cyrus-sasl-2.1.27-150300.4.6.1<>,4bxp9|S;O0ɠTQ'v0ӥ@|bU-fy<y‘1dO؈dew,ef91btxDpdzISDysc6}m`r nD.-t7xuRɵϻZ %=2C/|Lu1Z*o3X7 Wo}Ъp7%ظM XRP2ߙ wPVۊpf8V_HKbOՏdɏ^Z>E*?*d  ! B# 9Wtzs(   0     d  @ h  , pDHW(X8` 9 :z =>FGHHIXY\]P^ b!Ac!d"oe"tf"wl"yu"v" w(x)$y)|/z*8*H*L*R*Ccyrus-sasl2.1.27150300.4.6.1Implementation of Cyrus SASL APIThis is the Cyrus SASL API. It can be used on the client or server side to provide authentication. See RFC 2222 for more information.bxs390zp36SUSE Linux Enterprise 15SUSE LLC BSD-4-Clausehttps://www.suse.com/Productivity/Networking/Otherhttp://asg.web.cmu.edu/sasl/linuxs390x#Convert password file from berkely into gdbm #In %pre the existing file will be dumped out if /usr/bin/db_verify /etc/sasldb2 &> /dev/null ; then cat < /var/adm/update-scripts/saslpw.awk { split(\$0,b,/\\\00/) if( b[3] == "userPassword" ) { user=b[1] domain=b[2] } else { if( user != "" ) { printf("echo '%s' | saslpasswd2 -p -u %s %s\n",substr(b[1],2),user,domain) user = "" domain = "" } } } EOF db_dump -p /etc/sasldb2 | gawk -f /var/adm/update-scripts/saslpw.awk > /var/adm/update-scripts/saslpwd rm -f /var/adm/update-scripts/saslpw.awk mv /etc/sasldb2 /etc/sasldb2-back fiif [ -e /var/adm/update-scripts/saslpwd ]; then chmod 755 /var/adm/update-scripts/saslpwd /var/adm/update-scripts/saslpwd rm -f /var/adm/update-scripts/saslpwd fiJZIY hII@9E AAA큤bwbwbwbwbwbwbwbwbwbwbwbwbwbwbwbwbxVbwbwbwbwc1e24a5a59900abba7f0a68fbd04efc39de4e4fdf366b841bb5a882b847baad6c5ff398b8dfa3eaaa211ec910d4f1e7d3c07d7d2eaff7d48825358a5c04cc3576128648fc2c74eea13491845b90301de872ad9d8d53de3e1f72a70cb493ca3957436c41c5b80bcb84c45dd606db2837db3644349cdeb70fdb7f0e5d6f4a6ca53ce2600b12f9982e239e36d91f7586d3f58402efd274995fc8bfeedabc972c1da9bdde80eb21918153ea55d47f14fc603881d668bd0d0b5e1381b0049ee47de7020fd24540d39794864fb0b24d679e267741e04cfa11ab9b911b80fabc02905a80105930f1ab7e0e87967ba67096f5d4b5b1f68f263bff614d90dda97d2a287e49d6e5d1632140a6c135b251260953650d17d87cd1124f87aaf72192aa4580d4b78f12bf65507f64978b7cd7feaa20a18d5caea491d226c9c0c38935fbe9cfced8dadac1f5c0dc87a4eb46e9558f4a613acb981dd52f8e6f0e503744f626ca0f0ea80324cf7a1ab202088019bf0fcdc2d0e672aa8be79f85c7bce2a9e2fe5fada9357843e3f54c262fa9d3b746686739a03c9a94c7be51b5731d5944f50df0b9blibanonymous.so.3.0.0libanonymous.so.3.0.0liblogin.so.3.0.0liblogin.so.3.0.0libsasldb.so.3.0.0libsasldb.so.3.0.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcyrus-sasl-2.1.27-150300.4.6.1.src.rpmcyrus-saslcyrus-sasl(s390-64)libanonymous.so.3()(64bit)liblogin.so.3()(64bit)libsasldb.so.3()(64bit)@@@@@@@@@@@    /bin/sh/bin/shlibc.so.6()(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libgdbm.so.4()(64bit)libgssapi_krb5.so.2()(64bit)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)libsasl2.so.3()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-1cyrus-sasl-bdb4.14.3b~a@_I@_j^;]߶\X)@Y@@Xg@XVhT@Tw@varkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comscabrero@suse.demichael@stroeder.comvarkoly@suse.comvcizek@suse.commichael@stroeder.comvarkoly@suse.combwiedemann@suse.comvarkoly@suse.comjengelh@inai.de- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036) o add upstream patch: 0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch- postfix: sasl authentication with password fails (bsc#1194265) Add config parameter --with-dblib=gdbm - Avoid converting of /etc/sasldb2 by every update. Convert /etc/sasldb2 only if it is a Berkeley DB- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root due to insecure tmp file usage. (bsc#1180669) Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary files.- Remove Berkeley DB dependency (JIRA#SLE-12190) The packages cyrus-sasl and cyrus-sasl-saslauthd are built without Berkely DB support. gdbm will be used instead of BDB. The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built with Berkely DB support. - Update to 2.1.27 * Added support for OpenSSL 1.1 * Added support for lmdb * Lots of build fixes * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech * DIGEST-MD5 plugin: Fixed memory leaks Fixed a segfault when looking for non-existent reauth cache Prevent client from going from step 3 back to step 2 Allow cmusaslsecretDIGEST-MD5 property to be disabled * GSSAPI plugin: Added support for retrieving negotiated SSF Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF Properly compute maxbufsize AFTER security layers have been set * SCRAM plugin: Added support for SCRAM-SHA-256 * LOGIN plugin: Don’t prompt client for password until requested by server * NTLM plugin: Fixed crash due to uninitialized HMAC context - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - bsc#983938 `After=syslog.target` left-overs in several unit files - added patches: fix_libpq-fe_include.diff for fixing including libpq-fe.h - removed patches obsoleted by upstream changes: * shared_link_on_ppc.patch * cyrus-sasl-2.1.27-openssl-1.1.0.patch * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch * 0003-Check-return-error-from-gss_wrap_size_limit.patch * 0004-Add-support-for-retrieving-the-mech_ssf.patch * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch * cyrus-sasl-fix-logging-in-gssapi.patch- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch - Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch- added backport-patch cyrus-sasl-bug587.patch which fixes off-by-one error in _sasl_add_string function (see CVE-2019-19906 bsc#1159635)- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1" By server context the connection will be sent to the log function. Client content does not have log level information. I.e. there is no way to stop DEBUG level logs nece I've removed it. * add cyrus-sasl-fix-logging-in-gssapi.patch- OpenSSL 1.1 support (bsc#1055463) * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora- added cyrus-sasl-issue-402.patch to fix SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402 (see https://github.com/cyrusimap/cyrus-sasl/issues/402)- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5- really use SASLAUTHD_PARAMS variable (bnc#938657)- bnc#908883 cyrus-sasl-scram refers to wrong RFC- Make sure /usr/sbin/rcsaslauthd exists/bin/sh/bin/shs390zp36 1645520760 2.1.27-150300.4.6.12.1.27-150300.4.6.1sasl2cyrus_sasl_sample_clientcyrus_sasl_sample_serversasl2libanonymous.solibanonymous.so.3libanonymous.so.3.0.0liblogin.soliblogin.so.3liblogin.so.3.0.0libsasldb.solibsasldb.so.3libsasldb.so.3.0.0pluginviewersasldblistusers2saslpasswd2cyrus-saslCOPYINGsasl.3.gzpluginviewer.8.gzsasldblistusers2.8.gzsaslpasswd2.8.gz/etc//usr/bin//usr/lib64//usr/lib64/sasl2//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/cyrus-sasl//usr/share/man/man3//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:22965/SUSE_SLE-15-SP3_Update/f31563e28dd2787f23e8d4a931ea78b6-cyrus-sasl.SUSE_SLE-15-SP3_Updatedrpmxz5s390x-suse-linux directoryELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=49140d1372ef8b66e0c2d6fe5bb4b2c97e17b5a9, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=2ecbceeff21d0fc5b4cffd33c4450b66beb70d16, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=b4b61d500532666f84359f9bfeb8483e14fcca81, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=7fcf48ae9ed9fabdd707e8c065cf1eb5d0d3ba4e, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=fb4f14c84a28b802a5a8d9c9658bffeb98c216e3, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=8c388a2621590280f032de984074179a3ac9cd11, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=4a2df37d2a8c7eab5501a8c2befc652b2f9201d4, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=3aae0f52b2ad92e77dfbe48d95452322b7fa0dc2, for GNU/Linux 3.2.0, strippedASCII texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)"&+ RRRRR RR RRRRRR R RPRRRRRPRRRRRPRRRRR RRRR RRRR R RRRR Rt{Gyputf-8330c89977cee6f6b48d407256e93b082fdcf37eca68f10756961500a8cfc2c05?7zXZ !t/]"k%[,Zz?d0wIL`:Z 8o~,FLp/;zi8_Ū4%VKVF6F%FQt_ o;*oX~<"@;ҫz;ӗZF;Ewe;HXK2, 48ݩDrj jk=+y&YoM݆^ud% '9K̈8D%I)N3@੄Ob*〵:,-10ϫgUi.Y.7#qVMYL~]AoOV.Yz}N&4OE-O#l$< ?-#afXaGٌVH Vv5;fG8bc0#$*_exFUb'sLI{ S@bc>yоb,(lQ虐z[)GÜͨ=]Gr;rIS5[QݢQuh.?Q1@:’xz^>Ra3rOZ|*kl5mv$Ğ6Ri"j"cORڽƠ(Xxr 5]J ~@BY7܀ލF(DY3Ko4rHtJ-yDl`v; EwqVO.]x2RY\U \`cqYbOLj=4o_QSl̢*.][s.h{~`YQo00Q&`0sS i*Yh55<@b'a];ipUwĒ\ ݯ*z*KRECCQ4˄m~C6&+NC9vK42scͱ^v{e^\]a@ʿ±`G`3J<;ldOӒʕ?<?WI4"X\:>'r Y00u[{f_$y -2^w= YZ