3 files changed, 17 insertions, 49 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 2872919ce5..93ef9c0ba7 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -981,8 +981,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/curl-use-ssl-cert-env.patch		\
   %D%/packages/patches/cursynth-wave-rand.patch			\
   %D%/packages/patches/cvs-CVE-2017-12836.patch		\
-  %D%/packages/patches/cyrus-sasl-ac-try-run-fix.patch		\
-  %D%/packages/patches/cyrus-sasl-CVE-2019-19906.patch		\
   %D%/packages/patches/c++-gsl-find-system-gtest.patch		\
   %D%/packages/patches/c++-gsl-move-array-bounds-tests.patch	\
   %D%/packages/patches/date-output-pkg-config-files.patch	\
diff --git a/gnu/packages/cyrus-sasl.scm b/gnu/packages/cyrus-sasl.scm
index 2cd18f3e5e..43694ff5f3 100644
--- a/gnu/packages/cyrus-sasl.scm
+++ b/gnu/packages/cyrus-sasl.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2022 Marius Bakke <marius@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,6 +27,7 @@
   #:use-module (gnu packages kerberos)
   #:use-module (gnu packages tls)
   #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix gexp)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu))
@@ -33,42 +35,35 @@
 (define-public cyrus-sasl
   (package
    (name "cyrus-sasl")
-   (version "2.1.27")
+   (version "2.1.28")
    (source (origin
             (method url-fetch)
-            (uri (list (string-append
-                        "https://cyrusimap.org/releases/cyrus-sasl-"
-                        version ".tar.gz")
-                       (string-append
-                        "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-"
-                        version ".tar.gz")))
+            (uri (string-append "https://github.com/cyrusimap/cyrus-sasl"
+                                "/releases/download/cyrus-sasl-" version
+                                "/cyrus-sasl-" version ".tar.gz"))
             (sha256 (base32
-                     "1m85zcpgfdhm43cavpdkhb1s2zq1b31472hq1w1gs3xh94anp1i6"))
-            (patches (search-patches "cyrus-sasl-ac-try-run-fix.patch"
-                                     "cyrus-sasl-CVE-2019-19906.patch"))))
+                     "135kbgyfpa1mwqp5dm223yr6ddzi4vjm7cr414d7rmhys2mwdkvw"))))
    (build-system gnu-build-system)
-   (native-inputs
-     (list autoconf automake libtool))
    (inputs (list gdbm openssl))
    (propagated-inputs
     (list ;; cyrus-sasl.pc refers to -lkrb5, so propagate it.
           mit-krb5))
    (arguments
-    '(#:configure-flags (list (string-append "--with-plugindir="
-                                             (assoc-ref %outputs "out")
-                                             "/lib/sasl2"))
+    (list
+     #:configure-flags #~(list (string-append "--with-plugindir="
+                                              #$output "/lib/sasl2")
+                               ;; When cross-compiling the build system is
+                               ;; unable to determine whether SPNEGO is
+                               ;; supported; Kerberos does, so enable it.
+                               #$@(if (%current-target-system)
+                                      '("ac_cv_gssapi_supports_spnego=yes")
+                                      '()))
 
       ;; The 'plugins' directory has shared source files, such as
       ;; 'plugin_common.c'.  When building the shared libraries there, libtool
       ;; ends up doing "ln -s plugin_common.lo plugin_common.o", which can
       ;; fail with EEXIST when building things in parallel.
-      #:parallel-build? #f
-
-      #:phases
-      (modify-phases %standard-phases
-        (add-after 'unpack 'autogen
-          (lambda _
-            (invoke "autoreconf" "-vif"))))))
+      #:parallel-build? #f))
    (synopsis "Simple Authentication Security Layer implementation")
    (description
     "SASL (Simple Authentication Security Layer) is an Internet
diff --git a/gnu/packages/patches/cyrus-sasl-CVE-2019-19906.patch b/gnu/packages/patches/cyrus-sasl-CVE-2019-19906.patch
deleted file mode 100644
index acdf682430..0000000000
--- a/gnu/packages/patches/cyrus-sasl-CVE-2019-19906.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1 Mon Sep 17 00:00:00 2001
-From: Quanah Gibson-Mount <quanah@symas.com>
-Date: Tue, 18 Feb 2020 19:05:12 +0000
-Subject: [PATCH] Fix #587
-
-Off by one error in common.c, CVE-2019-19906.
-
-Thanks to Stephan Zeisberg for reporting
----
- lib/common.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/common.c b/lib/common.c
-index bc3bf1df..9969d6aa 100644
---- a/lib/common.c
-+++ b/lib/common.c
-@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
- 
-   if (add==NULL) add = "(null)";
- 
--  addlen=strlen(add); /* only compute once */
-+  addlen=strlen(add)+1; /* only compute once */
-   if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
-     return SASL_NOMEM;
-