pkgsrc/security/cyrus-saslauthd/Makefile

47 lines
1.2 KiB
Makefile
Raw Normal View History

cyrus-sasl: update to 2.1.28 New in 2.1.28 build: configure - Restore LIBS after checking gss_inquire_sec_context_by_oid makemd5.c - Fix potential out of bound writes fix build with –disable-shared –enable-static Dozens of fixes for Windows specific builds Fix cross platform builds with SPNEGO Do not try to build broken java subtree Fix build error with –enable-auth-sasldb common: plugin_common.c: Ensure size is always checked if called repeatedly (#617) documentation: Fixed generation of saslauthd(8) man page Fixed installation of saslauthd(8) and testsaslauthd(8) man pages (#373) Updates for additional SCRAM mechanisms Fix sasl_decode64 and sasl_encode64 man pages Tons of fixes for Sphinx include: sasl.h: Allow up to 16 bits for security flags lib: checkpw.c: Skip one call to strcat Disable auxprop-hashed (#374) client.c: Use proper length for fully qualified domain names common.c: CVE-2019-19906 Fix off by one error (#587) external.c: fix EXTERNAL with non-terminated input (#689) saslutil.c: fix index_64 to be a signed char (#619) plugins: gssapi.c: Emit debug log only in case of errors ntlm.c: Fail compile if MD4 is not available (#632) sql.c: Finish reading residual return data (#639) CVE-2022-24407 Escape password for SQL insert/update commands. sasldb: db_gdbm.c: fix gdbm_errno overlay from gdbm_close DIGEST-MD5 plugin: Prevent double free of RC4 context Use OpenSSL RC4 implementation if available SCRAM plugin: Return BADAUTH on incorrect password (#545) Add -224, -384, -512 (#552) Remove SCRAM_HASH_SIZE Add function to return SCRAM auth method name Allocate enough memory in scam_setpass() Add function to sort SCRAM methods by hash strength Update windows build for newer SCRAM options saslauthd: auth_httpform.c: Avoid signed overflow with non-ascii characters (#576) auth_krb5.c: support setting an explicit auth_krb5 server name support setting an explicit servername with Heimdal unify the MIT and Heimdal auth_krb5 implementations Remove call to krbtf auth_rimap.c: provide native memmem implementation if missing lak.c: Allow LDAP_OPT_X_TLS_REQUIRE_CERT to be 0 (no certificate verification) lak.h: Increase supported DN length to 4096 (#626)
2022-02-24 12:00:03 +01:00
# $NetBSD: Makefile,v 1.57 2022/02/24 11:00:04 wiz Exp $
PKGNAME= ${DISTNAME:S/sasl/saslauthd/}
CONFLICTS+= cyrus-sasl<2.1.15nb2
Update cyrus-sasl to 2.1.25. Take maintainership. New in 2.1.25 ------------- * Make sure that a failed authorization doesn't preclude further server-side SASL authentication attempts from working. * Fixed a crash caused by aborted SASL authentication and initiation of another one using the same SASL context. * (Windows) Fixed the random number generator to actually produce random output on each run. * Be protective against calling sasl_server_step once authentication has failed (multiple SASL plugins) * Fixed several bugs in the mech_avail callback handling in the server side code. * Added support for channel bindings * Added support for ordering SASL mechanisms by strength (on the client side), or using the "client_mech_list" option. * server_idle needs to obey server's SASL mechanism list from the server context. * Better server plugin API mismatch reporting * Build: - Updated config to the latest GNU snapshot - Fixed SASL's libtool MacOS/X 64-bit file magic * New SASL plugin: SCRAM * New SASL plugin: GS2 * DIGEST-MD5 plugin: - Allow DIGEST-MD5 plugin to be used for client-side and server-side HTTP Digest, including running over non-persistent connections (RFC 2617) - Use the same username for reauthentication cache lookup and update - Minimize the number of auxprop lookups in the server side DIGEST-MD5 plugin for the most common case when authentication and authorization identities are the same. - Updated digestmd5_server_mech_step2() to be more defensive against empty client input. - Fixed some memory leaks on failed plugin initialization. Prevent potential race condition when freeding plugin state. Set the freed reauthentication cache mutex to NULL, to make errors due to mutex access after free more obvious. - Test against broken UTF-8 based hashes if calculation using special ISO-8859-1 code fails. - Fixed an interop problem with some LDAP clients ignoring server advertised realm and providing their own. * GSSAPI plugin: - Fix to build GSSAPI with Heimdal - Properly set serveroutlen to 0 in one place. Don't send empty challenge once server context establishment is done, as this is in violation of the RFC 2222 and its successor. - Don't send maxbuf, if no security layer can be established. Added additional checks for buffer lengths. * LDAPDB plugin: - build fixes New in 2.1.24 ------------- * Order advertised server-side SASL mechanisms per the specified 'mech_list' option or by relative "strength" * Make sure that sasl_set_alloc() has no effect once sasl_client_init() or sasl_server_init() is called * Fixed sasl_set_mutex() to disallow changing mutex management functions once sasl_server_init()/sasl_client_init() is called (bug # 3083) * Removed unused mutexes in lib/client.c and lib/server.c (bug # 3141) * Added direct support for hashed password to auxprop API * Don't treat a constraint violation as an error to store an auxprop property * Extended libsasl (auxprop) to support user deletion * Extended SASL auxprop_lookup to return error code * Updated sasl_user_exists() so that it can handle passwordless accounts (e.g. disabled) * (Windows) Free handles of shared libraries on Windows that were loaded but are not SASL plugins (bug # 2089) * Prevent freeing of common state on a subsequent call to _sasl_common_init. Make sure that the last global callback always wins. * Implemented sasl_client_done()/sasl_server_done() * Added automatic hostname canonicalization inside libsasl * Made sasl_config_init() public * Strip trailing spaces from server config file option values (bug # 3139, bug # 3041) * Fixed potential buffer overflow in saslautd_verify_password(). * Fixed segfault in dlclose() on HPUX * Various bugfixes for 64bit platforms * Fixed bug # 2895 (passing LF to sasl_decode64) in sample/sample-client.c, sample/sample-server.c, utils/smtptest.c * pluginviewer: Code cleanup, improved human readable messages * Build: - (Windows) Updated makefiles to build with VC 8.0 (VC++ 2005) - (Windows) Added Windows64 build - Updated to use .plugin extension on MacOS - Changed 64bit HP-UX build to use .so for shared libraries * saslauthd: - Fixed bug counting double-quotes in username/password in auth_rimap.c. Also fixed bug zeroing password. - auth_krb.c: improved diagnostic in the k5support_verify_tgt() function. - auth_sasldb.c: pid_file_lock is created with a mask of 644 instead of 0644 - auth_shadow.c: Define _XOPEN_SOURCE before including unistd.h, so that crypt is correctly defined - auth_getpwent.c: Fixed Solaris build * SASLDB plugin: - Fixed spurious 'user not found' errors caused by an attempt to delete a non-existent property - Added direct support for hashed password to auxprop API - Sleepycat driver: Return SASL_NOUSER instead of SASL_FAIL when the database file doesn't exist - Ignore properties starting with '*' in the auxprop store function * SQL plugin: - Added support for SQLITE3 - Uninitialized variables can cause crash when the searched user is not found - Added direct support for hashed password - Ignore properties starting with '*' in the auxprop store function * LDAPDB plugin: - Added code to extend LDAPDB into a canon_user plugin in addition to its existing auxprop plugin functionality * PLAIN plugin: - Advertise SASL_SEC_PASS_CREDENTIALS feature * LOGIN plugin: - Advertise SASL_SEC_PASS_CREDENTIALS feature * DIGEST-MD5 plugin: - Fixed a memory leak in the DIGEST-MD5 security layer - Fixed memory leaks in client-side reauth and other places - More detailed error reporting. - Fixed parsing of challenges/responses with extra commas. - Allow for multiple qop options from the server and require a single qop option from the client. * GSSAPI plugin: - Check that params->serverFQDN is not NULL before using strlen on it - Make auxprop lookup calls optional * EXTERNAL plugin: - Make auxprop lookup calls optional * NTLM plugin: - allow a comma separated list of servernames in 'ntlm_server' option - Fixed crash in calculating NTv2 reponse * OTP plugin: - Don't use a stack variable for an OTP prompt (bug # 2822) - Downgrade the failure to store OTP secret to debug level * KERBEROS_V4 plugin: - Make auxprop lookup calls optional
2011-09-17 13:32:02 +02:00
.include "../../security/cyrus-sasl/Makefile.common"
2004-01-12 04:16:32 +01:00
COMMENT= Cyrus SASL plaintext authentication daemon
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q}
BUILD_TARGET= all
SASLSOCKETDIR?= ${VARBASE}/run/saslauthd
BUILD_DEFS+= SASLSOCKETDIR
FILES_SUBST+= SASLSOCKETDIR=${SASLSOCKETDIR:Q}
CONFIGURE_ARGS+= --with-saslauthd=${SASLSOCKETDIR:Q}
CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q}
Update cyrus-sasl to 2.1.25. Take maintainership. New in 2.1.25 ------------- * Make sure that a failed authorization doesn't preclude further server-side SASL authentication attempts from working. * Fixed a crash caused by aborted SASL authentication and initiation of another one using the same SASL context. * (Windows) Fixed the random number generator to actually produce random output on each run. * Be protective against calling sasl_server_step once authentication has failed (multiple SASL plugins) * Fixed several bugs in the mech_avail callback handling in the server side code. * Added support for channel bindings * Added support for ordering SASL mechanisms by strength (on the client side), or using the "client_mech_list" option. * server_idle needs to obey server's SASL mechanism list from the server context. * Better server plugin API mismatch reporting * Build: - Updated config to the latest GNU snapshot - Fixed SASL's libtool MacOS/X 64-bit file magic * New SASL plugin: SCRAM * New SASL plugin: GS2 * DIGEST-MD5 plugin: - Allow DIGEST-MD5 plugin to be used for client-side and server-side HTTP Digest, including running over non-persistent connections (RFC 2617) - Use the same username for reauthentication cache lookup and update - Minimize the number of auxprop lookups in the server side DIGEST-MD5 plugin for the most common case when authentication and authorization identities are the same. - Updated digestmd5_server_mech_step2() to be more defensive against empty client input. - Fixed some memory leaks on failed plugin initialization. Prevent potential race condition when freeding plugin state. Set the freed reauthentication cache mutex to NULL, to make errors due to mutex access after free more obvious. - Test against broken UTF-8 based hashes if calculation using special ISO-8859-1 code fails. - Fixed an interop problem with some LDAP clients ignoring server advertised realm and providing their own. * GSSAPI plugin: - Fix to build GSSAPI with Heimdal - Properly set serveroutlen to 0 in one place. Don't send empty challenge once server context establishment is done, as this is in violation of the RFC 2222 and its successor. - Don't send maxbuf, if no security layer can be established. Added additional checks for buffer lengths. * LDAPDB plugin: - build fixes New in 2.1.24 ------------- * Order advertised server-side SASL mechanisms per the specified 'mech_list' option or by relative "strength" * Make sure that sasl_set_alloc() has no effect once sasl_client_init() or sasl_server_init() is called * Fixed sasl_set_mutex() to disallow changing mutex management functions once sasl_server_init()/sasl_client_init() is called (bug # 3083) * Removed unused mutexes in lib/client.c and lib/server.c (bug # 3141) * Added direct support for hashed password to auxprop API * Don't treat a constraint violation as an error to store an auxprop property * Extended libsasl (auxprop) to support user deletion * Extended SASL auxprop_lookup to return error code * Updated sasl_user_exists() so that it can handle passwordless accounts (e.g. disabled) * (Windows) Free handles of shared libraries on Windows that were loaded but are not SASL plugins (bug # 2089) * Prevent freeing of common state on a subsequent call to _sasl_common_init. Make sure that the last global callback always wins. * Implemented sasl_client_done()/sasl_server_done() * Added automatic hostname canonicalization inside libsasl * Made sasl_config_init() public * Strip trailing spaces from server config file option values (bug # 3139, bug # 3041) * Fixed potential buffer overflow in saslautd_verify_password(). * Fixed segfault in dlclose() on HPUX * Various bugfixes for 64bit platforms * Fixed bug # 2895 (passing LF to sasl_decode64) in sample/sample-client.c, sample/sample-server.c, utils/smtptest.c * pluginviewer: Code cleanup, improved human readable messages * Build: - (Windows) Updated makefiles to build with VC 8.0 (VC++ 2005) - (Windows) Added Windows64 build - Updated to use .plugin extension on MacOS - Changed 64bit HP-UX build to use .so for shared libraries * saslauthd: - Fixed bug counting double-quotes in username/password in auth_rimap.c. Also fixed bug zeroing password. - auth_krb.c: improved diagnostic in the k5support_verify_tgt() function. - auth_sasldb.c: pid_file_lock is created with a mask of 644 instead of 0644 - auth_shadow.c: Define _XOPEN_SOURCE before including unistd.h, so that crypt is correctly defined - auth_getpwent.c: Fixed Solaris build * SASLDB plugin: - Fixed spurious 'user not found' errors caused by an attempt to delete a non-existent property - Added direct support for hashed password to auxprop API - Sleepycat driver: Return SASL_NOUSER instead of SASL_FAIL when the database file doesn't exist - Ignore properties starting with '*' in the auxprop store function * SQL plugin: - Added support for SQLITE3 - Uninitialized variables can cause crash when the searched user is not found - Added direct support for hashed password - Ignore properties starting with '*' in the auxprop store function * LDAPDB plugin: - Added code to extend LDAPDB into a canon_user plugin in addition to its existing auxprop plugin functionality * PLAIN plugin: - Advertise SASL_SEC_PASS_CREDENTIALS feature * LOGIN plugin: - Advertise SASL_SEC_PASS_CREDENTIALS feature * DIGEST-MD5 plugin: - Fixed a memory leak in the DIGEST-MD5 security layer - Fixed memory leaks in client-side reauth and other places - More detailed error reporting. - Fixed parsing of challenges/responses with extra commas. - Allow for multiple qop options from the server and require a single qop option from the client. * GSSAPI plugin: - Check that params->serverFQDN is not NULL before using strlen on it - Make auxprop lookup calls optional * EXTERNAL plugin: - Make auxprop lookup calls optional * NTLM plugin: - allow a comma separated list of servernames in 'ntlm_server' option - Fixed crash in calculating NTv2 reponse * OTP plugin: - Don't use a stack variable for an OTP prompt (bug # 2822) - Downgrade the failure to store OTP secret to debug level * KERBEROS_V4 plugin: - Make auxprop lookup calls optional
2011-09-17 13:32:02 +02:00
BUILD_DIRS= saslauthd
.include "options.mk"
RCD_SCRIPTS= saslauthd
2016-12-16 16:42:20 +01:00
SMF_METHODS= saslauthd
SMF_NAME= saslauthd
2010-02-19 20:23:50 +01:00
FILES_SUBST+= ROOT_USER=${REAL_ROOT_USER:Q}
INSTALLATION_DIRS= bin
.include "../../security/openssl/buildlink3.mk"
SUBST_CLASSES+= sysconf
SUBST_MESSAGE.sysconf= Fixing path to ${PKG_SYSCONFDIR}
SUBST_STAGE.sysconf= post-build
Update cyrus-sasl to 2.1.25. Take maintainership. New in 2.1.25 ------------- * Make sure that a failed authorization doesn't preclude further server-side SASL authentication attempts from working. * Fixed a crash caused by aborted SASL authentication and initiation of another one using the same SASL context. * (Windows) Fixed the random number generator to actually produce random output on each run. * Be protective against calling sasl_server_step once authentication has failed (multiple SASL plugins) * Fixed several bugs in the mech_avail callback handling in the server side code. * Added support for channel bindings * Added support for ordering SASL mechanisms by strength (on the client side), or using the "client_mech_list" option. * server_idle needs to obey server's SASL mechanism list from the server context. * Better server plugin API mismatch reporting * Build: - Updated config to the latest GNU snapshot - Fixed SASL's libtool MacOS/X 64-bit file magic * New SASL plugin: SCRAM * New SASL plugin: GS2 * DIGEST-MD5 plugin: - Allow DIGEST-MD5 plugin to be used for client-side and server-side HTTP Digest, including running over non-persistent connections (RFC 2617) - Use the same username for reauthentication cache lookup and update - Minimize the number of auxprop lookups in the server side DIGEST-MD5 plugin for the most common case when authentication and authorization identities are the same. - Updated digestmd5_server_mech_step2() to be more defensive against empty client input. - Fixed some memory leaks on failed plugin initialization. Prevent potential race condition when freeding plugin state. Set the freed reauthentication cache mutex to NULL, to make errors due to mutex access after free more obvious. - Test against broken UTF-8 based hashes if calculation using special ISO-8859-1 code fails. - Fixed an interop problem with some LDAP clients ignoring server advertised realm and providing their own. * GSSAPI plugin: - Fix to build GSSAPI with Heimdal - Properly set serveroutlen to 0 in one place. Don't send empty challenge once server context establishment is done, as this is in violation of the RFC 2222 and its successor. - Don't send maxbuf, if no security layer can be established. Added additional checks for buffer lengths. * LDAPDB plugin: - build fixes New in 2.1.24 ------------- * Order advertised server-side SASL mechanisms per the specified 'mech_list' option or by relative "strength" * Make sure that sasl_set_alloc() has no effect once sasl_client_init() or sasl_server_init() is called * Fixed sasl_set_mutex() to disallow changing mutex management functions once sasl_server_init()/sasl_client_init() is called (bug # 3083) * Removed unused mutexes in lib/client.c and lib/server.c (bug # 3141) * Added direct support for hashed password to auxprop API * Don't treat a constraint violation as an error to store an auxprop property * Extended libsasl (auxprop) to support user deletion * Extended SASL auxprop_lookup to return error code * Updated sasl_user_exists() so that it can handle passwordless accounts (e.g. disabled) * (Windows) Free handles of shared libraries on Windows that were loaded but are not SASL plugins (bug # 2089) * Prevent freeing of common state on a subsequent call to _sasl_common_init. Make sure that the last global callback always wins. * Implemented sasl_client_done()/sasl_server_done() * Added automatic hostname canonicalization inside libsasl * Made sasl_config_init() public * Strip trailing spaces from server config file option values (bug # 3139, bug # 3041) * Fixed potential buffer overflow in saslautd_verify_password(). * Fixed segfault in dlclose() on HPUX * Various bugfixes for 64bit platforms * Fixed bug # 2895 (passing LF to sasl_decode64) in sample/sample-client.c, sample/sample-server.c, utils/smtptest.c * pluginviewer: Code cleanup, improved human readable messages * Build: - (Windows) Updated makefiles to build with VC 8.0 (VC++ 2005) - (Windows) Added Windows64 build - Updated to use .plugin extension on MacOS - Changed 64bit HP-UX build to use .so for shared libraries * saslauthd: - Fixed bug counting double-quotes in username/password in auth_rimap.c. Also fixed bug zeroing password. - auth_krb.c: improved diagnostic in the k5support_verify_tgt() function. - auth_sasldb.c: pid_file_lock is created with a mask of 644 instead of 0644 - auth_shadow.c: Define _XOPEN_SOURCE before including unistd.h, so that crypt is correctly defined - auth_getpwent.c: Fixed Solaris build * SASLDB plugin: - Fixed spurious 'user not found' errors caused by an attempt to delete a non-existent property - Added direct support for hashed password to auxprop API - Sleepycat driver: Return SASL_NOUSER instead of SASL_FAIL when the database file doesn't exist - Ignore properties starting with '*' in the auxprop store function * SQL plugin: - Added support for SQLITE3 - Uninitialized variables can cause crash when the searched user is not found - Added direct support for hashed password - Ignore properties starting with '*' in the auxprop store function * LDAPDB plugin: - Added code to extend LDAPDB into a canon_user plugin in addition to its existing auxprop plugin functionality * PLAIN plugin: - Advertise SASL_SEC_PASS_CREDENTIALS feature * LOGIN plugin: - Advertise SASL_SEC_PASS_CREDENTIALS feature * DIGEST-MD5 plugin: - Fixed a memory leak in the DIGEST-MD5 security layer - Fixed memory leaks in client-side reauth and other places - More detailed error reporting. - Fixed parsing of challenges/responses with extra commas. - Allow for multiple qop options from the server and require a single qop option from the client. * GSSAPI plugin: - Check that params->serverFQDN is not NULL before using strlen on it - Make auxprop lookup calls optional * EXTERNAL plugin: - Make auxprop lookup calls optional * NTLM plugin: - allow a comma separated list of servernames in 'ntlm_server' option - Fixed crash in calculating NTv2 reponse * OTP plugin: - Don't use a stack variable for an OTP prompt (bug # 2822) - Downgrade the failure to store OTP secret to debug level * KERBEROS_V4 plugin: - Make auxprop lookup calls optional
2011-09-17 13:32:02 +02:00
SUBST_FILES.sysconf= saslauthd/LDAP_SASLAUTHD saslauthd/saslauthd.mdoc
SUBST_SED.sysconf= -e "s,/usr/local/etc/,${PKG_SYSCONFDIR}/,g"
post-install:
.if !empty(PKG_OPTIONS:Mldap)
2008-08-12 12:16:54 +02:00
${INSTALL_DATA_DIR} ${DESTDIR}${PREFIX}/share/doc/cyrus-saslauthd
Update cyrus-sasl to 2.1.25. Take maintainership. New in 2.1.25 ------------- * Make sure that a failed authorization doesn't preclude further server-side SASL authentication attempts from working. * Fixed a crash caused by aborted SASL authentication and initiation of another one using the same SASL context. * (Windows) Fixed the random number generator to actually produce random output on each run. * Be protective against calling sasl_server_step once authentication has failed (multiple SASL plugins) * Fixed several bugs in the mech_avail callback handling in the server side code. * Added support for channel bindings * Added support for ordering SASL mechanisms by strength (on the client side), or using the "client_mech_list" option. * server_idle needs to obey server's SASL mechanism list from the server context. * Better server plugin API mismatch reporting * Build: - Updated config to the latest GNU snapshot - Fixed SASL's libtool MacOS/X 64-bit file magic * New SASL plugin: SCRAM * New SASL plugin: GS2 * DIGEST-MD5 plugin: - Allow DIGEST-MD5 plugin to be used for client-side and server-side HTTP Digest, including running over non-persistent connections (RFC 2617) - Use the same username for reauthentication cache lookup and update - Minimize the number of auxprop lookups in the server side DIGEST-MD5 plugin for the most common case when authentication and authorization identities are the same. - Updated digestmd5_server_mech_step2() to be more defensive against empty client input. - Fixed some memory leaks on failed plugin initialization. Prevent potential race condition when freeding plugin state. Set the freed reauthentication cache mutex to NULL, to make errors due to mutex access after free more obvious. - Test against broken UTF-8 based hashes if calculation using special ISO-8859-1 code fails. - Fixed an interop problem with some LDAP clients ignoring server advertised realm and providing their own. * GSSAPI plugin: - Fix to build GSSAPI with Heimdal - Properly set serveroutlen to 0 in one place. Don't send empty challenge once server context establishment is done, as this is in violation of the RFC 2222 and its successor. - Don't send maxbuf, if no security layer can be established. Added additional checks for buffer lengths. * LDAPDB plugin: - build fixes New in 2.1.24 ------------- * Order advertised server-side SASL mechanisms per the specified 'mech_list' option or by relative "strength" * Make sure that sasl_set_alloc() has no effect once sasl_client_init() or sasl_server_init() is called * Fixed sasl_set_mutex() to disallow changing mutex management functions once sasl_server_init()/sasl_client_init() is called (bug # 3083) * Removed unused mutexes in lib/client.c and lib/server.c (bug # 3141) * Added direct support for hashed password to auxprop API * Don't treat a constraint violation as an error to store an auxprop property * Extended libsasl (auxprop) to support user deletion * Extended SASL auxprop_lookup to return error code * Updated sasl_user_exists() so that it can handle passwordless accounts (e.g. disabled) * (Windows) Free handles of shared libraries on Windows that were loaded but are not SASL plugins (bug # 2089) * Prevent freeing of common state on a subsequent call to _sasl_common_init. Make sure that the last global callback always wins. * Implemented sasl_client_done()/sasl_server_done() * Added automatic hostname canonicalization inside libsasl * Made sasl_config_init() public * Strip trailing spaces from server config file option values (bug # 3139, bug # 3041) * Fixed potential buffer overflow in saslautd_verify_password(). * Fixed segfault in dlclose() on HPUX * Various bugfixes for 64bit platforms * Fixed bug # 2895 (passing LF to sasl_decode64) in sample/sample-client.c, sample/sample-server.c, utils/smtptest.c * pluginviewer: Code cleanup, improved human readable messages * Build: - (Windows) Updated makefiles to build with VC 8.0 (VC++ 2005) - (Windows) Added Windows64 build - Updated to use .plugin extension on MacOS - Changed 64bit HP-UX build to use .so for shared libraries * saslauthd: - Fixed bug counting double-quotes in username/password in auth_rimap.c. Also fixed bug zeroing password. - auth_krb.c: improved diagnostic in the k5support_verify_tgt() function. - auth_sasldb.c: pid_file_lock is created with a mask of 644 instead of 0644 - auth_shadow.c: Define _XOPEN_SOURCE before including unistd.h, so that crypt is correctly defined - auth_getpwent.c: Fixed Solaris build * SASLDB plugin: - Fixed spurious 'user not found' errors caused by an attempt to delete a non-existent property - Added direct support for hashed password to auxprop API - Sleepycat driver: Return SASL_NOUSER instead of SASL_FAIL when the database file doesn't exist - Ignore properties starting with '*' in the auxprop store function * SQL plugin: - Added support for SQLITE3 - Uninitialized variables can cause crash when the searched user is not found - Added direct support for hashed password - Ignore properties starting with '*' in the auxprop store function * LDAPDB plugin: - Added code to extend LDAPDB into a canon_user plugin in addition to its existing auxprop plugin functionality * PLAIN plugin: - Advertise SASL_SEC_PASS_CREDENTIALS feature * LOGIN plugin: - Advertise SASL_SEC_PASS_CREDENTIALS feature * DIGEST-MD5 plugin: - Fixed a memory leak in the DIGEST-MD5 security layer - Fixed memory leaks in client-side reauth and other places - More detailed error reporting. - Fixed parsing of challenges/responses with extra commas. - Allow for multiple qop options from the server and require a single qop option from the client. * GSSAPI plugin: - Check that params->serverFQDN is not NULL before using strlen on it - Make auxprop lookup calls optional * EXTERNAL plugin: - Make auxprop lookup calls optional * NTLM plugin: - allow a comma separated list of servernames in 'ntlm_server' option - Fixed crash in calculating NTv2 reponse * OTP plugin: - Don't use a stack variable for an OTP prompt (bug # 2822) - Downgrade the failure to store OTP secret to debug level * KERBEROS_V4 plugin: - Make auxprop lookup calls optional
2011-09-17 13:32:02 +02:00
${INSTALL_DATA} ${WRKSRC}/saslauthd/LDAP_SASLAUTHD \
2008-08-12 12:16:54 +02:00
${DESTDIR}${PREFIX}/share/doc/cyrus-saslauthd
.endif
.include "../../mk/bsd.pkg.mk"