Updating liguros repo

21 files changed, 869 insertions, 0 deletions

diff --git a/dev-libs/cyrus-sasl/Manifest b/dev-libs/cyrus-sasl/Manifest
new file mode 100644
index 000000000000..843afea7db80
--- /dev/null
+++ b/dev-libs/cyrus-sasl/Manifest
@@ -0,0 +1 @@
+DIST cyrus-sasl-2.1.27.tar.gz 4111249 BLAKE2B 82c9acce8534521ce5c5806f093e927f1854b4bc4b83ea7db1b32ceaa811adc1a5b6fc16d03233d729194cd603836f6e58de67f915abab2cb74561a80d03f5a8 SHA512 d11549a99b3b06af79fc62d5478dba3305d7e7cc0824f4b91f0d2638daafbe940623eab235f85af9be38dcf5d42fc131db531c177040a85187aee5096b8df63b
diff --git a/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild
new file mode 100644
index 000000000000..d7fb6c340991
--- /dev/null
+++ b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild
@@ -0,0 +1,260 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd
+
+SASLAUTHD_CONF_VER="2.1.26"
+
+DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)"
+HOMEPAGE="https://www.cyrusimap.org/sasl/"
+#SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz"
+SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz"
+
+LICENSE="BSD-with-attribution"
+SLOT="2"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="authdaemond berkdb gdbm kerberos ldapdb libressl openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom"
+
+CDEPEND="
+	net-mail/mailbase
+	virtual/libcrypt:=
+	authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) )
+	berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
+	gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] )
+	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+	openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
+	mysql? ( dev-db/mysql-connector-c:0=[${MULTILIB_USEDEP}] )
+	pam? ( >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] )
+	postgres? ( dev-db/postgresql:* )
+	sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] )
+	ssl? (
+		!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
+		libressl? ( dev-libs/libressl:=[${MULTILIB_USEDEP}] )
+	)
+	java? ( >=virtual/jdk-1.6:= )"
+
+REQUIRED_USE="ldapdb? ( openldap )"
+
+RDEPEND="
+	${CDEPEND}
+	selinux? ( sec-policy/selinux-sasl )"
+
+DEPEND="${CDEPEND}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/sasl/md5global.h
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-2.1.27-avoid_pic_overwrite.patch"
+	"${FILESDIR}/${PN}-2.1.27-autotools_fixes.patch"
+	"${FILESDIR}/${PN}-2.1.27-as_needed.patch"
+	"${FILESDIR}/${PN}-2.1.25-auxprop.patch"
+	"${FILESDIR}/${PN}-2.1.27-gss_c_nt_hostbased_service.patch"
+	"${FILESDIR}/${PN}-2.1.26-missing-size_t.patch"
+	"${FILESDIR}/${PN}-2.1.27-doc_build_fix.patch"
+	"${FILESDIR}/${PN}-2.1.27-memmem.patch"
+	"${FILESDIR}/${PN}-2.1.27-CVE-2019-19906.patch"
+)
+
+pkg_setup() {
+	java-pkg-opt-2_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	# Get rid of the -R switch (runpath_switch for Sun)
+	# >=gcc-4.6 errors out with unknown option
+	sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \
+		configure.ac || die
+
+	# Use plugindir for sasldir
+	sed -i '/^sasldir =/s:=.*:= $(plugindir):' \
+		"${S}"/plugins/Makefile.{am,in} || die "sed failed"
+
+	# #486740 #468556
+	sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \
+		-e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \
+		configure.ac || die
+
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+	if [[ ${CHOST} == *-solaris* ]] ; then
+		# getpassphrase is defined in /usr/include/stdlib.h
+		append-cppflags -DHAVE_GETPASSPHRASE
+	else
+		# this horrendously breaks things on Solaris
+		append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED
+	fi
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	# Java support.
+	multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}"
+
+	local myeconfargs=(
+		--enable-login
+		--enable-ntlm
+		--enable-auth-sasldb
+		--disable-cmulocal
+		--disable-krb4
+		--disable-macos-framework
+		--enable-otp
+		--without-sqlite
+		--with-saslauthd="${EPREFIX}"/run/saslauthd
+		--with-pwcheck="${EPREFIX}"/run/saslauthd
+		--with-configdir="${EPREFIX}"/etc/sasl2
+		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sasl2
+		--with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2
+		--with-sphinx-build=no
+		$(use_with ssl openssl)
+		$(use_with pam)
+		$(use_with openldap ldap)
+		$(use_enable ldapdb)
+		$(multilib_native_use_enable sample)
+		$(use_enable kerberos gssapi)
+		$(multilib_native_use_enable java)
+		$(multilib_native_use_with mysql mysql "${EPREFIX}"/usr)
+		$(multilib_native_use_with postgres pgsql "${EPREFIX}"/usr/$(get_libdir)/postgresql)
+		$(use_with sqlite sqlite3 "${EPREFIX}"/usr/$(get_libdir))
+		$(use_enable srp)
+		$(use_enable static-libs static)
+
+		# Add authdaemond support (bug #56523).
+		$(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '')
+
+		# Fix for bug #59634.
+		$(usex ssl '' --without-des)
+
+		# Use /dev/urandom instead of /dev/random (bug #46038).
+		$(usex urandom --with-devrandom=/dev/urandom '')
+	)
+
+	if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then
+		myeconfargs+=( --enable-sql )
+	else
+		myeconfargs+=( --disable-sql )
+	fi
+
+	# Default to GDBM if both 'gdbm' and 'berkdb' are present.
+	if use gdbm ; then
+		einfo "Building with GNU DB as database backend for your SASLdb"
+		myeconfargs+=( --with-dblib=gdbm )
+	elif use berkdb ; then
+		einfo "Building with BerkeleyDB as database backend for your SASLdb"
+		myeconfargs+=(
+			--with-dblib=berkeley
+			--with-bdb-incdir="$(db_includedir)"
+		)
+	else
+		einfo "Building without SASLdb support"
+		myeconfargs+=( --with-dblib=none )
+	fi
+
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake
+
+	# Default location for java classes breaks OpenOffice (bug #60769).
+	# Thanks to axxo@gentoo.org for the solution.
+	if multilib_is_native_abi && use java ; then
+		jar -cvf ${PN}.jar -C java $(find java -name "*.class")
+	fi
+}
+
+multilib_src_install() {
+	default
+
+	if multilib_is_native_abi; then
+		if use sample ; then
+			docinto sample
+			dodoc "${S}"/sample/*.c
+			exeinto /usr/share/doc/${P}/sample
+			doexe sample/client sample/server
+		fi
+
+		# Default location for java classes breaks OpenOffice (bug #60769).
+		if use java; then
+			java-pkg_dojar ${PN}.jar
+			java-pkg_regso "${ED}/usr/$(get_libdir)/libjavasasl$(get_libname)"
+			# hackish, don't wanna dig through makefile
+			rm -rf "${ED}/usr/$(get_libdir)/java" || die
+			docinto "java"
+			dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/*
+			dodir "/usr/share/doc/${PF}/java/Test"
+			insinto "/usr/share/doc/${PF}/java/Test"
+			doins "${S}"/java/Test/*.java
+		fi
+
+		dosbin saslauthd/testsaslauthd
+	fi
+}
+
+multilib_src_install_all() {
+	doman man/*
+
+	keepdir /etc/sasl2
+
+	# Reset docinto to default value (#674296)
+	docinto
+	dodoc AUTHORS ChangeLog doc/legacy/TODO
+	newdoc pwcheck/README README.pwcheck
+
+	newdoc docsrc/sasl/release-notes/$(ver_cut 1-2)/index.rst release-notes
+	edos2unix "${ED}/usr/share/doc/${PF}/release-notes"
+
+	docinto html
+	dodoc doc/html/*.html
+
+	newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd
+
+	newinitd "${FILESDIR}/pwcheck.rc6" pwcheck
+	systemd_dounit "${FILESDIR}/pwcheck.service"
+
+	newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd
+	newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd
+	systemd_dounit "${FILESDIR}/saslauthd.service"
+	systemd_dotmpfilesd "${FILESDIR}/${PN}.conf"
+
+	# The get_modname bit is important: do not remove the .la files on
+	# platforms where the lib isn't called .so for cyrus searches the .la to
+	# figure out what the name is supposed to be instead
+	if ! use static-libs && [[ $(get_modname) == .so ]] ; then
+		find "${ED}" -name "*.la" -delete || die
+	fi
+}
+
+pkg_postinst() {
+	# Generate an empty sasldb2 with correct permissions.
+	if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then
+		einfo "Generating an empty sasldb2 with correct permissions ..."
+		echo "p" | "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -p login \
+			|| die "Failed to generate sasldb2"
+		"${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -d login \
+			|| die "Failed to delete temp user"
+		chown root:mail "${EROOT}/etc/sasl2/sasldb2" \
+			|| die "Failed to chown ${EROOT}/etc/sasl2/sasldb2"
+		chmod 0640 "${EROOT}/etc/sasl2/sasldb2" \
+			|| die "Failed to chmod ${EROOT}/etc/sasl2/sasldb2"
+	fi
+
+	if use authdaemond ; then
+		elog "You need to add a user running a service using Courier's"
+		elog "authdaemon to the 'mail' group. For example, do:"
+		elog "	gpasswd -a postfix mail"
+		elog "to add the 'postfix' user to the 'mail' group."
+	fi
+
+	elog "pwcheck and saslauthd home directories have moved to:"
+	elog "  /run/saslauthd, using tmpfiles.d"
+}
diff --git a/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r4.ebuild b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r4.ebuild
new file mode 100644
index 000000000000..fc73d847e18b
--- /dev/null
+++ b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r4.ebuild
@@ -0,0 +1,261 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd toolchain-funcs
+
+SASLAUTHD_CONF_VER="2.1.26"
+
+DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)"
+HOMEPAGE="https://www.cyrusimap.org/sasl/"
+#SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz"
+SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz"
+
+LICENSE="BSD-with-attribution"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="authdaemond berkdb gdbm kerberos ldapdb libressl openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom"
+
+CDEPEND="
+	net-mail/mailbase
+	virtual/libcrypt:=
+	authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) )
+	berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
+	gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] )
+	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+	openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
+	mysql? ( dev-db/mysql-connector-c:0=[${MULTILIB_USEDEP}] )
+	pam? ( >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] )
+	postgres? ( dev-db/postgresql:* )
+	sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] )
+	ssl? (
+		!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
+		libressl? ( dev-libs/libressl:=[${MULTILIB_USEDEP}] )
+	)
+	java? ( >=virtual/jdk-1.6:= )"
+
+REQUIRED_USE="ldapdb? ( openldap )"
+
+RDEPEND="
+	${CDEPEND}
+	selinux? ( sec-policy/selinux-sasl )"
+
+DEPEND="${CDEPEND}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/sasl/md5global.h
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-2.1.27-avoid_pic_overwrite.patch"
+	"${FILESDIR}/${PN}-2.1.27-autotools_fixes.patch"
+	"${FILESDIR}/${PN}-2.1.27-as_needed.patch"
+	"${FILESDIR}/${PN}-2.1.25-auxprop.patch"
+	"${FILESDIR}/${PN}-2.1.27-gss_c_nt_hostbased_service.patch"
+	"${FILESDIR}/${PN}-2.1.26-missing-size_t.patch"
+	"${FILESDIR}/${PN}-2.1.27-doc_build_fix.patch"
+	"${FILESDIR}/${PN}-2.1.27-memmem.patch"
+	"${FILESDIR}/${PN}-2.1.27-CVE-2019-19906.patch"
+)
+
+pkg_setup() {
+	java-pkg-opt-2_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	# Get rid of the -R switch (runpath_switch for Sun)
+	# >=gcc-4.6 errors out with unknown option
+	sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \
+		configure.ac || die
+
+	# Use plugindir for sasldir
+	sed -i '/^sasldir =/s:=.*:= $(plugindir):' \
+		"${S}"/plugins/Makefile.{am,in} || die "sed failed"
+
+	# #486740 #468556
+	sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \
+		-e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \
+		configure.ac || die
+
+	eautoreconf
+
+	export CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+	if [[ ${CHOST} == *-solaris* ]] ; then
+		# getpassphrase is defined in /usr/include/stdlib.h
+		append-cppflags -DHAVE_GETPASSPHRASE
+	else
+		# this horrendously breaks things on Solaris
+		append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED
+	fi
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	# Java support.
+	multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}"
+
+	local myeconfargs=(
+		--enable-login
+		--enable-ntlm
+		--enable-auth-sasldb
+		--disable-cmulocal
+		--disable-krb4
+		--disable-macos-framework
+		--enable-otp
+		--without-sqlite
+		--with-saslauthd="${EPREFIX}"/run/saslauthd
+		--with-pwcheck="${EPREFIX}"/run/saslauthd
+		--with-configdir="${EPREFIX}"/etc/sasl2
+		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sasl2
+		--with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2
+		--with-sphinx-build=no
+		$(use_with ssl openssl)
+		$(use_with pam)
+		$(use_with openldap ldap)
+		$(use_enable ldapdb)
+		$(multilib_native_use_enable sample)
+		$(use_enable kerberos gssapi)
+		$(multilib_native_use_enable java)
+		$(multilib_native_use_with mysql mysql "${EPREFIX}"/usr)
+		$(multilib_native_use_with postgres pgsql "${EPREFIX}"/usr/$(get_libdir)/postgresql)
+		$(use_with sqlite sqlite3 "${EPREFIX}"/usr/$(get_libdir))
+		$(use_enable srp)
+		$(use_enable static-libs static)
+
+		# Add authdaemond support (bug #56523).
+		$(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '')
+
+		# Fix for bug #59634.
+		$(usex ssl '' --without-des)
+
+		# Use /dev/urandom instead of /dev/random (bug #46038).
+		$(usex urandom --with-devrandom=/dev/urandom '')
+	)
+
+	if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then
+		myeconfargs+=( --enable-sql )
+	else
+		myeconfargs+=( --disable-sql )
+	fi
+
+	# Default to GDBM if both 'gdbm' and 'berkdb' are present.
+	if use gdbm ; then
+		einfo "Building with GNU DB as database backend for your SASLdb"
+		myeconfargs+=( --with-dblib=gdbm )
+	elif use berkdb ; then
+		einfo "Building with BerkeleyDB as database backend for your SASLdb"
+		myeconfargs+=(
+			--with-dblib=berkeley
+			--with-bdb-incdir="$(db_includedir)"
+		)
+	else
+		einfo "Building without SASLdb support"
+		myeconfargs+=( --with-dblib=none )
+	fi
+
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake
+
+	# Default location for java classes breaks OpenOffice (bug #60769).
+	# Thanks to axxo@gentoo.org for the solution.
+	if multilib_is_native_abi && use java ; then
+		jar -cvf ${PN}.jar -C java $(find java -name "*.class")
+	fi
+}
+
+multilib_src_install() {
+	default
+
+	if multilib_is_native_abi; then
+		if use sample ; then
+			docinto sample
+			dodoc "${S}"/sample/*.c
+			exeinto /usr/share/doc/${P}/sample
+			doexe sample/client sample/server
+		fi
+
+		# Default location for java classes breaks OpenOffice (bug #60769).
+		if use java; then
+			java-pkg_dojar ${PN}.jar
+			java-pkg_regso "${ED}/usr/$(get_libdir)/libjavasasl$(get_libname)"
+			# hackish, don't wanna dig through makefile
+			rm -rf "${ED}/usr/$(get_libdir)/java" || die
+			docinto "java"
+			dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/*
+			insinto "/usr/share/doc/${PF}/java/Test"
+			doins "${S}"/java/Test/*.java
+		fi
+
+		dosbin saslauthd/testsaslauthd
+	fi
+}
+
+multilib_src_install_all() {
+	doman man/*
+
+	keepdir /etc/sasl2
+
+	# Reset docinto to default value (#674296)
+	docinto
+	dodoc AUTHORS ChangeLog doc/legacy/TODO
+	newdoc pwcheck/README README.pwcheck
+
+	newdoc docsrc/sasl/release-notes/$(ver_cut 1-2)/index.rst release-notes
+	edos2unix "${ED}/usr/share/doc/${PF}/release-notes"
+
+	docinto html
+	dodoc doc/html/*.html
+
+	newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd
+
+	newinitd "${FILESDIR}/pwcheck.rc6" pwcheck
+	systemd_dounit "${FILESDIR}/pwcheck.service"
+
+	newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd
+	newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd
+	systemd_dounit "${FILESDIR}/saslauthd.service"
+	systemd_dotmpfilesd "${FILESDIR}/${PN}.conf"
+
+	# The get_modname bit is important: do not remove the .la files on
+	# platforms where the lib isn't called .so for cyrus searches the .la to
+	# figure out what the name is supposed to be instead
+	if ! use static-libs && [[ $(get_modname) == .so ]] ; then
+		find "${ED}" -name "*.la" -delete || die
+	fi
+}
+
+pkg_postinst() {
+	# Generate an empty sasldb2 with correct permissions.
+	if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then
+		einfo "Generating an empty sasldb2 with correct permissions ..."
+		echo "p" | "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -p login \
+			|| die "Failed to generate sasldb2"
+		"${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -d login \
+			|| die "Failed to delete temp user"
+		chown root:mail "${EROOT}/etc/sasl2/sasldb2" \
+			|| die "Failed to chown ${EROOT}/etc/sasl2/sasldb2"
+		chmod 0640 "${EROOT}/etc/sasl2/sasldb2" \
+			|| die "Failed to chmod ${EROOT}/etc/sasl2/sasldb2"
+	fi
+
+	if use authdaemond ; then
+		elog "You need to add a user running a service using Courier's"
+		elog "authdaemon to the 'mail' group. For example, do:"
+		elog "	gpasswd -a postfix mail"
+		elog "to add the 'postfix' user to the 'mail' group."
+	fi
+
+	elog "pwcheck and saslauthd home directories have moved to:"
+	elog "  /run/saslauthd, using tmpfiles.d"
+}
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-auxprop.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-auxprop.patch
new file mode 100644
index 000000000000..a9dd1476d2e6
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-auxprop.patch
@@ -0,0 +1,16 @@
+https://bugzilla.cyrusimap.org/show_bug.cgi?id=3590
+https://bugs.gentoo.org/show_bug.cgi?id=392761
+
+--- cyrus-sasl-2.1.25/lib/auxprop.c~	2011-10-20 17:33:46.423015318 +0200
++++ cyrus-sasl-2.1.25/lib/auxprop.c	2011-10-20 17:48:49.336348654 +0200
+@@ -971,6 +971,10 @@
+     }
+ 
+     if(!found) {
++	/* compatibility with <= 2.1.23, ignore the lack of auxrop plugin */
++	if (!plist)
++	    result = SASL_OK;
++	else
+ 	_sasl_log(sparams->utils->conn, SASL_LOG_DEBUG,
+ 		  "could not find auxprop plugin, was searching for '%s'",
+ 		  plist ? plist : "[all]");
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch
new file mode 100644
index 000000000000..0177b52567f2
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch
@@ -0,0 +1,13 @@
+Gentoo bug #458790
+--- a/include/sasl.h
++++ b/include/sasl.h
+@@ -121,6 +121,9 @@
+ #ifndef SASL_H
+ #define SASL_H 1
+ 
++/* stddef.h to get size_t defined */
++#include <stddef.h>
++
+ /* Keep in sync with win32/common.mak */
+ #define SASL_VERSION_MAJOR 2
+ #define SASL_VERSION_MINOR 1
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-CVE-2019-19906.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-CVE-2019-19906.patch
new file mode 100644
index 000000000000..82b9e1fb6dbe
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-CVE-2019-19906.patch
@@ -0,0 +1,20 @@
+Description: CVE-2019-19906: Off-by-one in _sasl_add_string function
+Origin: vendor
+Bug: https://github.com/cyrusimap/cyrus-sasl/issues/587
+Bug-Debian: https://bugs.debian.org/947043
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-19906
+Author: Stephan Zeisberg <stephan@srlabs.de>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2019-12-19
+
+--- a/lib/common.c
++++ b/lib/common.c
+@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t
+ 
+   if (add==NULL) add = "(null)";
+ 
+-  addlen=strlen(add); /* only compute once */
++  addlen=strlen(add)+1; /* only compute once */
+   if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
+     return SASL_NOMEM;
+ 
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-as_needed.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-as_needed.patch
new file mode 100644
index 000000000000..7cd9e151fbb7
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-as_needed.patch
@@ -0,0 +1,25 @@
+Author: Matthias Klose <doko@ubuntu.com>
+Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
+it.
+--- cyrus-sasl-2.1.27/saslauthd/Makefile.am
++++ cyrus-sasl-2.1.27/saslauthd/Makefile.am
+@@ -25,7 +25,7 @@
+ saslauthd_DEPENDENCIES = saslauthd-main.o $(LTLIBOBJS_FULL)
+ saslauthd_LDADD	= @SASL_KRB_LIB@ \
+ 		  @GSSAPIBASE_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
+-		  @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
++		  @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
+ 
+ testsaslauthd_SOURCES = testsaslauthd.c utils.c
+ testsaslauthd_LDADD = @LIB_SOCKET@
+--- cyrus-sasl-2.1.27/sasldb/Makefile.am
++++ cyrus-sasl-2.1.27/sasldb/Makefile.am
+@@ -54,6 +54,6 @@
+ 
+ libsasldb_la_SOURCES = allockey.c sasldb.h
+ EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
+-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
+-libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
++libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
++libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
+ libsasldb_la_LDFLAGS = -no-undefined
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-autotools_fixes.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-autotools_fixes.patch
new file mode 100644
index 000000000000..2ce971efc5b5
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-autotools_fixes.patch
@@ -0,0 +1,31 @@
+--- cyrus-sasl-2.1.27/configure.ac
++++ cyrus-sasl-2.1.27/configure.ac
+@@ -44,6 +44,8 @@
+ 
+ AC_PREREQ(2.63)
+ 
++AC_CONFIG_MACRO_DIR([config])
++
+ dnl
+ dnl REMINDER: When changing the version number here, please also update
+ dnl the values in win32/include/config.h and include/sasl.h as well.
+--- cyrus-sasl-2.1.27/Makefile.am
++++ cyrus-sasl-2.1.27/Makefile.am
+@@ -44,6 +44,8 @@
+ #
+ ################################################################
+ 
++ACLOCAL_AMFLAGS = -I config
++
+ if SASLAUTHD
+ SAD = saslauthd
+ else
+--- cyrus-sasl-2.1.27/saslauthd/Makefile.am
++++ cyrus-sasl-2.1.27/saslauthd/Makefile.am
+@@ -1,4 +1,6 @@
+ AUTOMAKE_OPTIONS = 1.7
++ACLOCAL_AMFLAGS = -I ../config
++
+ sbin_PROGRAMS	= saslauthd testsaslauthd
+ EXTRA_PROGRAMS  = saslcache
+ 
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch
new file mode 100644
index 000000000000..c331039e2f16
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch
@@ -0,0 +1,17 @@
+Author: Fabian Fagerholm <fabbe@debian.org>
+Description: This patch makes sure the non-PIC version of libsasldb.a, which
+is created out of non-PIC objects, is not going to overwrite the PIC version,
+which is created out of PIC objects. The PIC version is placed in .libs, and
+the non-PIC version in the current directory.  This ensures that both non-PIC
+and PIC versions are available in the correct locations.
+--- cyrus-sasl-2.1.27/lib/Makefile.am
++++ cyrus-sasl-2.1.27/lib/Makefile.am
+@@ -98,7 +98,7 @@
+ 
+ libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS)
+ 	@echo adding static plugins and dependencies
+-	$(AR) cru .libs/$@ $(SASL_STATIC_OBJS)
++	$(AR) cru $@ $(SASL_STATIC_OBJS)
+ 	@for i in ./libsasl2.la ../common/libplugin_common.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
+ 	if test ! -f $$i; then continue; fi; . $$i; \
+ 	for j in $$dependency_libs foo; do \
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-doc_build_fix.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-doc_build_fix.patch
new file mode 100644
index 000000000000..bdd02f779660
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-doc_build_fix.patch
@@ -0,0 +1,11 @@
+--- cyrus-sasl-2.1.27/docsrc/exts/sphinxlocal/writers/manpage.py
++++ cyrus-sasl-2.1.27/docsrc/exts/sphinxlocal/writers/manpage.py
+@@ -23,7 +23,7 @@
+ from sphinx import addnodes
+ from sphinx.locale import admonitionlabels, _
+ from sphinx.util.osutil import ustrftime
+-from sphinx.util.compat import docutils_version
++#from sphinx.util.compat import docutils_version
+ 
+ class CyrusManualPageWriter(ManualPageWriter):
+ 
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch
new file mode 100644
index 000000000000..c585cb158e15
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch
@@ -0,0 +1,16 @@
+Gentoo bug #389349
+--- cyrus-sasl-2.1.27/m4/sasl2.m4
++++ cyrus-sasl-2.1.27/m4/sasl2.m4
+@@ -220,7 +220,11 @@
+                  [AC_WARN([Cybersafe define not found])])
+ 
+   elif test "$ac_cv_header_gssapi_h" = "yes"; then
+-    AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi.h,
++    AC_EGREP_CPP(hostbased_service_gss_nt_yes, gssapi.h,
++                 [#include <gssapi.h>
++                  #ifdef GSS_C_NT_HOSTBASED_SERVICE
++                    hostbased_service_gss_nt_yes
++                  #endif],
+                     [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,,
+                                [Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE])])
+   elif test "$ac_cv_header_gssapi_gssapi_h"; then
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-memmem.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-memmem.patch
new file mode 100644
index 000000000000..158529dcb5f5
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-memmem.patch
@@ -0,0 +1,53 @@
+auth_rimap: provide naive memmem implementation if missing
+
+read_response uses memmem, which is not available on e.g. Solaris 10
+
+Bug: https://github.com/cyrusimap/cyrus-sasl/pull/551
+Signed-off-by: Fabian Groffen <grobian@gentoo.org>
+
+--- a/saslauthd/auth_rimap.c
++++ b/saslauthd/auth_rimap.c
+@@ -367,6 +367,32 @@
+ /* END FUNCTION: process_login_reply */
+ 
+ 
++#ifndef HAVE_MEMMEM
++static void *memmem(
++		const void *big, size_t big_len,
++		const void *little, size_t little_len)
++{
++	const char *bp = (const char *)big;
++	const char *lp = (const char *)little;
++	size_t l;
++
++	if (big_len < little_len || little_len == 0 || big_len == 0)
++		return NULL;
++
++	while (big_len > 0) {
++		for (l = 0; l < little_len; l++) {
++			if (bp[l] != lp[l])
++				break;
++		}
++		if (l == little_len)
++			return (void *)bp;
++		bp++;
++	}
++
++	return NULL;
++}
++#endif
++
+ static int read_response(int s, char *rbuf, int buflen, const char *tag)
+ {
+     int rc = 0;
+--- a/configure.ac
++++ b/configure.ac
+@@ -1292,7 +1292,7 @@
+ 
+ #AC_FUNC_MEMCMP
+ #AC_FUNC_VPRINTF
+-AC_CHECK_FUNCS(gethostname getdomainname getpwnam getspnam gettimeofday inet_aton memcpy mkdir select socket strchr strdup strerror strspn strstr strtol jrand48 getpassphrase asprintf strlcat strlcpy)
++AC_CHECK_FUNCS(gethostname getdomainname getpwnam getspnam gettimeofday inet_aton memcpy memmem mkdir select socket strchr strdup strerror strspn strstr strtol jrand48 getpassphrase asprintf strlcat strlcpy)
+ 
+ if test $ac_cv_func_getspnam = yes; then
+ 	AC_MSG_CHECKING(if getpwnam_r/getspnam_r take 5 arguments)
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl.conf b/dev-libs/cyrus-sasl/files/cyrus-sasl.conf
new file mode 100644
index 000000000000..d4809f73c8e9
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl.conf
@@ -0,0 +1 @@
+d /run/saslauthd 0755 root root -
diff --git a/dev-libs/cyrus-sasl/files/java.README.gentoo b/dev-libs/cyrus-sasl/files/java.README.gentoo
new file mode 100644
index 000000000000..fb73204ecab1
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/java.README.gentoo
@@ -0,0 +1,39 @@
+4-Nov-2000
+
+Note: this file has been modified to adapt to Gentoo specific.
+
+class files are installed in
+
+`java-config -p cyrus-sasl-2`
+
+to compile programs using it, do:
+
+javac -classpath $JAVA_HOME/lib/tools.jar:`java-config -p cyrus-sasl-2` <file>.java
+
+(make sure to substitute your JDK for $JAVA_HOME/lib/tools.jar)
+
+to run, do
+
+java -classpath <same path as above> <YourProgram>
+
+----------------------------
+This is a java version of the SASL libraries. It supports all the
+mechanisms in the C version and conforms to the internet draft in the
+doc/ directory. JNI is used.
+
+Sample applications exist in the Test/ directory.
+
+They generally can be run with something like:
+
+java -debug -classpath
+../:$JAVA_HOME/lib/tools.jar:`java-config -p cyrus-sasl-2`:. jimtest -p 2143 -m
+KERBEROS_V4 cyrus-dev
+
+and
+
+java -debug -classpath
+../:$JAVA_HOME/lib/tools.jar:`java-config -p cyrus-sasl-2`:. testserver
+
+
+Any feedback is welcome.
+
diff --git a/dev-libs/cyrus-sasl/files/pwcheck.rc6 b/dev-libs/cyrus-sasl/files/pwcheck.rc6
new file mode 100644
index 000000000000..7b43c4ea154b
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/pwcheck.rc6
@@ -0,0 +1,20 @@
+#!/sbin/openrc-run
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	need localmount
+	use logger
+}
+
+start() {
+	ebegin "Starting sasl pwcheck daemon"
+	start-stop-daemon --start --quiet --exec /usr/sbin/pwcheck
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping sasl pwcheck daemon"
+	start-stop-daemon --stop --quiet --exec /usr/sbin/pwcheck
+	eend $?
+}
diff --git a/dev-libs/cyrus-sasl/files/pwcheck.service b/dev-libs/cyrus-sasl/files/pwcheck.service
new file mode 100644
index 000000000000..74ff4859abf7
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/pwcheck.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=SASL pwcheck daemon
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/pwcheck
+
+[Install]
+WantedBy=multi-user.target
diff --git a/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf b/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf
new file mode 100644
index 000000000000..dd487b0edaf1
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf
@@ -0,0 +1,19 @@
+# Config file for /etc/init.d/saslauthd and systemd unit
+
+# PLEASE READ THIS IF YOU ARE USING SYSTEMD
+# Please note that systemd does not expand shell variables
+# thus, something like FOO="${FOO} bar" won't work.
+
+# Specify the authentications mechanism.
+# **NOTE** For a list see: saslauthd -v
+# Since 2.1.19, add "-r" to options for old behavior,
+# ie. reassemble user and realm to user@realm form.
+#
+# Specify the hostname for remote IMAP server using:
+# "-O localhost".
+# Specify the number of worker processes to create using:
+# "-n <N>".
+# Enable credential cache, set cache size and timeout using:
+# "-c -s <cache size, like 128> -t <timeout seconds>".
+# 
+SASLAUTHD_OPTS="-a pam"
diff --git a/dev-libs/cyrus-sasl/files/saslauthd.pam-include b/dev-libs/cyrus-sasl/files/saslauthd.pam-include
new file mode 100644
index 000000000000..d50a84946a78
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/saslauthd.pam-include
@@ -0,0 +1,8 @@
+#%PAM-1.0
+
+auth       required     pam_nologin.so
+auth       include      system-auth
+
+account    include      system-auth
+
+session    include      system-auth
diff --git a/dev-libs/cyrus-sasl/files/saslauthd.service b/dev-libs/cyrus-sasl/files/saslauthd.service
new file mode 100644
index 000000000000..1609a651e4e0
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/saslauthd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=SASL Authentication Daemon
+
+[Service]
+Type=forking
+PIDFile=/run/saslauthd/saslauthd.pid
+EnvironmentFile=/etc/conf.d/saslauthd
+ExecStart=/usr/sbin/saslauthd $SASLAUTHD_OPTS
+ExecStop=/bin/kill -15 $MAINPID
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/dev-libs/cyrus-sasl/files/saslauthd2.rc7 b/dev-libs/cyrus-sasl/files/saslauthd2.rc7
new file mode 100644
index 000000000000..0abeaf6f5702
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/saslauthd2.rc7
@@ -0,0 +1,20 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting saslauthd"
+	start-stop-daemon --start --quiet --exec /usr/sbin/saslauthd \
+		-- ${SASLAUTHD_OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping saslauthd"
+	start-stop-daemon --stop --quiet --pidfile /run/saslauthd/saslauthd.pid
+	eend $?
+}
diff --git a/dev-libs/cyrus-sasl/metadata.xml b/dev-libs/cyrus-sasl/metadata.xml
new file mode 100644
index 000000000000..f2bbc032f6a0
--- /dev/null
+++ b/dev-libs/cyrus-sasl/metadata.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<!-- maintainer-needed -->
+<use>
+  <flag name="authdaemond">Add Courier-IMAP authdaemond unix socket
+    support (<pkg>net-mail/courier-imap</pkg>, <pkg>mail-mta/courier</pkg>)
+    </flag>
+  <flag name="openldap">Add ldap support for saslauthd</flag>
+  <flag name="ldapdb">Enable ldapdb plugin</flag>
+  <flag name="sample">Enable sample client and server</flag>
+  <flag name="srp">Enable SRP authentication</flag>
+  <flag name="urandom">Use /dev/urandom instead of /dev/random</flag>
+</use>
+	<origin>gentoo-staging</origin>
+</pkgmetadata>