Bug#1075146: libauthen-sasl-xs-perl: ftbfs with GCC-14; patch ready
Niko Tyni
ntyni at debian.org
Tue Aug 6 09:45:09 BST 2024
On Mon, Aug 05, 2024 at 10:13:16AM -0700, Russ Allbery wrote:
> Niko Tyni <ntyni at debian.org> writes:
> > If it's really the right thing to do, I suppose casting to an IV would
> > be more correct than either int or long int. But I suspect that the
> > intention might be to dereference the pointer instead. FWIW I tried that
> > at home and the test suite still passed, so clearly it's not covering
> > these parts.
>
> I agree. I think the upstream code is buggy here and was incorrectly
> returning the value of the pointer rather than the underlying property
> value.
Thanks for confirming!
I propose the attached patch on top of Étienne's. My understanding of
for example https://www.sendmail.org/~ca/email/cyrus2/mechanisms.html
is that the security strength factor (SSF) is always zero for PLAIN
connections, so I'm testing for that value. I've checked that the new
test fails as expected (yielding a pointer value as a large integer)
without the code change.
> > I don't see any reverse dependencies, so removal is also an option.
> > Particularly as this seems security sensitive and abandoned upstream...
>
> The lack of dependencies is somewhat deceptive because this module is
> transparently used by Authen::SASL (which is, somewhat surprisingly,
> missing any relevant dependency, even at the Suggests level; that's
> probably a different bug). I believe it prefers Authen::SASL::XS if it is
> installed.
>
> The Perl implementation for Authen::SASL works fine for clients, but if
> you want to write a server, you need Authen::SASL::XS if you're using any
> mechanism other than the simple password ones. See Authen::SASL::Perl:
>
> As for server support, only *PLAIN*, *LOGIN* and *DIGEST-MD5* are
> supported at the time of this writing.
Okay, let's keep it then :) Thanks again.
--
Niko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-sasl_ssf-and-sasl_maxoutbuf-property.patch
Type: text/x-diff
Size: 1155 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20240806/deab1cf5/attachment.patch>
More information about the pkg-perl-maintainers
mailing list