Bug#1075146: libauthen-sasl-xs-perl: ftbfs with GCC-14; patch ready

Niko Tyni ntyni at debian.org
Tue Aug 6 09:45:09 BST 2024


On Mon, Aug 05, 2024 at 10:13:16AM -0700, Russ Allbery wrote:
> Niko Tyni <ntyni at debian.org> writes:

> > If it's really the right thing to do, I suppose casting to an IV would
> > be more correct than either int or long int.  But I suspect that the
> > intention might be to dereference the pointer instead. FWIW I tried that
> > at home and the test suite still passed, so clearly it's not covering
> > these parts.
> 
> I agree.  I think the upstream code is buggy here and was incorrectly
> returning the value of the pointer rather than the underlying property
> value.

Thanks for confirming!

I propose the attached patch on top of Étienne's. My understanding of
for example https://www.sendmail.org/~ca/email/cyrus2/mechanisms.html
is that the security strength factor (SSF) is always zero for PLAIN
connections, so I'm testing for that value. I've checked that the new
test fails as expected (yielding a pointer value as a large integer)
without the code change.

> > I don't see any reverse dependencies, so removal is also an option.
> > Particularly as this seems security sensitive and abandoned upstream...
> 
> The lack of dependencies is somewhat deceptive because this module is
> transparently used by Authen::SASL (which is, somewhat surprisingly,
> missing any relevant dependency, even at the Suggests level; that's
> probably a different bug).  I believe it prefers Authen::SASL::XS if it is
> installed.
> 
> The Perl implementation for Authen::SASL works fine for clients, but if
> you want to write a server, you need Authen::SASL::XS if you're using any
> mechanism other than the simple password ones.  See Authen::SASL::Perl:
> 
>     As for server support, only *PLAIN*, *LOGIN* and *DIGEST-MD5* are
>     supported at the time of this writing.

Okay, let's keep it then :) Thanks again.
-- 
Niko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-sasl_ssf-and-sasl_maxoutbuf-property.patch
Type: text/x-diff
Size: 1155 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20240806/deab1cf5/attachment.patch>


More information about the pkg-perl-maintainers mailing list