pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/openpam Update OpenPAM to openpam-20130907 (N...
details: https://anonhg.NetBSD.org/pkgsrc/rev/6b36377d1511
branches: trunk
changeset: 635740:6b36377d1511
user: joerg <joerg%pkgsrc.org@localhost>
date: Tue Jun 10 13:17:42 2014 +0000
description:
Update OpenPAM to openpam-20130907 (Nummularia), including a fix for
CVE-2014-3879:
- Better dynamic loader, supports specifying modules without ".so"
prefix.
- Improve documentation.
- openpam_subst, openpam_readword and openpam_readlinev helpers
- PAM_HOST item for better password prompts
- user_prompt, authtok_prompt and oldauthtok_prompt module options
- pamtest(1) program for testing policies and modules
diffstat:
security/openpam/Makefile | 7 +-
security/openpam/PLIST | 18 +-
security/openpam/distinfo | 21 +-
security/openpam/patches/patch-ab | 65 -----
security/openpam/patches/patch-ac | 21 -
security/openpam/patches/patch-ad | 13 -
security/openpam/patches/patch-ae | 13 -
security/openpam/patches/patch-af | 22 -
security/openpam/patches/patch-ag | 31 --
security/openpam/patches/patch-ah | 13 -
security/openpam/patches/patch-ai | 13 -
security/openpam/patches/patch-aj | 13 -
security/openpam/patches/patch-bin_openpam__dump__policy_openpam__dump__policy.c | 13 +
security/openpam/patches/patch-lib_libpam_openpam__configure.c | 125 ++++++++++
security/openpam/patches/patch-lib_libpam_openpam__constants.c | 17 +
security/openpam/patches/patch-lib_libpam_openpam__ctype.h | 13 +
16 files changed, 192 insertions(+), 226 deletions(-)
diffs (truncated from 526 to 300 lines):
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/Makefile
--- a/security/openpam/Makefile Tue Jun 10 12:34:09 2014 +0000
+++ b/security/openpam/Makefile Tue Jun 10 13:17:42 2014 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.20 2014/05/29 23:37:20 wiz Exp $
+# $NetBSD: Makefile,v 1.21 2014/06/10 13:17:42 joerg Exp $
-DISTNAME= openpam-20071221
-PKGREVISION= 4
+DISTNAME= openpam-20130907
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=openpam/}
@@ -19,6 +18,8 @@
CONFIGURE_ARGS+= --with-pam-unix
CONFIGURE_ARGS+= --with-modules-dir=${PREFIX}/lib/security
+CPPFLAGS+= -DSYSCONFDIR=\"$(PKG_SYSCONFDIR)\"
+
OWN_DIRS= ${PKG_SYSCONFDIR}/pam.d
.include "../../mk/dlopen.buildlink3.mk"
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/PLIST
--- a/security/openpam/PLIST Tue Jun 10 12:34:09 2014 +0000
+++ b/security/openpam/PLIST Tue Jun 10 13:17:42 2014 +0000
@@ -1,6 +1,6 @@
-@comment $NetBSD: PLIST,v 1.6 2009/06/14 18:13:34 joerg Exp $
+@comment $NetBSD: PLIST,v 1.7 2014/06/10 13:17:42 joerg Exp $
+include/security/openpam_attr.h
include/security/openpam.h
-include/security/openpam_attr.h
include/security/openpam_version.h
include/security/pam_appl.h
include/security/pam_constants.h
@@ -14,12 +14,18 @@
man/man3/openpam_borrow_cred.3
man/man3/openpam_free_data.3
man/man3/openpam_free_envlist.3
+man/man3/openpam_get_feature.3
man/man3/openpam_get_option.3
man/man3/openpam_log.3
man/man3/openpam_nullconv.3
man/man3/openpam_readline.3
+man/man3/openpam_readlinev.3
+man/man3/openpam_readword.3
man/man3/openpam_restore_cred.3
+man/man3/openpam_set_feature.3
man/man3/openpam_set_option.3
+man/man3/openpam_straddch.3
+man/man3/openpam_subst.3
man/man3/openpam_ttyconv.3
man/man3/pam.3
man/man3/pam_acct_mgmt.3
@@ -31,18 +37,18 @@
man/man3/pam_error.3
man/man3/pam_get_authtok.3
man/man3/pam_get_data.3
+man/man3/pam_getenv.3
+man/man3/pam_getenvlist.3
man/man3/pam_get_item.3
man/man3/pam_get_user.3
-man/man3/pam_getenv.3
-man/man3/pam_getenvlist.3
man/man3/pam_info.3
man/man3/pam_open_session.3
man/man3/pam_prompt.3
man/man3/pam_putenv.3
+man/man3/pam_setcred.3
man/man3/pam_set_data.3
+man/man3/pam_setenv.3
man/man3/pam_set_item.3
-man/man3/pam_setcred.3
-man/man3/pam_setenv.3
man/man3/pam_sm_acct_mgmt.3
man/man3/pam_sm_authenticate.3
man/man3/pam_sm_chauthtok.3
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/distinfo
--- a/security/openpam/distinfo Tue Jun 10 12:34:09 2014 +0000
+++ b/security/openpam/distinfo Tue Jun 10 13:17:42 2014 +0000
@@ -1,14 +1,9 @@
-$NetBSD: distinfo,v 1.8 2011/12/13 15:57:08 spz Exp $
+$NetBSD: distinfo,v 1.9 2014/06/10 13:17:42 joerg Exp $
-SHA1 (openpam-20071221.tar.gz) = 43d41fa4a86199077c4fe193c52c59365f4c317e
-RMD160 (openpam-20071221.tar.gz) = cd8f7e94984693b0f892f226bfed6a3f9b24ec72
-Size (openpam-20071221.tar.gz) = 396932 bytes
-SHA1 (patch-ab) = 2405cccb175e58914e36a26ac8aa896a1334b145
-SHA1 (patch-ac) = 72fb5ffb67edf9892e6c2db5485fdf51ea4b50ce
-SHA1 (patch-ad) = 08b0dbd2d84c4239ea898f137d2f0ed7f7476d74
-SHA1 (patch-ae) = 4f31bdde2cca94377c4e3ac8e4d42512764b3fac
-SHA1 (patch-af) = 1879c2450cd72152573248b60bdad056ad13a5e2
-SHA1 (patch-ag) = c46e5e2ce53765c5f593735bb0daf9cdf03eab13
-SHA1 (patch-ah) = 5cef165a6986e0146f75cc4aa4fe5c0adc2d5042
-SHA1 (patch-ai) = ebd22192a6b34161feac281ade41340493142e2b
-SHA1 (patch-aj) = f106a68e24fabae7353ea4480c75ba84097ec606
+SHA1 (openpam-20130907.tar.gz) = c6d33913c2e90b463ef8ecc04358a14e6467c11f
+RMD160 (openpam-20130907.tar.gz) = 501c36f07b78bece4a96b21acadef659a68634f1
+Size (openpam-20130907.tar.gz) = 459949 bytes
+SHA1 (patch-bin_openpam__dump__policy_openpam__dump__policy.c) = 8485ecba73ec4f1fe3c5133d9f00cc74788534af
+SHA1 (patch-lib_libpam_openpam__configure.c) = 0d2d6b3bcb4ab86b253fbe13c751e8c5c8607ee0
+SHA1 (patch-lib_libpam_openpam__constants.c) = 7dd63e288408939a73057b3e4d90382983c1d559
+SHA1 (patch-lib_libpam_openpam__ctype.h) = 14866f4cfbdd5c6f67f97d4f3755a4e80782cce0
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/patches/patch-ab
--- a/security/openpam/patches/patch-ab Tue Jun 10 12:34:09 2014 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-$NetBSD: patch-ab,v 1.4 2011/12/13 15:57:08 spz Exp $
-
-- pkgsrcification
-- prevention of CVE-2011-4122 taken from NetBSD src
-
---- lib/openpam_configure.c.orig 2007-12-21 11:36:24.000000000 +0000
-+++ lib/openpam_configure.c
-@@ -70,7 +70,7 @@ static int
- match_word(const char *str, const char *word)
- {
-
-- while (*str && tolower(*str) == tolower(*word))
-+ while (*str && tolower((unsigned char)*str) == tolower((unsigned char)*word))
- ++str, ++word;
- return (*str == ' ' && *word == '\0');
- }
-@@ -194,7 +194,7 @@ openpam_read_chain(pam_handle_t *pamh,
- }
-
- /* allocate new entry */
-- if ((this = calloc(1, sizeof *this)) == NULL)
-+ if ((this = calloc((size_t)1, sizeof *this)) == NULL)
- goto syserr;
-
- /* control flag */
-@@ -230,7 +230,7 @@ openpam_read_chain(pam_handle_t *pamh,
- ++this->optc;
- q = next_word(q);
- }
-- this->optv = calloc(this->optc + 1, sizeof(char *));
-+ this->optv = calloc((size_t)(this->optc + 1), sizeof(char *));
- if (this->optv == NULL)
- goto syserr;
- for (i = 0; i < this->optc; ++i) {
-@@ -263,11 +263,13 @@ openpam_read_chain(pam_handle_t *pamh,
- return (-1);
- }
-
-+#ifndef SYSCONFDIR
-+#define SYSCONFDIR "/usr/local/etc"
-+#endif
-+
- static const char *openpam_policy_path[] = {
-- "/etc/pam.d/",
-- "/etc/pam.conf",
-- "/usr/local/etc/pam.d/",
-- "/usr/local/etc/pam.conf",
-+ SYSCONFDIR "/pam.d/",
-+ SYSCONFDIR "/pam.conf",
- NULL
- };
-
-@@ -285,6 +287,12 @@ openpam_load_chain(pam_handle_t *pamh,
- size_t len;
- int r;
-
-+ /* Don't allow an escape from policy_path. */
-+ if (strchr(service, '/') != NULL) {
-+ openpam_log(PAM_LOG_ERROR, "illegal service \"%s\"", service);
-+ return (-PAM_SYSTEM_ERR);
-+ }
-+
- for (path = openpam_policy_path; *path != NULL; ++path) {
- len = strlen(*path);
- if ((*path)[len - 1] == '/') {
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/patches/patch-ac
--- a/security/openpam/patches/patch-ac Tue Jun 10 12:34:09 2014 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-$NetBSD: patch-ac,v 1.3 2008/02/18 16:48:12 jlam Exp $
-
---- lib/Makefile.in.orig 2007-12-21 06:44:28.000000000 -0500
-+++ lib/Makefile.in
-@@ -116,7 +116,7 @@ CC = @CC@
- CCDEPMODE = @CCDEPMODE@
- CFLAGS = @CFLAGS@
- CPP = @CPP@
--CPPFLAGS = @CPPFLAGS@
-+CPPFLAGS = @CPPFLAGS@ -DSYSCONFDIR=\"$(sysconfdir)\"
- CRYPT_LIBS = @CRYPT_LIBS@
- CXX = @CXX@
- CXXCPP = @CXXCPP@
-@@ -267,7 +267,6 @@ libpam_la_SOURCES = \
- pam_vprompt.c \
- $(NULL)
-
--libpam_la_CFLAGS = -DOPENPAM_MODULES_DIR='"@OPENPAM_MODULES_DIR@/"'
- libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@ @DL_LIBS@
- EXTRA_DIST = \
- pam_authenticate_secondary.c \
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/patches/patch-ad
--- a/security/openpam/patches/patch-ad Tue Jun 10 12:34:09 2014 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ad,v 1.1 2008/02/18 18:22:18 jlam Exp $
-
---- lib/Makefile.am.orig 2007-06-03 16:26:18.000000000 -0400
-+++ lib/Makefile.am
-@@ -52,8 +52,6 @@ libpam_la_SOURCES = \
- pam_vprompt.c \
- $(NULL)
-
--libpam_la_CFLAGS = -DOPENPAM_MODULES_DIR='"@OPENPAM_MODULES_DIR@/"'
--
- libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@ @DL_LIBS@
-
- EXTRA_DIST = \
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/patches/patch-ae
--- a/security/openpam/patches/patch-ae Tue Jun 10 12:34:09 2014 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ae,v 1.1 2008/02/18 18:22:18 jlam Exp $
-
---- lib/openpam_borrow_cred.c.orig 2007-12-21 06:36:24.000000000 -0500
-+++ lib/openpam_borrow_cred.c
-@@ -73,7 +73,7 @@ openpam_borrow_cred(pam_handle_t *pamh,
- (int)geteuid());
- RETURNC(PAM_PERM_DENIED);
- }
-- scred = calloc(1, sizeof *scred);
-+ scred = calloc((size_t)1, sizeof *scred);
- if (scred == NULL)
- RETURNC(PAM_BUF_ERR);
- scred->euid = geteuid();
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/patches/patch-af
--- a/security/openpam/patches/patch-af Tue Jun 10 12:34:09 2014 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-af,v 1.1 2008/02/18 18:22:18 jlam Exp $
-
---- lib/openpam_dynamic.c.orig 2007-12-21 06:36:24.000000000 -0500
-+++ lib/openpam_dynamic.c
-@@ -64,7 +64,7 @@ openpam_dynamic(const char *path)
- int i;
-
- dlh = NULL;
-- if ((module = calloc(1, sizeof *module)) == NULL)
-+ if ((module = calloc((size_t)1, sizeof *module)) == NULL)
- goto buf_err;
-
- /* Prepend the standard prefix if not an absolute pathname. */
-@@ -74,7 +74,7 @@ openpam_dynamic(const char *path)
- prefix = "";
-
- /* try versioned module first, then unversioned module */
-- if (asprintf(&vpath, "%s%s.%d", prefix, path, LIB_MAJ) < 0)
-+ if (asprintf(&vpath, "%s/%s.%d", prefix, path, LIB_MAJ) < 0)
- goto buf_err;
- if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) {
- openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror());
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/patches/patch-ag
--- a/security/openpam/patches/patch-ag Tue Jun 10 12:34:09 2014 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,31 +0,0 @@
-$NetBSD: patch-ag,v 1.1 2008/02/18 18:22:18 jlam Exp $
-
---- lib/openpam_readline.c.orig 2007-12-21 06:36:24.000000000 -0500
-+++ lib/openpam_readline.c
-@@ -57,7 +57,7 @@ openpam_readline(FILE *f, int *lineno, s
- size_t len, size;
- int ch;
-
-- if ((line = malloc(MIN_LINE_LENGTH)) == NULL)
-+ if ((line = malloc((size_t)MIN_LINE_LENGTH)) == NULL)
- return (NULL);
- size = MIN_LINE_LENGTH;
- len = 0;
-@@ -84,7 +84,7 @@ openpam_readline(FILE *f, int *lineno, s
- /* eof */
- if (ch == EOF) {
- /* remove trailing whitespace */
-- while (len > 0 && isspace((int)line[len - 1]))
-+ while (len > 0 && isspace((unsigned char)line[len - 1]))
- --len;
- line[len] = '\0';
- if (len == 0)
-@@ -97,7 +97,7 @@ openpam_readline(FILE *f, int *lineno, s
- ++*lineno;
-
- /* remove trailing whitespace */
-- while (len > 0 && isspace((int)line[len - 1]))
-+ while (len > 0 && isspace((unsigned char)line[len - 1]))
- --len;
- line[len] = '\0';
- /* skip blank lines */
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/patches/patch-ah
--- a/security/openpam/patches/patch-ah Tue Jun 10 12:34:09 2014 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ah,v 1.1 2008/02/18 18:22:18 jlam Exp $
-
---- lib/pam_putenv.c.orig 2007-12-21 06:36:24.000000000 -0500
-+++ lib/pam_putenv.c
-@@ -65,7 +65,7 @@ pam_putenv(pam_handle_t *pamh,
Home |
Main Index |
Thread Index |
Old Index