cyrus-sasl2 2.1.23 security =259

RFC 2222 SASL (Simple Authentication and Security Layer)
Maintained by: ume@FreeBSD.org
Port Added: 08 Aug 2002 15:06:20
Also Listed In: ipv6

---

---

The Cyrus SASL (Simple Authentication and Security Layer)

SASL is the Simple Authentication and Security Layer, a method
for adding authentication support to connection-based protocols.
To use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating
protection of subsequent protocol interactions. If its use is
negotiated, a security layer is inserted between the protocol
and the connection.

WWW: http://cyrusimap.web.cmu.edu/

CVSWeb : Sources : Main Web Site : Distfiles Availability : PortsMon

---

Required To Build: devel/libtool15

---

To install the port: cd /usr/ports/security/cyrus-sasl2/ && make install clean
To add the package: pkg_add -r cyrus-sasl2

---

Configuration Options

===> The following configuration options are available for cyrus-sasl-2.1.23:
     BDB=off (default) "Use Berkeley DB"
     MYSQL=off (default) "Use MySQL"
     PGSQL=off (default) "Use PostgreSQL"
     SQLITE=off (default) "Use SQLite"
     DEV_URANDOM=off (default) "Use /dev/urandom"
     ALWAYSTRUE=off (default) "Enable the alwaystrue password verifier"
     KEEP_DB_OPEN=off (default) "Keep handle to Berkeley DB open"
     AUTHDAEMOND=on (default) "Enable use of authdaemon"
     LOGIN=on (default) "Enable LOGIN authentication"
     PLAIN=on (default) "Enable PLAIN authentication"
     CRAM=on (default) "Enable CRAM-MD5 authentication"
     DIGEST=on (default) "Enable DIGEST-MD5 authentication"
     OTP=on (default) "Enable OTP authentication"
     NTLM=on (default) "Enable NTLM authentication"
===> Use 'make config' to modify these settings

---

Master Sites:

ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/./

ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/OLD-VERSIONS/sasl/

ftp://ftp.westbend.net/pub/cyrus-mail/./

ftp://ftp.westbend.net/pub/cyrus-mail/OLD-VERSIONS/sasl/

http://www.transit.hanse.de/mirror/ftp.andrew.cmu.edu/pub/cyrus-mail/./

http://www.transit.hanse.de/mirror/ftp.andrew.cmu.edu/pub/cyrus-mail/OLD-VERSIONS/sasl/

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/

Update to 2.1.23.

Security:       http://www.kb.cert.org/vuls/id/238019

Be able to install as non-root.

PR:             ports/133791
Submitted by:   jhb

- Remove conditional checks for FreeBSD 5.x and older

Change authdaemond_path from /dev/null to
/var/run/authdaemond/socket.  Though, authdaemond_path could
be set by the sasl2 config file, it should be good to have
its default value for ports/security/courier-authlib.

PR:             ports/95102, ports/122234
Submitted by:   Artis Caune <Artis.Caune__at__latnet.lv>

- Install saslauthd.mdoc to ${PREFIX}/man/man8/saslauthd.8.
- Use ${BDB_LIB_DIR}.

PR:             ports/127809
Submitted by:   "Scot W. Hetzel" <swhetzel__at__gmail.com>

Oops, forgot to commit the fix

- Use OPTIONS.
- Obey the default BDB version defined in bsd.database.mk.

Allow to build with db45 and db46 as well.

- Set --mandir and --infodir in CONFIGURE_ARGS if the configure script
  supports them.  This is determined by running ``configure --help'' in
  do-configure target and set the shell variable _LATE_CONFIGURE_ARGS
  which is then passed to CONFIGURE_ARGS.
- Remove --mandir and --infodir in ports' Makefile where applicable
  Few ports use REINPLACE_CMD to achieve the same effect, remove them too.
- Correct some manual pages location from PREFIX/man to MANPREFIX/man
- Define INFO_PATH where necessary
- Document that .info files are installed in a subdirectory relative to
  PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and
  subdirectory detection.

PR:             ports/111470
Approved by:    portmgr
Discussed with: stas (Mk/*), gerald (info related stuffs)
Tested by:      pointyhat exp run

- Fix build on amd64 by using -fPIC

PR:             ports/108697
Submitted by:   Gardner Bell <gbell72@rogers.com>
Approved by:    ume (maintainer timeout, since 2 February 2007)

Use libtool port instead of included version to avoid objformat a.out botch

make it compilable with gcc 4.1.

Reported by:    pointyhat via kris

Change the MASTER_SITES entries from
        ftp://ftp.hanse.de/sites/transit/mirror/
to
        http://www.transit.hanse.de/mirror/

Requested by:   Stefan Bethke <stb__at__lassitu.de>

krb5 1.5.1 won't build .a files by default, just .so files.

Submitted by:   Paul Vixie <paul__at__vix.com>

s,INSTALLS_SHLIB,USE_LDCONFIG,g

Correct pathname in warning message.

Reported by:    nork

Update to 2.1.22.

Give sensible sentences for IGNORE.

Requested by:   kris

Replace BROKEN with IGNORE.

Enable support for db-4.4.

The Project Cyrus web site is migrated to a new server.

change /var/state/saslauthd to /var/run/saslauthd as respect hier(7).

PR:             ports/90810
Submitted by:   Artis Caune <Artis.Caune__at__latnet.lv>

activate use of USE_SQLITE.

- use USB_BDB.
- add SHA256.

install missed components.html document.

PR:             ports/88596
Submitted by:   skv

make security/cyrus-sasl2-ldapdb buildable with OpenLDAP 2.3.

PR:             ports/88324
Submitted by:   skv

make it compilable with OpenSSL 0.9.8.

PR:             ports/86452
Submitted by:   Dirk Meyer <dirk.meyer__at__dinoex.sub.org>

Update to 2.1.21.
LDAPDB auxprop plugin was added since this version.  Unfortunately,
we cannot simply enable it in ports tree to avoid dependency loop
with OpenLDAP port.  So, I'll add separete port for it later.

fix dependency.  don't forget `+'.

backout use of USE_INC_LIBTOOL_VER.  libtool13 is marked as
DEPRECATED.  libtool15 is incompatible, and I couldn't find
how to build and install static libs by libtool15.

Suggensted by:  Angelo Turetta <aturetta@commit.it>

simplify.

use USE_INC_LIBTOOL_VER.

Allow to use Berkeley DB 4.3.

PR:             ports/76154
Submitted by:   Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net>

Split the postgresql ports into a server and a client part.

All ports depending on postgresql shall use the USE_PGSQL=yes knob
defined in Mk/bsd.ports.mk. Bumping portrevisions where needed.

PR:             75344
Approved by:    portmgr@ (kris), ade & sean (mentors)

Clean up SQLite and related ports.
o Move databases/sqlite to databases/sqlite2.
o Fix dependency on databases/sqlite.
o Update sqlite2 to 2.8.15.
o Bump PORTREVISION, accordingly.

Approved by:    portmgr, maintainers of sqlite and related ports

remove needless definition.

cyrus-sasl2-saslauthd couldn't be built with system OpenSSL and BDB42.

PR:             ports/74463
Submitted by:   NIIMI Satoshi <sa2c@sa2c.net>

Fix build with gssapi and krb5

PR:             ports/74321
Submitted by:   Florian Kraft <lra.hassberge@gmx.de>

warn to create sasldb2 by yourself in BATCH mode.

Suggested by:   matusita

Update to 2.1.20.

  * Fixes to cram plugin to avoid attempting to canonify uninitialized data.
  * NTLM portability fixes.
  * Avoid potential attack using SASL_PATH when sasl is used in a setuid
    environment.
  * A trivial number of small bugfixes.

add WITH_AUTHDAEMON option to allow use of courier authdaemond.

PR:             ports/72093
Submitted by:   Marcin Gryszkalis

fix http://vuxml.freebsd.org/92268205-1947-11d9-bc4a-000c41e2cdad.html

Reported by:    nectar
Approved by:    portmgr (krion)
Obtained from: 
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c#rev1.104

Update to 2.1.19.

correct the path to match the path where the HTML docs are installed.

PR:             ports/67836
Submitted by:   Linh Pham <question+freebsdpr@closedsrc.org>

Add WITH_SQLITE option to support sql plugin with SQLite
using nork's patch.
His patch was already merged into cyrus-sasl2 and will be
included in next release.

Requested by:   nork

Remove databases/postgresql-client because there can't be a -server, and having
it installed prevents databases/postgresql7 from being installed, leading to
some dependencies problems

make the default location of running directory of saslauthd
customizable by SASLAUTHD_RUNPATH variable.

PR:             ports/66521

use LOCALBASE for dependent packages instead of PREFIX.

prefer /usr/sbin/nologin than /sbin/nologin when creating user cyrus.

Requested by:   nork

When there is user cyrus, don't overwrite the user.  It helps
updating cyrus-sasl2 without updating cyrus-imapd*.

cosmetic changes.

PGSQL may be built with GSSAPI.

Reported by:    "Wolfram A. Kraushaar" <wak@prioris.dstm.de>

Don't allow enabling MySQL or PGSQL implicitly.

Submitted by:   nork

Update to 2.1.18.

Set an appropriate LATEST_LINK to avoid conflicts with other ports.

Reported by:    kris

SIZEfy

Support Berkeley DB 4.2.
Since our db42 requires to include db.h to use. existing configure
script cannot detect our db42.  AC_CHECK_LIB() simply test if a
function exists. :(

Requested by:   Dmitry Sorokin <dmitry_sorokin@yahoo.ca>

add WITHOUT_LOGIN and WITHOUT_PLAIN.

Requested by:   Hans Hbner <hans@huebner.org>

add WITH_PGSQL knob which supports sql plugin with postgresql backend.

PR:             ports/60606
Submitted by:   mat

- space before and after `(' and ')' [1]
- bump version [2]

PR:             ports/60392 [1]
Submitted by:   Oleg Sharoiko <os@rsu.ru> [1]
Reported by:    jeh [2]

${OSVERSION} must be after including bsd.port.pre.mk.

Reported by:    "Dan Langille" <dan@langille.org>

since 5-CURRENT has Kerberos5 as default, enable Kerberos5 as
default on 5-CURRENT.

Submitted by:   Sean McNeil <sean@mcneil.com>

fix build with heimdal.

Submitted by:   tiamat@komi.mts.ru

Update to 2.1.17.

add WITH_ALWAYSTRUE option.

Requested by:   Ted Cabeen <secabeen@pobox.com>

USE_OPENSSL must be set before including bsd.port.pre.mk.

Reported by:    Fritz Heinrichmeyer <Fritz.Heinrichmeyer@Fernuni-Hagen.de>

Use USE_OPENSSL.

Oops, WITH_MYSQL must be set when WITH_MYSQL_VER is defined.

Use USE_MYSQL.

Remove obsoleted comment about use of saslauthd.

Reported by:    nork

Add WITH_DEV_URANDOM option to use /dev/urandom instead of
/dev/random.

Stop installing Sendmail.conf by cyrus-sasl2, and it is now installed
by cyrus-sasl2-saslauthd.  Since if Sendmail.conf is not installed,
SASL2 uses auxprop by default, it is enough to install Sendmail.conf
by saslauthd port.

Update to 2.1.15.

Reduce warnings during build on 5-CURRENT.

Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>

- made old distfile fetchable after an update.
- install missing document which was added during update to 2.1.14.

PR:             ports/53932 (partly)
Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>

It seems MySQL 4.X support in 2.1.14 is still incomplete.

Update to 2.1.14.

Sync with cyrus-sasl port.  There is no functional change.

Obtained from:  cyrus-sasl port

fix plist.

Submitted by:   bento via kris

- Make saslauthd a separate port to avoid dependency loop between
  cyrus-sasl2 and openldap.
- Stop using configuration menu.  I believe it ease to maintain
  consistency with other SASL related ports.

remove useless trailing backslant.

make MySQL plugin work with MySQL 4.X.

add WITHOUT_SASLAUTHD option.

Sync the way how to handle Kerberos with latest security/cyrus-sasl.

Obtained from:  security/cyrus-sasl

When sending mail localy on a system compiled woth SASL AUTH, the
sendmail mail submission program may log the following error on the
sasldb file:

        error: safesasl(/usr/local/etc/sasldb) failed: Group readable file

Pine by default is using SMTP, and therfore SMTP AUTH if compiled
into sendmail.  To disable SMTP AUTH we need to define DAEMON_OPTIONS
for the loopback interface.

PR:             ports/51680
Submitted by:   Scot W. Hetzel <hetzels@westbend.net>

Add option WITHOUT_NTLM.

Submitted by:   Dan Larsson <dl@tyfon.net>

Change the group of /var/state/saslauthd mail to be sync with
/usr/local/etc/sasldb2.  The postfix should belongs to only
mail group.

Reported by:    "Denis N. Peplin" <info@volginfo.ru>

Use security/openssl/bsd.openssl.mk.

PR:             ports/51090
Submitted by:   Oleg Sharoiko <os@rsu.ru> (with modification by me)

Make MySQL 3.23, 4.0 and 4.1 selectable.

Requested by:    Matthias Fechner <idefix@fechner.net>

- The pidfile of saslauthd was changed.
- The configure script should select correct version of Berkeley DB.

PR:             ports/51041
Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>

make configure script pickking up the Heimdal Kerberos that's
in FreeBSD's base.

Submitted by:   Graeme Mathieson <mathie@wossname.org.uk>

make WITH_LDAP21 work.

Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>

add missing files which should be committed by previous committed.

- update to 2.1.13
- fixes for 5-CURRENT (changed behaviour of 'expr')
- enable NTLM module
- support for db4 and db4.1
- support for OpenLDAP 2.1

PR:             ports/50962
Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>

mandir should follow MANPREFIX.

Requested by:   Tomki <tomki@alink.net>

Add WITHOUT_KERBEROS option to prevent cyrus-sasl2 from enabling
Kerberos even if libkrb is installed.

Requested by:   Troy Dixler <troy@twisted.net>

Point dependencies on net/openldap2 to net/openldap20

De-pkg-comment.

- Update to 2.1.12.
- Fix installation of saslauthd.8.

PR:             ports/48162
Submitted by:   Paulius Bulotas <paulius@kaktusas.org>

Update to 2.1.11.

6 vulnerabilities affecting 11 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities