pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/openpam Update OpenPAM to openpam-20130907 (N...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/6b36377d1511
branches:  trunk
changeset: 635740:6b36377d1511
user:      joerg <joerg%pkgsrc.org@localhost>
date:      Tue Jun 10 13:17:42 2014 +0000

description:
Update OpenPAM to openpam-20130907 (Nummularia), including a fix for
CVE-2014-3879:

- Better dynamic loader, supports specifying modules without ".so"
  prefix.
- Improve documentation.
- openpam_subst, openpam_readword and openpam_readlinev helpers
- PAM_HOST item for better password prompts
- user_prompt, authtok_prompt and oldauthtok_prompt module options
- pamtest(1) program for testing policies and modules

diffstat:

 security/openpam/Makefile                                                        |    7 +-
 security/openpam/PLIST                                                           |   18 +-
 security/openpam/distinfo                                                        |   21 +-
 security/openpam/patches/patch-ab                                                |   65 -----
 security/openpam/patches/patch-ac                                                |   21 -
 security/openpam/patches/patch-ad                                                |   13 -
 security/openpam/patches/patch-ae                                                |   13 -
 security/openpam/patches/patch-af                                                |   22 -
 security/openpam/patches/patch-ag                                                |   31 --
 security/openpam/patches/patch-ah                                                |   13 -
 security/openpam/patches/patch-ai                                                |   13 -
 security/openpam/patches/patch-aj                                                |   13 -
 security/openpam/patches/patch-bin_openpam__dump__policy_openpam__dump__policy.c |   13 +
 security/openpam/patches/patch-lib_libpam_openpam__configure.c                   |  125 ++++++++++
 security/openpam/patches/patch-lib_libpam_openpam__constants.c                   |   17 +
 security/openpam/patches/patch-lib_libpam_openpam__ctype.h                       |   13 +
 16 files changed, 192 insertions(+), 226 deletions(-)

diffs (truncated from 526 to 300 lines):

diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/Makefile
--- a/security/openpam/Makefile Tue Jun 10 12:34:09 2014 +0000
+++ b/security/openpam/Makefile Tue Jun 10 13:17:42 2014 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.20 2014/05/29 23:37:20 wiz Exp $
+# $NetBSD: Makefile,v 1.21 2014/06/10 13:17:42 joerg Exp $
 
-DISTNAME=      openpam-20071221
-PKGREVISION=   4
+DISTNAME=      openpam-20130907
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=openpam/}
 
@@ -19,6 +18,8 @@
 CONFIGURE_ARGS+=       --with-pam-unix
 CONFIGURE_ARGS+=       --with-modules-dir=${PREFIX}/lib/security
 
+CPPFLAGS+=             -DSYSCONFDIR=\"$(PKG_SYSCONFDIR)\"
+
 OWN_DIRS=              ${PKG_SYSCONFDIR}/pam.d
 
 .include "../../mk/dlopen.buildlink3.mk"
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/PLIST
--- a/security/openpam/PLIST    Tue Jun 10 12:34:09 2014 +0000
+++ b/security/openpam/PLIST    Tue Jun 10 13:17:42 2014 +0000
@@ -1,6 +1,6 @@
-@comment $NetBSD: PLIST,v 1.6 2009/06/14 18:13:34 joerg Exp $
+@comment $NetBSD: PLIST,v 1.7 2014/06/10 13:17:42 joerg Exp $
+include/security/openpam_attr.h
 include/security/openpam.h
-include/security/openpam_attr.h
 include/security/openpam_version.h
 include/security/pam_appl.h
 include/security/pam_constants.h
@@ -14,12 +14,18 @@
 man/man3/openpam_borrow_cred.3
 man/man3/openpam_free_data.3
 man/man3/openpam_free_envlist.3
+man/man3/openpam_get_feature.3
 man/man3/openpam_get_option.3
 man/man3/openpam_log.3
 man/man3/openpam_nullconv.3
 man/man3/openpam_readline.3
+man/man3/openpam_readlinev.3
+man/man3/openpam_readword.3
 man/man3/openpam_restore_cred.3
+man/man3/openpam_set_feature.3
 man/man3/openpam_set_option.3
+man/man3/openpam_straddch.3
+man/man3/openpam_subst.3
 man/man3/openpam_ttyconv.3
 man/man3/pam.3
 man/man3/pam_acct_mgmt.3
@@ -31,18 +37,18 @@
 man/man3/pam_error.3
 man/man3/pam_get_authtok.3
 man/man3/pam_get_data.3
+man/man3/pam_getenv.3
+man/man3/pam_getenvlist.3
 man/man3/pam_get_item.3
 man/man3/pam_get_user.3
-man/man3/pam_getenv.3
-man/man3/pam_getenvlist.3
 man/man3/pam_info.3
 man/man3/pam_open_session.3
 man/man3/pam_prompt.3
 man/man3/pam_putenv.3
+man/man3/pam_setcred.3
 man/man3/pam_set_data.3
+man/man3/pam_setenv.3
 man/man3/pam_set_item.3
-man/man3/pam_setcred.3
-man/man3/pam_setenv.3
 man/man3/pam_sm_acct_mgmt.3
 man/man3/pam_sm_authenticate.3
 man/man3/pam_sm_chauthtok.3
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/distinfo
--- a/security/openpam/distinfo Tue Jun 10 12:34:09 2014 +0000
+++ b/security/openpam/distinfo Tue Jun 10 13:17:42 2014 +0000
@@ -1,14 +1,9 @@
-$NetBSD: distinfo,v 1.8 2011/12/13 15:57:08 spz Exp $
+$NetBSD: distinfo,v 1.9 2014/06/10 13:17:42 joerg Exp $
 
-SHA1 (openpam-20071221.tar.gz) = 43d41fa4a86199077c4fe193c52c59365f4c317e
-RMD160 (openpam-20071221.tar.gz) = cd8f7e94984693b0f892f226bfed6a3f9b24ec72
-Size (openpam-20071221.tar.gz) = 396932 bytes
-SHA1 (patch-ab) = 2405cccb175e58914e36a26ac8aa896a1334b145
-SHA1 (patch-ac) = 72fb5ffb67edf9892e6c2db5485fdf51ea4b50ce
-SHA1 (patch-ad) = 08b0dbd2d84c4239ea898f137d2f0ed7f7476d74
-SHA1 (patch-ae) = 4f31bdde2cca94377c4e3ac8e4d42512764b3fac
-SHA1 (patch-af) = 1879c2450cd72152573248b60bdad056ad13a5e2
-SHA1 (patch-ag) = c46e5e2ce53765c5f593735bb0daf9cdf03eab13
-SHA1 (patch-ah) = 5cef165a6986e0146f75cc4aa4fe5c0adc2d5042
-SHA1 (patch-ai) = ebd22192a6b34161feac281ade41340493142e2b
-SHA1 (patch-aj) = f106a68e24fabae7353ea4480c75ba84097ec606
+SHA1 (openpam-20130907.tar.gz) = c6d33913c2e90b463ef8ecc04358a14e6467c11f
+RMD160 (openpam-20130907.tar.gz) = 501c36f07b78bece4a96b21acadef659a68634f1
+Size (openpam-20130907.tar.gz) = 459949 bytes
+SHA1 (patch-bin_openpam__dump__policy_openpam__dump__policy.c) = 8485ecba73ec4f1fe3c5133d9f00cc74788534af
+SHA1 (patch-lib_libpam_openpam__configure.c) = 0d2d6b3bcb4ab86b253fbe13c751e8c5c8607ee0
+SHA1 (patch-lib_libpam_openpam__constants.c) = 7dd63e288408939a73057b3e4d90382983c1d559
+SHA1 (patch-lib_libpam_openpam__ctype.h) = 14866f4cfbdd5c6f67f97d4f3755a4e80782cce0
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/patches/patch-ab
--- a/security/openpam/patches/patch-ab Tue Jun 10 12:34:09 2014 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-$NetBSD: patch-ab,v 1.4 2011/12/13 15:57:08 spz Exp $
-
-- pkgsrcification
-- prevention of CVE-2011-4122 taken from NetBSD src
-
---- lib/openpam_configure.c.orig       2007-12-21 11:36:24.000000000 +0000
-+++ lib/openpam_configure.c
-@@ -70,7 +70,7 @@ static int
- match_word(const char *str, const char *word)
- {
- 
--      while (*str && tolower(*str) == tolower(*word))
-+      while (*str && tolower((unsigned char)*str) == tolower((unsigned char)*word))
-               ++str, ++word;
-       return (*str == ' ' && *word == '\0');
- }
-@@ -194,7 +194,7 @@ openpam_read_chain(pam_handle_t *pamh,
-               }
- 
-               /* allocate new entry */
--              if ((this = calloc(1, sizeof *this)) == NULL)
-+              if ((this = calloc((size_t)1, sizeof *this)) == NULL)
-                       goto syserr;
- 
-               /* control flag */
-@@ -230,7 +230,7 @@ openpam_read_chain(pam_handle_t *pamh,
-                       ++this->optc;
-                       q = next_word(q);
-               }
--              this->optv = calloc(this->optc + 1, sizeof(char *));
-+              this->optv = calloc((size_t)(this->optc + 1), sizeof(char *));
-               if (this->optv == NULL)
-                       goto syserr;
-               for (i = 0; i < this->optc; ++i) {
-@@ -263,11 +263,13 @@ openpam_read_chain(pam_handle_t *pamh,
-       return (-1);
- }
- 
-+#ifndef SYSCONFDIR
-+#define SYSCONFDIR    "/usr/local/etc"
-+#endif
-+
- static const char *openpam_policy_path[] = {
--      "/etc/pam.d/",
--      "/etc/pam.conf",
--      "/usr/local/etc/pam.d/",
--      "/usr/local/etc/pam.conf",
-+      SYSCONFDIR "/pam.d/",
-+      SYSCONFDIR "/pam.conf",
-       NULL
- };
- 
-@@ -285,6 +287,12 @@ openpam_load_chain(pam_handle_t *pamh,
-       size_t len;
-       int r;
- 
-+      /* Don't allow an escape from policy_path. */
-+      if (strchr(service, '/') != NULL) {
-+              openpam_log(PAM_LOG_ERROR, "illegal service \"%s\"", service);
-+              return (-PAM_SYSTEM_ERR);
-+      }
-+
-       for (path = openpam_policy_path; *path != NULL; ++path) {
-               len = strlen(*path);
-               if ((*path)[len - 1] == '/') {
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/patches/patch-ac
--- a/security/openpam/patches/patch-ac Tue Jun 10 12:34:09 2014 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-$NetBSD: patch-ac,v 1.3 2008/02/18 16:48:12 jlam Exp $
-
---- lib/Makefile.in.orig       2007-12-21 06:44:28.000000000 -0500
-+++ lib/Makefile.in
-@@ -116,7 +116,7 @@ CC = @CC@
- CCDEPMODE = @CCDEPMODE@
- CFLAGS = @CFLAGS@
- CPP = @CPP@
--CPPFLAGS = @CPPFLAGS@
-+CPPFLAGS = @CPPFLAGS@ -DSYSCONFDIR=\"$(sysconfdir)\"
- CRYPT_LIBS = @CRYPT_LIBS@
- CXX = @CXX@
- CXXCPP = @CXXCPP@
-@@ -267,7 +267,6 @@ libpam_la_SOURCES = \
-       pam_vprompt.c \
-       $(NULL)
- 
--libpam_la_CFLAGS = -DOPENPAM_MODULES_DIR='"@OPENPAM_MODULES_DIR@/"'
- libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@ @DL_LIBS@
- EXTRA_DIST = \
-       pam_authenticate_secondary.c \
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/patches/patch-ad
--- a/security/openpam/patches/patch-ad Tue Jun 10 12:34:09 2014 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ad,v 1.1 2008/02/18 18:22:18 jlam Exp $
-
---- lib/Makefile.am.orig       2007-06-03 16:26:18.000000000 -0400
-+++ lib/Makefile.am
-@@ -52,8 +52,6 @@ libpam_la_SOURCES = \
-       pam_vprompt.c \
-       $(NULL)
- 
--libpam_la_CFLAGS = -DOPENPAM_MODULES_DIR='"@OPENPAM_MODULES_DIR@/"'
--
- libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@ @DL_LIBS@
- 
- EXTRA_DIST = \
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/patches/patch-ae
--- a/security/openpam/patches/patch-ae Tue Jun 10 12:34:09 2014 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ae,v 1.1 2008/02/18 18:22:18 jlam Exp $
-
---- lib/openpam_borrow_cred.c.orig     2007-12-21 06:36:24.000000000 -0500
-+++ lib/openpam_borrow_cred.c
-@@ -73,7 +73,7 @@ openpam_borrow_cred(pam_handle_t *pamh,
-                   (int)geteuid());
-               RETURNC(PAM_PERM_DENIED);
-       }
--      scred = calloc(1, sizeof *scred);
-+      scred = calloc((size_t)1, sizeof *scred);
-       if (scred == NULL)
-               RETURNC(PAM_BUF_ERR);
-       scred->euid = geteuid();
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/patches/patch-af
--- a/security/openpam/patches/patch-af Tue Jun 10 12:34:09 2014 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-af,v 1.1 2008/02/18 18:22:18 jlam Exp $
-
---- lib/openpam_dynamic.c.orig 2007-12-21 06:36:24.000000000 -0500
-+++ lib/openpam_dynamic.c
-@@ -64,7 +64,7 @@ openpam_dynamic(const char *path)
-       int i;
- 
-       dlh = NULL;
--      if ((module = calloc(1, sizeof *module)) == NULL)
-+      if ((module = calloc((size_t)1, sizeof *module)) == NULL)
-               goto buf_err;
- 
-       /* Prepend the standard prefix if not an absolute pathname. */
-@@ -74,7 +74,7 @@ openpam_dynamic(const char *path)
-               prefix = "";
- 
-       /* try versioned module first, then unversioned module */
--      if (asprintf(&vpath, "%s%s.%d", prefix, path, LIB_MAJ) < 0)
-+      if (asprintf(&vpath, "%s/%s.%d", prefix, path, LIB_MAJ) < 0)
-               goto buf_err;
-       if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) {
-               openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror());
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/patches/patch-ag
--- a/security/openpam/patches/patch-ag Tue Jun 10 12:34:09 2014 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,31 +0,0 @@
-$NetBSD: patch-ag,v 1.1 2008/02/18 18:22:18 jlam Exp $
-
---- lib/openpam_readline.c.orig        2007-12-21 06:36:24.000000000 -0500
-+++ lib/openpam_readline.c
-@@ -57,7 +57,7 @@ openpam_readline(FILE *f, int *lineno, s
-       size_t len, size;
-       int ch;
- 
--      if ((line = malloc(MIN_LINE_LENGTH)) == NULL)
-+      if ((line = malloc((size_t)MIN_LINE_LENGTH)) == NULL)
-               return (NULL);
-       size = MIN_LINE_LENGTH;
-       len = 0;
-@@ -84,7 +84,7 @@ openpam_readline(FILE *f, int *lineno, s
-               /* eof */
-               if (ch == EOF) {
-                       /* remove trailing whitespace */
--                      while (len > 0 && isspace((int)line[len - 1]))
-+                      while (len > 0 && isspace((unsigned char)line[len - 1]))
-                               --len;
-                       line[len] = '\0';
-                       if (len == 0)
-@@ -97,7 +97,7 @@ openpam_readline(FILE *f, int *lineno, s
-                               ++*lineno;
- 
-                       /* remove trailing whitespace */
--                      while (len > 0 && isspace((int)line[len - 1]))
-+                      while (len > 0 && isspace((unsigned char)line[len - 1]))
-                               --len;
-                       line[len] = '\0';
-                       /* skip blank lines */
diff -r 83ffd6670982 -r 6b36377d1511 security/openpam/patches/patch-ah
--- a/security/openpam/patches/patch-ah Tue Jun 10 12:34:09 2014 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ah,v 1.1 2008/02/18 18:22:18 jlam Exp $
-
---- lib/pam_putenv.c.orig      2007-12-21 06:36:24.000000000 -0500
-+++ lib/pam_putenv.c
-@@ -65,7 +65,7 @@ pam_putenv(pam_handle_t *pamh,



Home | Main Index | Thread Index | Old Index