFLAGS = -export-symbols-regex '^auth_sasl_client$$' -avoid-version ++libcourierauthsaslclient_la_LDFLAGS = -export-symbols-regex '^auth_sasl_client$$' + include_HEADERS = courier_auth_config.h courierauth.h courierauthsasl.h \ + courierauthsaslclient.h courierauthdebug.h + +@@ -609,9 +609,9 @@ authdaemondprog_DEPENDENCIES = libcourie authdaemondprog_LDADD = $(LIBLTDL) libcourierauthcommon.la liblock/liblock.la \ libhmac/libhmac.la md5/libmd5.la sha1/libsha1.la \ @@ -23,13 +59,7 @@ $NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $ authdaemontest_SOURCES = authdaemontest.c authdaemontest_DEPENDENCIES = libcourierauthcommon.la authdaemontest_LDADD = libcourierauthcommon.la @NETLIBS@ -@@ -1549,19 +1549,19 @@ authvchkpw.lo: authvchkpw.c vpopmail_con - preauthvchkpw.lo: preauthvchkpw.c vpopmail_config.h - - vpopmail_config.h: -- echo '#include "@vpopmail_home@/include/config.h"' >vpopmail_config.h -+ echo '#include "$(vpopmail_home)/include/config.h"' >vpopmail_config.h - +@@ -1517,14 +1517,14 @@ uninstall-man: uninstall-man1 uninstall- authpgsqllib.lo: authpgsqllib.c authpgsqlrc.h @HAVE_AUTHPGSQL_TRUE@install-authpgsqlrc: @@ -49,7 +79,7 @@ $NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $ @HAVE_AUTHPGSQL_FALSE@install-authpgsqlrc: @HAVE_AUTHPGSQL_FALSE@ @: -@@ -1570,19 +1570,19 @@ authpgsqllib.lo: authpgsqllib.c authpgsq +@@ -1533,19 +1533,19 @@ authpgsqllib.lo: authpgsqllib.c authpgsq @HAVE_AUTHPGSQL_FALSE@ @: authpgsqlrc.h: @@ -75,7 +105,7 @@ $NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $ @HAVE_LDAP_FALSE@install-authldaprc: @HAVE_LDAP_FALSE@ @: -@@ -1591,19 +1591,19 @@ authldaplib.lo: authldaplib.c authldaprc +@@ -1554,19 +1554,19 @@ authldaplib.lo: authldaplib.c authldaprc @HAVE_LDAP_FALSE@ @: authldaprc.h: @@ -101,7 +131,7 @@ $NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $ @HAVE_AUTHMYSQL_FALSE@install-authmysqlrc: @HAVE_AUTHMYSQL_FALSE@ @: -@@ -1612,27 +1612,27 @@ authmysqllib.lo: authmysqllib.c authmysq +@@ -1575,27 +1575,27 @@ authmysqllib.lo: authmysqllib.c authmysq @HAVE_AUTHMYSQL_FALSE@ @: authmysqlrc.h: @@ -138,7 +168,7 @@ $NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $ echo "#define AUTHDAEMONPID AUTHDAEMONVAR \"/pid\"" >>authdaemonrc.h echo "#define AUTHDAEMONSOCK AUTHDAEMONVAR \"/socket\"" >>authdaemonrc.h echo "#define AUTHDAEMONLOCK AUTHDAEMONVAR \"/lock\"" >>authdaemonrc.h -@@ -1650,20 +1650,20 @@ authchangepwdir.h: config.status +@@ -1613,20 +1613,20 @@ authchangepwdir.h: config.status echo '#define AUTHCHANGEPWDIR "$(pkglibexecdir)"' >authchangepwdir.h sbindir.h: config.status @@ -163,7 +193,7 @@ $NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $ dist-hook: for f in $(BUILT1) ; do rm -f $(distdir)/$$f; done -@@ -1679,10 +1679,10 @@ install-exec-hook: +@@ -1642,10 +1642,10 @@ install-exec-hook: $(mkinstalldirs) $(DESTDIR)$(sbindir) || : $(mkinstalldirs) $(DESTDIR)$(pkglibexecdir) || : $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) authdaemondprog $(DESTDIR)$(pkglibexecdir)/authdaemond @@ -178,7 +208,15 @@ $NetBSD: patch-aa,v 1.5 2007/10/15 15:37:01 jlam Exp $ test "@LIBAUTHUSERDB@" = "" && exit 0 ;\ $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) makedat/makedatprog \ $(DESTDIR)$(pkglibexecdir)/makedatprog ; \ -@@ -1785,13 +1785,13 @@ README_authlib.html: README_authlib.html +@@ -1659,7 +1659,6 @@ install-exec-hook: + $(DESTDIR)$(sbindir)/userdbpw ; \ + $(INSTALL_SCRIPT) userdb-test-cram-md5.pl \ + $(DESTDIR)$(sbindir)/userdb-test-cram-md5 +- for f in $(pkglib_LTLIBRARIES); do . $$f; rm -f $(DESTDIR)$(pkglibdir)/$$dlname.0 $(DESTDIR)$(pkglibdir)/$$dlname.0.0; ln -s $$dlname $(DESTDIR)$(pkglibdir)/$$dlname.0; done + + uninstall-hook: uninstall-authldaprc uninstall-authdaemonrc uninstall-authmysqlrc uninstall-authpgsqlrc + rm -f $(DESTDIR)$(pkglibexecdir)/authdaemond +@@ -1747,13 +1746,13 @@ README_authlib.html: README_authlib.html authdaemond.o: authdaemonrc.h authdaemond.c install-migrate: authmigrate diff --git a/security/courier-authlib/patches/patch-ad b/security/courier-authlib/patches/patch-ad deleted file mode 100644 index e95eda134dd..00000000000 --- a/security/courier-authlib/patches/patch-ad +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-ad,v 1.2 2007/10/15 15:37:01 jlam Exp $ - ---- authldaplib.c.orig Sat Jan 20 17:03:22 2007 -+++ authldaplib.c -@@ -126,7 +126,7 @@ authldap_free_config removed - no longer - static char **l_get_values(LDAP *ld, LDAPMessage *entry, const char *attribut) - { - struct berval **p=ldap_get_values_len(ld, entry, attribut); -- int n; -+ int i, n; - char **a; - - if (!p) -@@ -143,8 +143,6 @@ static char **l_get_values(LDAP *ld, LDA - ldap_value_free_len(p); - return NULL; - } -- -- int i; - - for (i=0; i