[BACK]Return to Makefile CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / security / cyrus-sasl

File: [cvs.NetBSD.org] / pkgsrc / security / cyrus-sasl / Makefile (download)

Revision 1.80, Thu Feb 24 11:00:03 2022 UTC (11 months, 1 week ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1
Changes since 1.79: +1 -2 lines

cyrus-sasl: update to 2.1.28

New in 2.1.28

    build:
        configure - Restore LIBS after checking gss_inquire_sec_context_by_oid
        makemd5.c - Fix potential out of bound writes
        fix build with isable-shared nable-static
        Dozens of fixes for Windows specific builds
        Fix cross platform builds with SPNEGO
        Do not try to build broken java subtree
        Fix build error with nable-auth-sasldb
    common:
        plugin_common.c:
            Ensure size is always checked if called repeatedly (#617)
    documentation:
        Fixed generation of saslauthd(8) man page
        Fixed installation of saslauthd(8) and testsaslauthd(8) man pages (#373)
        Updates for additional SCRAM mechanisms
        Fix sasl_decode64 and sasl_encode64 man pages
        Tons of fixes for Sphinx
    include:
        sasl.h:
            Allow up to 16 bits for security flags
    lib:
        checkpw.c:
            Skip one call to strcat
            Disable auxprop-hashed (#374)
        client.c:
            Use proper length for fully qualified domain names
        common.c:
            CVE-2019-19906 Fix off by one error (#587)
        external.c:
            fix EXTERNAL with non-terminated input (#689)
        saslutil.c:
            fix index_64 to be a signed char (#619)
    plugins:
        gssapi.c:
            Emit debug log only in case of errors
        ntlm.c:
            Fail compile if MD4 is not available (#632)
        sql.c:
            Finish reading residual return data (#639)
            CVE-2022-24407 Escape password for SQL insert/update commands.
    sasldb:
        db_gdbm.c:
            fix gdbm_errno overlay from gdbm_close
    DIGEST-MD5 plugin:
        Prevent double free of RC4 context
        Use OpenSSL RC4 implementation if available
    SCRAM plugin:
        Return BADAUTH on incorrect password (#545)
        Add -224, -384, -512 (#552)
        Remove SCRAM_HASH_SIZE
        Add function to return SCRAM auth method name
        Allocate enough memory in scam_setpass()
        Add function to sort SCRAM methods by hash strength
        Update windows build for newer SCRAM options
    saslauthd:
        auth_httpform.c:
            Avoid signed overflow with non-ascii characters (#576)
        auth_krb5.c:
            support setting an explicit auth_krb5 server name
            support setting an explicit servername with Heimdal
            unify the MIT and Heimdal auth_krb5 implementations
            Remove call to krbtf
        auth_rimap.c:
            provide native memmem implementation if missing
        lak.c:
            Allow LDAP_OPT_X_TLS_REQUIRE_CERT to be 0 (no certificate verification)
        lak.h:
            Increase supported DN length to 4096 (#626)

# $NetBSD: Makefile,v 1.80 2022/02/24 11:00:03 wiz Exp $

COMMENT=	Simple Authentication and Security Layer

.include "Makefile.common"

CPPFLAGS+=	-DPIC -fPIC

.include "options.mk"

BUILD_DEFS+=		VARBASE

# Support using Cyrus saslauthd (security/cyrus-saslauthd) for plaintext
# password authentication.
#
SASLSOCKETDIR?=		${VARBASE}/run/saslauthd
CONFIGURE_ARGS+=	--with-saslauthd=${SASLSOCKETDIR:Q}
BUILD_DEFS+=		SASLSOCKETDIR
# let not to build & install saslauthd here.
SUBST_CLASSES+=		saslauthd
SUBST_STAGE.saslauthd=	pre-configure
SUBST_FILES.saslauthd=	Makefile.in
SUBST_SED.saslauthd=	-e 's|@SASLAUTHD_TRUE@|\#|g'
SUBST_SED.saslauthd+=	-e 's|@SASLAUTHD_FALSE@||g'

# Support using the Courier authdaemond (security/courier-authlib) for
# plaintext password authentication.
#
AUTHDAEMONVAR?=		${VARBASE}/authdaemon
CONFIGURE_ARGS+=	--with-authdaemond=${AUTHDAEMONVAR}/socket
BUILD_DEFS+=		AUTHDAEMONVAR

# Support using APOP against a POP server for plaintext password
# authentication.
#
CONFIGURE_ARGS+=	--enable-checkapop

.if exists(/dev/urandom)
SASL_ENTROPY_SOURCE?=	/dev/urandom
.endif
.if defined(SASL_ENTROPY_SOURCE)
CONFIGURE_ARGS+=	--with-devrandom=${SASL_ENTROPY_SOURCE:Q}
.endif
BUILD_DEFS+=		SASL_ENTROPY_SOURCE

# Let not to build sample codes.
CONFIGURE_ARGS+=	--enable-sample=no

# CYRUS_USER		username of the Cyrus administrator
# CYRUS_GROUP		group of the Cyrus administrator
#
CYRUS_USER?=		cyrus
CYRUS_GROUP?=		mail
FILES_SUBST+=		CYRUS_USER=${CYRUS_USER}
FILES_SUBST+=		ROOT_USER=${ROOT_USER}
PKG_GROUPS_VARS+=	CYRUS_GROUP
PKG_USERS_VARS+=	CYRUS_USER

PKG_GROUPS=		${CYRUS_GROUP}
PKG_USERS=		${CYRUS_USER}:${CYRUS_GROUP}
PKG_SHELL.${CYRUS_USER}= ${SH}

MESSAGE_SUBST+=		PLUGINDIR=${PLUGINDIR:Q}

post-install:
	${INSTALL_DATA_DIR} ${DESTDIR}${DOCDIR}
	cd ${WRKSRC}/doc/legacy; for file in *.fig *.html *.txt; do		\
		${INSTALL_DATA} $${file} ${DESTDIR}${DOCDIR};		\
	done

.include "../../mk/bsd.pkg.mk"