CVS commit: pkgsrc/security/gsasl

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/gsasl
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Sun, 17 Jul 2022 08:24:53 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Sun Jul 17 08:24:53 UTC 2022

Modified Files:
        pkgsrc/security/gsasl: Makefile PLIST buildlink3.mk distinfo

Log Message:
gsasl: update to 2.0.1.

* Noteworthy changes in release 2.0.1 (2022-07-15) [stable]

** Support for the libgssglue GSS-API library were added.
We encourage you to build with libgssglue, as that allows system
administrators and end-users to chose between MIT Kerberos, Heimdal
and GNU GSS during run-time.  Read about the background here:
https://blog.josefsson.org/2022/07/14/towards-pluggable-gss-api-modules/

** GSSAPI client: don't use AUTHID as fallback for AUTHZID.
The code historically used the AUTHID as authorization identity, but
in 2012 we changed it to first query for AUTHZID, and only if that is
not available, fall back to using AUTHID as the authorization
identity.  The change was not released until version 1.8.1 on
2019-08-02, when it was properly documented to be removed 'after the
year 2012'.  While documented behaviour, this seems like just
surprising behaviour and we now finally make the change.

** GSSAPI server: don't set AUTHZID to empty string when absent.
The GSS-API SASL protocol does not differentiate between an absent
authorization identity and an authorization identity that is the empty
string.  Previously libgsasl would set it to the empty string but now
it is set to NULL.  The manual explains that this is a protocol
limitation.

** The examples/smtp-server.c now supports GSSAPI/GS2-KRB5.
The example is used during CI/CD testing of GNU SASL and thus it made
sense to extend it.  Some bugs related to getline error conditions
were also fixed.

** GSSAPI server: Fix out-of-bounds read.
A malicious client can after it has authenticated with Kerberos send a
specially crafted message that causes Libgsasl to read out of bounds
and cause a crash in the server.

* Noteworthy changes in release 2.0.0 (2022-06-20) [stable]

** Compared to last stable branch 1.10.x the 2.0.0 release
** drops all obsolete APIs, drops the abandoned KERBEROS_V5 mechanism,
** stops shipping a separate tarball for only the library, adds new APIs
** gsasl_mechanism_name_p() and gsasl_property_free().
Numerous other translation improvements, code cleanups, bug fixes,
documentation additions, build improvements and portability
enhancements were made as well.


To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.56 pkgsrc/security/gsasl/Makefile
cvs rdiff -u -r1.19 -r1.20 pkgsrc/security/gsasl/PLIST
cvs rdiff -u -r1.17 -r1.18 pkgsrc/security/gsasl/buildlink3.mk
cvs rdiff -u -r1.22 -r1.23 pkgsrc/security/gsasl/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/gsasl/Makefile
diff -u pkgsrc/security/gsasl/Makefile:1.55 pkgsrc/security/gsasl/Makefile:1.56
--- pkgsrc/security/gsasl/Makefile:1.55 Wed Dec  8 16:06:18 2021
+++ pkgsrc/security/gsasl/Makefile      Sun Jul 17 08:24:53 2022
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.55 2021/12/08 16:06:18 adam Exp $
+# $NetBSD: Makefile,v 1.56 2022/07/17 08:24:53 wiz Exp $
 
-DISTNAME=      gsasl-1.10.0
-PKGREVISION=   4
+DISTNAME=      gsasl-2.0.1
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GNU:=gsasl/}
 
@@ -25,8 +24,7 @@ PKGCONFIG_OVERRIDE+=  lib/libgsasl.pc.in
 INFO_FILES=            yes
 TEST_TARGET=           check
 
-# one test failure as of 1.8.1
-# FAIL: test-pthread_sigmask2
+# all tests pass as of 2.0.1
 
 .include "../../devel/gettext-lib/buildlink3.mk"
 .include "../../devel/libidn/buildlink3.mk"

Index: pkgsrc/security/gsasl/PLIST
diff -u pkgsrc/security/gsasl/PLIST:1.19 pkgsrc/security/gsasl/PLIST:1.20
--- pkgsrc/security/gsasl/PLIST:1.19    Thu Jan  7 22:09:52 2021
+++ pkgsrc/security/gsasl/PLIST Sun Jul 17 08:24:53 2022
@@ -1,18 +1,12 @@
-@comment $NetBSD: PLIST,v 1.19 2021/01/07 22:09:52 wiz Exp $
+@comment $NetBSD: PLIST,v 1.20 2022/07/17 08:24:53 wiz Exp $
 bin/gsasl
-include/gsasl-compat.h
 include/gsasl-mech.h
+include/gsasl-version.h
 include/gsasl.h
 info/gsasl.info
 lib/libgsasl.la
 lib/pkgconfig/libgsasl.pc
 man/man1/gsasl.1
-man/man3/gsasl_appinfo_get.3
-man/man3/gsasl_appinfo_set.3
-man/man3/gsasl_application_data_get.3
-man/man3/gsasl_application_data_set.3
-man/man3/gsasl_base64_decode.3
-man/man3/gsasl_base64_encode.3
 man/man3/gsasl_base64_from.3
 man/man3/gsasl_base64_to.3
 man/man3/gsasl_callback.3
@@ -20,158 +14,63 @@ man/man3/gsasl_callback_hook_get.3
 man/man3/gsasl_callback_hook_set.3
 man/man3/gsasl_callback_set.3
 man/man3/gsasl_check_version.3
-man/man3/gsasl_client_application_data_get.3
-man/man3/gsasl_client_application_data_set.3
-man/man3/gsasl_client_callback_anonymous_get.3
-man/man3/gsasl_client_callback_anonymous_set.3
-man/man3/gsasl_client_callback_authentication_id_get.3
-man/man3/gsasl_client_callback_authentication_id_set.3
-man/man3/gsasl_client_callback_authorization_id_get.3
-man/man3/gsasl_client_callback_authorization_id_set.3
-man/man3/gsasl_client_callback_maxbuf_get.3
-man/man3/gsasl_client_callback_maxbuf_set.3
-man/man3/gsasl_client_callback_passcode_get.3
-man/man3/gsasl_client_callback_passcode_set.3
-man/man3/gsasl_client_callback_password_get.3
-man/man3/gsasl_client_callback_password_set.3
-man/man3/gsasl_client_callback_pin_get.3
-man/man3/gsasl_client_callback_pin_set.3
-man/man3/gsasl_client_callback_qop_get.3
-man/man3/gsasl_client_callback_qop_set.3
-man/man3/gsasl_client_callback_realm_get.3
-man/man3/gsasl_client_callback_realm_set.3
-man/man3/gsasl_client_callback_service_get.3
-man/man3/gsasl_client_callback_service_set.3
-man/man3/gsasl_client_ctx_get.3
-man/man3/gsasl_client_finish.3
-man/man3/gsasl_client_listmech.3
 man/man3/gsasl_client_mechlist.3
 man/man3/gsasl_client_start.3
-man/man3/gsasl_client_step.3
-man/man3/gsasl_client_step_base64.3
 man/man3/gsasl_client_suggest_mechanism.3
 man/man3/gsasl_client_support_p.3
-man/man3/gsasl_ctx_get.3
 man/man3/gsasl_decode.3
-man/man3/gsasl_decode_inline.3
 man/man3/gsasl_done.3
 man/man3/gsasl_encode.3
-man/man3/gsasl_encode_inline.3
 man/man3/gsasl_finish.3
 man/man3/gsasl_free.3
 man/man3/gsasl_hash_length.3
 man/man3/gsasl_hex_from.3
 man/man3/gsasl_hex_to.3
-man/man3/gsasl_hmac_md5.3
-man/man3/gsasl_hmac_sha1.3
 man/man3/gsasl_init.3
-man/man3/gsasl_md5.3
-man/man3/gsasl_md5pwd_get_password.3
 man/man3/gsasl_mechanism_name.3
+man/man3/gsasl_mechanism_name_p.3
 man/man3/gsasl_nonce.3
 man/man3/gsasl_property_fast.3
+man/man3/gsasl_property_free.3
 man/man3/gsasl_property_get.3
 man/man3/gsasl_property_set.3
 man/man3/gsasl_property_set_raw.3
 man/man3/gsasl_random.3
-man/man3/gsasl_randomize.3
 man/man3/gsasl_register.3
 man/man3/gsasl_saslprep.3
 man/man3/gsasl_scram_secrets_from_password.3
 man/man3/gsasl_scram_secrets_from_salted_password.3
-man/man3/gsasl_server_application_data_get.3
-man/man3/gsasl_server_application_data_set.3
-man/man3/gsasl_server_callback_anonymous_get.3
-man/man3/gsasl_server_callback_anonymous_set.3
-man/man3/gsasl_server_callback_cipher_get.3
-man/man3/gsasl_server_callback_cipher_set.3
-man/man3/gsasl_server_callback_cram_md5_get.3
-man/man3/gsasl_server_callback_cram_md5_set.3
-man/man3/gsasl_server_callback_digest_md5_get.3
-man/man3/gsasl_server_callback_digest_md5_set.3
-man/man3/gsasl_server_callback_external_get.3
-man/man3/gsasl_server_callback_external_set.3
-man/man3/gsasl_server_callback_gssapi_get.3
-man/man3/gsasl_server_callback_gssapi_set.3
-man/man3/gsasl_server_callback_maxbuf_get.3
-man/man3/gsasl_server_callback_maxbuf_set.3
-man/man3/gsasl_server_callback_qop_get.3
-man/man3/gsasl_server_callback_qop_set.3
-man/man3/gsasl_server_callback_realm_get.3
-man/man3/gsasl_server_callback_realm_set.3
-man/man3/gsasl_server_callback_retrieve_get.3
-man/man3/gsasl_server_callback_retrieve_set.3
-man/man3/gsasl_server_callback_securid_get.3
-man/man3/gsasl_server_callback_securid_set.3
-man/man3/gsasl_server_callback_service_get.3
-man/man3/gsasl_server_callback_service_set.3
-man/man3/gsasl_server_callback_validate_get.3
-man/man3/gsasl_server_callback_validate_set.3
-man/man3/gsasl_server_ctx_get.3
-man/man3/gsasl_server_finish.3
-man/man3/gsasl_server_listmech.3
 man/man3/gsasl_server_mechlist.3
 man/man3/gsasl_server_start.3
-man/man3/gsasl_server_step.3
-man/man3/gsasl_server_step_base64.3
-man/man3/gsasl_server_suggest_mechanism.3
 man/man3/gsasl_server_support_p.3
 man/man3/gsasl_session_hook_get.3
 man/man3/gsasl_session_hook_set.3
-man/man3/gsasl_sha1.3
 man/man3/gsasl_simple_getpass.3
 man/man3/gsasl_step.3
 man/man3/gsasl_step64.3
 man/man3/gsasl_strerror.3
 man/man3/gsasl_strerror_name.3
-man/man3/gsasl_stringprep_nfkc.3
-man/man3/gsasl_stringprep_saslprep.3
-man/man3/gsasl_stringprep_trace.3
 share/locale/da/LC_MESSAGES/gsasl.mo
-share/locale/da/LC_MESSAGES/libgsasl.mo
 share/locale/de/LC_MESSAGES/gsasl.mo
-share/locale/de/LC_MESSAGES/libgsasl.mo
-share/locale/en@boldquot/LC_MESSAGES/gsasl.mo
-share/locale/en@boldquot/LC_MESSAGES/libgsasl.mo
-share/locale/en@quot/LC_MESSAGES/gsasl.mo
-share/locale/en@quot/LC_MESSAGES/libgsasl.mo
 share/locale/eo/LC_MESSAGES/gsasl.mo
-share/locale/eo/LC_MESSAGES/libgsasl.mo
 share/locale/es/LC_MESSAGES/gsasl.mo
-share/locale/es/LC_MESSAGES/libgsasl.mo
 share/locale/eu/LC_MESSAGES/gsasl.mo
 share/locale/fi/LC_MESSAGES/gsasl.mo
-share/locale/fi/LC_MESSAGES/libgsasl.mo
 share/locale/fr/LC_MESSAGES/gsasl.mo
-share/locale/fr/LC_MESSAGES/libgsasl.mo
 share/locale/ga/LC_MESSAGES/gsasl.mo
-share/locale/ga/LC_MESSAGES/libgsasl.mo
 share/locale/hr/LC_MESSAGES/gsasl.mo
 share/locale/hu/LC_MESSAGES/gsasl.mo
-share/locale/hu/LC_MESSAGES/libgsasl.mo
 share/locale/id/LC_MESSAGES/gsasl.mo
-share/locale/id/LC_MESSAGES/libgsasl.mo
 share/locale/it/LC_MESSAGES/gsasl.mo
-share/locale/it/LC_MESSAGES/libgsasl.mo
 share/locale/nl/LC_MESSAGES/gsasl.mo
-share/locale/nl/LC_MESSAGES/libgsasl.mo
 share/locale/pl/LC_MESSAGES/gsasl.mo
-share/locale/pl/LC_MESSAGES/libgsasl.mo
 share/locale/pt_BR/LC_MESSAGES/gsasl.mo
-share/locale/pt_BR/LC_MESSAGES/libgsasl.mo
 share/locale/ro/LC_MESSAGES/gsasl.mo
-share/locale/ro/LC_MESSAGES/libgsasl.mo
 share/locale/sk/LC_MESSAGES/gsasl.mo
-share/locale/sk/LC_MESSAGES/libgsasl.mo
 share/locale/sq/LC_MESSAGES/gsasl.mo
 share/locale/sr/LC_MESSAGES/gsasl.mo
-share/locale/sr/LC_MESSAGES/libgsasl.mo
 share/locale/sv/LC_MESSAGES/gsasl.mo
-share/locale/sv/LC_MESSAGES/libgsasl.mo
 share/locale/uk/LC_MESSAGES/gsasl.mo
-share/locale/uk/LC_MESSAGES/libgsasl.mo
 share/locale/vi/LC_MESSAGES/gsasl.mo
-share/locale/vi/LC_MESSAGES/libgsasl.mo
 share/locale/zh_CN/LC_MESSAGES/gsasl.mo
-share/locale/zh_CN/LC_MESSAGES/libgsasl.mo
 share/locale/zh_TW/LC_MESSAGES/gsasl.mo

Index: pkgsrc/security/gsasl/buildlink3.mk
diff -u pkgsrc/security/gsasl/buildlink3.mk:1.17 pkgsrc/security/gsasl/buildlink3.mk:1.18
--- pkgsrc/security/gsasl/buildlink3.mk:1.17    Thu Oct 21 07:46:32 2021
+++ pkgsrc/security/gsasl/buildlink3.mk Sun Jul 17 08:24:53 2022
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.17 2021/10/21 07:46:32 wiz Exp $
+# $NetBSD: buildlink3.mk,v 1.18 2022/07/17 08:24:53 wiz Exp $
 
 BUILDLINK_TREE+=       gsasl
 
@@ -6,7 +6,7 @@ BUILDLINK_TREE+=        gsasl
 GSASL_BUILDLINK3_MK:=
 
 BUILDLINK_API_DEPENDS.gsasl+=  gsasl>=0.2.15
-BUILDLINK_ABI_DEPENDS.gsasl+=  gsasl>=1.10.0nb3
+BUILDLINK_ABI_DEPENDS.gsasl+=  gsasl>=2.0
 BUILDLINK_PKGSRCDIR.gsasl?=    ../../security/gsasl
 
 .include "../../devel/gettext-lib/buildlink3.mk"

Index: pkgsrc/security/gsasl/distinfo
diff -u pkgsrc/security/gsasl/distinfo:1.22 pkgsrc/security/gsasl/distinfo:1.23
--- pkgsrc/security/gsasl/distinfo:1.22 Tue Oct 26 11:17:07 2021
+++ pkgsrc/security/gsasl/distinfo      Sun Jul 17 08:24:53 2022
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.22 2021/10/26 11:17:07 nia Exp $
+$NetBSD: distinfo,v 1.23 2022/07/17 08:24:53 wiz Exp $
 
-BLAKE2s (gsasl-1.10.0.tar.gz) = 0f33658e5a7a6f99ae48e5d21529190fa32040e5f1f7781b00c2c952a13d9bec
-SHA512 (gsasl-1.10.0.tar.gz) = 8b1dc87e85dbfd0255b3b43c4b7f9c2e896cb03efe4cd4af86393b62fd193665aae4ce59e66db736722e32babfcea6d4f6ddd3c5f069dcc4210f7e9531043e4a
-Size (gsasl-1.10.0.tar.gz) = 5946076 bytes
+BLAKE2s (gsasl-2.0.1.tar.gz) = d3c1968d9ce3a8602df57be4efa4cec6e1da8c52f585f4f7f734cdd540bf4c98
+SHA512 (gsasl-2.0.1.tar.gz) = 01c6f6bd9f986c942a25b89fee0052aef8c10bf914ead29983abdf0cc8fcaa7223fd9d9eeafb4be07e4bc318f087f6f6258facaaeb7f83bca8de512406812be5
+Size (gsasl-2.0.1.tar.gz) = 3279632 bytes

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index