| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: cyrus-sasl-bdb-scram | Distribution: SUSE Linux Framework One |
| Version: 2.1.28 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: slfo.1.1.7 | Build date: Mon Aug 26 11:37:33 2024 |
| Group: Productivity/Networking/Other | Build host: s390zl39 |
| Size: 52066 | Source RPM: cyrus-sasl-bdb-2.1.28-slfo.1.1.7.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: https://github.com/cyrusimap/cyrus-sasl | |
| Summary: Plugin for the SCRAM SASL mechanism | |
This is the Cyrus SASL API implementation. It can be used on the client or server side to provide authentication. See RFC 5802 for more information.
BSD-4-Clause
* Mon Nov 06 2023 [email protected]
- Fix build with RPM 4.19: unnumbered patches are no longer
supported.
* Thu May 04 2023 [email protected]
- Add _multibuild to define 2nd spec file as additional flavor.
Eliminates the need for source package links in OBS.
* Mon Jan 23 2023 [email protected]
- drop optional opie dependency
* Wed Dec 07 2022 [email protected]
- Do not set directories inside doc/ mode 644; otherwise the
directories are set 644 as well, which means no files inside are
accessible. This resulted in the past in doc/ actually not being
added to the devel package.
* Wed Mar 09 2022 [email protected]
- update to 2.1.28 (bsc#1196036, CVE-2022-24407):
* https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
- drop cyrus-sasl-bug587.patch (upstream)
* Mon Jan 31 2022 [email protected]
- cyrus-sasl: prevent fail of %pre when berkely db utils are
not installed (seems like we want to use this only for upgrade
so no Prereq added)
- move license to licensedir
- remove use of RPM_BUILD_ROOT
- minimal spec cleanups
- avoid bashisms
* Thu Jan 13 2022 [email protected]
- postfix: sasl authentication with password fails (bsc#1194265)
Add config parameter --with-dblib=gdbm
- Avoid converting of /etc/sasldb2 by every update. Convert
/etc/sasldb2 only if it is a Berkeley DB
* Thu Feb 25 2021 [email protected]
- Fix build: Do not build libsasl2-3 in the bdb package. This will
not be linked to berkely db. libsasl2-3 is now defined as
%BuildRequires and %Requires
* Fri Jan 08 2021 [email protected]
- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root
due to insecure tmp file usage. (bsc#1180669)
Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary
files.
* Tue Dec 08 2020 [email protected]
- Remove Berkeley DB dependency (JIRA#SLE-12190)
The packages cyrus-sasl and cyrus-sasl-saslauthd are built
without Berkely DB support. gdbm will be used instead of BDB.
The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
with Berkely DB support.
- Update to 2.1.27
* Added support for OpenSSL 1.1
* Added support for lmdb
* Lots of build fixes
* Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
* DIGEST-MD5 plugin:
Fixed memory leaks
Fixed a segfault when looking for non-existent reauth cache
Prevent client from going from step 3 back to step 2
Allow cmusaslsecretDIGEST-MD5 property to be disabled
* GSSAPI plugin:
Added support for retrieving negotiated SSF
Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
Properly compute maxbufsize AFTER security layers have been set
* SCRAM plugin:
Added support for SCRAM-SHA-256
* LOGIN plugin:
Don’t prompt client for password until requested by server
* NTLM plugin:
Fixed crash due to uninitialized HMAC context
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- bsc#983938 `After=syslog.target` left-overs in several unit files
- added patches:
fix_libpq-fe_include.diff for fixing including libpq-fe.h
- removed patches obsoleted by upstream changes:
* shared_link_on_ppc.patch
* cyrus-sasl-2.1.27-openssl-1.1.0.patch
* 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* 0003-Check-return-error-from-gss_wrap_size_limit.patch
* 0004-Add-support-for-retrieving-the-mech_ssf.patch
* 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
* cyrus-sasl-fix-logging-in-gssapi.patch
* Thu Feb 06 2020 [email protected]
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
* Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
* Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
* Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
* Thu Nov 28 2019 [email protected]
- added backport-patch cyrus-sasl-bug587.patch which fixes
off-by-one error in _sasl_add_string function
(see CVE-2019-19906 bsc#1159635)
* Mon Feb 04 2019 [email protected]
- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1"
By server context the connection will be sent to the log function.
Client content does not have log level information. I.e. there is no
way to stop DEBUG level logs nece I've removed it.
* add cyrus-sasl-fix-logging-in-gssapi.patch
* Mon Sep 04 2017 [email protected]
- OpenSSL 1.1 support (bsc#1055463)
* add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora
* Wed Mar 22 2017 [email protected]
- added cyrus-sasl-issue-402.patch to fix
SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402
(see https://github.com/cyrusimap/cyrus-sasl/issues/402)
* Tue Mar 07 2017 [email protected]
- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5
* Wed Dec 09 2015 [email protected]
- really use SASLAUTHD_PARAMS variable (bnc#938657)
* Tue Jan 06 2015 [email protected]
- bnc#908883 cyrus-sasl-scram refers to wrong RFC
* Thu Nov 27 2014 [email protected]
- Make sure /usr/sbin/rcsaslauthd exists
* Tue Sep 23 2014 [email protected]
- bnc#897837 saslauthd package has no config
* Tue Jul 29 2014 [email protected]
- Changed --with-saslauthd=/var/run/sasl2 in %build to /run/sasl2 to clear rpmlint check failure
* Sat Jul 19 2014 [email protected]
- Remove insserv dependency; it's unneeded with systemd' systems
- Remove insserv and fillup dependency in cyrus-sasl package; there
is neither sysconfig or init file
* Fri Jun 13 2014 [email protected]
- Revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9
cyrus-sasl-revert_gssapi_flags.patch (bnc#775279)
* Tue Apr 01 2014 [email protected]
- bnc#871183 - cyrus-sasl-saslauthd service file is missing parameter 'Restart=always'
* Sat Nov 02 2013 [email protected]
- Implement shlib packaging guidelines: make subpackage libsasl2-3.
(All other .so files are _server_ plugins AFAICS, loaded via
dlopen.)
- Ensure directories are owned by packages and thus get torn down
on package removal
* Sat Oct 05 2013 [email protected]
- Put back the .so files to sasl auth packages from devel file.
The .so files are read by some application instead of full path
so in order for auth to work this files must be available
* Sun Sep 29 2013 [email protected]
- Add patch fix-sasl-header.diff to resolve build issues that
are failing due to typedef 'sasl_malloc_t' is initialized.
(see gentoo#458870, fedora#906519)
* Wed Sep 11 2013 [email protected]
- Removed server side service to comply with Factory rules
* Tue Sep 03 2013 [email protected]
- Update to 2.1.26
* Modernize SASL malloc/realloc callback prototypes
* Added sasl_config_done() to plug a memory leak when using an application specific config file
* Fixed PLAIN/LOGIN authentication failure when using saslauthd with no auxprop plugins (bug # 3590).
* unlock the mutex in sasl_dispose if the context was freed by another thread
* MINGW32 compatibility patches
* Fixed broken logic in get_fqhostname() when abort_if_no_fqdn is 0
* Fixed some memory leaks in libsasl
- GSSAPI plugin:
+ Fixed a segfault in gssapi.c introduced in 2.1.25.
+ Code refactoring
+ Added support for GSS-SPNEGO SASL mechanism (Unix only), which is also HTTP capable
- GS2 plugin:
+ Updated GS2 plugin not to lose minor GSS-API status codes on errors
- DIGEST-MD5 plugin:
+ Correctly send "stale" directive to prevent clients from (re)promtping for password
+ Better handling of HTTP reauthentication cases
+ fixed some memory leaks
- SASLDB plugin:
+ Added support for BerkleyDB 5.X or later
- OTP plugin:
+ Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications
- SRP plugin:
+ Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications
- saslauthd:
+ auth_rimap.c: qstring incorrectly appending the closing double quote, which might be causing crashes
+ auth_rimap.c: read the whole IMAP greeting
+ better error reporting from some drivers
+ fixed some memory leaks
- New BuildRequires for pkgconfig since pkgconfig file is generated
- Removed patches that do no longer apply
* cyrus-sasl-gcc4.patch (integrated upstream)
* cyrus-sasl-gs2-not-overwrite-minor-error-code.dif (integrated upstream)
* gssapi-null-deref.dif (integrated upstream)
* Fix-abort_if_no_fqdn-behavior.patch (integrated upstream)
* cyrus-sasl-db6.diff (integrated upstream)
- Move *.so files into devel package
* Fri Jul 26 2013 [email protected]
- Fix for bnc#827230 and #784705, fix patch as described in
[#827230], typo in patch from request 112480 (remove rpath,
Apr 4 2012), preventing sql auxprop plugin to work
* Fri Jun 14 2013 [email protected]
- Add cyrus-sasl-db6.diff to fix compile abort with db >= 5
- Simpler delete of .la files with find
* Mon Aug 13 2012 [email protected]
- Include fix for Cyrus SASL Bug#3589: When abort_if_no_fqdn is 0,
a getaddrinfo failure should be ignored, as long as gethostname()
succeeded. (bnc#771983)
* Wed May 09 2012 [email protected]
- Ensure libraries and tools are built with LFS and include
config.h in all C files.
* Wed Apr 04 2012 [email protected]
- remove rpath
* Wed Jan 18 2012 [email protected]
- Move some doc files to devel package and to cyrus-sasl-saslauthd.
* Fri Nov 25 2011 [email protected]
- Removed debug printfs from cyrus-sasl.dif, added by accident
- Updated cyrus-sasl-gs2-not-overwrite-minor-error-code.dif with
latest upstream improvements
* Wed Nov 16 2011 [email protected]
- Update to 2.1.25:
* Added support for channel bindings
* Added support for ordering SASL mechanisms by strength (on
the client side), or using the "client_mech_list" option.
* Allow DIGEST-MD5 plugin to be used for client-side and
server-side HTTP Digest, including running over non-persistent
connections (RFC 2617)
* New SASL plugins: SCRAM and GS2
* Fixed a crash caused by aborted SASL authentication
and initiation of another one using the same SASL context.
* Various improvements to DIGEST-MD5 to improve interoperability
with some slightly broken clients
- cleanup
* removed old dependencies still related to cyrus-sasl2
* plugins now depend on the exact cyrus-sasl version
* use autoreconf instead of calling all tools manually
* Fri Sep 30 2011 [email protected]
- add libtool as buildrequire to make the spec file more reliable
* Sun Sep 18 2011 [email protected]
- Remove redundant tags/sections from specfile
* Mon Jun 28 2010 [email protected]
- use %_smp_mflags
* Mon Jun 07 2010 [email protected]
- add dependency to avoid broken parallel make
* Mon May 10 2010 [email protected]
- Fixed attributes of /var/run/sasl2 in filelist
* Wed Apr 28 2010 [email protected]
- Removed the /var/run/sasl2 directory from cyrus-sasl.spec.
It will now be created on demand by the saslauthd init script.
- Adjusted init script headers to silence rpmlint warning/errors.
* Mon Dec 14 2009 [email protected]
- add baselibs.conf as a source
* Mon Nov 23 2009 [email protected]
- Fixed linker arguments for ldap- and sql-auxprop plugins
(bnc#555568)
* Mon Jul 20 2009 [email protected]
- build against krb5-mini to avoid build cycle
* Fri May 15 2009 [email protected]
- Update to 2.1.23, the only change is a fix for a potential buffer
overflow in sasl_encode64() (bnc#499104, CVE-2009-0688)
- Imported some automake/libtool fixes from upstream cvs
* Mon Mar 02 2009 [email protected]
- fix build with GCC 4.4
- remove all "la" files
* Wed Dec 10 2008 [email protected]
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)
* Thu Oct 30 2008 [email protected]
- obsolete old -XXbit packages (bnc#437293)
* Mon Aug 18 2008 [email protected]
- Fixed init-scripts Required-Stop Tags
* Tue Jul 29 2008 [email protected]
- Enhance sysconfig file and init script to allow to pass arbitrary
parameters to saslauthd (bnc#397808)
- Fixed description of the SASLAUTHD_THREADS sysconfig option.
* Thu Apr 10 2008 [email protected]
- added baselibs.conf file to build xxbit packages
for multilib support
* Fri Mar 28 2008 [email protected]
- Moved "Version:" up to the top to make versioned
Obsoletes/Requires work correctly.
* Wed Mar 26 2008 [email protected]
- Enabled NTLM authentication plugin (bnc#343665), created new
subpackage cyrus-sasl-ntlm
- Replaced %run_ldconfig macro as suggested by rpmlint
- Replaced unversioned Obsoltes/Provides with versioned ones
- Removed unneeded Split-Provides
* Fri Oct 26 2007 [email protected]
- Fixed some RPMLINT complaints
- re-enabled accidently disabled "kerberos5" authmech for saslauthd
(Bug #335754)
* Tue Mar 20 2007 [email protected]
- Add SASLAUTHD_THREADS to /etc/sysconfig/saslauthd to be able to
set the number of threads that saslauthd should spawn
(Bug #199114)
* Fri Oct 27 2006 [email protected]
- Use /etc/sasl2/ as directory for config files of services
%{_libdir} can still be used for backwards compatibilty
(Bug #206414)
* Mon Sep 25 2006 [email protected]
- Remove unneeded automake/autoheader calls
* Mon Sep 11 2006 [email protected]
- Build -sqlauxprop from cyrus-sasl-saslauthd.spec to reduce
BuildRequires of cyrus-sasl.spec
- Removed unneeded openldap2 from BuildRequires of
cyrus-sasl-saslauthd
* Tue Aug 29 2006 [email protected]
- Enabled the ldapdb auxprop plugin and created new subpackage
cyrus-sasl-ldap-auxprop for it (Bug #201478)
* Fri Aug 25 2006 [email protected]
- remove saslauthd man-page from cyrus-sasl package to solve
confict with -saslauthd subpackage (Bug #200490)
* Fri Jun 02 2006 [email protected]
- updated to 2.1.22
* new pluginviewer utility for reporting information about client
and server side authentication plugins and auxprop plugins
(e.g. supported features, methods, etc.).
* Added support for HTTP POST password validation in saslauthd
- rename SuSE.tar.gz to cyrus-sasl-rc.tar.gz to avoid name
collision with other packages in src.rpm (Bug #98188)
- include "crypt.h" in auth_shadow.c to avoid possible crash in
saslauthd (Bug #179621)
* Mon Apr 03 2006 [email protected]
- remove dlcompat-20010505 from tarball because of legal risk and
documented this in README.Source (Bug: #161390)
- added check for dlcompat-20010505 to the spec file
* Wed Jan 25 2006 [email protected]
- converted neededforbuild to BuildRequires
* Wed Nov 23 2005 [email protected]
- Bugfix ID#134491, cyrus-sasl-sqlauxprop is not linked against any database
* Sun Sep 25 2005 [email protected]
- added LDAP_DEPRECATED to CFLAGS
* Wed Jul 13 2005 [email protected]
- use /dev/urandom instead of /dev/random, see
http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/POP3DevRandomIssue
for an explanation
- removed the useless .la files from rpm
* Tue May 17 2005 [email protected]
- update to version 2.1.21
* Mon Mar 14 2005 [email protected]
- now also build the sql auxprop plugin; created new subpackage
cyrus-sasl-sqlauxprop
* Fri Feb 25 2005 [email protected]
- better GCC4 fix
* Fri Feb 25 2005 [email protected]
- fixed to build with GCC4
* Tue Nov 02 2004 [email protected]
- Get rid of .cvsignore files
- Don't remove buildroot before install
* Mon Oct 25 2004 [email protected]
- update to version 2.1.20
* Wed Oct 06 2004 [email protected]
- Bugfix ID#46847 - VUL-0: SASL environment variable local root
* Mon Sep 20 2004 [email protected]
- package binaries of sample-client and -server instead of
shell wrappers (which do not work)
* Fri Sep 17 2004 [email protected]
- removed saslauthd from cyrus-sasl requires, as it is only
needed on a "server" side and also not in every case (buildin
mechanisms as CRAM- or DIGEST-MD5 do not need it)
- added split-provides for saslauthd
* Mon Sep 06 2004 [email protected]
- added testsaslauthd to filelist
- removed saslauthd and insserv makros from cyrus-sasl.spec
* Fri Sep 03 2004 [email protected]
- splitted up cyrus-sasl-saslauthd.spec, to resolve the cyclic
dependency openldap2 <-> cyrus-sasl with saslauthd having
LDAP support
* Tue Aug 31 2004 [email protected]
- removed update messages and implemented "split-provides"
instead
* Tue Aug 31 2004 [email protected]
- added LDAP support for saslauthd, Bugzilla ID#44051
* Mon Aug 30 2004 [email protected]
- Bugfix Bugzilla ID#44346 - still using /var/adm/notify
now using new update messages mechanism
- added sample/client sample/server to file list
* Thu Jul 15 2004 [email protected]
- update to version 2.1.19
* Tue Jun 15 2004 [email protected]
- bugfix id#39245 - cyrus-sasl includes straycat man page
* Fri Mar 12 2004 [email protected]
- update to version 2.1.18 (Bugfix Release)
* Tue Jan 27 2004 [email protected]
- Bugfix ID#34159 - cyrus-sasl: world-writeable rpath
* Thu Jan 22 2004 [email protected]
- Bugfix Bugzilla ID#34019, notice users about the fact, that
cyrus-sasl has been splitted into subpackages
* Fri Jan 16 2004 [email protected]
- Add pam-devel to neededforbuild
* Tue Dec 02 2003 [email protected]
- update to version 2.1.17
* Fri Oct 31 2003 [email protected]
- Don't build as root
* Fri Oct 17 2003 [email protected]
- Remove unused des from neededforbuild
* Tue Sep 16 2003 [email protected]
- Add missing Provides [Bug #31005]
* Mon Sep 01 2003 [email protected]
- removed "-u root" from startproc as it always failes
- removed link to doc/components.html from doc/index.html as
components.html does not exist (Bugzilla ID#29253)
* Thu Aug 14 2003 [email protected]
- Bugfix Bugzilla ID#28932:
missing activation metadata in sysconfig template
* Wed Jul 30 2003 [email protected]
- new macros for stop/restart of services on rpm update/removal
* Tue Jul 15 2003 [email protected]
- update to version 2.1.15
* Mon Jun 30 2003 [email protected]
- update to version 2.1.14
* Wed Jun 18 2003 [email protected]
- use kerberos-devel-packages in neededforbuild
* Fri Jun 13 2003 [email protected]
- Add missing directory to filelist
* Fri May 09 2003 [email protected]
- use -ldb instead of -ldb-x.y to manually link the
dbconverter
* Tue May 06 2003 [email protected]
- update to version 2.1.13
* Tue Apr 15 2003 [email protected]
- added krb4-lib,krb4-devel to neededforbuild
* Mon Apr 07 2003 [email protected]
- renamed to cyrus-sasl
- splitted libraries for the following auth methods into seperate
packages:
- crammd5
- digestmd5
- otp
- plain
this is to prevent from annoying warnings about missing proper
setup of mechanisms we don't use
* Thu Mar 06 2003 [email protected]
- ever used dbconverter-2? Well it is just a shell script
which uses the damn compiled source tree... :-(
manually building dbconverter to let users convert their
/etc/sasldb from v1 to v2 using /usr/sbin/dbconverter
* Thu Mar 06 2003 [email protected]
- as cyrus-sasl is dropped now:
provide cyrus-sasl-*, obsolete cyrus-sasl-*
(Bugzilla ID# 24762)
* Tue Feb 04 2003 [email protected]
- update to cyrus-sasl-2.1.12, bug-fix release.
This release addresses a few minor build and distribution
related issues
* Mon Feb 03 2003 [email protected]
- update to cyrus-sasl-2.1.11, bug-fix release.
It addresses a number of issues in the build system, a
memory leak in the doors IPC method for saslauthd, and fixes the NTLM
server side support to only require one of the LM or NT methods.
* Thu Jan 23 2003 [email protected]
- don't use new libtool macros as cyrus-sasl2 seems to not
work when using them.
- added patch to compile shared libraries on ppc
* Wed Jan 15 2003 [email protected]
- Remove openldap2 from needed for build
* Tue Jan 14 2003 [email protected]
- do not build the static library anymore
* Wed Dec 11 2002 [email protected]
- added sysconfig metadata to sysconfig templates
* Tue Dec 10 2002 [email protected]
- update to version 2.1.10
This version corrects a number of DIGEST-MD5
interoperability issues, as well as corrects some potential buffer
overflows.
* Wed Oct 30 2002 [email protected]
- make it build again
* Tue Oct 29 2002 [email protected]
- remove own libtool macros
* Thu Oct 24 2002 [email protected]
- update to latest version 2.1.9
* Thu Sep 12 2002 [email protected]
- Bugfix Bugzilla ID#19383: cyrus-sasl-devel should conflict
with cyrus-sasl2-devel, because they contain files with the
same name
* Mon Aug 19 2002 [email protected]
- enabled building of the static libsasl.a. It is needed for
cyrus-imap to be usable with nss_ldap (which is linked against
cyrus-sasl1)
* Mon Aug 12 2002 [email protected]
- update to version 2.1.7
* Thu Aug 08 2002 [email protected]
- added .la files to the sasl2 plugin directory
([lt_]dlopen seems to need that)
* Mon Aug 05 2002 [email protected]
- added Prereq
* Sat Jul 27 2002 [email protected]
- add %run_ldconfig
* Wed Jul 17 2002 [email protected]
- update to version 2.1.6
* Wed Jun 19 2002 [email protected]
- also install dbconverter-2 to be able to migrate from
cyrus-sasl(1)
* Tue Jun 18 2002 [email protected]
- /var/run/sasl2 must be 755 to let non root daemons
connect to unix socket
* Tue Jun 18 2002 [email protected]
- added initscript and sysconfig file for saslauthd
- added docs
* Tue Jun 18 2002 [email protected]
- added opie to needforbuild
- should build on ppc64 and s390x now
* Mon Jun 17 2002 [email protected]
- additional autoconf related patches, that were missing at first
check in
* Mon Jun 17 2002 [email protected]
- Initial checkin of cyrus-sasl-2.1.5
/usr/lib64/sasl2 /usr/lib64/sasl2/libscram.so /usr/lib64/sasl2/libscram.so.3 /usr/lib64/sasl2/libscram.so.3.0.0
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Dec 1 00:36:50 2024