alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

cyrus_sasl: 2.1.27 -> 2.1.28

Browse source 
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28

Fixes: CVE-2022-24407 ("Escape password for SQL insert/update
commands.")
Co-Authored-By: illustris <rharikrishnan95@gmail.com>
This commit is contained in:
Martin Weinelt 2022-02-22 20:37:00 +01:00
parent 3bab4ac337
commit 1bcbec677a
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
3 changed files with 20 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
pkgs/development/libraries/cyrus-sasl/cyrus-sasl-ac-try-run-fix.patch
View file

@ -1,12 +1,13 @@
--- a/m4/sasl2.m4 2018-11-18 22:33:29.902625600 +0300 diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
+++ b/m4/sasl2.m4 2018-11-18 22:33:59.828746176 +0300 index 098c853a..91d98def 100644
@@ -339,7 +339,8 @@ --- a/m4/sasl2.m4
], +++ b/m4/sasl2.m4
[ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO]) @@ -350,7 +350,7 @@ int main(void)
AC_MSG_RESULT(yes) ],
- AC_MSG_RESULT(no))
+ AC_MSG_RESULT(no),
+ AC_MSG_RESULT(no))
LIBS="$cmu_save_LIBS"
else return (!have_spnego); // 0 = success, 1 = failure
}
-],[ac_cv_gssapi_supports_spnego=yes],[ac_cv_gssapi_supports_spnego=no])
+],[ac_cv_gssapi_supports_spnego=yes],[ac_cv_gssapi_supports_spnego=no],[ac_cv_gssapi_supports_spnego=no])
LIBS="$cmu_save_LIBS"
])
AS_IF([test "$ac_cv_gssapi_supports_spnego" = yes],[

21
pkgs/development/libraries/cyrus-sasl/default.nix
View file

@ -1,11 +1,11 @@
{ lib, stdenv, fetchurl, openssl, openldap, libkrb5, db, gettext { lib, stdenv, fetchurl, openssl, openldap, libkrb5, db, gettext
, pam, fixDarwinDylibNames, autoreconfHook, enableLdap ? false , pam, fixDarwinDylibNames, autoreconfHook, enableLdap ? false
, buildPackages, pruneLibtoolFiles, fetchpatch }: , buildPackages, pruneLibtoolFiles }:
with lib; with lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "cyrus-sasl"; pname = "cyrus-sasl";
version = "2.1.27"; version = "2.1.28";
src = fetchurl { src = fetchurl {
urls = urls =
@ -13,9 +13,14 @@ stdenv.mkDerivation rec {
"http://www.cyrusimap.org/releases/${pname}-${version}.tar.gz" "http://www.cyrusimap.org/releases/${pname}-${version}.tar.gz"
"http://www.cyrusimap.org/releases/old/${pname}-${version}.tar.gz" "http://www.cyrusimap.org/releases/old/${pname}-${version}.tar.gz"
]; ];
sha256 = "1m85zcpgfdhm43cavpdkhb1s2zq1b31472hq1w1gs3xh94anp1i6"; sha256 = "sha256-fM/Gq9Ae1nwaCSSzU+Um8bdmsh9C1FYu5jWo6/xbs4w=";
}; };
patches = [
# Fix cross-compilation
./cyrus-sasl-ac-try-run-fix.patch
];
outputs = [ "bin" "dev" "out" "man" "devdoc" ]; outputs = [ "bin" "dev" "out" "man" "devdoc" ];
depsBuildBuild = [ buildPackages.stdenv.cc ]; depsBuildBuild = [ buildPackages.stdenv.cc ];
@ -26,16 +31,6 @@ stdenv.mkDerivation rec {
++ lib.optional enableLdap openldap ++ lib.optional enableLdap openldap
++ lib.optional stdenv.isLinux pam; ++ lib.optional stdenv.isLinux pam;
patches = [
./missing-size_t.patch # https://bugzilla.redhat.com/show_bug.cgi?id=906519
./cyrus-sasl-ac-try-run-fix.patch
(fetchpatch {
name = "CVE-2019-19906.patch";
url = "https://sources.debian.org/data/main/c/cyrus-sasl2/2.1.27+dfsg-1+deb10u1/debian/patches/0021-CVE-2019-19906.patch";
sha256 = "1n4c5wg7l9j8rlbvx8i605j5d39xmj5wm618k8acxl4fmglcmfls";
})
];
configureFlags = [ configureFlags = [
"--with-openssl=${openssl.dev}" "--with-openssl=${openssl.dev}"
"--with-plugindir=${placeholder "out"}/lib/sasl2" "--with-plugindir=${placeholder "out"}/lib/sasl2"

13
pkgs/development/libraries/cyrus-sasl/missing-size_t.patch
View file

@ -1,13 +0,0 @@
Gentoo bug #458790
--- a/include/sasl.h 2012-10-12 17:05:48.000000000 +0300
+++ b/include/sasl.h 2013-02-23 16:56:44.648786268 +0200
@@ -121,6 +121,9 @@
#ifndef SASL_H
#define SASL_H 1
+/* stddef.h to get size_t defined */
+#include <stddef.h>
+
/* Keep in sync with win32/common.mak */
#define SASL_VERSION_MAJOR 2
#define SASL_VERSION_MINOR 1