cyrus-sasl-2.1.27-150300.4.6.1<>,>Hbp9|7_7| cLٱfHFJ%⺺l au7>ix H 6?YM۽tY,[@^e6b*h i]`ґ)\Em{ +v+ r 8%@h_- 2/ŒLRkSz Q~Wu4`cX=ۙPKe[_|*P[ysjh>wbo.)&fYl7{bIؠ"iB z1@NH>u OR}+&oXqeR>E+?+d  ! B 5Spv}p$|   ,     `  < d  $ l4`ds(t8| 9 : =>FGH`IXY\]h^ b!Yc"d"e"f"l"u"v" w) x)dy)9z*****Ccyrus-sasl2.1.27150300.4.6.1Implementation of Cyrus SASL APIThis is the Cyrus SASL API. It can be used on the client or server side to provide authentication. See RFC 2222 for more information.bgoat18nSUSE Linux Enterprise 15SUSE LLC BSD-4-Clausehttps://www.suse.com/Productivity/Networking/Otherhttp://asg.web.cmu.edu/sasl/linuxx86_64#Convert password file from berkely into gdbm #In %pre the existing file will be dumped out if /usr/bin/db_verify /etc/sasldb2 &> /dev/null ; then cat < /var/adm/update-scripts/saslpw.awk { split(\$0,b,/\\\00/) if( b[3] == "userPassword" ) { user=b[1] domain=b[2] } else { if( user != "" ) { printf("echo '%s' | saslpasswd2 -p -u %s %s\n",substr(b[1],2),user,domain) user = "" domain = "" } } } EOF db_dump -p /etc/sasldb2 | gawk -f /var/adm/update-scripts/saslpw.awk > /var/adm/update-scripts/saslpwd rm -f /var/adm/update-scripts/saslpw.awk mv /etc/sasldb2 /etc/sasldb2-back fiif [ -e /var/adm/update-scripts/saslpwd ]; then chmod 755 /var/adm/update-scripts/saslpwd /var/adm/update-scripts/saslpwd rm -f /var/adm/update-scripts/saslpwd fiKJIIi:xJ :PE AAA큤bbbbbbbbbbbbbbbbbVbbbb6b931e085706b00832549ceab9a4550d1ea22722b074ea6a98117161814c13a3d88f840298ed91685e752ab41b7179b13434b198c0722d972c360854b87c01c0c1590afc97effe9212ed812e06d5c03df7cfa199bf788e960518c9ca9e03c31d10b72003afdbd5030300038682c92fd9372d1b4aa70e62302523d5f9d32e28c7f55f3571094aebd0a1236ea41917fc58bf24100e1e6e45a085ece2accd80ad86585a1550f32e0d96c9dbff574a979c4a2e3beaf150e23095878ac638c793be879514e7eac367e44943f67eb349103e37d3c57f308efb593e01cf4c36fb28437d2edab2d54effa5cfbfee85ebd5364ca7d7939a161bfdc9e1a1c45be5ff21abcd9d6e5d1632140a6c135b251260953650d17d87cd1124f87aaf72192aa4580d4b78f12bf65507f64978b7cd7feaa20a18d5caea491d226c9c0c38935fbe9cfced8dadac1f5c0dc87a4eb46e9558f4a613acb981dd52f8e6f0e503744f626ca0f0ea80324cf7a1ab202088019bf0fcdc2d0e672aa8be79f85c7bce2a9e2fe5fada9357843e3f54c262fa9d3b746686739a03c9a94c7be51b5731d5944f50df0b9blibanonymous.so.3.0.0libanonymous.so.3.0.0liblogin.so.3.0.0liblogin.so.3.0.0libsasldb.so.3.0.0libsasldb.so.3.0.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcyrus-sasl-2.1.27-150300.4.6.1.src.rpmcyrus-saslcyrus-sasl(x86-64)libanonymous.so.3()(64bit)liblogin.so.3()(64bit)libsasldb.so.3()(64bit)@@@@@@@@@@@@    /bin/sh/bin/shlibc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libgdbm.so.4()(64bit)libgssapi_krb5.so.2()(64bit)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)libsasl2.so.3()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-1cyrus-sasl-bdb4.14.3b~a@_I@_j^;]߶\X)@Y@@Xg@XVhT@Tw@varkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comscabrero@suse.demichael@stroeder.comvarkoly@suse.comvcizek@suse.commichael@stroeder.comvarkoly@suse.combwiedemann@suse.comvarkoly@suse.comjengelh@inai.de- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036) o add upstream patch: 0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch- postfix: sasl authentication with password fails (bsc#1194265) Add config parameter --with-dblib=gdbm - Avoid converting of /etc/sasldb2 by every update. Convert /etc/sasldb2 only if it is a Berkeley DB- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root due to insecure tmp file usage. (bsc#1180669) Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary files.- Remove Berkeley DB dependency (JIRA#SLE-12190) The packages cyrus-sasl and cyrus-sasl-saslauthd are built without Berkely DB support. gdbm will be used instead of BDB. The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built with Berkely DB support. - Update to 2.1.27 * Added support for OpenSSL 1.1 * Added support for lmdb * Lots of build fixes * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech * DIGEST-MD5 plugin: Fixed memory leaks Fixed a segfault when looking for non-existent reauth cache Prevent client from going from step 3 back to step 2 Allow cmusaslsecretDIGEST-MD5 property to be disabled * GSSAPI plugin: Added support for retrieving negotiated SSF Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF Properly compute maxbufsize AFTER security layers have been set * SCRAM plugin: Added support for SCRAM-SHA-256 * LOGIN plugin: Don’t prompt client for password until requested by server * NTLM plugin: Fixed crash due to uninitialized HMAC context - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - bsc#983938 `After=syslog.target` left-overs in several unit files - added patches: fix_libpq-fe_include.diff for fixing including libpq-fe.h - removed patches obsoleted by upstream changes: * shared_link_on_ppc.patch * cyrus-sasl-2.1.27-openssl-1.1.0.patch * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch * 0003-Check-return-error-from-gss_wrap_size_limit.patch * 0004-Add-support-for-retrieving-the-mech_ssf.patch * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch * cyrus-sasl-fix-logging-in-gssapi.patch- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch - Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch- added backport-patch cyrus-sasl-bug587.patch which fixes off-by-one error in _sasl_add_string function (see CVE-2019-19906 bsc#1159635)- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1" By server context the connection will be sent to the log function. Client content does not have log level information. I.e. there is no way to stop DEBUG level logs nece I've removed it. * add cyrus-sasl-fix-logging-in-gssapi.patch- OpenSSL 1.1 support (bsc#1055463) * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora- added cyrus-sasl-issue-402.patch to fix SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402 (see https://github.com/cyrusimap/cyrus-sasl/issues/402)- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5- really use SASLAUTHD_PARAMS variable (bnc#938657)- bnc#908883 cyrus-sasl-scram refers to wrong RFC- Make sure /usr/sbin/rcsaslauthd exists/bin/sh/bin/shgoat18 1645520569 2.1.27-150300.4.6.12.1.27-150300.4.6.1sasl2cyrus_sasl_sample_clientcyrus_sasl_sample_serversasl2libanonymous.solibanonymous.so.3libanonymous.so.3.0.0liblogin.soliblogin.so.3liblogin.so.3.0.0libsasldb.solibsasldb.so.3libsasldb.so.3.0.0pluginviewersasldblistusers2saslpasswd2cyrus-saslCOPYINGsasl.3.gzpluginviewer.8.gzsasldblistusers2.8.gzsaslpasswd2.8.gz/etc//usr/bin//usr/lib64//usr/lib64/sasl2//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/cyrus-sasl//usr/share/man/man3//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:22965/SUSE_SLE-15-SP3_Update/f31563e28dd2787f23e8d4a931ea78b6-cyrus-sasl.SUSE_SLE-15-SP3_Updatedrpmxz5x86_64-suse-linux directoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=2c5b68ba96d425d11099a86d6257bda18766ea3b, for GNU/Linux 3.2.0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=add7c3fd50605db2420006a9000add058ec54658, for GNU/Linux 3.2.0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5505d62d41a19f6a576339530c03086e24eb3aac, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=703fb4bed20b0c8ba45605a2e37f96b81f099958, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d3008da6e0fb05d88b47816e2059dc5279ca649f, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=c8bac0b0ed3ff944ae90768306e1d58f6ca150a6, for GNU/Linux 3.2.0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=236d7d1aa0e6c6839636248a8022b14e7818e787, for GNU/Linux 3.2.0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=47edf4f6c3f0d3b2c7eae98b1dbbc5916b63d9a7, for GNU/Linux 3.2.0, strippedASCII texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)',3 RR RRRR RR RR RRRRR R RPRRRRRRPRRRRRRPRRRRRR RRRRR RRRRRR R RRRRRR RWIR'lx]utf-82f21eedd51a8257874582489edc1eb3eb94396d7c1cbf749b5dde9dda6a0c393?7zXZ !t/!]"k%[,Zz?d0wIL`V!eZ $U1O哛?1/;P3QTO~5:}Z8 n\GKjFl؅B^d$Jj" kïSM*`͜e7l9^/|-ITXy%$>-\& j2wBQf.4yWa o@Kt}>,I-~.6I|Ŷg`@҅49@إ6o`%[8VAZ|MG,Es-W}KO':7UBmuJ/2c-ɣu@!qGiH[":ʶ=4}c(%7$$Bևgyf?+: 0Y|!e(H ugg]v"f,Ӛ? OO:=[,r nue[AqOC(F9>o*Zc~R|j^#Ndct,@9|Ufch{- /yǘχOeF 9Wd(H3pmabfhwJ "~ND 4h(kE$_$Y#o78ukU'!fdJBgP9Uaٽ\\z[nRikűFVMs]Oq@a˞txv)iW¦۴/@@-_қ_G#S"Z @k(]42ӵ!Eu-%zEScR?$!v|FG{~3eמh lt8ݏa""L2~%K75= X [Q K63*D*$(RSmP>+Awhj ( ͣUÕxzV r Yw?v8kDrK_tZU "i7LʹBEԀqTzf\F勥xvg7ܩ hu(DT7`kl,vN'',4;43nY7b&lAb׹I\~.}$Ers5-qaz?sP_KOx;9"`rĐ49̲1Y?TŢ~M,E.^jL}殂S}'V>I z`쉇4|#8 :qc )?y#mO@ip\s}j~wek/ ):W 5*"6e}]%u)X?{0'xD,Љ%!g^yvw,Ҵu`4s`_ 3zN<'jHYm#3G/@7s˥\\㼶RilҐ]K4c&GSnRo ~J* WR{|tXwO\QAtIaW-c/Ig1zmD{=N\zB*d0@{ A$OL0pPrj†ߤ'Ǎk!qH6;D$=•_9n74CuzMo6⪲܂"֩bk^"QZZvO*_`G#`J/o⍰/QkbmV98\l)/SW "ئ2O,Htnu2MKJ~"6%G S{eU]a1 i> ㋓(E졈?5qǯ|| WxŖϱI)]?CU,eV20_^H*S2 ]:Y5!JX9Q" V[K0t;_kծ^?Ԁḿ [.ެVIЙl9n%a':q!>iBJX5":\riIp|.eh {L"A#>)tbTxX=&rh`\EG/s 4epl4wVrͼܵ$Q C4d! YZ