<pre style='margin:0'>
Herby Gillot (herbygillot) pushed a commit to branch master
in repository macports-ports.

</pre>
<p><a href="https://github.com/macports/macports-ports/commit/58a9e3d674c7c3a96337e8800523b34eb5882d98">https://github.com/macports/macports-ports/commit/58a9e3d674c7c3a96337e8800523b34eb5882d98</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'>     new 58a9e3d674c cyrus-sasl2: Fix crash for unavailable algorithms
</span>58a9e3d674c is described below

<span style='display:block; white-space:pre;color:#808000;'>commit 58a9e3d674c7c3a96337e8800523b34eb5882d98
</span>Author: Clemens Lang <cal@macports.org>
AuthorDate: Wed Mar 29 13:31:09 2023 +0200

<span style='display:block; white-space:pre;color:#404040;'>    cyrus-sasl2: Fix crash for unavailable algorithms
</span><span style='display:block; white-space:pre;color:#404040;'>    
</span><span style='display:block; white-space:pre;color:#404040;'>    OpenSSL 3 without the legacy provider enabled does not longer provide
</span><span style='display:block; white-space:pre;color:#404040;'>    the RC4 algortihm used by cryus-sasl2 in some places. Backport a fix
</span><span style='display:block; white-space:pre;color:#404040;'>    from upstream to prevent a crash in this case.
</span><span style='display:block; white-space:pre;color:#404040;'>    
</span><span style='display:block; white-space:pre;color:#404040;'>    Closes: https://trac.macports.org/ticket/67150
</span>---
 security/cyrus-sasl2/Portfile                      |  4 +-
 .../887dbc0435056ec58ee48c4d803f110ade1e4c39.patch | 71 ++++++++++++++++++++++
 2 files changed, 74 insertions(+), 1 deletion(-)

<span style='display:block; white-space:pre;color:#808080;'>diff --git a/security/cyrus-sasl2/Portfile b/security/cyrus-sasl2/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index d553a9504da..54ec84e5577 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/security/cyrus-sasl2/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/security/cyrus-sasl2/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -6,6 +6,7 @@ PortGroup               muniversal 1.0
</span> PortGroup               legacysupport 1.1
 
 github.setup            cyrusimap cyrus-sasl 2.1.28 cyrus-sasl-
<span style='display:block; white-space:pre;background:#e0ffe0;'>+revision                1
</span> 
 name                    cyrus-sasl2
 categories              security net
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -39,7 +40,8 @@ depends_lib             path:lib/libssl.dylib:openssl \
</span> default_variants        +kerberos
 
 patchfiles              patch-pwcheck-pwcheck_getpwnam.c.diff \
<span style='display:block; white-space:pre;background:#ffe0e0;'>-                        dynamic_lookup-11.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+                        dynamic_lookup-11.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+                        887dbc0435056ec58ee48c4d803f110ade1e4c39.patch
</span> 
 configure.env-append    CC_FOR_BUILD=${configure.cc}
 
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/security/cyrus-sasl2/files/887dbc0435056ec58ee48c4d803f110ade1e4c39.patch b/security/cyrus-sasl2/files/887dbc0435056ec58ee48c4d803f110ade1e4c39.patch
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 00000000000..4c8c4595143
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/security/cyrus-sasl2/files/887dbc0435056ec58ee48c4d803f110ade1e4c39.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,71 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+From 887dbc0435056ec58ee48c4d803f110ade1e4c39 Mon Sep 17 00:00:00 2001
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+From: Simo Sorce <simo@redhat.com>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Date: Mon, 21 Jun 2021 14:24:18 -0400
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Subject: [PATCH] Gracefully handle failed initializations
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+In OpenSSL 3.0 these algorithms have been moved to the legacy provider
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+which is not enabled by default. This means allocation can and do fail.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Handle failed allocations by returning an actual error instead of
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+crashing later with a NULL context.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Signed-off-by: Simo Sorce <simo@redhat.com>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Upstream-Status: Backport [https://github.com/cyrusimap/cyrus-sasl/commit/887dbc0435056ec58ee48c4d803f110ade1e4c39]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+---
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ plugins/digestmd5.c | 16 ++++++++++++++--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 1 file changed, 14 insertions(+), 2 deletions(-)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+index 8cc59150..b0f25574 100644
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./plugins/digestmd5.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./plugins/digestmd5.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -254,6 +254,7 @@ typedef struct context {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+     decode_context_t decode_context;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+     /* if privacy mode is used use these functions for encode and decode */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++    char *cipher_name;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+     cipher_function_t *cipher_enc;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+     cipher_function_t *cipher_dec;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+     cipher_init_t *cipher_init;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -2818,6 +2819,7 @@ static int digestmd5_server_mech_step2(server_context_t *stext,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+   }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+   
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+   if (cptr->name) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++      text->cipher_name = cptr->name;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+       text->cipher_enc = cptr->cipher_enc;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+       text->cipher_dec = cptr->cipher_dec;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+       text->cipher_init = cptr->cipher_init;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -2961,7 +2963,10 @@ static int digestmd5_server_mech_step2(server_context_t *stext,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+   if (text->cipher_init) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+       if (text->cipher_init(text, enckey, deckey) != SASL_OK) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+           sparams->utils->seterror(sparams->utils->conn, 0,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-                                   "couldn't init cipher");
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++                                   "couldn't init cipher '%s'",
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++                                         text->cipher_name);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++                result = SASL_FAIL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++                goto FreeAllMem;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+       }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+   }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+     }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -3512,6 +3517,7 @@ static int make_client_response(context_t *text,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+   oparams->mech_ssf = ctext->cipher->ssf;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+   nbits = ctext->cipher->n;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++  text->cipher_name = ctext->cipher->name;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+   text->cipher_enc = ctext->cipher->cipher_enc;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+   text->cipher_dec = ctext->cipher->cipher_dec;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+   text->cipher_free = ctext->cipher->cipher_free;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -3736,7 +3742,13 @@ static int make_client_response(context_t *text,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+   
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+   /* initialize cipher if need be */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+   if (text->cipher_init) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-      text->cipher_init(text, enckey, deckey);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++      if (text->cipher_init(text, enckey, deckey) != SASL_OK) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++          params->utils->seterror(params->utils->conn, 0,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++                   "internal error: failed to init cipher '%s'",
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++                         text->cipher_name);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++                result = SASL_FAIL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++                goto FreeAllocatedMem;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++            }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+   }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+     }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+     
</span></pre><pre style='margin:0'>

</pre>