"At application startup, libsasl and libsasl2 attempts to build a list of all available SASL plug-ins which are available on the system. To do so, the libraries search for and attempt to load every shared library found within the plug-in directory. This location can be set with the SASL_PATH environment variable. In situations where an untrusted local user can affect the environment of a privileged process, this behavior could be exploited to run arbitrary code with the privileges of a setuid or setgid application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0884 to this issue." Check whether we are affected. ------- Additional Comments From marcdeslauriers 2004-10-07 10:40:33 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA: 3f41fe25735d96bfa3872aa0f9f397732fb486ad 1/cyrus-sasl-2.1.15-6.1.legacy.i386.rpm 27497979e469b916f4ec84b01ff4cb90c1f99a0e 1/cyrus-sasl-2.1.15-6.1.legacy.src.rpm 2610d36134e1986b3d92226ca9aaa0f55b46e2a7 1/cyrus-sasl-devel-2.1.15-6.1.legacy.i386.rpm 3769c0cf75d1275f3c184fa7817bf4e04eba59f9 1/cyrus-sasl-gssapi-2.1.15-6.1.legacy.i386.rpm 18ad1abe123faaccc7786e805026c7b074d07cee 1/cyrus-sasl-md5-2.1.15-6.1.legacy.i386.rpm 9d748526faf8557ea858ee64488d42c8cc7b3557 1/cyrus-sasl-plain-2.1.15-6.1.legacy.i386.rpm 60466b5950e6686b5bce585db25f0f0074fba6d4 7.3/cyrus-sasl-1.5.24-25.1.legacy.i386.rpm c8e6cf9e2f63e0a674247b93dc66821a60b28ba0 7.3/cyrus-sasl-1.5.24-25.1.legacy.src.rpm 603675d24e08c7ea2c960b5b2d5c300352cf01ce 7.3/cyrus-sasl-devel-1.5.24-25.1.legacy.i386.rpm 529caa8af5c8a024180f9c5afdba5ae5a1ff29e4 7.3/cyrus-sasl-gssapi-1.5.24-25.1.legacy.i386.rpm e1e7feed9b415332dcad4670ecb318e4b91001b3 7.3/cyrus-sasl-md5-1.5.24-25.1.legacy.i386.rpm c5f65ae97867186c77311d6650429ea395017df4 7.3/cyrus-sasl-plain-1.5.24-25.1.legacy.i386.rpm 05c1fcf4c704914a8c1a216da2515be943d545c8 9/cyrus-sasl-2.1.10-4.1.legacy.i386.rpm 14bbdbbfbf8ce1c4fd2d59a6190e688378e574d0 9/cyrus-sasl-2.1.10-4.1.legacy.src.rpm 92da686c5b3da92a7f62d59855e3ce4d30ac5660 9/cyrus-sasl-devel-2.1.10-4.1.legacy.i386.rpm d70cb19038d1a53fdeaf86ba764654d90b21808d 9/cyrus-sasl-gssapi-2.1.10-4.1.legacy.i386.rpm 0c566a4ed86c63d753ca4af285fb4dac0a01797c 9/cyrus-sasl-md5-2.1.10-4.1.legacy.i386.rpm 15509ba3a0a7f46869faaa5b39f06fdfa443e685 9/cyrus-sasl-plain-2.1.10-4.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/cyrus-sasl-2.1.15-6.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/cyrus-sasl-2.1.15-6.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/cyrus-sasl-devel-2.1.15-6.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/cyrus-sasl-gssapi-2.1.15-6.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/cyrus-sasl-md5-2.1.15-6.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/cyrus-sasl-plain-2.1.15-6.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/cyrus-sasl-1.5.24-25.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/cyrus-sasl-1.5.24-25.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/cyrus-sasl-devel-1.5.24-25.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/cyrus-sasl-gssapi-1.5.24-25.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/cyrus-sasl-md5-1.5.24-25.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/cyrus-sasl-plain-1.5.24-25.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/cyrus-sasl-2.1.10-4.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/cyrus-sasl-2.1.10-4.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/cyrus-sasl-devel-2.1.10-4.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/cyrus-sasl-gssapi-2.1.10-4.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/cyrus-sasl-md5-2.1.10-4.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/cyrus-sasl-plain-2.1.10-4.1.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBZanELMAs/0C4zNoRAscAAJ9+Wi5kHSxZwTR/GRaQz8mR3gSqTACfadSK RjdWBXamgw6xfXYnEWwQQuI= =VH3m -----END PGP SIGNATURE----- ------- Additional Comments From dom 2004-10-07 12:18:59 ---- "[Updated 7th October 2004] Revised cryus-sasl packages have been added for Red Hat Enterprise Linux 3; the patch in the previous packages broke interaction with ldap." https://rhn.redhat.com/errata/RHSA-2004-546.html ------- Additional Comments From marcdeslauriers 2004-10-07 12:40:22 ---- Packages in comment #1 are OK. Here is the upstream patch for reference: https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c.diff?r1=1.103&r2=1.104 ------- Additional Comments From rob.myers.edu 2004-10-08 05:28:53 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 i did QA on marc's FC1 updated package: 27497979e469b916f4ec84b01ff4cb90c1f99a0e cyrus-sasl-2.1.15-6.1.legacy.src.rpm sources ok, verified against cyrus-sasl-2.1.15-6 patches ok, verified against upstream, and cyrus-sasl-2.1.15-10 from RHEL builds ok cra's rpm-build-compare.sh looks ok installs ok runs ok +PUBLISH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBZrIRtU2XAt1OWnsRAhaoAKDEiC+z3RFOQx7/FD5Ad6MNb65IZgCgscBj f5mXRYmNavmLleFK7u5Ds8k= =B0Md -----END PGP SIGNATURE----- ------- Additional Comments From michal 2004-10-10 19:43:03 ---- The relevant patch from sources referenced in https://rhn.redhat.com/errata/RHSA-2004-546.html has the following code: + + /* Honor external variable only in a safe environment */ + if (getuid() == geteuid() && getgid() == getegid()) + path = getenv(SASL_PATH_ENV_VAR); + else + path = NULL; + while that one used by Marc, at least in cyrus-sasl-1.5.24-25.1.legacy.src.rpm, skips this "else" branch. Can we really guarantee that there will be no garbage value for 'path' in the next line which reads 'if (! path)' and Nalin is just paranoid? I did not check sources that carefuly. ------- Additional Comments From rob.myers.edu 2004-10-11 03:55:29 ---- re comment #5: michal is correct. path can be uninitialized without the else branch. it is curious that the upstream cvs does not have this else branch. ------- Additional Comments From b-nordquist 2004-10-11 09:03:21 ---- Two identical RHL 9 test boxes, sendmail-8.12.8-9.90, configured for SMTP AUTH with SASL PLAIN and LOGIN mechanisms. After upgrading one to cyrus-sasl*-2.1.10-4.1.legacy (4 RPMs) downloaded from the above, and restarting sendmail, it no longer offers "250-AUTH PLAIN LOGIN" as it used to do. Further details on request; happy to do additional testing or troubleshooting. Thanks. ------- Additional Comments From marcdeslauriers 2004-10-11 12:40:39 ---- I quickly looked through the source to cyrus-sasl, and path is usually initialized to NULL before calling the function containing the patched code. Although the extra step is indeed a good idea. I'll update the patches next time I build the packages. Anyone have an idea why "250-AUTH PLAIN LOGIN" is missing in comment #7? ------- Additional Comments From marcdeslauriers 2004-10-11 14:03:59 ---- In response to comment 7, could you please send me your sendmail.cf and sendmail.mc files please. ------- Additional Comments From rob.myers.edu 2004-10-12 05:25:43 ---- re comment #8: here is the function from cyrus-sasl-1.5.28/lib/common.c: static int _sasl_getpath(void *context __attribute__((unused)), char ** path_dest) { char *path; if (! path_dest) return SASL_BADPARAM; /* Honor external variable only in a safe environment */ if (getuid() == geteuid() && getgid() == getegid()) path = getenv(SASL_PATH_ENV_VAR); if (! path) path = PLUGINDIR; return _sasl_strdup(path, path_dest, NULL); } as you can see, path is not initialized elsewhere, like it can be in cyrus-sasl-2.1.15/lib/common.c static int _sasl_getpath(void *context __attribute__((unused)), const char **path) { if (! path) return SASL_BADPARAM; /* Honor external variable only in a safe environment */ if (getuid() == geteuid() && getgid() == getegid()) *path = getenv(SASL_PATH_ENV_VAR); if (! *path) *path = PLUGINDIR; return SASL_OK; } ------- Additional Comments From michal 2004-10-12 11:45:48 ---- See also bug #2153. Sigh! ------- Additional Comments From michal 2004-10-12 12:04:12 ---- re comment #9: _sasl_getpath() from cyrus-sasl-1.5.28/lib/common.c in a form quoted in comment #9 is simply broken. 'path' on entry will have some random garbage in it, as this is not a global variable, so if assignment 'path = getenv(SASL_PATH_ENV_VAR);' will not execute we will get on a return whatever. Seem to me like an openinig for an attack. 'else' branch which sets 'path' to NULL is vital. This is not the case for cyrus-sasl-2.1.15/lib/common.c as we are passing there in 'path' hopefuly something correct. ------- Additional Comments From marcdeslauriers 2004-10-12 13:59:36 ---- ouch! yes, 1.5.28 is indeed broken now. I had just checked 2.1.15... Thanks for pointing this out guys, it takes me a while sometimes :P I'll build new packages tomorrow with a revised patch. ------- Additional Comments From marcdeslauriers 2004-10-13 12:20:46 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA: Changelog: * Wed Oct 13 2004 Marc Deslauriers <marcdeslauriers> 2.1.10-4.2.legacy - - Added better patches for SASL_PATH vulnerability (CAN-2004-0884) * Tue Oct 05 2004 Marc Deslauriers <marcdeslauriers> 2.1.10-4.1.legacy - - Added security patches for SASL_PATH vulnerability 34818d8f6d44bddd4d204e944686de33338a6294 1/cyrus-sasl-2.1.15-6.2.legacy.i386.rpm f569fb60a4e34ce6aeeaa62180dcd110fb0e6074 1/cyrus-sasl-2.1.15-6.2.legacy.src.rpm 5055fd7affec47a4c0fabedbe1369683ca3c6bd1 1/cyrus-sasl-devel-2.1.15-6.2.legacy.i386.rpm 7ade480a84d7cc286fdad2d89a7595f50fda701d 1/cyrus-sasl-gssapi-2.1.15-6.2.legacy.i386.rpm f9a02affad279e1f0c8a54bc1fc64f99edff9e3b 1/cyrus-sasl-md5-2.1.15-6.2.legacy.i386.rpm ce2a33bf931f338e01cf403fe8f5fd58d5ead383 1/cyrus-sasl-plain-2.1.15-6.2.legacy.i386.rpm 5cf0da20e0509066dcd58bba80911ac6a22b04c2 7.3/cyrus-sasl-1.5.24-25.2.legacy.i386.rpm 5921e782553be3ae52f2803c68db0d9747f1bd1d 7.3/cyrus-sasl-1.5.24-25.2.legacy.src.rpm b5edac351da3ca65376ffae855066d5a448d8d71 7.3/cyrus-sasl-devel-1.5.24-25.2.legacy.i386.rpm e748a687508e577b8fd51f1ffb6cb0e11fbcc0ce 7.3/cyrus-sasl-gssapi-1.5.24-25.2.legacy.i386.rpm b49fa71aaa7856fbf94d5ebe7739aec7242fde2e 7.3/cyrus-sasl-md5-1.5.24-25.2.legacy.i386.rpm e393067be61a694da561390c20c922ba348ecc5b 7.3/cyrus-sasl-plain-1.5.24-25.2.legacy.i386.rpm 50ab0000a76d74bd03f74ec2d354cc33cb455529 9/cyrus-sasl-2.1.10-4.2.legacy.i386.rpm c74dbd55368f8d6b5e138ada06c235038b270b23 9/cyrus-sasl-2.1.10-4.2.legacy.src.rpm 26c033f36999d76ee4b6b3cd4f6b7fef890d33c7 9/cyrus-sasl-devel-2.1.10-4.2.legacy.i386.rpm fcd5b7a488e3df387cf5cf14b89a14cfa2ca2cbe 9/cyrus-sasl-gssapi-2.1.10-4.2.legacy.i386.rpm c6f593553cf5fc5cdf412e40fd077fda027abea3 9/cyrus-sasl-md5-2.1.10-4.2.legacy.i386.rpm 8259ffaacf33c0530c07d8a279c8756d70ae7e5c 9/cyrus-sasl-plain-2.1.10-4.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/cyrus-sasl-2.1.15-6.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/cyrus-sasl-2.1.15-6.2.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/cyrus-sasl-devel-2.1.15-6.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/cyrus-sasl-gssapi-2.1.15-6.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/cyrus-sasl-md5-2.1.15-6.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/cyrus-sasl-plain-2.1.15-6.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/cyrus-sasl-1.5.24-25.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/cyrus-sasl-1.5.24-25.2.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/cyrus-sasl-devel-1.5.24-25.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/cyrus-sasl-gssapi-1.5.24-25.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/cyrus-sasl-md5-1.5.24-25.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/cyrus-sasl-plain-1.5.24-25.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/cyrus-sasl-2.1.10-4.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/cyrus-sasl-2.1.10-4.2.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/cyrus-sasl-devel-2.1.10-4.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/cyrus-sasl-gssapi-2.1.10-4.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/cyrus-sasl-md5-2.1.10-4.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/cyrus-sasl-plain-2.1.10-4.2.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBbao9LMAs/0C4zNoRArCYAJ44dWPoOiQCtlpFAI6/O0+8rvgN8wCfV02g PTYiaoEY2EMYJaWy1u6oL2A= =8T1x -----END PGP SIGNATURE----- ------- Additional Comments From b-nordquist 2004-10-14 04:08:19 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I tested Marc's RHL 9 cyrus-sasl packages: cyrus-sasl-2.1.10-4.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK cyrus-sasl-devel-2.1.10-4.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK cyrus-sasl-gssapi-2.1.10-4.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK cyrus-sasl-md5-2.1.10-4.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK cyrus-sasl-plain-2.1.10-4.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK 09e168b11f2db6ca6e31e4a04749acc0 cyrus-sasl-2.1.10-4.2.legacy.i386.rpm b686ba551a0ed7db49b624f94cb300e3 cyrus-sasl-devel-2.1.10-4.2.legacy.i386.rpm 6a2b36447112faface17c3b6760d9e5e cyrus-sasl-gssapi-2.1.10-4.2.legacy.i386.rpm 1caa03ec96d8017a12e8fc34571604cd cyrus-sasl-md5-2.1.10-4.2.legacy.i386.rpm 259de2931adf8dc72ab9a3a304faa3be cyrus-sasl-plain-2.1.10-4.2.legacy.i386.rpm (Note that they match his GPG key, but the MD5 sums don't match what is listed above?) Tested on RHL 9 with sendmail-8.12.8-9.90 configured for SMTP AUTH (SASL PLAIN and LOGIN) -- works fine. This resolves comment #7 above. Thanks Marc! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBboextQzgmMVLS2URAgz7AJ0WqdLTwXdhGrJ+HFV91ofuRTnq3ACcDOyt DMeVKWeI8fkUZ0J6iqHEgWY= =sjwQ -----END PGP SIGNATURE----- ------- Additional Comments From rob.myers.edu 2004-10-14 06:30:30 ---- marc posted sha1sums, not md5sums. ------- Additional Comments From josh.kayse.edu 2004-10-18 08:30:55 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I did QA on the FC1 Package: f569fb60a4e34ce6aeeaa62180dcd110fb0e6074 cyrus-sasl-2.1.15-6.2.legacy.src.rpm - - Source file identical to previous - - Spec file looks good - - Builds clean - - Installs clean - - Patches are good - - runs good +PUBLISH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBdAu/wnUFCSDmt7ERAggUAKCdKmLAlJLUcHOvTLchZIJNOxRdZACgjsfC +CRxVx67F1csa/KwOKJibvo= =klcw -----END PGP SIGNATURE----- ------- Additional Comments From rob.myers.edu 2004-10-21 05:06:15 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 i did QA on marc's FC1 package: f569fb60a4e34ce6aeeaa62180dcd110fb0e6074 cyrus-sasl-2.1.15-6.2.legacy.src.rpm sha1sum matches builds ok source files ok (verified against cyrus-sasl-2.1.15-6.1.legacy) spec file ok patches much better cra's rpm-build-compare script ok (vs. cyrus-sasl-2.1.15-6) installs ok runs ok +PUBLISH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBd9BGtU2XAt1OWnsRAiI1AJ9sLj8x4mcfOiEFKplCZHq5SsTdZgCginOn FpzlAblNIiMsTunUccmE6GI= =w1Ht -----END PGP SIGNATURE----- ------- Additional Comments From pekkas 2004-12-20 10:53:22 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA for SRPM for RHL73: - sources match the originals - the patch verified to come from RHEL 2.1AS update and looks good - spec file changes minimal and look good. - rebuild and installed OK. - after restarting sendmail, offers the same '250-AUTH GSSAPI DIGEST-MD5' as before. +PUBLISH (RHL73) 5921e782553be3ae52f2803c68db0d9747f1bd1d cyrus-sasl-1.5.24-25.2.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBxzuuGHbTkzxSL7QRAq8xAKDQLi/OTcYAb6XTAMgSPtFHM6OpmACfZM89 h2YzAM5lHT0fJqHDdRNfLE4= =9nss -----END PGP SIGNATURE----- ------- Additional Comments From dom 2005-02-03 13:29:50 ---- packages pushed to testing-updates ------- Additional Comments From mschout 2005-02-08 06:53:22 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Verify Redhat 7.3: sha1sums: b4667fa03cb7395b7e0535fcdb74de78f4ee1a90 cyrus-sasl-1.5.24-25.2.legacy.i386.rpm a5df6f8feca3944d60e10ec94264229d157b5ad6 cyrus-sasl-devel-1.5.24-25.2.legacy.i386.rpm bc1e6e9cae9e1065a90327c752558c1f891f91a7 cyrus-sasl-gssapi-1.5.24-25.2.legacy.i386.rpm 61d28e3fbab415d6b37ac759bb154a54d94995c1 cyrus-sasl-md5-1.5.24-25.2.legacy.i386.rpm 6c8b1eae837a084f29fd572e781acc38e54c5201 cyrus-sasl-plain-1.5.24-25.2.legacy.i386.rpm * rpm --checksig: cyrus-sasl-1.5.24-25.2.legacy.i386.rpm: md5 gpg OK cyrus-sasl-devel-1.5.24-25.2.legacy.i386.rpm: md5 gpg OK cyrus-sasl-gssapi-1.5.24-25.2.legacy.i386.rpm: md5 gpg OK cyrus-sasl-md5-1.5.24-25.2.legacy.i386.rpm: md5 gpg OK cyrus-sasl-plain-1.5.24-25.2.legacy.i386.rpm: md5 gpg OK * all signed by secnotice with valid GPG signature. * packages install with no errors. * appears to work normally. sendmail offeres same AUTH options as before. +VERIFY RHL7.3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCCO5Z+CqvSzp9LOwRAh3SAJ9H6H6+dZRwEfeZwpz7oYmR+bWqdACeMXr/ kb5hO41cbdow7BOZDQ7SSac= =ar3l -----END PGP SIGNATURE----- ------- Additional Comments From mschout 2005-02-08 07:04:42 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Verify FC1 sha1sums: ef9d0ad17d1f5e8b9fa1f054a3ee5686d6886eec cyrus-sasl-2.1.15-6.2.legacy.i386.rpm d698f0da0e60a574052aa3c9780599f3a16c1af1 cyrus-sasl-devel-2.1.15-6.2.legacy.i386.rpm 40e3c0bd3a66bea24a255a9cc923c975d4848e65 cyrus-sasl-gssapi-2.1.15-6.2.legacy.i386.rpm 2d19e1de5a5f36574af71bf0eb1087f1322b03de cyrus-sasl-md5-2.1.15-6.2.legacy.i386.rpm a13820031b39c60ff44c32f3fb265f1b6101fa05 cyrus-sasl-plain-2.1.15-6.2.legacy.i386.rpm * rpm --checksig: cyrus-sasl-2.1.15-6.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK cyrus-sasl-devel-2.1.15-6.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK cyrus-sasl-gssapi-2.1.15-6.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK cyrus-sasl-md5-2.1.15-6.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK cyrus-sasl-plain-2.1.15-6.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK * packages install with no errors. * appears to work normally. sendmail offeres same AUTH options as before. +VERIFY FC1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCCPEZ+CqvSzp9LOwRAgqiAJ41DVaR8ysn1PCOPHt2uoGhDyI8QwCcD3vD W9D2jWtmDA+HLf2HP3tYQeU= =G/HJ -----END PGP SIGNATURE----- ------- Additional Comments From pekkas 2005-02-15 06:35:36 ---- Line breaks screw up the signature, but in any case.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RHL9: - signatures OK - installs and works nicely. +VERIFY RHL9 cyrus-sasl-2.1.10-4.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK cyrus-sasl-devel-2.1.10-4.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK cyrus-sasl-gssapi-2.1.10-4.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK cyrus-sasl-md5-2.1.10-4.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK cyrus-sasl-plain-2.1.10-4.2.legacy.i386.rpm: (sha1) dsa sha1 md5 gpg OK 99dae02364cc6ba8e26ef4b080e555d85647f9e2 cyrus-sasl-2.1.10-4.2.legacy.i386.rpm a6d19e7fbfb6ea5ef16b37a98cf03bbde7467059 cyrus-sasl-devel-2.1.10-4.2.legacy.i386.rpm e1021e337cf247eb42d795f37e786783567ac39b cyrus-sasl-gssapi-2.1.10-4.2.legacy.i386.rpm df7f3f58cf8967b22b7c599e9d7cdbc151b7ee51 cyrus-sasl-md5-2.1.10-4.2.legacy.i386.rpm c8851e0319d7cdb337d9ce34fe0c099383770473 cyrus-sasl-plain-2.1.10-4.2.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCEiSqGHbTkzxSL7QRApjyAKCE0ym72DCy+pvrfUVz/BbPFYZYQACfXsbh FKepqQzBwTEv+9WmKqbVgrQ= =ub09 -----END PGP SIGNATURE----- ------- Additional Comments From dom 2005-02-17 12:47:13 ---- Packages were released to updates. ------- Bug moved to this database by dkl 2005-03-30 18:27 ------- This bug previously known as bug 2137 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2137 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.