From root@fillmore-labs.com  Wed Apr 16 08:14:59 2003
Return-Path: <root@fillmore-labs.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5C66A37B404; Wed, 16 Apr 2003 08:14:59 -0700 (PDT)
Received: from mx1.fillmore-labs.com (nuuk.fillmore-labs.com [62.138.193.82])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6440A43FAF; Wed, 16 Apr 2003 08:14:57 -0700 (PDT)
	(envelope-from root@fillmore-labs.com)
Received: from root by mx1.fillmore-labs.com with local (Exim 4.14)
	id 195och-000Os2-Lm; Wed, 16 Apr 2003 17:14:55 +0200
Message-Id: <E195och-000Os2-Lm@mx1.fillmore-labs.com>
Date: Wed, 16 Apr 2003 17:14:55 +0200
From: Oliver Eikemeier <eikemeier@fillmore-labs.com>
Reply-To: Oliver Eikemeier <eikemeier@fillmore-labs.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc: ume@FreeBSD.org
Subject: Multiple problems with port security/cyrus-sasl2 2.1.13
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         51041
>Category:       ports
>Synopsis:       Multiple problems with port security/cyrus-sasl2 2.1.13
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    ume
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 16 08:20:21 PDT 2003
>Closed-Date:    Thu Apr 17 11:05:46 PDT 2003
>Last-Modified:  Thu Apr 17 11:05:46 PDT 2003
>Originator:     Oliver Eikemeier
>Release:        FreeBSD 4.8-STABLE i386
>Organization:
Fillmore Labs - http://www.fillmore-labs.com
>Environment:
System: FreeBSD nuuk.fillmore-labs.com 4.8-STABLE FreeBSD 4.8-STABLE #0: Sun Apr 6 14:21:01 CEST 2003 root@nuuk.fillmore-labs.com:/usr/obj/usr/src/sys/FILLMORE-LABS i386

>Description:

- The included script fails to shut down saslauthd properly
- Kerberos plugin is not compiled
- The configuration script links with the installed Berkeley DB with highest version,
  even when other headers are included
- Berkeley DB 4.1 support is broken

>How-To-Repeat:

- The script assumes the daemons pid is in /var/state/saslauthd/mux.pid
  instead of /var/state/saslauthd/saslauthd.pid

- The configuration script fails to detect libkrb, do 'make' and the look in ${WRKSRC}/config.log:

configure:4934: checking for krb_mk_priv in -lkrb
configure:4953: cc -o conftest -Wall -W -Wall -O -pipe -L/usr/local/lib -R/usr/local/lib  conftest.c -lcrypto -lcrypt -lkrb -lcom_err  1>&5
/usr/lib/libkrb.so: undefined reference to `des_pcbc_encrypt'
/usr/lib/libkrb.so: undefined reference to `des_set_odd_parity'
/usr/lib/libkrb.so: undefined reference to `des_key_sched'
/usr/lib/libkrb.so: undefined reference to `des_read_pw_string'
/usr/lib/libkrb.so: undefined reference to `des_set_key'
/usr/lib/libkrb.so: undefined reference to `des_cbc_cksum'
/usr/lib/libkrb.so: undefined reference to `des_quad_cksum'
/usr/lib/libkrb.so: undefined reference to `des_string_to_key'
configure: failed program was:
#line 4942 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error.  */
/* We use char because int might match the return type of a gcc2
    builtin and then its argument prototype would still apply.  */
char krb_mk_priv();

int main() {
krb_mk_priv()
; return 0; }

- Install Berkeley DB 4.0 and then choose Berkeley DB 3.0 in the installation.
  The libraries are compiled with -I/usr/local/include/db3 and -ldb4.
  That happened even before the patch in ports/50962.

- sasldb works with Berkeley DB 3.3 and 4.0, but with 4.1 I get:

error fetching from sasldb: Invalid argument
error closing sasldb: Invalid argument

  in /var/log/messages. Probably something in sasldb/db_berkeley.c.

>Fix:

The following patch fixes:
- path to pid
- choose the right Berkeley DB version (hack)

It disables Kerberos and Berkeley DB 4.1 until these issues have been investigated further.

cd /usr/ports/security
patch < ~/cyrus-sasl-2.1.3_1.patch
find cyrus-sasl2 -name '*.orig' -delete

--- cyrus-sasl-2.1.3_1.patch begins here ---
diff -Nur cyrus-sasl2/Makefile.orig cyrus-sasl2/Makefile
--- cyrus-sasl2/Makefile.orig	Tue Apr 15 19:03:27 2003
+++ cyrus-sasl2/Makefile	Wed Apr 16 16:41:12 2003
@@ -7,7 +7,7 @@
 
 PORTNAME=	cyrus-sasl
 PORTVERSION=	2.1.13
-#PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/ \
 		ftp://ftp.westbend.net/pub/cyrus-mail/ \
@@ -87,6 +87,7 @@
 GSSAPI=	"@comment "
 .endif
 
+WITHOUT_KERBEROS?=	YES			# Kerberos detection in configure is broken
 .if exists(/usr/lib/libkrb.a) && !defined(WITHOUT_KERBEROS)
 CONFIGURE_ARGS+=	--enable-krb4
 .else
diff -Nur cyrus-sasl2/files/patch-configure.orig cyrus-sasl2/files/patch-configure
--- cyrus-sasl2/files/patch-configure.orig	Tue Apr 15 20:09:30 2003
+++ cyrus-sasl2/files/patch-configure	Wed Apr 16 16:37:56 2003
@@ -5,7 +5,7 @@
  	fi
  
 -        for dbname in db-4.1 db4.1 db-4.0 db4.0 db-4 db4 db-3.3 db3.3 db-3.2 db3.2 db-3.1 db3.1 db-3 db3 db
-+        for dbname in db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db4 db-3.3 db3.3 db-3.2 db3.2 db-3.1 db3.1 db-3 db3 db
++        for dbname in "${with_bdb}" db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db4 db-3.3 db3.3 db-3.2 db3.2 db-3.1 db3.1 db-3 db3 db
            do
              echo $ac_n "checking for db_create in -l$dbname""... $ac_c" 1>&6
  echo "configure:2659: checking for db_create in -l$dbname" >&5
@@ -14,7 +14,7 @@
  	fi
  
 -        for dbname in db-4.1 db4.1 db-4.0 db4.0 db-4 db4 db-3.3 db3.3 db-3.2 db3.2 db-3.1 db3.1 db-3 db3 db
-+        for dbname in db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db4 db-3.3 db3.3 db-3.2 db3.2 db-3.1 db3.1 db-3 db3 db
++        for dbname in "${with_bdb}" db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db4 db-3.3 db3.3 db-3.2 db3.2 db-3.1 db3.1 db-3 db3 db
            do
              echo $ac_n "checking for db_create in -l$dbname""... $ac_c" 1>&6
  echo "configure:3050: checking for db_create in -l$dbname" >&5
diff -Nur cyrus-sasl2/files/patch-saslauthd::configure.orig cyrus-sasl2/files/patch-saslauthd::configure
--- cyrus-sasl2/files/patch-saslauthd::configure.orig	Tue Apr 15 20:09:30 2003
+++ cyrus-sasl2/files/patch-saslauthd::configure	Wed Apr 16 16:38:08 2003
@@ -5,7 +5,7 @@
  	fi
  
 -        for dbname in db-4.1 db4.1 db-4.0 db4.0 db-4 db4 db-3.3 db3.3 db-3.2 db3.2 db-3.1 db3.1 db-3 db3 db
-+        for dbname in db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db4 db-3.3 db3.3 db-3.2 db3.2 db-3.1 db3.1 db-3 db3 db
++        for dbname in "${with_bdb}" db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db4 db-3.3 db3.3 db-3.2 db3.2 db-3.1 db3.1 db-3 db3 db
            do
              echo $ac_n "checking for db_create in -l$dbname""... $ac_c" 1>&6
  echo "configure:3448: checking for db_create in -l$dbname" >&5
@@ -14,7 +14,7 @@
  	fi
  
 -        for dbname in db-4.1 db4.1 db-4.0 db4.0 db-4 db4 db-3.3 db3.3 db-3.2 db3.2 db-3.1 db3.1 db-3 db3 db
-+        for dbname in db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db4 db-3.3 db3.3 db-3.2 db3.2 db-3.1 db3.1 db-3 db3 db
++        for dbname in "${with_bdb}" db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db4 db-3.3 db3.3 db-3.2 db3.2 db-3.1 db3.1 db-3 db3 db
            do
              echo $ac_n "checking for db_create in -l$dbname""... $ac_c" 1>&6
  echo "configure:3839: checking for db_create in -l$dbname" >&5
diff -Nur cyrus-sasl2.orig/files/saslauthd.sh.orig cyrus-sasl2/files/saslauthd.sh
--- cyrus-sasl2/files/saslauthd.sh.orig	Thu Aug  8 16:04:44 2002
+++ cyrus-sasl2/files/saslauthd.sh	Wed Apr 16 12:06:46 2003
@@ -54,10 +54,9 @@
 		;;
 
 	    stop)
-		if [ -r /var/state/saslauthd/mux.pid ]; then
-		    kill `cat /var/state/saslauthd/mux.pid` && \
+		if [ -r /var/state/saslauthd/saslauthd.pid ]; then
+		    kill `cat /var/state/saslauthd/saslauthd.pid` && \
 			echo -n " saslauthd"
-		    rm /var/state/saslauthd/mux.pid
 		fi
 		;;
 
diff -Nur cyrus-sasl2/scripts/configure.sasl.orig cyrus-sasl2/scripts/configure.sasl
--- cyrus-sasl2/scripts/configure.sasl.orig	Tue Apr 15 19:03:28 2003
+++ cyrus-sasl2/scripts/configure.sasl	Wed Apr 16 16:26:02 2003
@@ -56,7 +56,7 @@
 	else
 		SET_MYSQL="OFF"
 	fi
-	if [ "${WITH_LDAP}" -o -f ${PREFIX}/lib/libldap.so.2 -a -f ${PREFIX}/lib/liblber.so.2 \
+	if [ "${WITH_LDAP21}" -o -f ${PREFIX}/lib/libldap.so.2 -a -f ${PREFIX}/lib/liblber.so.2 \
 		-a -f ${PREFIX}/bin/ldapwhoami ] ; then
 		SET_LDAP21="ON"
 		SET_LDAP="OFF"
@@ -124,8 +124,11 @@
 				rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc
 				exit 1
 			fi
+			echo "db41 support is broken." > /dev/stderr
+			rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc
+			exit 1
 			echo "LIB_DEPENDS+=	db41.1:\${PORTSDIR}/databases/db41"
-			echo "CONFIGURE_ARGS+=	--with-dblib=berkeley --with-bdb-incdir=${PREFIX}/include/db41  --with-bdb-libdir=${PREFIX}/lib"
+			echo "CONFIGURE_ARGS+=	--with-bdb=db41 --with-dblib=berkeley --with-bdb-incdir=${PREFIX}/include/db41  --with-bdb-libdir=${PREFIX}/lib"
 			echo "SASLDB_NAME=	sasldb2"
 			DBLIB=1
 			;;
@@ -136,7 +139,7 @@
 				exit 1
 			fi
 			echo "LIB_DEPENDS+=	db4.0:\${PORTSDIR}/databases/db4"
-			echo "CONFIGURE_ARGS+=	--with-dblib=berkeley --with-bdb-incdir=${PREFIX}/include/db4  --with-bdb-libdir=${PREFIX}/lib"
+			echo "CONFIGURE_ARGS+=	--with-bdb=db4 --with-dblib=berkeley --with-bdb-incdir=${PREFIX}/include/db4  --with-bdb-libdir=${PREFIX}/lib"
 			echo "SASLDB_NAME=	sasldb2"
 			DBLIB=1
 			;;
@@ -147,7 +150,7 @@
 				exit 1
 			fi
 			echo "LIB_DEPENDS+=	db3.3:\${PORTSDIR}/databases/db3"
-			echo "CONFIGURE_ARGS+=	--with-dblib=berkeley --with-bdb-incdir=${PREFIX}/include/db3  --with-bdb-libdir=${PREFIX}/lib"
+			echo "CONFIGURE_ARGS+=	--with-bdb=db3 --with-dblib=berkeley --with-bdb-incdir=${PREFIX}/include/db3  --with-bdb-libdir=${PREFIX}/lib"
 			echo "SASLDB_NAME=	sasldb2"
 			DBLIB=1
 			;;
--- cyrus-sasl-2.1.3_1.patch ends here ---

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->ume 
Responsible-Changed-By: nork 
Responsible-Changed-When: Wed Apr 16 09:08:35 PDT 2003 
Responsible-Changed-Why:  
Over to maintainer! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=51041 
State-Changed-From-To: open->closed 
State-Changed-By: ume 
State-Changed-When: Thu Apr 17 11:02:59 PDT 2003 
State-Changed-Why:  
Thanks!  I've committed it excluding disabling Kerberos and DB 4.1. 
Kerberos handling was expected to be fixed with other commit. 
Though it seems that there is compatibility issue around the database 
format and/or the ABI between DB versions, cyrus-imapd22 is working 
fine with DB 4.1, here.  I suspect that your SASL2 and your 
applications which use SASL2 don't link same version of DB, or you 
didn't rebuild sasldb2. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=51041 
>Unformatted:
