The NetBSD Project

CVS log for pkgsrc/security/cyrus-sasl/patches/Attic/patch-CVE-2019-19906

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / security / cyrus-sasl / patches

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.2, Thu Feb 24 11:00:03 2022 UTC (11 months, 2 weeks ago) by wiz
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +1 -1 lines
FILE REMOVED

cyrus-sasl: update to 2.1.28

New in 2.1.28

    build:
        configure - Restore LIBS after checking gss_inquire_sec_context_by_oid
        makemd5.c - Fix potential out of bound writes
        fix build with isable-shared nable-static
        Dozens of fixes for Windows specific builds
        Fix cross platform builds with SPNEGO
        Do not try to build broken java subtree
        Fix build error with nable-auth-sasldb
    common:
        plugin_common.c:
            Ensure size is always checked if called repeatedly (#617)
    documentation:
        Fixed generation of saslauthd(8) man page
        Fixed installation of saslauthd(8) and testsaslauthd(8) man pages (#373)
        Updates for additional SCRAM mechanisms
        Fix sasl_decode64 and sasl_encode64 man pages
        Tons of fixes for Sphinx
    include:
        sasl.h:
            Allow up to 16 bits for security flags
    lib:
        checkpw.c:
            Skip one call to strcat
            Disable auxprop-hashed (#374)
        client.c:
            Use proper length for fully qualified domain names
        common.c:
            CVE-2019-19906 Fix off by one error (#587)
        external.c:
            fix EXTERNAL with non-terminated input (#689)
        saslutil.c:
            fix index_64 to be a signed char (#619)
    plugins:
        gssapi.c:
            Emit debug log only in case of errors
        ntlm.c:
            Fail compile if MD4 is not available (#632)
        sql.c:
            Finish reading residual return data (#639)
            CVE-2022-24407 Escape password for SQL insert/update commands.
    sasldb:
        db_gdbm.c:
            fix gdbm_errno overlay from gdbm_close
    DIGEST-MD5 plugin:
        Prevent double free of RC4 context
        Use OpenSSL RC4 implementation if available
    SCRAM plugin:
        Return BADAUTH on incorrect password (#545)
        Add -224, -384, -512 (#552)
        Remove SCRAM_HASH_SIZE
        Add function to return SCRAM auth method name
        Allocate enough memory in scam_setpass()
        Add function to sort SCRAM methods by hash strength
        Update windows build for newer SCRAM options
    saslauthd:
        auth_httpform.c:
            Avoid signed overflow with non-ascii characters (#576)
        auth_krb5.c:
            support setting an explicit auth_krb5 server name
            support setting an explicit servername with Heimdal
            unify the MIT and Heimdal auth_krb5 implementations
            Remove call to krbtf
        auth_rimap.c:
            provide native memmem implementation if missing
        lak.c:
            Allow LDAP_OPT_X_TLS_REQUIRE_CERT to be 0 (no certificate verification)
        lak.h:
            Increase supported DN length to 4096 (#626)

Revision 1.1.2.2 / (download) - annotate - [select for diffs], Fri May 15 16:38:30 2020 UTC (2 years, 8 months ago) by bsiegert
Branch: pkgsrc-2020Q1
Changes since 1.1.2.1: +15 -0 lines
Diff to previous 1.1.2.1 (colored) to branchpoint 1.1 (colored) next main 1.2 (colored)

Pullup ticket #6196 - requested by nia
security/cyrus-sasl: security fix

Revisions pulled up:
- security/cyrus-sasl/Makefile                                  1.77
- security/cyrus-sasl/distinfo                                  1.38
- security/cyrus-sasl/patches/patch-CVE-2019-19906              1.1

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Thu May 14 14:27:32 UTC 2020

   Modified Files:
   	pkgsrc/security/cyrus-sasl: Makefile distinfo
   Added Files:
   	pkgsrc/security/cyrus-sasl/patches: patch-CVE-2019-19906

   Log Message:
   cyrus-sasl: Fix CVE-2019-19906

Revision 1.1.2.1, Thu May 14 14:27:32 2020 UTC (2 years, 8 months ago) by bsiegert
Branch: pkgsrc-2020Q1
Changes since 1.1: +0 -15 lines
FILE REMOVED

file patch-CVE-2019-19906 was added on branch pkgsrc-2020Q1 on 2020-05-15 16:38:30 +0000

Revision 1.1 / (download) - annotate - [select for diffs], Thu May 14 14:27:32 2020 UTC (2 years, 8 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2
Branch point for: pkgsrc-2020Q1

cyrus-sasl: Fix CVE-2019-19906

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>