Fwd: Hi. I have some libsasl patches and bugs, need guidance

Jan Parcel jan.parcel at oracle.com
Mon Oct 12 20:48:24 EDT 2015

OK, I did not realize that cyrus-devel has become cyrus-imap.  
Forwarding to cyrus-sasl. Bcc'd cyrus-devel.
My apologies.

-------- Forwarded Message --------
Subject: 	Hi. I have some libsasl patches and bugs, need guidance
Date: 	Mon, 12 Oct 2015 12:01:11 -0700
From: 	Jan Parcel <jan.parcel at oracle.com>
To: 	cyrus-devel at lists.andrew.cmu.edu, FIVEASH <will.fiveash at oracle.com>


I am updating form 2.1.25 to 2.1.26, and I have found a few things I had 
to fix for Solaris, probably most
recent versions of Solaris, not just future ones.  Do you have a "how to 
contribute" page?  I thought I had seen one but now can't find it.

I also see that you were patching things over the summer and wondered 
how many of those could be considered security vulerability fixes, 
especially the gssapi fixes.  How long before 2.1.27 ?  What would 
trigger such a release?

And I wondered about things I've seen in emails this summer, regarding 
the imap probect wrt libsasl, such as

"If you want to force TLS to be used before any SASL mechs are 
advertised, set sasl_minimum_layer to 129 or higher."  (We do not use 
cyrus imap)

Here are the bugs I wanted to file in BugZilla, I was wondering if you 
covered any of these in some of your
recent git integrations, I assume duplications are Not Good (TM):

sasl install dir for plugins should be separately configurable
/  (this is caused by the fact that something in /usr/lib/sasl2/64/  is 
found in Solaris by asking for /usr/lib/sasl2 and knowing that the 
caller is a 64-bit program)/

libtool.m4 overrides configuration for --no-verify
incorrect function definition for do_request in ipc_doors.c
sasl adjustment for location of gssapi.h incorrectly implemented
CMU cyrus-sasl missing man pages that we require

and possibly:
Moving to autotools 1.15 breaks cmu cyrus-sasl build

I have patches for all of those, of course, and our preference is for 
them to either go upstream or be
EOL'd by fixes pulled down from upstream, preferably in a later 
cyrus-sasl release such as 2.1.27.

Thanks in advance for any help.

Jan Parcel
Software Engineer

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20151012/b43b4040/attachment.html 

More information about the Cyrus-devel mailing list