pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/pam_ssh_agent_auth pam_ssh_agent_auth: update...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/7623de553e90
branches:  trunk
changeset: 450064:7623de553e90
user:      nia <nia%pkgsrc.org@localhost>
date:      Sat Apr 10 09:10:11 2021 +0000

description:
pam_ssh_agent_auth: update to 0.10.4

- fixed build with openssl 1.1.
- grabbed some fixes from FreeBSD.
- now uses the new GITHUB_SUBMODULES - thx ryoon!

diffstat:

 security/pam_ssh_agent_auth/Makefile                  |  19 ++++--
 security/pam_ssh_agent_auth/PLIST                     |   2 +-
 security/pam_ssh_agent_auth/distinfo                  |  19 ++++--
 security/pam_ssh_agent_auth/patches/patch-Makefile.in |  15 +++++
 security/pam_ssh_agent_auth/patches/patch-aa          |  13 ----
 security/pam_ssh_agent_auth/patches/patch-ab          |  15 -----
 security/pam_ssh_agent_auth/patches/patch-ac          |  22 --------
 security/pam_ssh_agent_auth/patches/patch-ssh-ecdsa.c |  52 +++++++++++++++++++
 8 files changed, 90 insertions(+), 67 deletions(-)

diffs (204 lines):

diff -r 94fa07f47607 -r 7623de553e90 security/pam_ssh_agent_auth/Makefile
--- a/security/pam_ssh_agent_auth/Makefile      Sat Apr 10 09:03:13 2021 +0000
+++ b/security/pam_ssh_agent_auth/Makefile      Sat Apr 10 09:10:11 2021 +0000
@@ -1,20 +1,23 @@
-# $NetBSD: Makefile,v 1.9 2020/04/24 11:41:37 nia Exp $
+# $NetBSD: Makefile,v 1.10 2021/04/10 09:10:11 nia Exp $
 
-DISTNAME=      pam_ssh_agent_auth-0.9.2
-PKGREVISION=   2
+DISTNAME=      pam_ssh_agent_auth-0.10.4
 CATEGORIES=    security
-MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=pamsshagentauth/}
-EXTRACT_SUFX=  .tar.bz2
+MASTER_SITES=  ${MASTER_SITE_GITHUB:=jbeverly/}
+GITHUB_TAG=    ${DISTNAME}
 
 MAINTAINER=    agc%NetBSD.org@localhost
-HOMEPAGE=      https://sourceforge.net/projects/pamsshagentauth/
+HOMEPAGE=      https://github.com/jbeverly/pam_ssh_agent_auth
 COMMENT=       PAM module which permits authentication via ssh-agent
 LICENSE=       modified-bsd
 
-BROKEN=                "Fails to build with OpenSSL 1.1"
-
 GNU_CONFIGURE= yes
 USE_TOOLS+=    pod2man
 
+GITHUB_SUBMODULES+=    floodyberry ed25519-donna 8757bd4cd209cb032853ece0ce413f122eef212c ed25519-donna
+
+CONFIGURE_ARGS+=       --without-openssl-header-check
+
+INSTALLATION_DIRS+=    ${PKGMANDIR}/man8
+
 .include "../../security/openssl/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
diff -r 94fa07f47607 -r 7623de553e90 security/pam_ssh_agent_auth/PLIST
--- a/security/pam_ssh_agent_auth/PLIST Sat Apr 10 09:03:13 2021 +0000
+++ b/security/pam_ssh_agent_auth/PLIST Sat Apr 10 09:10:11 2021 +0000
@@ -1,3 +1,3 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2009/12/11 19:48:12 agc Exp $
+@comment $NetBSD: PLIST,v 1.2 2021/04/10 09:10:11 nia Exp $
 libexec/pam_ssh_agent_auth.so
 man/man8/pam_ssh_agent_auth.8
diff -r 94fa07f47607 -r 7623de553e90 security/pam_ssh_agent_auth/distinfo
--- a/security/pam_ssh_agent_auth/distinfo      Sat Apr 10 09:03:13 2021 +0000
+++ b/security/pam_ssh_agent_auth/distinfo      Sat Apr 10 09:10:11 2021 +0000
@@ -1,9 +1,12 @@
-$NetBSD: distinfo,v 1.3 2015/11/04 01:18:00 agc Exp $
+$NetBSD: distinfo,v 1.4 2021/04/10 09:10:11 nia Exp $
 
-SHA1 (pam_ssh_agent_auth-0.9.2.tar.bz2) = 0f3d9455a8f983907cfad293105cfb16c4a08a0a
-RMD160 (pam_ssh_agent_auth-0.9.2.tar.bz2) = 2ef2a4dbb1f3115751f596629c0518e65500cdf4
-SHA512 (pam_ssh_agent_auth-0.9.2.tar.bz2) = e710a4dff315c8d79c5d5edc4ebe1629a8fc6d09651813fd4792a2021e7c2d5768d6b7e8539801e31b947cc30817f32375d751fc396707fc4f257df4f33cd408
-Size (pam_ssh_agent_auth-0.9.2.tar.bz2) = 237156 bytes
-SHA1 (patch-aa) = a32866ae59734b94c55a3531094bbd6b6d9cdbfc
-SHA1 (patch-ab) = 9ef4711ea6a65a627e581d8905a3a9f8ef0cf202
-SHA1 (patch-ac) = ade7a45c5e42307ee0e9ffbdbd708a6fef64ada0
+SHA1 (floodyberry-ed25519-donna-8757bd4cd209cb032853ece0ce413f122eef212c.tar.gz) = 5cf66843d4f66fea1117bc44a8d4c94eaeeda840
+RMD160 (floodyberry-ed25519-donna-8757bd4cd209cb032853ece0ce413f122eef212c.tar.gz) = bca5b0cb7d314bc72ba37415b557d618d6705b2f
+SHA512 (floodyberry-ed25519-donna-8757bd4cd209cb032853ece0ce413f122eef212c.tar.gz) = 
5e8b838bc66bdb1983e62b0ae969449741a3fb223198bce26fe3a8996e324728e8ba0e5259f9ef3db613fd484db21459e98c39367f7240940bc537210c6d7f63
+Size (floodyberry-ed25519-donna-8757bd4cd209cb032853ece0ce413f122eef212c.tar.gz) = 1169972 bytes
+SHA1 (pam_ssh_agent_auth-0.10.4.tar.gz) = 66dd8274346fd006ff40f525c082cfb701085b5f
+RMD160 (pam_ssh_agent_auth-0.10.4.tar.gz) = d4c02cb47d096ac261d1cb15791483c5c7261f12
+SHA512 (pam_ssh_agent_auth-0.10.4.tar.gz) = caccf72174d15e43f4c86a459ac6448682e62116557cf1e1e828955f3d1731595b238df42adec57860e7f341e92daf5d8285020bcb5018f3b8a5145aa32ee1c2
+Size (pam_ssh_agent_auth-0.10.4.tar.gz) = 307110 bytes
+SHA1 (patch-Makefile.in) = fd95237832ab5a30b38a9544462a124e2fd81a2d
+SHA1 (patch-ssh-ecdsa.c) = edc122ec4ad70d92d507c399775d4c112cf4f10c
diff -r 94fa07f47607 -r 7623de553e90 security/pam_ssh_agent_auth/patches/patch-Makefile.in
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/pam_ssh_agent_auth/patches/patch-Makefile.in     Sat Apr 10 09:10:11 2021 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-Makefile.in,v 1.1 2021/04/10 09:10:11 nia Exp $
+
+Do not install manpages to catpage directories.
+
+--- Makefile.in.orig   2019-07-08 16:36:13.000000000 +0000
++++ Makefile.in
+@@ -148,7 +148,7 @@ install: $(CONFIGFILES) $(MANPAGES) $(PA
+ install-files:
+       $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
+       $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
+-      $(INSTALL) -m 644 pam_ssh_agent_auth.8 $(DESTDIR)$(mandir)/$(mansubdir)8/pam_ssh_agent_auth.8
++      $(INSTALL) -m 644 pam_ssh_agent_auth.8 $(DESTDIR)$(mandir)/man8/pam_ssh_agent_auth.8
+       $(INSTALL) -m 755 pam_ssh_agent_auth.so $(DESTDIR)$(libexecdir)/pam_ssh_agent_auth.so
+ 
+ uninstallall: uninstall
diff -r 94fa07f47607 -r 7623de553e90 security/pam_ssh_agent_auth/patches/patch-aa
--- a/security/pam_ssh_agent_auth/patches/patch-aa      Sat Apr 10 09:03:13 2021 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-aa,v 1.1.1.1 2009/12/11 19:48:12 agc Exp $
-
---- log.h      2009/12/11 15:51:23     1.1
-+++ log.h      2009/12/11 15:51:40
-@@ -15,6 +15,8 @@
- #ifndef SSH_LOG_H
- #define SSH_LOG_H
- 
-+#include <stdarg.h>
-+
- /* Supported syslog facilities and levels. */
- typedef enum {
-       SYSLOG_FACILITY_DAEMON,
diff -r 94fa07f47607 -r 7623de553e90 security/pam_ssh_agent_auth/patches/patch-ab
--- a/security/pam_ssh_agent_auth/patches/patch-ab      Sat Apr 10 09:03:13 2021 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-ab,v 1.1.1.1 2009/12/11 19:48:12 agc Exp $
-
---- pam_user_authorized_keys.c 2009/12/11 15:54:07     1.1
-+++ pam_user_authorized_keys.c 2009/12/11 15:55:45
-@@ -81,6 +81,10 @@
- extern uint8_t  allow_user_owned_authorized_keys_file;
- uid_t           authorized_keys_file_allowed_owner_uid;
- 
-+#ifndef HOST_NAME_MAX
-+#define HOST_NAME_MAX MAXHOSTNAMELEN
-+#endif
-+
- void
- parse_authorized_key_file(const char *user, const char *authorized_keys_file_input)
- {
diff -r 94fa07f47607 -r 7623de553e90 security/pam_ssh_agent_auth/patches/patch-ac
--- a/security/pam_ssh_agent_auth/patches/patch-ac      Sat Apr 10 09:03:13 2021 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-ac,v 1.1.1.1 2009/12/11 19:48:12 agc Exp $
-
---- Makefile.in        2009/12/11 17:10:57     1.1
-+++ Makefile.in        2009/12/11 17:11:56
-@@ -13,7 +13,7 @@
- datadir=@datadir@
- datarootdir=@datarootdir@
- mandir=@mandir@
--mansubdir=@mansubdir@
-+mansubdir=man
- sysconfdir=@sysconfdir@
- piddir=@piddir@
- srcdir=@srcdir@
-@@ -130,7 +130,7 @@
- 
- uninstall:
-       -rm -f $(DESTDIR)$(libexecdir)/pam_ssh_agent_auth.so
--      -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/$(mansubdir)8/pam_ssh_agent_auth.8
-+      -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/pam_ssh_agent_auth.8
- 
- compat-tests: $(LIBCOMPAT)
-       (cd openbsd-compat/regress && $(MAKE))
diff -r 94fa07f47607 -r 7623de553e90 security/pam_ssh_agent_auth/patches/patch-ssh-ecdsa.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/pam_ssh_agent_auth/patches/patch-ssh-ecdsa.c     Sat Apr 10 09:10:11 2021 +0000
@@ -0,0 +1,52 @@
+$NetBSD: patch-ssh-ecdsa.c,v 1.1 2021/04/10 09:10:11 nia Exp $
+
+Fix segfault when handling ECDSA keys
+
+Import patch by Marc Deslauriers from the Ubuntu package of pam_ssh_agent_auth
+
+Ref: https://github.com/jbeverly/pam_ssh_agent_auth/pull/24/files
+     https://github.com/jbeverly/pam_ssh_agent_auth/issues/18
+     https://bugs.launchpad.net/ubuntu/+source/pam-ssh-agent-auth/+bug/1869512
+
+--- ssh-ecdsa.c.orig   2019-07-08 16:36:13.000000000 +0000
++++ ssh-ecdsa.c
+@@ -46,7 +46,7 @@ ssh_ecdsa_sign(const Key *key, u_char **
+     u_int len, dlen;
+     Buffer b, bb;
+ #if OPENSSL_VERSION_NUMBER >= 0x10100005L
+-      BIGNUM *r, *s;
++      BIGNUM *r = NULL, *s = NULL;
+ #endif
+ 
+     if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) {
+@@ -137,20 +137,27 @@ ssh_ecdsa_verify(const Key *key, const u
+ 
+     /* parse signature */
+     if ((sig = ECDSA_SIG_new()) == NULL)
+-        pamsshagentauth_fatal("ssh_ecdsa_verify: DSA_SIG_new failed");
++        pamsshagentauth_fatal("ssh_ecdsa_verify: ECDSA_SIG_new failed");
+ 
+     pamsshagentauth_buffer_init(&b);
+     pamsshagentauth_buffer_append(&b, sigblob, len);
+ #if OPENSSL_VERSION_NUMBER < 0x10100005L
+     if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) ||
+         (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1))
++        pamsshagentauth_fatal("ssh_ecdsa_verify:"
++            "pamsshagentauth_buffer_get_bignum2_ret failed");
+ #else
+-    DSA_SIG_get0(sig, &r, &s);
++    if ((r = BN_new()) == NULL)
++        pamsshagentauth_fatal("ssh_ecdsa_verify: BN_new failed");
++    if ((s = BN_new()) == NULL)
++        pamsshagentauth_fatal("ssh_ecdsa_verify: BN_new failed");
+     if ((pamsshagentauth_buffer_get_bignum2_ret(&b, r) == -1) ||
+         (pamsshagentauth_buffer_get_bignum2_ret(&b, s) == -1))
+-#endif
+         pamsshagentauth_fatal("ssh_ecdsa_verify:"
+             "pamsshagentauth_buffer_get_bignum2_ret failed");
++    if (ECDSA_SIG_set0(sig, r, s) != 1)
++        pamsshagentauth_fatal("ssh_ecdsa_verify: ECDSA_SIG_set0 failed");
++#endif
+ 
+     /* clean up */
+     memset(sigblob, 0, len);



Home | Main Index | Thread Index | Old Index