initial import

cyrus-sasl/0003-Update-saslauthd.conf-location-in-documentation.patch

@@ -0,0 +1,41 @@
+From: Debian Cyrus SASL Team
+ <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
+Date: Thu, 24 Mar 2016 11:35:03 +0100
+Subject: Update saslauthd.conf location in documentation
+
+date format (cosmetic).
+---
+ saslauthd/saslauthd.mdoc | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/saslauthd/saslauthd.mdoc b/saslauthd/saslauthd.mdoc
+index 0c2209e..17c9284 100644
+--- a/saslauthd/saslauthd.mdoc
++++ b/saslauthd/saslauthd.mdoc
+@@ -10,7 +10,7 @@
+ .\" manpage in saslauthd.8 whenever you change this source
+ .\" version. Only the pre-formatted manpage is installed.
+ .\"
+-.Dd 12 12 2005
++.Dd December 12 2005
+ .Dt SASLAUTHD 8
+ .Os "CMU-SASL"
+ .Sh NAME
+@@ -245,7 +245,7 @@ instead.
+ .Em (All platforms that support OpenLDAP 2.0 or higher)
+ .Pp
+ Authenticate against an ldap server.  The ldap configuration parameters are
+-read from /usr/local/etc/saslauthd.conf.  The location of this file can be
++read from /etc/saslauthd.conf.  The location of this file can be
+ changed with the -O parameter. See the LDAP_SASLAUTHD file included with the
+ distribution for the list of available parameters.
+ .It Li sia
+@@ -278,7 +278,7 @@ was never intended to be used in this manner, anyway.)
+ .Bl -tag -width "/var/run/saslauthd/mux"
+ .It Pa /var/run/saslauthd/mux
+ The default communications socket.
+-.It Pa /usr/local/etc/saslauthd.conf
++.It Pa /etc/saslauthd.conf
+ The default configuration file for ldap support.
+ .El
+ .Sh SEE ALSO

cyrus-sasl/0006-Enable-autoconf-maintainer-mode.patch

@@ -0,0 +1,22 @@
+From: Debian Cyrus SASL Team
+ <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
+Date: Thu, 24 Mar 2016 11:35:03 +0100
+Subject: Enable autoconf maintainer mode
+
+---
+ configure.ac | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 388f5d0..b3db52c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -69,6 +69,8 @@ AC_CANONICAL_TARGET
+ 
+ AM_INIT_AUTOMAKE([1.11 tar-ustar dist-bzip2 foreign -Wno-portability subdir-objects])
+ 
++AM_MAINTAINER_MODE
++
+ DIRS=""
+ 
+ AC_ARG_ENABLE(cmulocal,

cyrus-sasl/0010-Update-required-libraries-when-ld-as-needed-is-used.patch

@@ -0,0 +1,37 @@
+From: Debian Cyrus SASL Team
+ <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
+Date: Thu, 24 Mar 2016 11:35:04 +0100
+Subject: Update required libraries when ld --as-needed is used
+
+it.
+---
+ saslauthd/Makefile.am | 2 +-
+ sasldb/Makefile.am    | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/saslauthd/Makefile.am b/saslauthd/Makefile.am
+index 864b29b..4cf3a3d 100644
+--- a/saslauthd/Makefile.am
++++ b/saslauthd/Makefile.am
+@@ -25,7 +25,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c getnameinfo.c
+ saslauthd_DEPENDENCIES = saslauthd-main.o $(LTLIBOBJS_FULL)
+ saslauthd_LDADD	= @SASL_KRB_LIB@ \
+ 		  @GSSAPIBASE_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
+-		  @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
++		  @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
+ 
+ testsaslauthd_SOURCES = testsaslauthd.c utils.c
+ testsaslauthd_LDADD = @LIB_SOCKET@
+diff --git a/sasldb/Makefile.am b/sasldb/Makefile.am
+index 497ee25..a27645f 100644
+--- a/sasldb/Makefile.am
++++ b/sasldb/Makefile.am
+@@ -54,6 +54,6 @@ noinst_LTLIBRARIES = libsasldb.la
+ 
+ libsasldb_la_SOURCES = allockey.c sasldb.h
+ EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
+-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
+-libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
++libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
++libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
+ libsasldb_la_LDFLAGS = -no-undefined

cyrus-sasl/0013-Don-t-use-la-files-for-opening-plugins.patch

@@ -0,0 +1,153 @@
+From: Debian Cyrus SASL Team
+ <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
+Date: Thu, 24 Mar 2016 11:35:04 +0100
+Subject: Don't use la files for opening plugins
+
+---
+ lib/dlopen.c | 121 ++++-------------------------------------------------------
+ 1 file changed, 7 insertions(+), 114 deletions(-)
+
+diff --git a/lib/dlopen.c b/lib/dlopen.c
+index 8284cd8..ef90b11 100644
+--- a/lib/dlopen.c
++++ b/lib/dlopen.c
+@@ -246,113 +246,6 @@ static int _sasl_plugin_load(char *plugin, void *library,
+     return result;
+ }
+ 
+-/* this returns the file to actually open.
+- *  out should be a buffer of size PATH_MAX
+- *  and may be the same as in. */
+-
+-/* We'll use a static buffer for speed unless someone complains */
+-#define MAX_LINE 2048
+-
+-static int _parse_la(const char *prefix, const char *in, char *out) 
+-{
+-    FILE *file;
+-    size_t length;
+-    char line[MAX_LINE];
+-    char *ntmp = NULL;
+-
+-    if(!in || !out || !prefix || out == in) return SASL_BADPARAM;
+-
+-    /* Set this so we can detect failure */
+-    *out = '\0';
+-
+-    length = strlen(in);
+-
+-    if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) {
+-	if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) {
+-	    /* check for a .la file */
+-	    if (strlen(prefix) + strlen(in) + strlen(LA_SUFFIX) + 1 >= MAX_LINE)
+-		return SASL_BADPARAM;
+-	    strcpy(line, prefix);
+-	    strcat(line, in);
+-	    length = strlen(line);
+-	    *(line + (length - strlen(SO_SUFFIX))) = '\0';
+-	    strcat(line, LA_SUFFIX);
+-	    file = fopen(line, "r");
+-	    if(file) {
+-		/* We'll get it on the .la open */
+-		fclose(file);
+-		return SASL_FAIL;
+-	    }
+-	}
+-        if (strlen(prefix) + strlen(in) + 1 >= PATH_MAX)
+-            return SASL_BADPARAM;
+-	strcpy(out, prefix);
+-	strcat(out, in);
+-	return SASL_OK;
+-    }
+-
+-    if (strlen(prefix) + strlen(in) + 1 >= MAX_LINE)
+-        return SASL_BADPARAM;
+-    strcpy(line, prefix);
+-    strcat(line, in);
+-
+-    file = fopen(line, "r");
+-    if(!file) {
+-	_sasl_log(NULL, SASL_LOG_WARN,
+-		  "unable to open LA file: %s", line);
+-	return SASL_FAIL;
+-    }
+-    
+-    while(!feof(file)) {
+-	if(!fgets(line, MAX_LINE, file)) break;
+-	if(line[strlen(line) - 1] != '\n') {
+-	    _sasl_log(NULL, SASL_LOG_WARN,
+-		      "LA file has too long of a line: %s", in);
+-	    fclose(file);
+-	    return SASL_BUFOVER;
+-	}
+-	if(line[0] == '\n' || line[0] == '#') continue;
+-	if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) {
+-	    /* We found the line with the name in it */
+-	    char *end;
+-	    char *start;
+-	    size_t len;
+-	    end = strrchr(line, '\'');
+-	    if(!end) continue;
+-	    start = &line[sizeof("dlname=")-1];
+-	    len = strlen(start);
+-	    if(len > 3 && start[0] == '\'') {
+-		ntmp=&start[1];
+-		*end='\0';
+-		/* Do we have dlname="" ? */
+-		if(ntmp == end) {
+-		    _sasl_log(NULL, SASL_LOG_DEBUG,
+-			      "dlname is empty in .la file: %s", in);
+-		    fclose(file);
+-		    return SASL_FAIL;
+-		}
+-		strcpy(out, prefix);
+-		strcat(out, ntmp);
+-	    }
+-	    break;
+-	}
+-    }
+-    if(ferror(file) || feof(file)) {
+-	_sasl_log(NULL, SASL_LOG_WARN,
+-		  "Error reading .la: %s\n", in);
+-	fclose(file);
+-	return SASL_FAIL;
+-    }
+-    fclose(file);
+-
+-    if(!(*out)) {
+-	_sasl_log(NULL, SASL_LOG_WARN,
+-		  "Could not find a dlname line in .la file: %s", in);
+-	return SASL_FAIL;
+-    }
+-
+-    return SASL_OK;
+-}
+ #endif /* DO_DLOPEN */
+ 
+ /* loads a plugin library */
+@@ -506,18 +399,18 @@ int _sasl_load_plugins(const add_plugin_list_t *entrypoints,
+ 		if (length + pos>=PATH_MAX) continue; /* too big */
+ 
+ 		if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)),
+-			   SO_SUFFIX)
+-		    && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)),
+-			   LA_SUFFIX))
++			   SO_SUFFIX))
+ 		    continue;
+ 
++		/* We only use .so files for loading plugins */
++
+ 		memcpy(name,dir->d_name,length);
+ 		name[length]='\0';
+ 
+-		result = _parse_la(prefix, name, tmp);
+-		if(result != SASL_OK)
+-		    continue;
+-		
++		/* Create full name with path */
++		strncpy(tmp, prefix, PATH_MAX);
++		strncat(tmp, name, PATH_MAX);
++
+ 		/* skip "lib" and cut off suffix --
+ 		   this only need be approximate */
+ 		strcpy(plugname, name + 3);

cyrus-sasl/0020-Restore-LIBS-after-checking-gss_inquire_sec_context_.patch

@@ -0,0 +1,26 @@
+From 31b68a9438c24fc9e3e52f626462bf514de31757 Mon Sep 17 00:00:00 2001
+From: Ryan Tandy <ryan@nardis.ca>
+Date: Mon, 24 Dec 2018 15:07:02 -0800
+Subject: [PATCH] Restore LIBS after checking gss_inquire_sec_context_by_oid
+
+Fixes: 4b0306dcd76031460246b2dabcb7db766d6b04d8
+---
+ m4/sasl2.m4 | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
+index 56e0504a..17f5d081 100644
+--- a/m4/sasl2.m4
++++ b/m4/sasl2.m4
+@@ -311,9 +311,10 @@ if test "$gssapi" != no; then
+                     [AC_DEFINE(HAVE_GSS_C_SEC_CONTEXT_SASL_SSF,,
+                                [Define if your GSSAPI implementation defines GSS_C_SEC_CONTEXT_SASL_SSF])])
+   fi
++  LIBS="$cmu_save_LIBS"
++
+   cmu_save_LIBS="$LIBS"
+   LIBS="$LIBS $GSSAPIBASE_LIBS"
+-
+   AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
+   AC_TRY_RUN([
+ #ifdef HAVE_GSSAPI_H

cyrus-sasl/0022-Fix-keytab-option-for-MIT-Kerberos.patch

@@ -0,0 +1,66 @@
+From: Debian Cyrus SASL Team
+ <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
+Date: Thu, 24 Mar 2016 11:35:05 +0100
+Subject: Fix keytab option for MIT Kerberos
+
+---
+ m4/sasl2.m4      |  1 +
+ plugins/gssapi.c | 11 ++++++++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
+index 56e0504..a90f7b4 100644
+--- a/m4/sasl2.m4
++++ b/m4/sasl2.m4
+@@ -282,6 +282,7 @@ if test "$gssapi" != no; then
+                     ])
+     fi
+   fi
++  AC_CHECK_FUNCS(krb5_gss_register_acceptor_identity)
+   AC_CHECK_FUNCS(gss_decapsulate_token)
+   AC_CHECK_FUNCS(gss_encapsulate_token)
+   AC_CHECK_FUNCS(gss_oid_equal)
+diff --git a/plugins/gssapi.c b/plugins/gssapi.c
+index ff663da..7c69ac2 100644
+--- a/plugins/gssapi.c
++++ b/plugins/gssapi.c
+@@ -1545,7 +1545,7 @@ static sasl_server_plug_t gssapi_server_plugins[] =
+ };
+ 
+ int gssapiv2_server_plug_init(
+-#ifndef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
++#if !defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) && !defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
+     const sasl_utils_t *utils __attribute__((unused)),
+ #else
+     const sasl_utils_t *utils,
+@@ -1555,7 +1555,7 @@ int gssapiv2_server_plug_init(
+     sasl_server_plug_t **pluglist,
+     int *plugcount)
+ {
+-#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
++#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
+     const char *keytab = NULL;
+     char keytab_path[1024];
+     unsigned int rl;
+@@ -1565,7 +1565,7 @@ int gssapiv2_server_plug_init(
+ 	return SASL_BADVERS;
+     }
+     
+-#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
++#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
+     /* unfortunately, we don't check for readability of keytab if it's
+        the standard one, since we don't know where it is */
+     
+@@ -1587,7 +1587,12 @@ int gssapiv2_server_plug_init(
+ 	
+ 	strncpy(keytab_path, keytab, 1024);
+ 	
++#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
+ 	gsskrb5_register_acceptor_identity(keytab_path);
++#endif
++#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
++	krb5_gss_register_acceptor_identity(keytab_path);
++#endif
+     }
+ #endif
+     

cyrus-sasl/0030-dont_use_la_files_for_opening_plugins.patch

@@ -0,0 +1,134 @@
+--- a/lib/dlopen.c
++++ b/lib/dlopen.c
+@@ -247,105 +247,6 @@ static int _sasl_plugin_load(char *plugi
+     return result;
+ }
+ 
+-/* this returns the file to actually open.
+- *  out should be a buffer of size PATH_MAX
+- *  and may be the same as in. */
+-
+-/* We'll use a static buffer for speed unless someone complains */
+-#define MAX_LINE 2048
+-
+-static int _parse_la(const char *prefix, const char *in, char *out) 
+-{
+-    FILE *file;
+-    size_t length;
+-    char line[MAX_LINE];
+-    char *ntmp = NULL;
+-
+-    if(!in || !out || !prefix || out == in) return SASL_BADPARAM;
+-
+-    /* Set this so we can detect failure */
+-    *out = '\0';
+-
+-    length = strlen(in);
+-
+-    if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) {
+-	if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) {
+-	    /* check for a .la file */
+-	    strcpy(line, prefix);
+-	    strcat(line, in);
+-	    length = strlen(line);
+-	    *(line + (length - strlen(SO_SUFFIX))) = '\0';
+-	    strcat(line, LA_SUFFIX);
+-	    file = fopen(line, "r");
+-	    if(file) {
+-		/* We'll get it on the .la open */
+-		fclose(file);
+-		return SASL_FAIL;
+-	    }
+-	}
+-	strcpy(out, prefix);
+-	strcat(out, in);
+-	return SASL_OK;
+-    }
+-
+-    strcpy(line, prefix);
+-    strcat(line, in);
+-
+-    file = fopen(line, "r");
+-    if(!file) {
+-	_sasl_log(NULL, SASL_LOG_WARN,
+-		  "unable to open LA file: %s", line);
+-	return SASL_FAIL;
+-    }
+-    
+-    while(!feof(file)) {
+-	if(!fgets(line, MAX_LINE, file)) break;
+-	if(line[strlen(line) - 1] != '\n') {
+-	    _sasl_log(NULL, SASL_LOG_WARN,
+-		      "LA file has too long of a line: %s", in);
+-	    return SASL_BUFOVER;
+-	}
+-	if(line[0] == '\n' || line[0] == '#') continue;
+-	if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) {
+-	    /* We found the line with the name in it */
+-	    char *end;
+-	    char *start;
+-	    size_t len;
+-	    end = strrchr(line, '\'');
+-	    if(!end) continue;
+-	    start = &line[sizeof("dlname=")-1];
+-	    len = strlen(start);
+-	    if(len > 3 && start[0] == '\'') {
+-		ntmp=&start[1];
+-		*end='\0';
+-		/* Do we have dlname="" ? */
+-		if(ntmp == end) {
+-		    _sasl_log(NULL, SASL_LOG_DEBUG,
+-			      "dlname is empty in .la file: %s", in);
+-		    return SASL_FAIL;
+-		}
+-		strcpy(out, prefix);
+-		strcat(out, ntmp);
+-	    }
+-	    break;
+-	}
+-    }
+-    if(ferror(file) || feof(file)) {
+-	_sasl_log(NULL, SASL_LOG_WARN,
+-		  "Error reading .la: %s\n", in);
+-	fclose(file);
+-	return SASL_FAIL;
+-    }
+-    fclose(file);
+-
+-    if(!(*out)) {
+-	_sasl_log(NULL, SASL_LOG_WARN,
+-		  "Could not find a dlname line in .la file: %s", in);
+-	return SASL_FAIL;
+-    }
+-
+-    return SASL_OK;
+-}
+ #endif /* DO_DLOPEN */
+ 
+ /* loads a plugin library */
+@@ -499,18 +400,18 @@ int _sasl_load_plugins(const add_plugin_
+ 		if (length + pos>=PATH_MAX) continue; /* too big */
+ 
+ 		if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)),
+-			   SO_SUFFIX)
+-		    && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)),
+-			   LA_SUFFIX))
++			   SO_SUFFIX))
+ 		    continue;
+ 
++		/* We only use .so files for loading plugins */
++
+ 		memcpy(name,dir->d_name,length);
+ 		name[length]='\0';
+ 
+-		result = _parse_la(prefix, name, tmp);
+-		if(result != SASL_OK)
+-		    continue;
+-		
++		/* Create full name with path */
++		strncpy(tmp, prefix, PATH_MAX);
++		strncat(tmp, name, PATH_MAX);
++
+ 		/* skip "lib" and cut off suffix --
+ 		   this only need be approximate */
+ 		strcpy(plugname, name + 3);

cyrus-sasl/0032-Add-with_pgsql-include-postgresql-to-include-path.patch

@@ -0,0 +1,23 @@
+From: =?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej@sury.org>
+Date: Tue, 25 Oct 2016 12:33:27 +0200
+Subject: Add ${with_pgsql}include/postgresql/ to include path
+
+---
+ configure.ac | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index fe7f0eb..1882f31 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -894,7 +894,9 @@ case "$with_pgsql" in
+      LIB_PGSQL_DIR=$LIB_PGSQL
+      LIB_PGSQL="$LIB_PGSQL -lpq"
+ 
+-     if test -d ${with_pgsql}/include/pgsql; then
++     if test -d ${with_pgsql}/include/postgresql/; then
++         CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql"
++     elif test -d ${with_pgsql}/include/pgsql; then
+          CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql"
+      elif test -d ${with_pgsql}/pgsql/include; then
+          CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include"

cyrus-sasl/PKGBUILD

@@ -0,0 +1,177 @@
+# Maintainer: Jesus E. <heckyel@riseup.net>
+
+pkgbase=('cyrus-sasl')
+pkgname=('cyrus-sasl' 'cyrus-sasl-gssapi' 'cyrus-sasl-ldap' 'cyrus-sasl-sql')
+pkgver=2.1.27
+_debver=$pkgver
+_debrel=2.1
+pkgrel=3
+pkgdesc="Cyrus Simple Authentication Service Layer (SASL) library"
+arch=('i686' 'x86_64')
+url="https://www.cyrusimap.org/sasl/"
+license=('Original-BSD')
+options=('!makeflags')
+makedepends=('postgresql-libs' 'libldap' 'krb5' 'libressl' 'sqlite' 'quilt')
+source=(https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-$pkgver/cyrus-sasl-$pkgver.tar.gz{,.sig}
+        https://deb.debian.org/debian/pool/main/c/cyrus-sasl2/cyrus-sasl2_$_debver+dfsg-$_debrel+deb11u1.debian.tar.xz
+        0003-Update-saslauthd.conf-location-in-documentation.patch
+	0006-Enable-autoconf-maintainer-mode.patch
+        0010-Update-required-libraries-when-ld-as-needed-is-used.patch
+        0013-Don-t-use-la-files-for-opening-plugins.patch
+        0020-Restore-LIBS-after-checking-gss_inquire_sec_context_.patch
+        0022-Fix-keytab-option-for-MIT-Kerberos.patch
+        0032-Add-with_pgsql-include-postgresql-to-include-path.patch
+        gdbm-errno.patch
+        saslauthd.confd
+        saslauthd.initd)
+sha512sums=('d11549a99b3b06af79fc62d5478dba3305d7e7cc0824f4b91f0d2638daafbe940623eab235f85af9be38dcf5d42fc131db531c177040a85187aee5096b8df63b'
+            'SKIP'
+            '73d70392eb16107d3e84f083dcfeb79abf33413734244748cb7eef24089ed9ad0da60e778b096bdcd134878f28bfd9cd3801f6e707ed03d6b9338407bdbe6972'
+            'ccd8a9e06578a4811d24c883e45d4dc51a35c2875851ab372113d612d9e52470faa08748e8c27b5bdfe8aee47caf91c40b04211ddff43087f7e0b43c5819f783'
+            '852791cadfb1bdde948814185f307bbada781f8562319c90fea7d5248d545432e6103cb113dfc89525c8a74cc30f1b8686e52a8b658efad9738609473a1dbc74'
+            'e44c7bc90b9140f3cc442c2155ac89c13b9bd5422c2d8ac1fddf83b64c312ba621322b32639c4f517aa05c78d6a1cd94dc257892e706844f6be095a3863127d7'
+            'dc056e74d895e81494a39ba05ec97623f9bbd7b61f44ff0bae8cb847c8e5882d47d384d0da429ab0de2c2bd4530b6ead2e595d6dd17960bfc1aa3d2ded0a823d'
+            'cf747487df71c66d22e78ec3ca658f2f2752b224851d23070374119378e4a738996eb8256583437f92f34e63488c5a205a8a37deeb8d98bdbe0a679cbb00d8fb'
+            '1364657633a4aa2944415477108d38acc94f37ad92470205fb36b7307e4924b02d0029bab4bae4439a2d13cb57d9209974dbf7b55f4cde2448571ccec8d62f9b'
+            '48f61c050e8b372b994bc2d56d04a29a07922d2f149ad890f6895e6ec0ed0e7cd2069e63a6445cfe87be23ae95b9ff259b3d70f64a449ceb420587ef21e2f57b'
+            'd7dfdf520d16a79f265708d1c6938bd24bd26b9a0ff9b7fcbfc95c494af7f44220080bd3f79d0486bb6fc30b4a9a269adb7836bc593eacca99a1ef549ce58a9e'
+            'fe7102c67b9cf8438cabb1d4dc69d0a173b6ec3134c8ea5c60551d9fd1daaa20664b8ea197f8e118e224cb0686b2e83c51d31d785106d15d0758b95ef89c90e2'
+            '1d5942a94ffbc15774443d60a88d4c89c7c3c6ea68b041d304f0110f6ec3aa2a812f59021cddc78de6f51a25bb00955e4e56d769e766a9d856f13774dd37ce83')
+validpgpkeys=('829F339F8C296FE80F409D93E3D7C118C7B9F46A') # Partha Susarla <mail@spartha.org>
+
+prepare() {
+  cd cyrus-sasl-$pkgver
+
+  if [[ ${pkgver%.*} = ${_debver%.*} ]]; then
+    # Debian patches
+    export QUILT_PATCHES=debian/patches
+    export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index'
+    export QUILT_DIFF_ARGS='--no-timestamps'
+
+    mv "$srcdir"/debian .
+
+    # Doesn't apply
+    rm -v debian/patches/0001-Make-the-libsasl2-symbols-versioned.patch || true
+    rm -v debian/patches/0002-Use-etc-sasldb2-instead-of-.-sasldb-in-the-testsuite.patch || true
+    rm -v debian/patches/0004-Include-dbconverter-2-in-sbin_PROGRAMS-and-set-defau.patch || true
+    rm -v debian/patches/0017-Just-completely-remove-libobj-from-autotools-files.patch || true
+    rm -v debian/patches/0018-Temporary-multiarch-fixes.patch || true
+    rm -v debian/patches/0019-Add-reference-to-LDAP_SASLAUTHD-file-to-the-saslauth.patch || true
+    rm -v debian/patches/0025-Revert-upstream-soname-bump.patch || true
+    rm -v debian/patches/0033-cross.patch || true
+
+    quilt push -av
+  else
+    patch -Np1 -i $srcdir/0003-Update-saslauthd.conf-location-in-documentation.patch
+    patch -Np1 -i $srcdir/0006-Enable-autoconf-maintainer-mode.patch
+    patch -Np1 -i $srcdir/0010-Update-required-libraries-when-ld-as-needed-is-used.patch
+    patch -Np1 -i $srcdir/0013-Don-t-use-la-files-for-opening-plugins.patch
+    patch -Np1 -i $srcdir/0020-Restore-LIBS-after-checking-gss_inquire_sec_context_.patch
+    patch -Np1 -i $srcdir/0022-Fix-keytab-option-for-MIT-Kerberos.patch
+    patch -Np1 -i $srcdir/0032-Add-with_pgsql-include-postgresql-to-include-path.patch
+  fi
+
+  patch -Np1 -i $srcdir/gdbm-errno.patch
+
+  cp -a saslauthd/saslauthd.mdoc saslauthd/saslauthd.8
+  rm -f config/config.guess config/config.sub
+  rm -f config/ltconfig config/ltmain.sh config/libtool.m4
+  rm -fr autom4te.cache
+
+  libtoolize -c
+  aclocal -I config
+  automake -a -c
+  autoheader
+  autoconf
+}
+
+build() {
+  export CFLAGS="$CFLAGS -fPIC"
+  cd cyrus-sasl-$pkgver
+
+  ./configure --prefix=/usr \
+      --mandir=/usr/share/man \
+      --infodir=/usr/share/info \
+      --disable-static \
+      --enable-shared \
+      --enable-alwaystrue \
+      --enable-checkapop \
+      --enable-cram \
+      --enable-digest \
+      --disable-otp \
+      --disable-srp \
+      --disable-srp-setpass \
+      --disable-krb4 \
+      --enable-gssapi \
+      --enable-auth-sasldb \
+      --enable-plain \
+      --enable-anon \
+      --enable-login \
+      --enable-ntlm \
+      --disable-passdss \
+      --enable-sql \
+      --without-mysql \
+      --with-pgsql=/usr/lib \
+      --with-sqlite3=/usr/lib \
+      --enable-ldapdb \
+      --disable-macos-framework \
+      --without-pam \
+      --with-saslauthd=/var/run/saslauthd \
+      --with-ldap \
+      --with-dblib=gdbm \
+      --with-configdir=/etc/sasl2:/etc/sasl:/usr/lib/sasl2 \
+      --sysconfdir=/etc \
+      --with-devrandom=/dev/urandom
+  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+  make
+}
+
+package_cyrus-sasl() {
+  depends=("libsasl=${pkgver}" 'krb5')
+  pkgdesc="Cyrus saslauthd SASL authentication daemon"
+  backup=('etc/conf.d/saslauthd')
+
+  cd cyrus-sasl-$pkgver/saslauthd
+  make DESTDIR="${pkgdir}" install
+  install -Dm644 "${srcdir}/saslauthd.confd" "${pkgdir}/etc/conf.d/saslauthd"
+  install -Dm755 "${srcdir}/saslauthd.initd" "${pkgdir}/etc/init.d/saslauthd"
+
+  install -Dm644 ../COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING"
+}
+
+package_cyrus-sasl-gssapi() {
+  pkgdesc="GSSAPI authentication mechanism for Cyrus SASL"
+  depends=("libsasl=${pkgver}" 'krb5')
+  replaces=('cyrus-sasl-plugins')
+
+  cd cyrus-sasl-$pkgver/plugins
+  install -m755 -d "${pkgdir}/usr/lib/sasl2"
+  cp -a .libs/libgssapiv2.so* "${pkgdir}/usr/lib/sasl2/"
+  cp -a .libs/libgs2.so* "${pkgdir}/usr/lib/sasl2/"
+
+  install -Dm644 ../COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING"
+}
+
+package_cyrus-sasl-ldap() {
+  pkgdesc="ldapdb auxprop module for Cyrus SASL"
+  depends=("libsasl=${pkgver}" 'libldap')
+  replaces=('cyrus-sasl-plugins')
+
+  cd cyrus-sasl-$pkgver/plugins
+  install -m755 -d "${pkgdir}/usr/lib/sasl2"
+  cp -a .libs/libldapdb.so* "${pkgdir}/usr/lib/sasl2/"
+
+  install -Dm644 ../COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING"
+}
+
+package_cyrus-sasl-sql() {
+  pkgdesc="SQL auxprop module for Cyrus SASL"
+  depends=("libsasl=${pkgver}" 'postgresql-libs' 'sqlite')
+  replaces=('cyrus-sasl-plugins')
+
+  cd cyrus-sasl-$pkgver/plugins
+  install -m755 -d "${pkgdir}/usr/lib/sasl2"
+  cp -a .libs/libsql.so* "${pkgdir}/usr/lib/sasl2/"
+
+  install -Dm644 ../COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING"
+}

cyrus-sasl/cyrus-sasl-2.1.22-as-needed.patch

@@ -0,0 +1,11 @@
+--- saslauthd/configure.in.orig	2006-05-23 15:53:17.000000000 -0700
++++ saslauthd/configure.in	2006-05-23 15:53:33.000000000 -0700
+@@ -77,7 +77,7 @@
+   AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support])
+   SASL_DB_PATH_CHECK()
+   SASL_DB_CHECK()
+-  SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al"
++  SASL_DB_LIB="../sasldb/.libs/libsasldb.a $SASL_DB_LIB"
+ fi
+ 
+ AC_ARG_ENABLE(httpform, [  --enable-httpform       enable HTTP form authentication [[no]] ],

cyrus-sasl/cyrus-sasl-2.1.22-qa.patch

@@ -0,0 +1,22 @@
+fix missing prototype warnings
+
+--- cyrus-sasl-2.1.22/lib/auxprop.c
++++ cyrus-sasl-2.1.22/lib/auxprop.c
+@@ -43,6 +43,7 @@
+  */
+ 
+ #include <config.h>
++#include <stdio.h>
+ #include <sasl.h>
+ #include <prop.h>
+ #include <ctype.h>
+--- cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
++++ cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
+@@ -24,6 +24,7 @@ OF OR IN CONNECTION WITH THE USE OR PERF
+ ******************************************************************/
+ 
+ #include <shadow.h>
++#include <string.h>
+ 
+ extern char *crypt();
+ 

cyrus-sasl/cyrus-sasl-2.1.26-size_t.patch

@@ -0,0 +1,11 @@
+--- cyrus-sasl-2.1.26/include/sasl.h	2012-10-12 09:05:48.000000000 -0500
++++ cyrus-sasl-2.1.26/include/sasl.h	2013-01-31 13:21:04.007739327 -0600
+@@ -223,6 +223,8 @@ extern "C" {
+  * they must be called before all other SASL functions:
+  */
+ 
++#include <sys/types.h>
++
+ /* memory allocation functions which may optionally be replaced:
+  */
+ typedef void *sasl_malloc_t(size_t);

cyrus-sasl/cyrus-sasl-gssapi.patch

@@ -0,0 +1,16 @@
+diff -aur cyrus-sasl-2.1.26.orig/plugins/gssapi.c cyrus-sasl-2.1.26/plugins/gssapi.c
+--- cyrus-sasl-2.1.26.orig/plugins/gssapi.c	2016-06-10 13:55:25.985676293 -0700
++++ cyrus-sasl-2.1.26/plugins/gssapi.c	2016-06-10 13:58:00.687337430 -0700
+@@ -1583,10 +1583,10 @@
+ 	}
+ 
+ 	/* Setup req_flags properly */
+-	req_flags = GSS_C_INTEG_FLAG;
++	req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+ 	if (params->props.max_ssf > params->external_ssf) {
+ 	    /* We are requesting a security layer */
+-	    req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
++	    req_flags |= GSS_C_INTEG_FLAG;
+ 	    /* Any SSF bigger than 1 is confidentiality. */
+ 	    /* Let's check if the client of the API requires confidentiality,
+ 	       and it wasn't already provided by an external layer */

cyrus-sasl/cyrus-sasl-sql.patch

@@ -0,0 +1,39 @@
+--- configure.in	2012-10-12 16:05:48.000000000 +0200
++++ configure.in	2013-05-11 18:48:59.021848013 +0200
+@@ -861,9 +860,9 @@
+     notfound) AC_WARN([SQLite Library not found]); true;;
+     *)
+      if test -d ${with_sqlite}/lib; then
+-         LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib"
++         LIB_SQLITE="-L${with_sqlite}/lib"
+      else
+-         LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}"
++         LIB_SQLITE="-L${with_sqlite}"
+      fi
+ 
+      LIB_SQLITE_DIR=$LIB_SQLITE
+@@ -913,9 +912,9 @@
+     notfound) AC_WARN([SQLite3 Library not found]); true;;
+     *)
+      if test -d ${with_sqlite3}/lib; then
+-         LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib"
++         LIB_SQLITE3="-L${with_sqlite3}/lib"
+      else
+-         LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}"
++         LIB_SQLITE3="-L${with_sqlite3}"
+      fi
+ 
+      LIB_SQLITE3_DIR=$LIB_SQLITE3
+--- configure.in
++++ configure.in
+@@ -674,7 +674,9 @@
+      LIB_PGSQL_DIR=$LIB_PGSQL
+      LIB_PGSQL="$LIB_PGSQL -lpq"
+ 
+-     if test -d ${with_pgsql}/include/pgsql; then
++     if test -d ${with_pgsql}/include/postgresql/pgsql; then
++         CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql/pgsql"
++     elif test -d ${with_pgsql}/include/pgsql; then
+          CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql"
+      elif test -d ${with_pgsql}/pgsql/include; then
+          CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include"

cyrus-sasl/fix-pkgconfig.patch

@@ -0,0 +1,27 @@
+From 3f42b7d7f3ef52056c79b31529d1a5be695c74c1 Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <icq@gnome.org>
+Date: Fri, 20 Nov 2015 11:16:31 +0100
+Subject: [PATCH] Fix up pkgconfig pc file
+
+---
+ libsasl2.pc.in | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libsasl2.pc.in b/libsasl2.pc.in
+index 40bea37..ddad76d 100644
+--- a/libsasl2.pc.in
++++ b/libsasl2.pc.in
+@@ -1,8 +1,12 @@
+-libdir = @libdir@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
+ 
+ Name: Cyrus SASL
+ Description: Cyrus SASL implementation
+ URL: http://www.cyrussasl.org/
+ Version: @VERSION@
++Cflags: -I${includedir}
+ Libs: -L${libdir} -lsasl2
+ Libs.private: @LIB_DOOR@ @SASL_DL_LIB@ @LIBS@

cyrus-sasl/gdbm-errno.patch

@@ -0,0 +1,29 @@
+From af48f6fec9a7b6374d4153c5db894d4a1f349645 Mon Sep 17 00:00:00 2001
+From: Jonas Jelten <jj@sft.mx>
+Date: Sat, 2 Feb 2019 20:53:37 +0100
+Subject: [PATCH] db_gdbm: fix gdbm_errno overlay from gdbm_close
+
+`gdbm_close` also sets gdbm_errno since version 1.17.
+This leads to a problem in `libsasl` as the `gdbm_close` incovation overlays
+the `gdbm_errno` value which is then later used for the error handling.
+---
+ sasldb/db_gdbm.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c
+index ee56a6bf..c908808e 100644
+--- a/sasldb/db_gdbm.c
++++ b/sasldb/db_gdbm.c
+@@ -107,9 +107,11 @@ int _sasldb_getdata(const sasl_utils_t *utils,
+   gkey.dptr = key;
+   gkey.dsize = key_len;
+   gvalue = gdbm_fetch(db, gkey);
++  int fetch_errno = gdbm_errno;
++
+   gdbm_close(db);
+   if (! gvalue.dptr) {
+-      if (gdbm_errno == GDBM_ITEM_NOT_FOUND) {
++      if (fetch_errno == GDBM_ITEM_NOT_FOUND) {
+           utils->seterror(conn, SASL_NOLOG,
+ 			  "user: %s@%s property: %s not found in %s",
+ 			  authid, realm, propName, path);

cyrus-sasl/saslauthd.confd

@@ -0,0 +1 @@
+SASLAUTHD_OPTS=""

cyrus-sasl/saslauthd.initd

@@ -0,0 +1,20 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting saslauthd"
+	start-stop-daemon --start --quiet --exec /usr/sbin/saslauthd \
+		-- ${SASLAUTHD_OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping saslauthd"
+	start-stop-daemon --stop --quiet --pidfile /run/saslauthd/saslauthd.pid
+	eend $?
+}