Ravenports generated: 14 Jan 2024 04:52

[ravenports.git] / bucket_51 / cyrus-sasl

# Buildsheet autogenerated by ravenadm tool -- Do not edit.

NAMEBASE=               cyrus-sasl
VERSION=                2.1.28
REVISION=               1
KEYWORDS=               security
VARIANTS=               standard
SDESC[standard]=        Cyrus Simple Authentication Service Layer (SASL)
HOMEPAGE=               https://www.cyrusimap.org/sasl/
CONTACT=                nobody

DOWNLOAD_GROUPS=        main
SITES[main]=            https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-2.1.28/
DISTFILE[1]=            cyrus-sasl-2.1.28.tar.gz:main
DF_INDEX=               1
SPKGS[standard]=        complete
                        primary
                        docs

OPTIONS_AVAILABLE=      none
OPTIONS_STANDARD=       none

USERS=                  cyrus
GROUPS=                 cyrus
USERGROUP_SPKG=         primary

USES=                   cpe gmake libtool:keepla perl:build bdb ssl mbsdfix

LICENSE=                BSD4CLAUSE:primary
LICENSE_FILE=           BSD4CLAUSE:{{WRKSRC}}/COPYING
LICENSE_SCHEME=         solo

CPE_VENDOR=             cyrusimap
FPC_EQUIVALENT=         security/cyrus-sasl2

MUST_CONFIGURE=         gnu
CONFIGURE_ARGS=         --disable-alwaystrue
                        --disable-keep-db-open
                        --disable-srp
                        --disable-krb4
                        --disable-gssapi
                        --disable-otp
                        --disable-sample
                        --enable-anon
                        --enable-cram
                        --enable-digest
                        --enable-login
                        --enable-ntlm
                        --enable-plain
                        --enable-scram
                        --sysconfdir={{PREFIX}}/etc
                        --with-dblib=berkeley
                        --with-bdb-libdir={{BDB_LIB_DIR}}
                        --with-bdb-incdir={{BDB_INCLUDE_DIR}}
                        --with-authdaemond=/var/run/authdaemond/socket
                        --with-configdir={{PREFIX}}/lib/sasl2:{{PREFIX}}/etc/sasl2
                        --with-plugindir={{PREFIX}}/lib/sasl2
                        --with-dbpath={{PREFIX}}/etc/sasldb2
                        --with-lib-subdir=lib
                        --includedir={{PREFIX}}/include
                        --enable-static
                        --with-rc4=openssl
                        --with-saslauthd=/var/run/saslauthd
                        --with-openssl={{OPENSSLBASE}}

SINGLE_JOB=             yes

INSTALL_REQ_TOOLCHAIN=  yes
SOVERSION=              3.0.0
PLIST_SUB=              UNDERSCORE=1.13.1
                        JQUERY=3.5.1
SUB_FILES=              pkg-install-primary
                        pkg-deinstall-primary
SUB_LIST=               SASLDB_NAME=sasldb2
                        CYRUS_USER=cyrus

CFLAGS=                 -Wno-pointer-sign
VAR_OPSYS[netbsd]=      CONFIGURE_ENV=ac_cv_lib_dl_dlopen=no
VAR_ARCH[x86_64]=       CPPFLAGS=-fPIC

post-install:
        ${MKDIR} ${STAGEDIR}${STD_DOCDIR}
        (cd ${WRKSRC}/doc && ${COPYTREE_SHARE} . ${STAGEDIR}${STD_DOCDIR} \
                "! \( -path */html/_sources* \
                -o -name .buildinfo \
                -o -name Makefile \
                -o -name Makefile.in \
                -o -name Makefile.in.bak \
                -o -name Makefile.am \
                -o -name NTMakefile \
                -o -name .cvsignore \)" \
        )
        (cd ${WRKSRC} && \
                ${INSTALL_DATA} AUTHORS ChangeLog INSTALL.TXT README ${STAGEDIR}${STD_DOCDIR})
        ${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${STAGEDIR}${STD_DOCDIR}
        ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/sasl2/*.${LIBEXT}
        ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/*.${LIBEXT}

post-configure:
        # work around horrible libtool
        ${REINPLACE_CMD} -e "/^archive_cmds=/ \
                s|linkopts|linkopts -Wl,-R,${BDB_LIB_DIR}:${OPENSSLRPATH}|" \
                ${WRKSRC}/libtool

[FILE:460:descriptions/desc.primary]
The Cyrus SASL (Simple Authentication and Security Layer)

SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.  To use
SASL, a protocol includes a command for identifying and authenticating
a user to a server and for optionally negotiating protection of
subsequent protocol interactions. If its use is negotiated, a security
layer is inserted between the protocol and the connection.


[FILE:103:distinfo]
7ccfc6abd01ed67c1a0924b353e526f1b766b21f42d4562ee635a8ebfc5bb38c      4034803 cyrus-sasl-2.1.28.tar.gz


[FILE:2072:manifests/plist.primary]
include/sasl/
 hmac-md5.h
 md5.h
 md5global.h
 prop.h
 sasl.h
 saslplug.h
 saslutil.h
lib/
 libsasl2.a
 libsasl2.la
 libsasl2.so
 libsasl2.so.%%SOMAJOR%%
 libsasl2.so.%%SOVERSION%%
lib/pkgconfig/libsasl2.pc
lib/sasl2/
 libanonymous.a
 libanonymous.la
 libanonymous.so
 libanonymous.so.%%SOMAJOR%%
 libanonymous.so.%%SOVERSION%%
 libcrammd5.a
 libcrammd5.la
 libcrammd5.so
 libcrammd5.so.%%SOMAJOR%%
 libcrammd5.so.%%SOVERSION%%
 libdigestmd5.a
 libdigestmd5.la
 libdigestmd5.so
 libdigestmd5.so.%%SOMAJOR%%
 libdigestmd5.so.%%SOVERSION%%
 liblogin.a
 liblogin.la
 liblogin.so
 liblogin.so.%%SOMAJOR%%
 liblogin.so.%%SOVERSION%%
 libntlm.a
 libntlm.la
 libntlm.so
 libntlm.so.%%SOMAJOR%%
 libntlm.so.%%SOVERSION%%
 libplain.a
 libplain.la
 libplain.so
 libplain.so.%%SOMAJOR%%
 libplain.so.%%SOVERSION%%
 libsasldb.a
 libsasldb.la
 libsasldb.so
 libsasldb.so.%%SOMAJOR%%
 libsasldb.so.%%SOVERSION%%
 libscram.a
 libscram.la
 libscram.so
 libscram.so.%%SOMAJOR%%
 libscram.so.%%SOVERSION%%
sbin/
 pluginviewer
 sasldblistusers2
 saslpasswd2
share/man/man3/
 sasl.3.gz
 sasl_authorize_t.3.gz
 sasl_auxprop.3.gz
 sasl_auxprop_getctx.3.gz
 sasl_auxprop_request.3.gz
 sasl_callbacks.3.gz
 sasl_canon_user_t.3.gz
 sasl_chalprompt_t.3.gz
 sasl_checkapop.3.gz
 sasl_checkpass.3.gz
 sasl_client_init.3.gz
 sasl_client_new.3.gz
 sasl_client_start.3.gz
 sasl_client_step.3.gz
 sasl_decode.3.gz
 sasl_dispose.3.gz
 sasl_done.3.gz
 sasl_encode.3.gz
 sasl_encodev.3.gz
 sasl_errdetail.3.gz
 sasl_errors.3.gz
 sasl_errstring.3.gz
 sasl_getconfpath_t.3.gz
 sasl_getopt_t.3.gz
 sasl_getpath_t.3.gz
 sasl_getprop.3.gz
 sasl_getrealm_t.3.gz
 sasl_getsecret_t.3.gz
 sasl_getsimple_t.3.gz
 sasl_global_listmech.3.gz
 sasl_idle.3.gz
 sasl_listmech.3.gz
 sasl_log_t.3.gz
 sasl_server_init.3.gz
 sasl_server_new.3.gz
 sasl_server_start.3.gz
 sasl_server_step.3.gz
 sasl_server_userdb_checkpass_t.3.gz
 sasl_server_userdb_setpass_t.3.gz
 sasl_setpass.3.gz
 sasl_setprop.3.gz
 sasl_user_exists.3.gz
 sasl_verifyfile_t.3.gz
share/man/man8/
 pluginviewer.8.gz
 sasldblistusers2.8.gz
 saslpasswd2.8.gz


[FILE:4070:manifests/plist.docs]
share/doc/cyrus-sasl/
 AUTHORS
 ChangeLog
 INSTALL.TXT
 README
 Sendmail.README
share/doc/cyrus-sasl/html/
 developer.html
 download.html
 genindex.html
 getsasl.html
 index.html
 objects.inv
 operations.html
 packager.html
 search.html
 searchindex.js
 setup.html
 support.html
share/doc/cyrus-sasl/html/_static/
 basic.css
 cyrus.css
 doctools.js
 documentation_options.js
 file.png
 graphviz.css
 headimg.gif
 jquery-%%JQUERY%%.js
 jquery.js
 language_data.js
 minus.png
 plus.png
 pygments.css
 searchtools.js
 underscore-%%UNDERSCORE%%.js
 underscore.js
share/doc/cyrus-sasl/html/_static/css/
 badge_only.css
 theme.css
share/doc/cyrus-sasl/html/_static/event_notifications/
 AclChange.json
 ApplePushService.json
 CalendarAlarm.json
 FlagsClear.json
 FlagsSet.json
 Login.json
 Logout.json
 MailboxCreate.json
 MailboxDelete.json
 MailboxRename.json
 MailboxSubscribe.json
 MailboxUnSubscribe.json
 MessageAppend.json
 MessageCopy.json
 MessageExpunge.json
 MessageMove.json
 MessageNew.json
 MessageRead.json
 MessageTrash.json
 QuotaChange.json
 QuotaExceed.json
 QuotaWithin.json
share/doc/cyrus-sasl/html/_static/fonts/
 Inconsolata-Bold.ttf
 Inconsolata.ttf
 Lato-Bold.ttf
 Lato-Regular.ttf
 RobotoSlab-Bold.ttf
 RobotoSlab-Regular.ttf
 fontawesome-webfont.eot
 fontawesome-webfont.svg
 fontawesome-webfont.ttf
 fontawesome-webfont.woff
share/doc/cyrus-sasl/html/_static/js/
 modernizr.min.js
 theme.js
share/doc/cyrus-sasl/html/sasl/
 advanced.html
 appconvert.html
 authentication_mechanisms.html
 auxiliary_properties.html
 components.html
 concepts.html
 faq.html
 gssapi.html
 installation.html
 macosx.html
 manpages.html
 options.html
 os390.html
 pwcheck.html
 quickstart.html
 resources.html
 sysadmin.html
 upgrading.html
 windows.html
share/doc/cyrus-sasl/html/sasl/developer/
 installation.html
 plugprog.html
 programming.html
 testing.html
share/doc/cyrus-sasl/html/sasl/faqs/
 authorize-vs-authenticate.html
 crammd5-digestmd5-scram.html
 openldap-sasl-gssapi.html
 plaintextpasswords.html
 rfcs.html
 upgrade-saslv2.html
share/doc/cyrus-sasl/html/sasl/reference/manpages/template.html
share/doc/cyrus-sasl/html/sasl/reference/manpages/library/
 sasl.html
 sasl_authorize_t.html
 sasl_auxprop.html
 sasl_auxprop_add_plugin.html
 sasl_auxprop_getctx.html
 sasl_auxprop_request.html
 sasl_callbacks.html
 sasl_canon_user_t.html
 sasl_canonuser_add_plugin.html
 sasl_chalprompt_t.html
 sasl_checkapop.html
 sasl_checkpass.html
 sasl_client_add_plugin.html
 sasl_client_done.html
 sasl_client_init.html
 sasl_client_new.html
 sasl_client_plug_init_t.html
 sasl_client_start.html
 sasl_client_step.html
 sasl_decode.html
 sasl_decode64.html
 sasl_dispose.html
 sasl_done.html
 sasl_encode.html
 sasl_encode64.html
 sasl_encodev.html
 sasl_erasebuffer.html
 sasl_errdetail.html
 sasl_errors.html
 sasl_errstring.html
 sasl_getcallback_t.html
 sasl_getconfpath_t.html
 sasl_getopt_t.html
 sasl_getpath_t.html
 sasl_getprop.html
 sasl_getrealm_t.html
 sasl_getsecret_t.html
 sasl_getsimple_t.html
 sasl_global_listmech.html
 sasl_idle.html
 sasl_listmech.html
 sasl_log_t.html
 sasl_server_add_plugin.html
 sasl_server_done.html
 sasl_server_init.html
 sasl_server_new.html
 sasl_server_plug_init_t.html
 sasl_server_start.html
 sasl_server_step.html
 sasl_server_userdb_checkpass_t.html
 sasl_server_userdb_setpass_t.html
 sasl_set_alloc.html
 sasl_set_mutex.html
 sasl_seterror.html
 sasl_setpass.html
 sasl_setprop.html
 sasl_user_exists.html
 sasl_usererr.html
 sasl_utf8verify.html
 sasl_verifyfile_t.html
share/doc/cyrus-sasl/html/sasl/release-notes/index.html
share/doc/cyrus-sasl/html/sasl/release-notes/1/index.html
share/doc/cyrus-sasl/html/sasl/release-notes/2.0/index.html
share/doc/cyrus-sasl/html/sasl/release-notes/2.1/index.html
share/doc/cyrus-sasl/legacy/
 TODO
 advanced.html
 appconvert.html
 components.html
 gssapi.html
 index.html
 install.html
 macosx.html
 mechanisms.html
 options.html
 os390.html
 plugprog.html
 programming.html
 readme.html
 server-plugin-flow.fig
 sysadmin.html
 testing.txt
 upgrading.html
 windows.html


[FILE:1733:patches/patch-configure]
--- configure.orig      2022-02-18 21:53:52 UTC
+++ configure
@@ -15244,6 +15244,8 @@ else
   SASLAUTHD_TRUE='#'
   SASLAUTHD_FALSE=
 fi
+SASLAUTHD_TRUE='#'
+SASLAUTHD_FALSE=
 
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if I should include saslauthd" >&5
 $as_echo_n "checking if I should include saslauthd... " >&6; }
@@ -16859,6 +16861,7 @@ fi
      gssapi_dir="${gssapi}/lib"
      GSSAPIBASE_LIBS="-L$gssapi_dir"
      GSSAPIBASE_STATIC_LIBS="-L$gssapi_dir"
+     gssapi_bindir="${gssapi}/bin/"
   else
      # FIXME: This is only used for building cyrus, and then only as
      # a real hack.  it needs to be fixed.
@@ -16878,7 +16881,7 @@ if ${ac_cv_lib_gssapi_gss_unwrap+:} fals
   $as_echo_n "(cached) " >&6
 else
   ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgssapi ${GSSAPIBASE_LIBS} -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err ${LIB_SOCKET} $LIBS"
+LIBS="${GSSAPIBASE_LIBS} `${gssapi_bindir}krb5-config --libs gssapi` $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -17138,7 +17141,7 @@ fi
     GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a"
   elif test "$gss_impl" = "heimdal"; then
     CPPFLAGS="$CPPFLAGS"
-    GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err"
+    GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS `${gssapi_bindir}krb5-config --libs gssapi`"
     GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_STATIC_LIBS $gssapi_dir/libgssapi.a $gssapi_dir/libkrb5.a $gssapi_dir/libasn1.a $gssapi_dir/libroken.a $gssapi_dir/libcom_err.a ${LIB_CRYPT}"
   elif test "$gss_impl" = "cybersafe03"; then
 # Version of CyberSafe with two libraries


[FILE:348:patches/patch-plugins_gssapi.c]
--- plugins/gssapi.c.orig       2022-02-18 21:53:25 UTC
+++ plugins/gssapi.c
@@ -1668,8 +1668,10 @@ static int gssapi_client_mech_step(void
     if (clientoutlen)
         *clientoutlen = 0;
     
+#if 0
     params->utils->log(params->utils->conn, SASL_LOG_DEBUG,
                       "GSSAPI client step %d", text->state);
+#endif
 
     switch (text->state) {
 


[FILE:718:patches/patch-utils__Makefile.in]
--- utils/Makefile.in.orig      2022-02-18 21:53:55 UTC
+++ utils/Makefile.in
@@ -495,7 +495,7 @@ top_srcdir = @top_srcdir@
 all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET)
 all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE)
 @NO_SASL_DB_MANS_FALSE@man_MANS = saslpasswd2.8 sasldblistusers2.8 pluginviewer.8
-@NO_SASL_DB_MANS_TRUE@man_MANS = 
+@NO_SASL_DB_MANS_TRUE@man_MANS = pluginviewer.8
 saslpasswd2_LDADD = ../sasldb/libsasldb.la $(all_sasl_libs)
 saslpasswd2_SOURCES = saslpasswd.c
 sasldblistusers2_LDADD = ../sasldb/libsasldb.la $(all_sasl_libs)


[FILE:2307:files/Sendmail.README]
How to enable SMTP AUTH with FreeBSD default Sendmail

1) Add the following to  /etc/make.conf:

    # Add SMTP AUTH support to Sendmail
    SENDMAIL_CFLAGS+=   -I/usr/local/include -DSASL=2
    SENDMAIL_LDFLAGS+=  -L/usr/local/lib
    SENDMAIL_LDADD+=    -lsasl2

2) Rebuild FreeBSD (make buildworld, ...)

3) Make sure that the pwcheck_method is correct in Sendmail.conf.

   Sendmail.conf (${PREFIX}/lib/sasl2/Sendmail.conf) is created by
   the cyrus-sasl2 ports during installation.  It may have
   pwcheck_method set to saslauthd by default.  Change this to what is
   appropriate for your site.

4) Add the following to your sendmail.mc file:

   dnl The group needs to be mail in order to read the sasldb2 file
   define(`confRUN_AS_USER',`root:mail')dnl

   TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl
   define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5')dnl

   define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl

5) Add the following before FEATURE(msp) in your submit.mc file:

   DAEMON_OPTIONS(`Name=NoMTA, Addr=127.0.0.1, M=EA')dnl

   This disables SMTP AUTH on the loopback interface. Otherwise you may get
   the following error in the log:

        error: safesasl(/usr/local/etc/sasldb2) failed: Group readable file

   when sending mail locally (seen when using pine locally on same server).

 ----

   Additional AUTH Mechanisms are LOGIN, PLAIN, GSSAPI, and KERBEROS_V4.
   These can be added to TRUST_AUTH_MECH and confAUTH_MECHANISMS as a space
   seperated list.  You may want to restrict LOGIN, and PLAIN authentication
   methods for use with STARTTLS, as the password is not encrypted when
   passed to sendmail.

   LOGIN is required for Outlook Express users.  "My server requires
   authentication" needs to be checked in the accounts properties to 
   use SASL Authentication.

   PLAIN is required for Netscape Communicator users.  By default Netscape
   Communicator will use SASL Authentication when sendmail is compiled with
   SASL and will cause your users to enter their passwords each time they
   retreive their mail (NS 4.7).

   The DONT_BLAME_SENDMAIL option GroupReadableSASLDBFile is needed when you
   are using cyrus-imapd and sendmail on the same server that requires access
   to the sasldb2 database.

   SASLv2 support of Sendmail is starting with 8.12.4.


[FILE:704:files/pkg-deinstall-primary.in]
#!/bin/sh
#

PKG_BATCH=${BATCH:=NO}
PKG_PREFIX=${PKG_PREFIX:=%%PREFIX%%}
SASLDB_NAME=%%SASLDB_NAME%%
SASLDB_NAME=${SASLDB_NAME:+${PKG_PREFIX}/etc/%%SASLDB_NAME%%}
CYRUS_USER=${CYRUS_USER:=%%CYRUS_USER%%}

# delete sasldb database
delete_sasldb() {
        if [ -f ${SASLDB_NAME} ] ; then
                if [ `${PKG_PREFIX}/sbin/sasldblistusers2 | wc -l` -eq 0 ]; then
                        echo "Removing ${SASLDB_NAME} as part of cyrus-sasl deinstallation."
                        rm ${SASLDB_NAME}
                        if [ -f ${SASLDB_NAME}-lock ] ; then
                                rm ${SASLDB_NAME}-lock
                        fi
                else
                        echo "WARNING: Users SASL passwords are in ${SASLDB_NAME}, keeping this file"
                fi
        fi
}

case $2 in
        DEINSTALL)
                if [ -n "${SASLDB_NAME}" ]; then
                        delete_sasldb
                fi
                ;;
esac


[FILE:1140:files/pkg-install-primary.in]
#!/bin/sh
#

PKG_BATCH=${BATCH:=NO}
PKG_PREFIX=${PKG_PREFIX:=%%PREFIX%%}
SASLDB_NAME=%%SASLDB_NAME%%
SASLDB_NAME=${SASLDB_NAME:+${PKG_PREFIX}/etc/%%SASLDB_NAME%%}
CYRUS_USER=${CYRUS_USER:=%%CYRUS_USER%%}

create_sasldb() {
        if [ ! -f ${SASLDB_NAME} ]; then
                echo "test" | ${PKG_PREFIX}/sbin/saslpasswd2 -p -c ${CYRUS_USER}
                if [ `${PKG_PREFIX}/sbin/sasldblistusers2 | wc -l` -eq 0 ] ; then
                        echo "WARNING: Failed to create ${SASLDB_NAME}"
                else
                        ${PKG_PREFIX}/sbin/saslpasswd2 -d ${CYRUS_USER}
                        chown ${CYRUS_USER}:mail ${SASLDB_NAME}
                        chmod 640 ${SASLDB_NAME}
                        if [ -f ${SASLDB_NAME}-lock ]; then
                                chown ${CYRUS_USER}:mail ${SASLDB_NAME}-lock
                                chmod 640 ${SASLDB_NAME}-lock
                        fi
                fi
        fi
}

case $2 in
        POST-INSTALL)
                if [ "${PKG_BATCH}" = "NO" ]; then
                        if [ -n "${SASLDB_NAME}" ]; then
                                create_sasldb
                        fi
                elif [ -n "${SASLDB_NAME}" -a ! -f ${SASLDB_NAME} ]; then
                        echo "*** We do not create ${SASLDB_NAME} automatically in"
                        echo "*** BATCH mode.  Please create it by yourself.  It should be"
                        echo "*** owner: ${CYRUS_USER}, group: mail, mode: 0640."
                fi
                ;;
esac