+++ /dev/null
-diff -durN mutt-1.4.orig/configure.in mutt-1.4/configure.in
---- mutt-1.4.orig/configure.in Fri Jan 10 11:50:30 2003
-+++ mutt-1.4/configure.in Fri Jan 10 11:50:41 2003
-@@ -570,22 +570,24 @@
- then
- if test "$with_sasl" != "yes"
- then
-- CPPFLAGS="$CPPFLAGS -I$with_sasl/include"
-+ CPPFLAGS="$CPPFLAGS -I$with_sasl/include/sasl"
- LDFLAGS="$LDFLAGS -L$with_sasl/lib"
-+ else
-+ CPPFLAGS="$CPPFLAGS -I/usr/include/sasl"
- fi
-
- saved_LIBS="$LIBS"
-
-- AC_CHECK_LIB(sasl, sasl_client_init,,
-- AC_MSG_ERROR([could not find libsasl]),)
-+ AC_CHECK_LIB(sasl2, sasl_client_init,,
-+ AC_MSG_ERROR([could not find libsasl2]),)
-
- MUTT_LIB_OBJECTS="$MUTT_LIB_OBJECTS mutt_sasl.o"
-- MUTTLIBS="$MUTTLIBS -lsasl"
-+ MUTTLIBS="$MUTTLIBS -lsasl2"
- LIBS="$saved_LIBS"
- AC_DEFINE(USE_SASL,1,
- [ Define if want to use the Cyrus SASL library for POP/IMAP authentication. ])
- need_sasl=yes
-- need_md5=no
-+ need_md5=yes
- fi
- ])
- AM_CONDITIONAL(USE_SASL, test x$need_sasl = xyes)
-diff -durN mutt-1.4.orig/imap/auth_sasl.c mutt-1.4/imap/auth_sasl.c
---- mutt-1.4.orig/imap/auth_sasl.c Sun Jan 13 22:16:34 2002
-+++ mutt-1.4/imap/auth_sasl.c Fri Jan 10 11:51:38 2003
-@@ -34,7 +34,7 @@
- int rc, irc;
- char buf[LONG_STRING];
- const char* mech;
-- char* pc = NULL;
-+ const char* pc = NULL;
- unsigned int len, olen;
- unsigned char client_start;
-
-@@ -63,15 +63,13 @@
- if (mutt_bit_isset (idata->capabilities, AUTH_ANON) &&
- (!idata->conn->account.user[0] ||
- !ascii_strncmp (idata->conn->account.user, "anonymous", 9)))
-- rc = sasl_client_start (saslconn, "AUTH=ANONYMOUS", NULL, NULL, &pc, &olen,
-- &mech);
-+ rc = sasl_client_start (saslconn, "AUTH=ANONYMOUS", NULL, &pc, &olen, &mech);
- }
-
- if (rc != SASL_OK && rc != SASL_CONTINUE)
- do
- {
-- rc = sasl_client_start (saslconn, method, NULL, &interaction,
-- &pc, &olen, &mech);
-+ rc = sasl_client_start (saslconn, method, &interaction, &pc, &olen, &mech);
- if (rc == SASL_INTERACT)
- mutt_sasl_interact (interaction);
- }
-@@ -109,7 +107,7 @@
- if (irc == IMAP_CMD_RESPOND)
- {
- if (sasl_decode64 (idata->cmd.buf+2, strlen (idata->cmd.buf+2), buf,
-- &len) != SASL_OK)
-+ LONG_STRING,&len) != SASL_OK)
- {
- dprint (1, (debugfile, "imap_auth_sasl: error base64-decoding server response.\n"));
- goto bail;
-@@ -137,10 +135,6 @@
- dprint (1, (debugfile, "imap_auth_sasl: error base64-encoding client response.\n"));
- goto bail;
- }
--
-- /* sasl_client_st(art|ep) allocate pc with malloc, expect me to
-- * free it */
-- FREE (&pc);
- }
-
- if (olen || rc == SASL_CONTINUE)
-diff -durN mutt-1.4.orig/mutt_sasl.c mutt-1.4/mutt_sasl.c
---- mutt-1.4.orig/mutt_sasl.c Tue Feb 26 11:38:27 2002
-+++ mutt-1.4/mutt_sasl.c Fri Jan 10 11:50:41 2003
-@@ -92,10 +92,13 @@
- * probably stop exporting mutt_sasl_get_callbacks(). */
- int mutt_sasl_client_new (CONNECTION* conn, sasl_conn_t** saslconn)
- {
-- sasl_security_properties_t secprops;
-- sasl_external_properties_t extprops;
- const char* service;
- int rc;
-+ struct sockaddr_in local, remote;
-+ char buf[LONG_STRING];
-+ char localip[LONG_STRING], remoteip[LONG_STRING];
-+ socklen_t size;
-+ sasl_security_properties_t secprops;
-
- if (mutt_sasl_start () != SASL_OK)
- return -1;
-@@ -112,9 +115,21 @@
- dprint (1, (debugfile, "mutt_sasl_client_new: account type unset\n"));
- return -1;
- }
--
-- rc = sasl_client_new (service, conn->account.host,
-- mutt_sasl_get_callbacks (&conn->account), SASL_SECURITY_LAYER, saslconn);
-+
-+ size = sizeof (local);
-+ if (getsockname (conn->fd, (struct sockaddr*) &local, &size))
-+ return -1;
-+ inet_ntop(local.sin_family, &local.sin_addr,buf,LONG_STRING);
-+ sprintf(localip,"%s;%i",buf,local.sin_port);
-+
-+ size = sizeof(remote);
-+ if (getpeername(conn->fd, (struct sockaddr*) &remote, &size))
-+ return -1;
-+ inet_ntop(remote.sin_family, &remote.sin_addr,buf,LONG_STRING);
-+ sprintf(remoteip,"%s;%i",buf,local.sin_port);
-+
-+ rc = sasl_client_new (service, conn->account.host, localip, remoteip,
-+ mutt_sasl_get_callbacks (&conn->account), 0, saslconn);
-
- if (rc != SASL_OK)
- {
-@@ -123,40 +138,6 @@
- return -1;
- }
-
-- /*** set sasl IP properties, necessary for use with krb4 ***/
-- /* Do we need to fail if this fails? I would assume having these unset
-- * would just disable KRB4. Who wrote this code? I'm not sure how this
-- * interacts with the NSS code either, since that mucks with the fd. */
-- {
-- struct sockaddr_in local, remote;
-- socklen_t size;
--
-- size = sizeof (local);
-- if (getsockname (conn->fd, (struct sockaddr*) &local, &size))
-- return -1;
--
-- size = sizeof(remote);
-- if (getpeername(conn->fd, (struct sockaddr*) &remote, &size))
-- return -1;
--
--#ifdef SASL_IP_LOCAL
-- if (sasl_setprop(*saslconn, SASL_IP_LOCAL, &local) != SASL_OK)
-- {
-- dprint (1, (debugfile,
-- "mutt_sasl_client_new: Error setting local IP address\n"));
-- return -1;
-- }
--#endif
--
--#ifdef SASL_IP_REMOTE
-- if (sasl_setprop(*saslconn, SASL_IP_REMOTE, &remote) != SASL_OK)
-- {
-- dprint (1, (debugfile,
-- "mutt_sasl_client_new: Error setting remote IP address\n"));
-- return -1;
-- }
--#endif
-- }
-
- /* set security properties. We use NOPLAINTEXT globally, since we can
- * just fall back to LOGIN in the IMAP case anyway. If that doesn't
-@@ -181,10 +162,9 @@
- #if defined(USE_SSL) && !defined(USE_NSS)
- if (conn->account.flags & M_ACCT_SSL)
- {
-- memset (&extprops, 0, sizeof (extprops));
-- extprops.ssf = conn->ssf;
-- dprint (2, (debugfile, "External SSF: %d\n", extprops.ssf));
-- if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &extprops) != SASL_OK)
-+ sasl_ssf_t ssf=conn->ssf;
-+ dprint (2, (debugfile, "External SSF: %d\n", ssf));
-+ if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &ssf) != SASL_OK)
- {
- dprint (1, (debugfile, "mutt_sasl_client_new: Error setting external properties\n"));
- return -1;
-@@ -274,7 +254,7 @@
-
- sasldata->saslconn = saslconn;
- /* get ssf so we know whether we have to (en|de)code read/write */
-- sasl_getprop (saslconn, SASL_SSF, (void**) &sasldata->ssf);
-+ sasl_getprop (saslconn, SASL_SSF, (const void**) &sasldata->ssf);
- dprint (3, (debugfile, "SASL protection strength: %u\n", *sasldata->ssf));
- /* Add SASL SSF to transport SSF */
- conn->ssf += *sasldata->ssf;
-diff -durN mutt-1.4.orig/pop_auth.c mutt-1.4/pop_auth.c
---- mutt-1.4.orig/pop_auth.c Thu Aug 30 10:11:06 2001
-+++ mutt-1.4/pop_auth.c Fri Jan 10 11:51:26 2003
-@@ -41,7 +41,7 @@
- char buf[LONG_STRING];
- char inbuf[LONG_STRING];
- const char* mech;
-- char* pc = NULL;
-+ const char* pc = NULL;
- unsigned int len, olen;
- unsigned char client_start;
-
-@@ -56,8 +56,7 @@
-
- FOREVER
- {
-- rc = sasl_client_start (saslconn, method, NULL,
-- &interaction, &pc, &olen, &mech);
-+ rc = sasl_client_start (saslconn, method, &interaction, &pc, &olen, &mech);
- if (rc != SASL_INTERACT)
- break;
- mutt_sasl_interact (interaction);
-@@ -96,7 +95,7 @@
- if (mutt_strncmp (inbuf, "+ ", 2))
- goto bail;
-
-- if (sasl_decode64 (inbuf, strlen (inbuf), buf, &len) != SASL_OK)
-+ if (sasl_decode64 (inbuf, strlen (inbuf), buf, LONG_STRING, &len) != SASL_OK)
- {
- dprint (1, (debugfile, "pop_auth_sasl: error base64-decoding server response.\n"));
- goto bail;
-@@ -124,10 +123,6 @@
- dprint (1, (debugfile, "pop_auth_sasl: error base64-encoding client response.\n"));
- goto bail;
- }
--
-- /* sasl_client_st(art|ep) allocate pc with malloc, expect me to
-- * free it */
-- safe_free ((void *) &pc);
- }
- }
-