main/cyrus-sasl: security upgrade to 2.1.28 (CVE-2022-24407)

(cherry picked from commit b7d6b4cc1a52b5cc58188c27cff7f47f40a0c95f)

7 files changed, 8 insertions, 131 deletions

diff --git a/main/cyrus-sasl/APKBUILD b/main/cyrus-sasl/APKBUILD
index 6c2e687f3ae..98ed884f84e 100644
--- a/main/cyrus-sasl/APKBUILD
+++ b/main/cyrus-sasl/APKBUILD
@@ -1,8 +1,8 @@
 # Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=cyrus-sasl
-pkgver=2.1.27
-pkgrel=10
+pkgver=2.1.28
+pkgrel=0
 pkgdesc="Cyrus Simple Authentication Service Layer (SASL)"
 url="https://www.cyrusimap.org/sasl/"
 arch="all"
@@ -35,16 +35,12 @@ makedepends="
 	libtool
 	"
 source="https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-$pkgver/cyrus-sasl-$pkgver.tar.gz
-	cyrus-sasl-2.1.27-as_needed.patch
-	cyrus-sasl-2.1.27-autotools_fixes.patch
-	cyrus-sasl-2.1.27-avoid_pic_overwrite.patch
-	cyrus-sasl-2.1.27-doc_build_fix.patch
-	cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch
-	CVE-2019-19906.patch
 	saslauthd.initd
 	"
 
 # secfixes:
+#   2.1.28-r0:
+#     - CVE-2022-24407
 #   2.1.27-r5:
 #     - CVE-2019-19906
 #   2.1.26-r7:
@@ -119,11 +115,7 @@ libsasl() {
 	amove usr/lib/libsasl*.so.*
 }
 
-sha512sums="d11549a99b3b06af79fc62d5478dba3305d7e7cc0824f4b91f0d2638daafbe940623eab235f85af9be38dcf5d42fc131db531c177040a85187aee5096b8df63b  cyrus-sasl-2.1.27.tar.gz
-9eefa6d45e3dd9157a5672909acdd88f0ae35e76d64c3723890a474bbb05b22499cfadb0c077924d27f34da3710b2b700094dd7d5704050138c08dabcefdde94  cyrus-sasl-2.1.27-as_needed.patch
-0d99ca049e76c11500769079d94f3bdb634bddb4c8d45a83b383e9bb9777edda66b17566800acbd450e1f4842d070ec3fbc236e7f0ef8759c36e6dd5ea8e3c64  cyrus-sasl-2.1.27-autotools_fixes.patch
-4ca601839b023ef790e48dae567ffbbd57c632384c980946639ec7437ad23874961451718569455e6e25afaeff1728ecbc71a8686f6b43246f83465f95a2c904  cyrus-sasl-2.1.27-avoid_pic_overwrite.patch
-6d723e7ec2c431b45c011b887187b6a670dbe646aa4c39d38171047ab23db529c30c433f8d4dd624181917c5ce4e5271f86e35e2644ede1c40dfb09cb67dccde  cyrus-sasl-2.1.27-doc_build_fix.patch
-fca4f2b7e427c7613f71daa4a31772c33c8c0fe9d7f85b57b85da71bc5a88a18fc52f7caea463188b4addd31cd041d5349af689d5face2cc45fb50c700a8afd7  cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch
-c39efd87dc9c883d3b07474197f6835fbd32f23baa1f5cd04b25a0473639f847321c40f232e390d4dc9d9ee189dbd177c05d3d1461af4d28a48a4827abc5d9b8  CVE-2019-19906.patch
-f76bfb61567172428cdbc1ed900d5e0b6e66afc38118db6ba0e2fd8ba01956ad896e56463b2249bdc46d8725384f1b975a2af3601c0735327d3f8bc26ce1ed75  saslauthd.initd"
+sha512sums="
+db15af9079758a9f385457a79390c8a7cd7ea666573dace8bf4fb01bb4b49037538d67285727d6a70ad799d2e2318f265c9372e2427de9371d626a1959dd6f78  cyrus-sasl-2.1.28.tar.gz
+f76bfb61567172428cdbc1ed900d5e0b6e66afc38118db6ba0e2fd8ba01956ad896e56463b2249bdc46d8725384f1b975a2af3601c0735327d3f8bc26ce1ed75  saslauthd.initd
+"
diff --git a/main/cyrus-sasl/CVE-2019-19906.patch b/main/cyrus-sasl/CVE-2019-19906.patch
deleted file mode 100644
index f7edb521e89..00000000000
--- a/main/cyrus-sasl/CVE-2019-19906.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-https://github.com/cyrusimap/cyrus-sasl/issues/587
-
-diff --git a/lib/common.c b/lib/common.c
-index bc3bf1df..9969d6aa 100644
---- a/lib/common.c
-+++ b/lib/common.c
-@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
-
-   if (add==NULL) add = "(null)";
-
--  addlen=strlen(add); /* only compute once */
-+  addlen=strlen(add)+1; /* only compute once */
-   if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
-     return SASL_NOMEM;
-
diff --git a/main/cyrus-sasl/cyrus-sasl-2.1.27-as_needed.patch b/main/cyrus-sasl/cyrus-sasl-2.1.27-as_needed.patch
deleted file mode 100644
index 7cd9e151fbb..00000000000
--- a/main/cyrus-sasl/cyrus-sasl-2.1.27-as_needed.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Author: Matthias Klose <doko@ubuntu.com>
-Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
-it.
---- cyrus-sasl-2.1.27/saslauthd/Makefile.am
-+++ cyrus-sasl-2.1.27/saslauthd/Makefile.am
-@@ -25,7 +25,7 @@
- saslauthd_DEPENDENCIES = saslauthd-main.o $(LTLIBOBJS_FULL)
- saslauthd_LDADD	= @SASL_KRB_LIB@ \
- 		  @GSSAPIBASE_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
--		  @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
-+		  @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
- 
- testsaslauthd_SOURCES = testsaslauthd.c utils.c
- testsaslauthd_LDADD = @LIB_SOCKET@
---- cyrus-sasl-2.1.27/sasldb/Makefile.am
-+++ cyrus-sasl-2.1.27/sasldb/Makefile.am
-@@ -54,6 +54,6 @@
- 
- libsasldb_la_SOURCES = allockey.c sasldb.h
- EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
--libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
--libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
-+libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
-+libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
- libsasldb_la_LDFLAGS = -no-undefined
diff --git a/main/cyrus-sasl/cyrus-sasl-2.1.27-autotools_fixes.patch b/main/cyrus-sasl/cyrus-sasl-2.1.27-autotools_fixes.patch
deleted file mode 100644
index 2ce971efc5b..00000000000
--- a/main/cyrus-sasl/cyrus-sasl-2.1.27-autotools_fixes.patch
+++ /dev/null
@@ -1,31 +0,0 @@
---- cyrus-sasl-2.1.27/configure.ac
-+++ cyrus-sasl-2.1.27/configure.ac
-@@ -44,6 +44,8 @@
- 
- AC_PREREQ(2.63)
- 
-+AC_CONFIG_MACRO_DIR([config])
-+
- dnl
- dnl REMINDER: When changing the version number here, please also update
- dnl the values in win32/include/config.h and include/sasl.h as well.
---- cyrus-sasl-2.1.27/Makefile.am
-+++ cyrus-sasl-2.1.27/Makefile.am
-@@ -44,6 +44,8 @@
- #
- ################################################################
- 
-+ACLOCAL_AMFLAGS = -I config
-+
- if SASLAUTHD
- SAD = saslauthd
- else
---- cyrus-sasl-2.1.27/saslauthd/Makefile.am
-+++ cyrus-sasl-2.1.27/saslauthd/Makefile.am
-@@ -1,4 +1,6 @@
- AUTOMAKE_OPTIONS = 1.7
-+ACLOCAL_AMFLAGS = -I ../config
-+
- sbin_PROGRAMS	= saslauthd testsaslauthd
- EXTRA_PROGRAMS  = saslcache
- 
diff --git a/main/cyrus-sasl/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch b/main/cyrus-sasl/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch
deleted file mode 100644
index c331039e2f1..00000000000
--- a/main/cyrus-sasl/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Author: Fabian Fagerholm <fabbe@debian.org>
-Description: This patch makes sure the non-PIC version of libsasldb.a, which
-is created out of non-PIC objects, is not going to overwrite the PIC version,
-which is created out of PIC objects. The PIC version is placed in .libs, and
-the non-PIC version in the current directory.  This ensures that both non-PIC
-and PIC versions are available in the correct locations.
---- cyrus-sasl-2.1.27/lib/Makefile.am
-+++ cyrus-sasl-2.1.27/lib/Makefile.am
-@@ -98,7 +98,7 @@
- 
- libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS)
- 	@echo adding static plugins and dependencies
--	$(AR) cru .libs/$@ $(SASL_STATIC_OBJS)
-+	$(AR) cru $@ $(SASL_STATIC_OBJS)
- 	@for i in ./libsasl2.la ../common/libplugin_common.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
- 	if test ! -f $$i; then continue; fi; . $$i; \
- 	for j in $$dependency_libs foo; do \
diff --git a/main/cyrus-sasl/cyrus-sasl-2.1.27-doc_build_fix.patch b/main/cyrus-sasl/cyrus-sasl-2.1.27-doc_build_fix.patch
deleted file mode 100644
index bdd02f77966..00000000000
--- a/main/cyrus-sasl/cyrus-sasl-2.1.27-doc_build_fix.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- cyrus-sasl-2.1.27/docsrc/exts/sphinxlocal/writers/manpage.py
-+++ cyrus-sasl-2.1.27/docsrc/exts/sphinxlocal/writers/manpage.py
-@@ -23,7 +23,7 @@
- from sphinx import addnodes
- from sphinx.locale import admonitionlabels, _
- from sphinx.util.osutil import ustrftime
--from sphinx.util.compat import docutils_version
-+#from sphinx.util.compat import docutils_version
- 
- class CyrusManualPageWriter(ManualPageWriter):
- 
diff --git a/main/cyrus-sasl/cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch b/main/cyrus-sasl/cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch
deleted file mode 100644
index c585cb158e1..00000000000
--- a/main/cyrus-sasl/cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Gentoo bug #389349
---- cyrus-sasl-2.1.27/m4/sasl2.m4
-+++ cyrus-sasl-2.1.27/m4/sasl2.m4
-@@ -220,7 +220,11 @@
-                  [AC_WARN([Cybersafe define not found])])
- 
-   elif test "$ac_cv_header_gssapi_h" = "yes"; then
--    AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi.h,
-+    AC_EGREP_CPP(hostbased_service_gss_nt_yes, gssapi.h,
-+                 [#include <gssapi.h>
-+                  #ifdef GSS_C_NT_HOSTBASED_SERVICE
-+                    hostbased_service_gss_nt_yes
-+                  #endif],
-                     [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,,
-                                [Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE])])
-   elif test "$ac_cv_header_gssapi_gssapi_h"; then