# Buildsheet autogenerated by ravenadm tool -- Do not edit. NAMEBASE= cyrus-sasl VERSION= 2.1.28 REVISION= 4 KEYWORDS= security VARIANTS= std SDESC[std]= Cyrus Simple Authentication Service Layer (SASL) HOMEPAGE= https://www.cyrusimap.org/sasl/ CONTACT= nobody DOWNLOAD_GROUPS= main SITES[main]= https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-2.1.28/ DISTFILE[1]= cyrus-sasl-2.1.28.tar.gz:main DF_INDEX= 1 SPKGS[std]= set primary dev man docs tools OPTIONS_AVAILABLE= none OPTIONS_STANDARD= none EXRUN[tools]= primary USERS= cyrus GROUPS= cyrus USERGROUP_SPKG= primary USES= cpe gmake libtool:keepla perl:build bdb ssl mbsdfix LICENSE= BSD4CLAUSE:primary LICENSE_FILE= BSD4CLAUSE:{{WRKSRC}}/COPYING LICENSE_SCHEME= solo CPE_VENDOR= cyrusimap FPC_EQUIVALENT= security/cyrus-sasl2 MUST_CONFIGURE= gnu CONFIGURE_ARGS= --disable-alwaystrue --disable-keep-db-open --disable-srp --disable-krb4 --disable-gssapi --disable-otp --disable-sample --enable-anon --enable-cram --enable-digest --enable-login --enable-ntlm --enable-plain --enable-scram --sysconfdir={{PREFIX}}/etc --with-dblib=berkeley --with-bdb-libdir={{BDB_LIB_DIR}} --with-bdb-incdir={{BDB_INCLUDE_DIR}} --with-authdaemond=/var/run/authdaemond/socket --with-configdir={{PREFIX}}/lib/sasl2:{{PREFIX}}/etc/sasl2 --with-plugindir={{PREFIX}}/lib/sasl2 --with-dbpath={{PREFIX}}/etc/sasldb2 --with-lib-subdir=lib --includedir={{PREFIX}}/include --enable-static --with-rc4=openssl --with-saslauthd=/var/run/saslauthd --with-openssl={{OPENSSLBASE}} SINGLE_JOB= yes INSTALL_REQ_TOOLCHAIN= yes SOVERSION= 3.0.0 PLIST_SUB= UNDERSCORE=1.13.1 JQUERY=3.5.1 CFLAGS= -Wno-pointer-sign VAR_OPSYS[netbsd]= CONFIGURE_ENV=ac_cv_lib_dl_dlopen=no VAR_ARCH[x86_64]= CPPFLAGS=-fPIC post-install: ${MKDIR} ${STAGEDIR}${STD_DOCDIR} (cd ${WRKSRC}/doc && ${COPYTREE_SHARE} . ${STAGEDIR}${STD_DOCDIR} \ "! \( -path */html/_sources* \ -o -name .buildinfo \ -o -name Makefile \ -o -name Makefile.in \ -o -name Makefile.in.bak \ -o -name Makefile.am \ -o -name NTMakefile \ -o -name .cvsignore \)" \ ) (cd ${WRKSRC} && \ ${INSTALL_DATA} AUTHORS ChangeLog INSTALL.TXT README ${STAGEDIR}${STD_DOCDIR}) ${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${STAGEDIR}${STD_DOCDIR} ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/sasl2/*.so ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/*.so # Install sample database ${LN} -s ${STAGEDIR}${PREFIX}/lib/libsasl2.so.3.0.0 ${LOCALBASE}/lib/libsasl2.so.3 ${LN} -s ${STAGEDIR}${PREFIX}/lib/sasl2 ${LOCALBASE}/lib/sasl2 ${ECHO_CMD} test | ${STAGEDIR}${PREFIX}/sbin/saslpasswd2 -p -c -f ${STAGEDIR}${PREFIX}/etc/sasldb2.sample cyrus ${RM} ${LOCALBASE}/lib/sasl2 ${RM} ${LOCALBASE}/lib/libsasl2.so.3 post-configure: # work around horrible libtool ${REINPLACE_CMD} -e "/^archive_cmds=/ \ s|linkopts|linkopts -Wl,-R,${BDB_LIB_DIR}:${OPENSSLRPATH}|" \ ${WRKSRC}/libtool [FILE:460:descriptions/desc.primary] The Cyrus SASL (Simple Authentication and Security Layer) SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection. [FILE:54:descriptions/desc.tools] This package contains tools based on sasl2 libraries. [FILE:103:distinfo] 7ccfc6abd01ed67c1a0924b353e526f1b766b21f42d4562ee635a8ebfc5bb38c 4034803 cyrus-sasl-2.1.28.tar.gz [FILE:631:manifests/plist.primary] lib/ libsasl2.la libsasl2.so.%%SOMAJOR%% libsasl2.so.%%SOVERSION%% lib/sasl2/ libanonymous.la libanonymous.so.%%SOMAJOR%% libanonymous.so.%%SOVERSION%% libcrammd5.la libcrammd5.so.%%SOMAJOR%% libcrammd5.so.%%SOVERSION%% libdigestmd5.la libdigestmd5.so.%%SOMAJOR%% libdigestmd5.so.%%SOVERSION%% liblogin.la liblogin.so.%%SOMAJOR%% liblogin.so.%%SOVERSION%% libntlm.la libntlm.so.%%SOMAJOR%% libntlm.so.%%SOVERSION%% libplain.la libplain.so.%%SOMAJOR%% libplain.so.%%SOVERSION%% libsasldb.la libsasldb.so.%%SOMAJOR%% libsasldb.so.%%SOVERSION%% libscram.la libscram.so.%%SOMAJOR%% libscram.so.%%SOVERSION%% [FILE:373:manifests/plist.dev] include/sasl/ hmac-md5.h md5.h md5global.h prop.h sasl.h saslplug.h saslutil.h lib/ libsasl2.a libsasl2.so lib/pkgconfig/libsasl2.pc lib/sasl2/ libanonymous.a libanonymous.so libcrammd5.a libcrammd5.so libdigestmd5.a libdigestmd5.so liblogin.a liblogin.so libntlm.a libntlm.so libplain.a libplain.so libsasldb.a libsasldb.so libscram.a libscram.so [FILE:895:manifests/plist.man] share/man/man3/ sasl.3 sasl_authorize_t.3 sasl_auxprop.3 sasl_auxprop_getctx.3 sasl_auxprop_request.3 sasl_callbacks.3 sasl_canon_user_t.3 sasl_chalprompt_t.3 sasl_checkapop.3 sasl_checkpass.3 sasl_client_init.3 sasl_client_new.3 sasl_client_start.3 sasl_client_step.3 sasl_decode.3 sasl_dispose.3 sasl_done.3 sasl_encode.3 sasl_encodev.3 sasl_errdetail.3 sasl_errors.3 sasl_errstring.3 sasl_getconfpath_t.3 sasl_getopt_t.3 sasl_getpath_t.3 sasl_getprop.3 sasl_getrealm_t.3 sasl_getsecret_t.3 sasl_getsimple_t.3 sasl_global_listmech.3 sasl_idle.3 sasl_listmech.3 sasl_log_t.3 sasl_server_init.3 sasl_server_new.3 sasl_server_start.3 sasl_server_step.3 sasl_server_userdb_checkpass_t.3 sasl_server_userdb_setpass_t.3 sasl_setpass.3 sasl_setprop.3 sasl_user_exists.3 sasl_verifyfile_t.3 share/man/man8/ pluginviewer.8 sasldblistusers2.8 saslpasswd2.8 [FILE:4070:manifests/plist.docs] share/doc/cyrus-sasl/ AUTHORS ChangeLog INSTALL.TXT README Sendmail.README share/doc/cyrus-sasl/html/ developer.html download.html genindex.html getsasl.html index.html objects.inv operations.html packager.html search.html searchindex.js setup.html support.html share/doc/cyrus-sasl/html/_static/ basic.css cyrus.css doctools.js documentation_options.js file.png graphviz.css headimg.gif jquery-%%JQUERY%%.js jquery.js language_data.js minus.png plus.png pygments.css searchtools.js underscore-%%UNDERSCORE%%.js underscore.js share/doc/cyrus-sasl/html/_static/css/ badge_only.css theme.css share/doc/cyrus-sasl/html/_static/event_notifications/ AclChange.json ApplePushService.json CalendarAlarm.json FlagsClear.json FlagsSet.json Login.json Logout.json MailboxCreate.json MailboxDelete.json MailboxRename.json MailboxSubscribe.json MailboxUnSubscribe.json MessageAppend.json MessageCopy.json MessageExpunge.json MessageMove.json MessageNew.json MessageRead.json MessageTrash.json QuotaChange.json QuotaExceed.json QuotaWithin.json share/doc/cyrus-sasl/html/_static/fonts/ Inconsolata-Bold.ttf Inconsolata.ttf Lato-Bold.ttf Lato-Regular.ttf RobotoSlab-Bold.ttf RobotoSlab-Regular.ttf fontawesome-webfont.eot fontawesome-webfont.svg fontawesome-webfont.ttf fontawesome-webfont.woff share/doc/cyrus-sasl/html/_static/js/ modernizr.min.js theme.js share/doc/cyrus-sasl/html/sasl/ advanced.html appconvert.html authentication_mechanisms.html auxiliary_properties.html components.html concepts.html faq.html gssapi.html installation.html macosx.html manpages.html options.html os390.html pwcheck.html quickstart.html resources.html sysadmin.html upgrading.html windows.html share/doc/cyrus-sasl/html/sasl/developer/ installation.html plugprog.html programming.html testing.html share/doc/cyrus-sasl/html/sasl/faqs/ authorize-vs-authenticate.html crammd5-digestmd5-scram.html openldap-sasl-gssapi.html plaintextpasswords.html rfcs.html upgrade-saslv2.html share/doc/cyrus-sasl/html/sasl/reference/manpages/template.html share/doc/cyrus-sasl/html/sasl/reference/manpages/library/ sasl.html sasl_authorize_t.html sasl_auxprop.html sasl_auxprop_add_plugin.html sasl_auxprop_getctx.html sasl_auxprop_request.html sasl_callbacks.html sasl_canon_user_t.html sasl_canonuser_add_plugin.html sasl_chalprompt_t.html sasl_checkapop.html sasl_checkpass.html sasl_client_add_plugin.html sasl_client_done.html sasl_client_init.html sasl_client_new.html sasl_client_plug_init_t.html sasl_client_start.html sasl_client_step.html sasl_decode.html sasl_decode64.html sasl_dispose.html sasl_done.html sasl_encode.html sasl_encode64.html sasl_encodev.html sasl_erasebuffer.html sasl_errdetail.html sasl_errors.html sasl_errstring.html sasl_getcallback_t.html sasl_getconfpath_t.html sasl_getopt_t.html sasl_getpath_t.html sasl_getprop.html sasl_getrealm_t.html sasl_getsecret_t.html sasl_getsimple_t.html sasl_global_listmech.html sasl_idle.html sasl_listmech.html sasl_log_t.html sasl_server_add_plugin.html sasl_server_done.html sasl_server_init.html sasl_server_new.html sasl_server_plug_init_t.html sasl_server_start.html sasl_server_step.html sasl_server_userdb_checkpass_t.html sasl_server_userdb_setpass_t.html sasl_set_alloc.html sasl_set_mutex.html sasl_seterror.html sasl_setpass.html sasl_setprop.html sasl_user_exists.html sasl_usererr.html sasl_utf8verify.html sasl_verifyfile_t.html share/doc/cyrus-sasl/html/sasl/release-notes/index.html share/doc/cyrus-sasl/html/sasl/release-notes/1/index.html share/doc/cyrus-sasl/html/sasl/release-notes/2.0/index.html share/doc/cyrus-sasl/html/sasl/release-notes/2.1/index.html share/doc/cyrus-sasl/legacy/ TODO advanced.html appconvert.html components.html gssapi.html index.html install.html macosx.html mechanisms.html options.html os390.html plugprog.html programming.html readme.html server-plugin-flow.fig sysadmin.html testing.txt upgrading.html windows.html [FILE:78:manifests/plist.tools] @sample etc/sasldb2.sample sbin/ pluginviewer sasldblistusers2 saslpasswd2 [FILE:1733:patches/patch-configure] --- configure.orig 2022-02-18 21:53:52 UTC +++ configure @@ -15244,6 +15244,8 @@ else SASLAUTHD_TRUE='#' SASLAUTHD_FALSE= fi +SASLAUTHD_TRUE='#' +SASLAUTHD_FALSE= { $as_echo "$as_me:${as_lineno-$LINENO}: checking if I should include saslauthd" >&5 $as_echo_n "checking if I should include saslauthd... " >&6; } @@ -16859,6 +16861,7 @@ fi gssapi_dir="${gssapi}/lib" GSSAPIBASE_LIBS="-L$gssapi_dir" GSSAPIBASE_STATIC_LIBS="-L$gssapi_dir" + gssapi_bindir="${gssapi}/bin/" else # FIXME: This is only used for building cyrus, and then only as # a real hack. it needs to be fixed. @@ -16878,7 +16881,7 @@ if ${ac_cv_lib_gssapi_gss_unwrap+:} fals $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lgssapi ${GSSAPIBASE_LIBS} -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err ${LIB_SOCKET} $LIBS" +LIBS="${GSSAPIBASE_LIBS} `${gssapi_bindir}krb5-config --libs gssapi` $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -17138,7 +17141,7 @@ fi GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a" elif test "$gss_impl" = "heimdal"; then CPPFLAGS="$CPPFLAGS" - GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err" + GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS `${gssapi_bindir}krb5-config --libs gssapi`" GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_STATIC_LIBS $gssapi_dir/libgssapi.a $gssapi_dir/libkrb5.a $gssapi_dir/libasn1.a $gssapi_dir/libroken.a $gssapi_dir/libcom_err.a ${LIB_CRYPT}" elif test "$gss_impl" = "cybersafe03"; then # Version of CyberSafe with two libraries [FILE:294:patches/patch-lib_saslutil.c] --- lib/saslutil.c.orig 2022-02-18 21:50:42 UTC +++ lib/saslutil.c @@ -56,12 +56,8 @@ #include #include #include -#ifdef HAVE_UNISTD_H #include -#endif -#ifdef HAVE_TIME_H #include -#endif #include "saslint.h" #include [FILE:216:patches/patch-plugins_cram.c] --- plugins/cram.c.orig 2022-02-18 21:50:42 UTC +++ plugins/cram.c @@ -48,6 +48,7 @@ #include #include #include +#include #ifndef macintosh #include #endif [FILE:348:patches/patch-plugins_gssapi.c] --- plugins/gssapi.c.orig 2022-02-18 21:53:25 UTC +++ plugins/gssapi.c @@ -1668,8 +1668,10 @@ static int gssapi_client_mech_step(void if (clientoutlen) *clientoutlen = 0; +#if 0 params->utils->log(params->utils->conn, SASL_LOG_DEBUG, "GSSAPI client step %d", text->state); +#endif switch (text->state) { [FILE:718:patches/patch-utils__Makefile.in] --- utils/Makefile.in.orig 2022-02-18 21:53:55 UTC +++ utils/Makefile.in @@ -495,7 +495,7 @@ top_srcdir = @top_srcdir@ all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) @NO_SASL_DB_MANS_FALSE@man_MANS = saslpasswd2.8 sasldblistusers2.8 pluginviewer.8 -@NO_SASL_DB_MANS_TRUE@man_MANS = +@NO_SASL_DB_MANS_TRUE@man_MANS = pluginviewer.8 saslpasswd2_LDADD = ../sasldb/libsasldb.la $(all_sasl_libs) saslpasswd2_SOURCES = saslpasswd.c sasldblistusers2_LDADD = ../sasldb/libsasldb.la $(all_sasl_libs) [FILE:2307:files/Sendmail.README] How to enable SMTP AUTH with FreeBSD default Sendmail 1) Add the following to /etc/make.conf: # Add SMTP AUTH support to Sendmail SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+= -lsasl2 2) Rebuild FreeBSD (make buildworld, ...) 3) Make sure that the pwcheck_method is correct in Sendmail.conf. Sendmail.conf (${PREFIX}/lib/sasl2/Sendmail.conf) is created by the cyrus-sasl2 ports during installation. It may have pwcheck_method set to saslauthd by default. Change this to what is appropriate for your site. 4) Add the following to your sendmail.mc file: dnl The group needs to be mail in order to read the sasldb2 file define(`confRUN_AS_USER',`root:mail')dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl 5) Add the following before FEATURE(msp) in your submit.mc file: DAEMON_OPTIONS(`Name=NoMTA, Addr=127.0.0.1, M=EA')dnl This disables SMTP AUTH on the loopback interface. Otherwise you may get the following error in the log: error: safesasl(/usr/local/etc/sasldb2) failed: Group readable file when sending mail locally (seen when using pine locally on same server). ---- Additional AUTH Mechanisms are LOGIN, PLAIN, GSSAPI, and KERBEROS_V4. These can be added to TRUST_AUTH_MECH and confAUTH_MECHANISMS as a space seperated list. You may want to restrict LOGIN, and PLAIN authentication methods for use with STARTTLS, as the password is not encrypted when passed to sendmail. LOGIN is required for Outlook Express users. "My server requires authentication" needs to be checked in the accounts properties to use SASL Authentication. PLAIN is required for Netscape Communicator users. By default Netscape Communicator will use SASL Authentication when sendmail is compiled with SASL and will cause your users to enter their passwords each time they retreive their mail (NS 4.7). The DONT_BLAME_SENDMAIL option GroupReadableSASLDBFile is needed when you are using cyrus-imapd and sendmail on the same server that requires access to the sasldb2 database. SASLv2 support of Sendmail is starting with 8.12.4.