Update to cyrus-sasl-2.1.27.

This survived a bulk but only got light testing. Getting this in early to get feedback about potential regressions. Please *test* :-)
2018-11-19 08:24:23 +00:00 · 2018-11-19 08:24:23 +00:00 · d5f7a3c543
commit d5f7a3c543
parent aa86769788
19 changed files with 182 additions and 210 deletions
--- a/security/cyrus-sasl2/Makefile
+++ b/security/cyrus-sasl2/Makefile
@ -1,14 +1,13 @@
-# $OpenBSD: Makefile,v 1.103 2018/11/18 16:09:52 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.104 2018/11/19 08:24:23 ajacoutot Exp $

 # XXX merge this patch and rid of the dot.la files?
 https://git.archlinux.org/svntogit/packages.git/tree/trunk/0030-dont_use_la_files_for_opening_plugins.patch?h=packages/cyrus-sasl

 COMMENT=		RFC 2222 SASL (Simple Authentication and Security Layer)

-DISTNAME=		cyrus-sasl-2.1.26
-REVISION=		26
+DISTNAME=		cyrus-sasl-2.1.27

-SHARED_LIBS +=  sasl2                3.0      # 3.0
+SHARED_LIBS +=  sasl2                3.1      # 3.0

 CATEGORIES=		security

@ -23,15 +22,17 @@ MASTER_SITES=		ftp://ftp.cyrusimap.org/cyrus-sasl/

 WANTLIB += c crypto

-COMPILER =		base-clang ports-gcc base-gcc
-
-MODGNU_CONFIG_GUESS_DIRS=${WRKSRC}/config ${WRKSRC}/saslauthd/config
+COMPILER=		base-clang ports-gcc base-gcc

 CONFIGURE_STYLE=	gnu
+
 CONFIGURE_ENV=		CPPFLAGS="-I${LOCALBASE}/include" \
-			LIBS="-L${LOCALBASE}/lib"
+			LIBS="-L${LOCALBASE}/lib" \
+			ac_cv_prog_CC_FOR_BUILD="${CC}" \
+
 CONFIGURE_ARGS=		--enable-static \
 			--without-pam \
+			--without-sphinx-build \
 			--without-sqlite \
 			--with-saslauthd="/var/sasl2" \
 			--with-plugindir=${PREFIX}/lib/sasl2 \
@ -42,6 +43,8 @@ CONFIGURE_ARGS=		--enable-static \

 CFLAGS +=		-fPIC

+USE_GMAKE=		Yes
+
 FLAVORS=		db4 gssapi ldap mysql pgsql sqlite3
 FLAVOR?=

@ -69,7 +72,7 @@ WANTLIB += heimdal/lib/heimsqlite
 LIB_DEPENDS +=		databases/openldap
 CONFIGURE_ARGS +=	--with-ldap=${LOCALBASE} \
 			--enable-ldapdb
-WANTLIB += lber lber-2.4 ldap ldap-2.4 ssl
+WANTLIB += lber ldap ssl
 .else
 CONFIGURE_ARGS +=	--without-ldap
 .endif
@ -84,7 +87,7 @@ PKG_ARGS=		-Dsql=0

 .if ${FLAVOR:Mmysql}
 LIB_DEPENDS +=		databases/mariadb
-WANTLIB+= m pthread ssl ${COMPILER_LIBCXX} z lib/mysql/mysqlclient
+WANTLIB+= m pthread ssl z lib/mysql/mysqlclient
 .else
 CONFIGURE_ARGS +=	--without-mysql
 .endif
@ -112,7 +115,6 @@ pre-configure:
 post-install:
 	rm ${PREFIX}/lib/sasl2/*.a
 	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/cyrus-sasl
-	${INSTALL_DATA} ${WRKSRC}/doc/{*.html,*.txt} ${PREFIX}/share/doc/cyrus-sasl
 	${INSTALL_DATA_DIR} ${PREFIX}/share/examples/cyrus-sasl
 	${INSTALL_DATA} ${FILESDIR}/Sendmail.conf-sql \
 		${PREFIX}/share/examples/cyrus-sasl
--- a/security/cyrus-sasl2/distinfo
+++ b/security/cyrus-sasl2/distinfo
@ -1,2 +1,2 @@
-SHA256 (cyrus-sasl-2.1.26.tar.gz) = j7xRNlErWbt5Nlfzb63aY1nK47CPAf0Ws9QG8TRbe8M=
-SIZE (cyrus-sasl-2.1.26.tar.gz) = 5220231
+SHA256 (cyrus-sasl-2.1.27.tar.gz) = JoZrFUmwD/0CDxiKQ8JYAX+hw4Kz3a3YIBU29y77BdU=
+SIZE (cyrus-sasl-2.1.27.tar.gz) = 4111249
--- a/security/cyrus-sasl2/patches/patch-common_Makefile_in
+++ b/security/cyrus-sasl2/patches/patch-common_Makefile_in
@ -0,0 +1,24 @@
+$OpenBSD: patch-common_Makefile_in,v 1.1 2018/11/19 08:24:23 ajacoutot Exp $
+
+GNU libtool says:
+libtool: link: warning: `-version-info/-version-number' is ignored for convenience libraries
+crypto_compat_version is not defined which makes our libtool(1)
+exit with an error, so just drop things that should be ignored
+See: https://www.gnu.org/software/libtool/manual/html_node/Static-libraries.html
+
+Index: common/Makefile.in
+--- common/Makefile.in.orig
+++ common/Makefile.in
+@@ -431,10 +431,10 @@ plugin_common_version = 3:0:0
+ AM_CPPFLAGS = -fPIC -I$(top_srcdir)/include -I$(top_builddir)/include
+ noinst_LTLIBRARIES = libplugin_common.la libcrypto_compat.la
+ libplugin_common_la_SOURCES = plugin_common.c plugin_common.h
+-libplugin_common_la_LDFLAGS = -version-info $(plugin_common_version) -no-undefined
+libplugin_common_la_LDFLAGS = -no-undefined
+ libplugin_common_la_LIBADD = $(LIB_SOCKET)
+ libcrypto_compat_la_SOURCES = crypto-compat.c crypto-compat.h
+-libcrypto_compat_la_LDFLAGS = -version-info $(crypto_compat_version) -no-undefined
+libcrypto_compat_la_LDFLAGS = -no-undefined
+ all: all-am
+ 
+ .SUFFIXES:
--- a/security/cyrus-sasl2/patches/patch-configure
+++ b/security/cyrus-sasl2/patches/patch-configure
@ -1,21 +1,21 @@
-$OpenBSD: patch-configure,v 1.15 2015/12/11 06:35:35 ajacoutot Exp $
--- configure.orig	Tue Nov  6 20:21:37 2012
-+++ configure	Thu Dec 10 14:46:10 2015
-@@ -12571,7 +12571,7 @@ if test "${ac_cv_lib_gssapi_gss_unwrap+set}" = set; th
-   $as_echo_n "(cached) " >&6
+$OpenBSD: patch-configure,v 1.16 2018/11/19 08:24:23 ajacoutot Exp $
+
+Index: configure
+--- configure.orig
+++ configure
+@@ -17051,6 +17051,7 @@ if ${ac_cv_lib_gssapi_gss_unwrap+:} false; then :
 else
   ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgssapi ${GSSAPIBASE_LIBS} -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err ${LIB_SOCKET} $LIBS"
+ LIBS="-lgssapi ${GSSAPIBASE_LIBS} -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err ${LIB_SOCKET} $LIBS"
 +LIBS="`krb5-config --libs gssapi` $LIBS"
- cat >conftest.$ac_ext <<_ACEOF
- /* confdefs.h.  */
- _ACEOF
-@@ -13047,7 +13047,7 @@ fi
-     GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a ${K5SUPSTATIC}"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+ 
+@@ -17310,6 +17311,7 @@ fi
+     GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a"
   elif test "$gss_impl" = "heimdal"; then
-     CPPFLAGS="$CPPFLAGS -DKRB5_HEIMDAL"
-    GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err"
+     CPPFLAGS="$CPPFLAGS"
 +    GSSAPIBASE_LIBS="`krb5-config --libs gssapi`"
+     GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err"
     GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_STATIC_LIBS $gssapi_dir/libgssapi.a $gssapi_dir/libkrb5.a $gssapi_dir/libasn1.a $gssapi_dir/libroken.a $gssapi_dir/libcom_err.a ${LIB_CRYPT}"
   elif test "$gss_impl" = "cybersafe03"; then
- # Version of CyberSafe with two libraries
--- a/security/cyrus-sasl2/patches/patch-lib_checkpw_c
+++ b/security/cyrus-sasl2/patches/patch-lib_checkpw_c
@ -1,14 +0,0 @@
-$OpenBSD: patch-lib_checkpw_c,v 1.3 2017/07/14 15:01:09 giovanni Exp $
-Fix interoperability with courier-authdaemond
-https://github.com/cyrusimap/cyrus-sasl/commit/e0009121390ba3ec4d3d88da8d57d4df13788e86
-Index: lib/checkpw.c
--- lib/checkpw.c.orig
-+++ lib/checkpw.c
-@@ -588,6 +588,7 @@ static int read_wait(int fd, unsigned delta)
- 	    errno = ETIMEDOUT;
- 	    return -1;
- 	case +1:
-+	case +2:
- 	    if (FD_ISSET(fd, &rfds)) {
- 		/* Success, file descriptor is readable. */
- 		return 0;
--- a/security/cyrus-sasl2/patches/patch-lib_saslutil_c
+++ b/security/cyrus-sasl2/patches/patch-lib_saslutil_c
@ -1,17 +1,18 @@
-$OpenBSD: patch-lib_saslutil_c,v 1.2 2016/06/17 09:43:35 ajacoutot Exp $
+$OpenBSD: patch-lib_saslutil_c,v 1.3 2018/11/19 08:24:23 ajacoutot Exp $

 64-bit time_t

--- lib/saslutil.c.orig	Fri Jun 17 11:34:42 2016
-+++ lib/saslutil.c	Fri Jun 17 11:37:28 2016
-@@ -288,9 +288,9 @@ int sasl_mkchal(sasl_conn_t *conn,
+Index: lib/saslutil.c
+--- lib/saslutil.c.orig
+++ lib/saslutil.c
+@@ -280,9 +280,9 @@ int sasl_mkchal(sasl_conn_t *conn,
   time(&now);
 
   if (hostflag && conn->serverFQDN)
-    snprintf(buf,maxlen, "<%lu.%lu@%s>", randnum, now, conn->serverFQDN);
-+    snprintf(buf,maxlen, "<%lu.%lld@%s>", randnum, now, conn->serverFQDN);
+-    snprintf(buf,maxlen, "<%lu.%lu@%s>", randnum, (unsigned long)now, conn->serverFQDN); /* don't care much about time 32bit overlap */
+    snprintf(buf,maxlen, "<%lu.%lld@%s>", randnum, now, conn->serverFQDN); /* don't care much about time 32bit overlap */
   else
-    snprintf(buf,maxlen, "<%lu.%lu>", randnum, now);
+-    snprintf(buf,maxlen, "<%lu.%lu>", randnum, (unsigned long)now);
 +    snprintf(buf,maxlen, "<%lu.%lld>", randnum, now);
 
   return (int) strlen(buf);
--- a/security/cyrus-sasl2/patches/patch-libsasl2_pc_in
+++ b/security/cyrus-sasl2/patches/patch-libsasl2_pc_in
@ -1,13 +1,17 @@
-$OpenBSD: patch-libsasl2_pc_in,v 1.2 2013/06/17 19:31:09 ajacoutot Exp $
+$OpenBSD: patch-libsasl2_pc_in,v 1.3 2018/11/19 08:24:23 ajacoutot Exp $

 XXX push upstream:
 libdir will extend to: libdir = ${exec_prefix}/lib

--- libsasl2.pc.in.orig	Fri Oct 12 16:05:48 2012
-+++ libsasl2.pc.in	Thu May 30 02:21:24 2013
-@@ -1,3 +1,5 @@
+Index: libsasl2.pc.in
+--- libsasl2.pc.in.orig
+++ libsasl2.pc.in
+@@ -1,6 +1,8 @@
+ prefix=@prefix@
+ exec_prefix=@exec_prefix@
+ libdir=@libdir@
 +prefix = @prefix@
 +exec_prefix = @exec_prefix@
- libdir = @libdir@
+ includedir=@includedir@
 
 Name: Cyrus SASL
--- a/security/cyrus-sasl2/patches/patch-plugins_Makefile_in
+++ b/security/cyrus-sasl2/patches/patch-plugins_Makefile_in
@ -1,12 +1,14 @@
-$OpenBSD: patch-plugins_Makefile_in,v 1.3 2012/11/22 16:01:38 ajacoutot Exp $
--- plugins/Makefile.in.orig	Tue Nov 20 08:27:40 2012
-+++ plugins/Makefile.in	Tue Nov 20 08:27:51 2012
-@@ -364,7 +364,7 @@ top_srcdir = @top_srcdir@
+$OpenBSD: patch-plugins_Makefile_in,v 1.4 2018/11/19 08:24:23 ajacoutot Exp $
+
+Index: plugins/Makefile.in
+--- plugins/Makefile.in.orig
+++ plugins/Makefile.in
+@@ -494,7 +494,7 @@ top_srcdir = @top_srcdir@
 # CURRENT:REVISION:AGE
 plugin_version = 3:0:0
- INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include
-AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version)
-+AM_LDFLAGS = -module -avoid-version -export-dynamic -rpath $(plugindir) -version-info $(plugin_version)
- COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@
- EXTRA_DIST = makeinit.sh NTMakefile
- noinst_SCRIPTS = makeinit.sh
+ AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_srcdir)/common -I$(top_builddir)/include
+-AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version) -no-undefined
+AM_LDFLAGS = -module -avoid-version -export-dynamic -rpath $(plugindir) -version-info $(plugin_version) -no-undefined
+ @BUILD_LIBOBJ_TRUE@COMPAT_OBJS = $(top_builddir)/lib/libobj.la
+ PLUGIN_COMMON_OBJS = $(top_builddir)/common/libplugin_common.la
+ CRYPTO_COMPAT_OBJS = $(top_builddir)/common/libcrypto_compat.la
--- a/security/cyrus-sasl2/patches/patch-plugins_cram_c
+++ b/security/cyrus-sasl2/patches/patch-plugins_cram_c
@ -1,10 +1,11 @@
-$OpenBSD: patch-plugins_cram_c,v 1.1 2016/06/17 09:43:35 ajacoutot Exp $
+$OpenBSD: patch-plugins_cram_c,v 1.2 2018/11/19 08:24:23 ajacoutot Exp $

 64-bit time_t

--- plugins/cram.c.orig	Fri Jun 17 11:35:21 2016
-+++ plugins/cram.c	Fri Jun 17 11:35:27 2016
-@@ -137,7 +137,7 @@ static char *gettime(sasl_server_params_t *sparams)
+Index: plugins/cram.c
+--- plugins/cram.c.orig
+++ plugins/cram.c
+@@ -135,7 +135,7 @@ static char *gettime(sasl_server_params_t *sparams)
     
     /* the bottom bits are really the only random ones so if
        we overflow we don't want to loose them */
--- a/security/cyrus-sasl2/patches/patch-plugins_otp_c
+++ b/security/cyrus-sasl2/patches/patch-plugins_otp_c
@ -1,10 +1,11 @@
-$OpenBSD: patch-plugins_otp_c,v 1.3 2016/06/17 09:43:35 ajacoutot Exp $
+$OpenBSD: patch-plugins_otp_c,v 1.4 2018/11/19 08:24:23 ajacoutot Exp $

 64-bit time_t

--- plugins/otp.c.orig	Fri Jun 17 11:35:41 2016
-+++ plugins/otp.c	Fri Jun 17 11:36:05 2016
-@@ -615,7 +615,7 @@ static int make_secret(const sasl_utils_t *utils,
+Index: plugins/otp.c
+--- plugins/otp.c.orig
+++ plugins/otp.c
+@@ -645,7 +645,7 @@ static int make_secret(const sasl_utils_t *utils, cons
     bin2hex(otp, OTP_HASH_SIZE, buf);
     buf[2*OTP_HASH_SIZE] = '\0';
     
@ -13,7 +14,7 @@ $OpenBSD: patch-plugins_otp_c,v 1.3 2016/06/17 09:43:35 ajacoutot Exp $
 	    alg, seq, seed, buf, timeout);
     
     return SASL_OK;
-@@ -676,7 +676,7 @@ static int parse_secret(const sasl_utils_t *utils,
+@@ -706,7 +706,7 @@ static int parse_secret(const sasl_utils_t *utils,
 	    return SASL_FAIL;
 	}
 	
--- a/security/cyrus-sasl2/patches/patch-pwcheck_pwcheck_getpwnam_c
+++ b/security/cyrus-sasl2/patches/patch-pwcheck_pwcheck_getpwnam_c
@ -1,8 +1,10 @@
-$OpenBSD: patch-pwcheck_pwcheck_getpwnam_c,v 1.1 2016/06/17 09:43:35 ajacoutot Exp $
--- pwcheck/pwcheck_getpwnam.c.orig	Fri Jun 17 11:18:35 2016
-+++ pwcheck/pwcheck_getpwnam.c	Fri Jun 17 11:18:52 2016
-@@ -34,7 +34,7 @@ char *password;
-     char* r;
+$OpenBSD: patch-pwcheck_pwcheck_getpwnam_c,v 1.2 2018/11/19 08:24:23 ajacoutot Exp $
+
+Index: pwcheck/pwcheck_getpwnam.c
+--- pwcheck/pwcheck_getpwnam.c.orig
+++ pwcheck/pwcheck_getpwnam.c
+@@ -53,7 +53,7 @@ char *password;
+     char* crpt_passwd;
     struct passwd *pwd;
 
 -    pwd = getpwnam(userid);
--- a/security/cyrus-sasl2/patches/patch-sample_server_c
+++ b/security/cyrus-sasl2/patches/patch-sample_server_c
@ -1,19 +0,0 @@
-$OpenBSD: patch-sample_server_c,v 1.3 2015/12/11 06:35:35 ajacoutot Exp $
-
-XXX push upstream:
-gssapi/gssapi_ext.h is MIT specific, so including it with Heimdal can cause compilation problems
-
--- sample/server.c.orig	Sat Jan 28 00:31:36 2012
-+++ sample/server.c	Thu Jun 13 12:32:23 2013
-@@ -85,7 +85,11 @@
- 
- #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE
- #include <gssapi/gssapi.h>
-+# ifndef KRB5_HEIMDAL
-+#  ifdef HAVE_GSSAPI_GSSAPI_EXT_H
- #include <gssapi/gssapi_ext.h>
-+#  endif
-+# endif
- #endif
- 
- #include "common.h"
--- a/security/cyrus-sasl2/patches/patch-saslauthd_Makefile_in
+++ b/security/cyrus-sasl2/patches/patch-saslauthd_Makefile_in
@ -1,12 +1,13 @@
-$OpenBSD: patch-saslauthd_Makefile_in,v 1.14 2013/10/31 20:07:59 ajacoutot Exp $
+$OpenBSD: patch-saslauthd_Makefile_in,v 1.15 2018/11/19 08:24:23 ajacoutot Exp $

 Remove hand-rolled formatting, just install mdoc(7) source manual.

--- saslauthd/Makefile.in.orig	Tue Nov  6 20:21:45 2012
-+++ saslauthd/Makefile.in	Thu Oct 31 02:59:28 2013
-@@ -714,15 +714,9 @@ uninstall-am: uninstall-sbinPROGRAMS
- 	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
- 	uninstall-am uninstall-sbinPROGRAMS
+Index: saslauthd/Makefile.in
+--- saslauthd/Makefile.in.orig
+++ saslauthd/Makefile.in
+@@ -781,15 +781,9 @@ uninstall-am: uninstall-local uninstall-sbinPROGRAMS
+ 
+ .PRECIOUS: Makefile
 
 -
 -dist-hook: saslauthd.8
@ -20,5 +21,5 @@ Remove hand-rolled formatting, just install mdoc(7) source manual.
 -	$(INSTALL_DATA) $(srcdir)/saslauthd.8 $(DESTDIR)$(mandir)/man8/saslauthd.8
 +	$(INSTALL_DATA) $(srcdir)/saslauthd.mdoc $(DESTDIR)$(mandir)/man8/saslauthd.8
 
- # Tell versions [3.59,3.63) of GNU make to not export all variables.
- # Otherwise a system limit (for SysV at least) may be exceeded.
+ uninstall-local:
+ 	-rm -rf $(DESTDIR)$(mandir)/man8/saslauthd.8
--- a/security/cyrus-sasl2/patches/patch-saslauthd_auth_getpwent_c
+++ b/security/cyrus-sasl2/patches/patch-saslauthd_auth_getpwent_c
@ -1,7 +1,9 @@
-$OpenBSD: patch-saslauthd_auth_getpwent_c,v 1.1 2016/06/17 09:43:35 ajacoutot Exp $
--- saslauthd/auth_getpwent.c.orig	Fri Jun 17 11:13:38 2016
-+++ saslauthd/auth_getpwent.c	Fri Jun 17 11:14:11 2016
-@@ -81,7 +81,7 @@ auth_getpwent (
+$OpenBSD: patch-saslauthd_auth_getpwent_c,v 1.2 2018/11/19 08:24:23 ajacoutot Exp $
+
+Index: saslauthd/auth_getpwent.c
+--- saslauthd/auth_getpwent.c.orig
+++ saslauthd/auth_getpwent.c
+@@ -79,7 +79,7 @@ auth_getpwent (
     /* END VARIABLES */
   
     errno = 0;
--- a/security/cyrus-sasl2/patches/patch-saslauthd_auth_sasldb_c
+++ b/security/cyrus-sasl2/patches/patch-saslauthd_auth_sasldb_c
@ -1,11 +1,13 @@
-$OpenBSD: patch-saslauthd_auth_sasldb_c,v 1.2 2011/09/20 23:01:29 ajacoutot Exp $
--- saslauthd/auth_sasldb.c.orig	Thu Dec  3 20:07:03 2009
-+++ saslauthd/auth_sasldb.c	Mon Sep 19 09:35:57 2011
-@@ -40,6 +40,7 @@
+$OpenBSD: patch-saslauthd_auth_sasldb_c,v 1.3 2018/11/19 08:24:23 ajacoutot Exp $
+
+Index: saslauthd/auth_sasldb.c
+--- saslauthd/auth_sasldb.c.orig
+++ saslauthd/auth_sasldb.c
+@@ -36,6 +36,7 @@
 
 #include <string.h>
 #include <stdlib.h>
 +#include <unistd.h>
 #include <pwd.h>
 #include <config.h>
- /* END PUBLIC DEPENDENCIES */
+ #include <unistd.h>
--- a/security/cyrus-sasl2/patches/patch-saslauthd_configure
+++ b/security/cyrus-sasl2/patches/patch-saslauthd_configure
@ -1,12 +0,0 @@
-$OpenBSD: patch-saslauthd_configure,v 1.18 2013/10/31 19:42:45 schwarze Exp $
--- saslauthd/configure.orig	Tue Nov  6 20:21:44 2012
-+++ saslauthd/configure	Thu Oct 31 02:48:18 2013
-@@ -11717,7 +11717,7 @@ fi
- 
- 
- 
-  SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al"
-+  SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.a"
- fi
- 
- # Check whether --enable-httpform was given.
--- a/security/cyrus-sasl2/patches/patch-saslauthd_lak_c
+++ b/security/cyrus-sasl2/patches/patch-saslauthd_lak_c
@ -0,0 +1,57 @@
+$OpenBSD: patch-saslauthd_lak_c,v 1.1 2018/11/19 08:24:23 ajacoutot Exp $
+
+64-bit time_t
+
+Fix for LibreSSL
+
+Index: saslauthd/lak.c
+--- saslauthd/lak.c.orig
+++ saslauthd/lak.c
+@@ -841,12 +841,12 @@ static int lak_connect(
+ 
+ 	rc = ldap_set_option(lak->ld, LDAP_OPT_NETWORK_TIMEOUT, &(lak->conf->timeout));
+ 	if (rc != LDAP_OPT_SUCCESS) {
+-		syslog(LOG_WARNING|LOG_AUTH, "Unable to set LDAP_OPT_NETWORK_TIMEOUT %ld.%ld.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);
+		syslog(LOG_WARNING|LOG_AUTH, "Unable to set LDAP_OPT_NETWORK_TIMEOUT %lld.%ld.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);
+ 	}
+ 
+ 	rc = ldap_set_option(lak->ld, LDAP_OPT_TIMEOUT, &(lak->conf->timeout));
+ 	if (rc != LDAP_OPT_SUCCESS) {
+-		syslog(LOG_WARNING|LOG_AUTH, "Unable to set LDAP_OPT_TIMEOUT %ld.%ld.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);
+		syslog(LOG_WARNING|LOG_AUTH, "Unable to set LDAP_OPT_TIMEOUT %lld.%ld.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);
+ 	}
+ 
+ 	rc = ldap_set_option(lak->ld, LDAP_OPT_TIMELIMIT, &(lak->conf->time_limit));
+@@ -1749,28 +1749,28 @@ static int lak_base64_decode(
+ 
+ 	int rc, i, tlen = 0;
+ 	char *text;
+-	EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new();
+	EVP_ENCODE_CTX *enc_ctx = calloc(1, sizeof(EVP_ENCODE_CTX));
+ 
+ 	if (enc_ctx == NULL)
+ 		return LAK_NOMEM;
+ 
+ 	text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
+ 	if (text == NULL) {
+-		EVP_ENCODE_CTX_free(enc_ctx);
+		free(enc_ctx);
+ 		return LAK_NOMEM;
+ 	}
+ 
+ 	EVP_DecodeInit(enc_ctx);
+ 	rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src));
+ 	if (rc < 0) {
+-		EVP_ENCODE_CTX_free(enc_ctx);
+		free(enc_ctx);
+ 		free(text);
+ 		return LAK_FAIL;
+ 	}
+ 	tlen += i;
+ 	EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i);
+ 
+-	EVP_ENCODE_CTX_free(enc_ctx);
+	free(enc_ctx);
+ 
+ 	*ret = text;
+ 	if (rlen != NULL)
--- a/security/cyrus-sasl2/patches/patch-saslauthd_md5global_h
+++ b/security/cyrus-sasl2/patches/patch-saslauthd_md5global_h
@ -1,40 +0,0 @@
-$OpenBSD: patch-saslauthd_md5global_h,v 1.1 2011/09/20 23:01:29 ajacoutot Exp $
-
-Use standard types for certain bits types (from pkgsrc).
-
--- saslauthd/md5global.h.orig	Fri Mar 28 20:59:24 2003
-+++ saslauthd/md5global.h	Mon Sep 19 09:40:28 2011
-@@ -3,6 +3,13 @@
- #ifndef MD5GLOBAL_H
- #define MD5GLOBAL_H
- 
-+#ifdef HAVE_STDINT_H
-+#include <stdint.h>
-+#endif
-+#ifdef HAVE_INTTYPES_H
-+#include <inttypes.h>
-+#endif
-+
- /* PROTOTYPES should be set to one if and only if the compiler supports
-   function argument prototyping.
- The following makes PROTOTYPES default to 0 if it has not already
-@@ -15,13 +22,13 @@ The following makes PROTOTYPES default to 0 if it has 
- /* POINTER defines a generic pointer type */
- typedef unsigned char *POINTER;
- 
-typedef signed char INT1;		/*  8 bits */
-typedef short INT2;			/* 16 bits */
-typedef int INT4;			/* 32 bits */
-+typedef int8_t INT1;		/*  8 bits */
-+typedef int16_t INT2;		/* 16 bits */
-+typedef int32_t INT4;		/* 32 bits */
- /* There is no 64 bit type */
-typedef unsigned char UINT1;		/*  8 bits */
-typedef unsigned short UINT2;		/* 16 bits */
-typedef unsigned int UINT4;		/* 32 bits */
-+typedef uint8_t UINT1;		/*  8 bits */
-+typedef uint16_t UINT2;		/* 16 bits */
-+typedef uint32_t UINT4;		/* 32 bits */
- /* There is no 64 bit type */
- 
- /* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
--- a/security/cyrus-sasl2/pkg/PLIST
+++ b/security/cyrus-sasl2/pkg/PLIST
@ -1,6 +1,7 @@
-@comment $OpenBSD: PLIST,v 1.33 2016/10/10 12:25:20 ajacoutot Exp $
+@comment $OpenBSD: PLIST,v 1.34 2018/11/19 08:24:23 ajacoutot Exp $
@conflict cyrus-sasl-*
@extraunexec rm -rf /var/sasl2/*
+@rcscript ${RCDIR}/saslauthd
 include/sasl/
 include/sasl/hmac-md5.h
 include/sasl/md5.h
@ -84,50 +85,7 @@ lib/sasl2/libscram.so
@bin sbin/sasldblistusers2
@bin sbin/saslpasswd2
@bin sbin/testsaslauthd
-share/doc/cyrus-sasl/
-share/doc/cyrus-sasl/advanced.html
-share/doc/cyrus-sasl/appconvert.html
-share/doc/cyrus-sasl/components.html
-share/doc/cyrus-sasl/draft-burdis-cat-srp-sasl-xx.txt
-share/doc/cyrus-sasl/draft-ietf-sasl-anon-xx.txt
-share/doc/cyrus-sasl/draft-ietf-sasl-crammd5-xx.txt
-share/doc/cyrus-sasl/draft-ietf-sasl-gssapi-xx.txt
-share/doc/cyrus-sasl/draft-ietf-sasl-plain-xx.txt
-share/doc/cyrus-sasl/draft-ietf-sasl-rfc2222bis-xx.txt
-share/doc/cyrus-sasl/draft-ietf-sasl-rfc2831bis-xx.txt
-share/doc/cyrus-sasl/draft-ietf-sasl-saslprep-xx.txt
-share/doc/cyrus-sasl/draft-murchison-sasl-login-xx.txt
-share/doc/cyrus-sasl/draft-newman-sasl-c-api-xx.txt
-share/doc/cyrus-sasl/draft-newman-sasl-passdss-xx.txt
-share/doc/cyrus-sasl/gssapi.html
-share/doc/cyrus-sasl/index.html
-share/doc/cyrus-sasl/install.html
-share/doc/cyrus-sasl/macosx.html
-share/doc/cyrus-sasl/mechanisms.html
-share/doc/cyrus-sasl/options.html
-share/doc/cyrus-sasl/plugprog.html
-share/doc/cyrus-sasl/programming.html
-share/doc/cyrus-sasl/readme.html
-share/doc/cyrus-sasl/rfc1321.txt
-share/doc/cyrus-sasl/rfc1939.txt
-share/doc/cyrus-sasl/rfc2104.txt
-share/doc/cyrus-sasl/rfc2195.txt
-share/doc/cyrus-sasl/rfc2222.txt
-share/doc/cyrus-sasl/rfc2243.txt
-share/doc/cyrus-sasl/rfc2245.txt
-share/doc/cyrus-sasl/rfc2289.txt
-share/doc/cyrus-sasl/rfc2444.txt
-share/doc/cyrus-sasl/rfc2595.txt
-share/doc/cyrus-sasl/rfc2831.txt
-share/doc/cyrus-sasl/rfc2945.txt
-share/doc/cyrus-sasl/rfc3174.txt
-share/doc/cyrus-sasl/sysadmin.html
-share/doc/cyrus-sasl/testing.txt
-share/doc/cyrus-sasl/upgrading.html
-share/doc/cyrus-sasl/windows.html
-share/examples/cyrus-sasl/
+@sample /var/sasl2/
 %%gssapi%%
 %%ldap%%
 %%sql%%
-@sample /var/sasl2/
-@rcscript ${RCDIR}/saslauthd