| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-plugins-digestmd5-Remove-debug-log-mech-free.patch | plugins/digestmd5: Remove debug log "mech free" The "DIGEST-MD5 common mech free" debug log message is bothering many users. It is not really helpful, so drop it. Fixes #386. |
Bastian Germann <bage@debian.org> | yes | 2022-04-14 | ||
| 0002-Use-etc-sasldb2-instead-of-.-sasldb-in-the-testsuite.patch | Use /etc/sasldb2 instead of ./sasldb in the testsuite | Debian Cyrus SASL Team | not-needed | 2016-03-24 | ||
| 0003-Update-saslauthd.conf-location-in-documentation.patch | Update saslauthd.conf location in documentation date format (cosmetic). |
Debian Cyrus SASL Team | not-needed | 2016-03-24 | ||
| 0004-Include-dbconverter-2-in-sbin_PROGRAMS-and-set-defau.patch | Include dbconverter-2 in sbin_PROGRAMS and set default sasldb file to /etc/sasldb2 database file to /etc/sasldb2. |
Debian Cyrus SASL Team | not-needed | 2016-03-24 | ||
| 0005-Fix-time-check.patch | Fix <time.h> check We're conditionally including based on HAVE_TIME_H in a bunch of places, but we're not actually checking for time.h, so that's never going to be defined. While at it, add in a missing include in the cram plugin. This fixes a bunch of implicit declaration warnings: ``` * cyrus-sasl-2.1.28/lib/saslutil.c:280:3: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration] * cyrus-sasl-2.1.28/lib/saslutil.c:364:41: warning: implicit declaration of function ‘clock’ [-Wimplicit-function-declaration] * cyrus-sasl-2.1.28/plugins/cram.c:132:7: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration] * cyrus-sasl-2.1.28/lib/saslutil.c:280:3: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration] * cyrus-sasl-2.1.28/lib/saslutil.c:364:41: warning: implicit declaration of function ‘clock’ [-Wimplicit-function-declaration] * cyrus-sasl-2.1.28/plugins/cram.c:132:7: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration] ``` |
Sam James <sam@gentoo.org> | no | upstream, https://github.com/cyrusimap/cyrus-sasl/commit/266f0acf7f5e029afbb3e263437039e50cd6c262 | 2022-02-23 | |
| 0006-Makefile.am-Set-date-in-man-pages.patch | Makefile.am: Set date in man pages. The build date is embedded in the man pages by default. Pass arguments to sphinx to use the date defined in SOURCE_DATE_EPOCH. https://reproducible-builds.org/docs/source-date-epoch/ |
Vagrant Cascadian <vagrant@reproducible-builds.org> | not-needed | 2021-09-27 | ||
| 0008-Don-t-overwrite-PIC-objects-with-non-PIC-variant.patch | Don't overwrite PIC objects with non-PIC variant This patch makes sure the non-PIC version of libsasldb.a, which is created out of non-PIC objects, is not going to overwrite the PIC version, which is created out of PIC objects. The PIC version is placed in .libs, and the non-PIC version in the current directory. This ensures that both non-PIC and PIC versions are available in the correct locations. |
Debian Cyrus SASL Team | yes | 2016-03-24 | ||
| 0007-Self-reference-pluginviewer-man-as-saslpluginviewer.patch | Self-reference pluginviewer man as saslpluginviewer pluginviewer is installed as saslpluginviewer in Debian. Edit the self-references in Debian to match the rename. |
Bastian Germann <bage@debian.org> | not-needed | 2022-04-14 | ||
| 0009-Look-for-generic-Berkeley-DB-first.patch | Look for generic Berkeley DB first | Debian Cyrus SASL Team | no | 2016-03-24 | ||
| 0010-Add-sasldbconverter2.8.patch | Add sasldbconverter2.8 The file stems from version 2.1.28 and is not included in the distribution tarball. |
Bastian Germann <bage@debian.org> | yes | 2022-04-15 | ||
| 0011-honor-log_level-option-on-clients-too.patch | Fix #386 - honor log_level option on clients too | Howard Chu <hyc@symas.com> | yes | upstream | upstream, https://github.com/cyrusimap/cyrus-sasl/commit/cb549ef71c5bb646fe583697ebdcaba93267a237 | 2022-04-14 |
| 0012-Make-the-libsasl2-symbols-versioned.patch | Make the libsasl2 symbols versioned | Debian Cyrus SASL Team | no | 2016-03-24 | ||
| 0013-Don-t-use-la-files-for-opening-plugins.patch | Don't use la files for opening plugins | Debian Cyrus SASL Team | no | 2016-03-24 | ||
| 0017-Just-completely-remove-libobj-from-autotools-files.patch | Just completely remove libobj from autotools files | Ondřej Surý <ondrej@sury.org> | not-needed | 2018-10-02 | ||
| 0018-Temporary-multiarch-fixes.patch | Temporary multiarch fixes | Debian Cyrus SASL Team | not-needed | 2016-03-24 | ||
| 0019-Add-reference-to-LDAP_SASLAUTHD-file-to-the-saslauth.patch | Add reference to LDAP_SASLAUTHD file to the saslauthd documentation | Debian Cyrus SASL Team | not-needed | 2016-03-24 | ||
| 0025-Revert-upstream-soname-bump.patch | Revert upstream soname bump | Ondřej Surý <ondrej@debian.org> | not-needed | 2016-03-24 | ||
| 0026-Gracefully-handle-failed-init.patch | [PATCH] Gracefully handle failed initializations In OpenSSL 3.0 these algorithms have been moved to the legacy provider which is not enabled by default. This means allocation can and do fail. Handle failed allocations by returning an actual error instead of crashing later with a NULL context. |
Simo Sorce <simo@redhat.com> | no | 2021-06-21 | ||
| 0027-Catch-errors-from-EVP_Digest-functions.patch | [PATCH] Catch errors from EVP_Digest* functions In OpenSSL 3.0 digest init can fail simply because a legacy provider is not loaded of FIPS mode is active and the digest is not allowed. If the errors are not handled the application may crash later trying to access uninitialized contexts. |
Simo Sorce <simo@redhat.com> | no | 2021-07-21 | ||
| 0029-Load-OpenSSL3-legacy-provider-digestmd5.patch | [PATCH] Add support for loading legacy provider OpenSSL 3.0 is moving a number of functions into the legacy provider. This provider is not loaded by default, so applications that need to use legacy algorithms must either load them explicitly or admins have to explicitly load the legacy provider to their openssl conf file. The latter is bad as it will enable legacy providers systam-wide, it also requires manual intervention. Programmatically load the legacy provider for older plugins that have no good cipher option to fall back on. |
Simo Sorce <simo@redhat.com> | no | 2021-09-30 | ||
| 0032-Add-with_pgsql-include-postgresql-to-include-path.patch | Add ${with_pgsql}include/postgresql/ to include path | Ondřej Surý <ondrej@sury.org> | yes | 2016-10-25 | ||
| 0034-channel-binding-gssapi-gss-spnego.patch | Add Channel Binding support for GSSAPI/GSS-SPNEGO | Simo Sorce <simo@redhat.com> | no | upstream, https://github.com/cyrusimap/cyrus-sasl/commit/975edbb69070eba6b035f08776de771a129cfb57 | 2020-03-20 | |
| 0035-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO-1.patch | Add support for setting max ssf 0 to GSS-SPNEGO This is needed to interop with Windows within a TLS channel. |
Simo Sorce <simo@redhat.com> | no | backport, https://github.com/cyrusimap/cyrus-sasl/commit/9de4d7e885c96c68a155d2885c980e1d889129c7 | 2019-09-19 | |
| 0035-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO-2.patch | Be more conformant to RFC4752 Although we need to be able to completely suppress Integrity and Confidentiality flags in GSS-SPNEGO, we also need to be more conformant to RFC4752 for the GSSAPI mechanism. The RFC reuires to always set Integrity for SASL/GSSAPI, it also requires MUTUAL/SEQUENCE flags to only be set if any Security Layer is requested. Finally Confidentiality should be set only when requested so change the code that suppresses MIT krb5 setting CI flags not only in the SSF == 0 case but also when SSF == 1, the integrity flag in that case will be explicitly set by our code and the NO_CI_FLAGS option will unset just the CONF flag. |
Simo Sorce <simo@redhat.com> | no | upstream, https://github.com/cyrusimap/cyrus-sasl/commit/c4c57d85c589d7e78bccdc67d705cdcdf85a2b02 | 2020-06-26 |