Pullup ticket #3630 - requested by spz

security/openpam security patch

Revisions pulled up:
- security/openpam/Makefile                                     1.16
- security/openpam/distinfo                                     1.8
- security/openpam/patches/patch-ab                             1.4

---
   Module Name:	pkgsrc
   Committed By:	spz
   Date:		Tue Dec 13 15:57:08 UTC 2011

   Modified Files:
   	pkgsrc/security/openpam: Makefile distinfo
   	pkgsrc/security/openpam/patches: patch-ab

   Log Message:
   added prevention of CVE-2011-4122 taken from NetBSD src

3 files changed, 23 insertions, 5 deletions

diff --git a/security/openpam/Makefile b/security/openpam/Makefile
index a365713f7a3..75d94390863 100644
--- a/security/openpam/Makefile
+++ b/security/openpam/Makefile
@@ -1,12 +1,14 @@
-# $NetBSD: Makefile,v 1.15 2008/02/18 16:48:12 jlam Exp $
+# $NetBSD: Makefile,v 1.15.34.1 2011/12/14 02:42:40 sbd Exp $
 
 DISTNAME=	openpam-20071221
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=openpam/}
+PKGREVISION=	1
 
 MAINTAINER=	joerg@NetBSD.org
 HOMEPAGE=	http://www.openpam.org/
 COMMENT=	Open-source PAM library
+LICENSE=	modified-bsd
 
 PKG_DESTDIR_SUPPORT=	user-destdir
 
diff --git a/security/openpam/distinfo b/security/openpam/distinfo
index 8c3475797ca..baa9c75c684 100644
--- a/security/openpam/distinfo
+++ b/security/openpam/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.7 2008/02/18 18:22:18 jlam Exp $
+$NetBSD: distinfo,v 1.7.34.1 2011/12/14 02:42:40 sbd Exp $
 
 SHA1 (openpam-20071221.tar.gz) = 43d41fa4a86199077c4fe193c52c59365f4c317e
 RMD160 (openpam-20071221.tar.gz) = cd8f7e94984693b0f892f226bfed6a3f9b24ec72
 Size (openpam-20071221.tar.gz) = 396932 bytes
-SHA1 (patch-ab) = 8ade188799693e6d7c28f27faf060c645c5d97c5
+SHA1 (patch-ab) = 2405cccb175e58914e36a26ac8aa896a1334b145
 SHA1 (patch-ac) = 72fb5ffb67edf9892e6c2db5485fdf51ea4b50ce
 SHA1 (patch-ad) = 08b0dbd2d84c4239ea898f137d2f0ed7f7476d74
 SHA1 (patch-ae) = 4f31bdde2cca94377c4e3ac8e4d42512764b3fac
diff --git a/security/openpam/patches/patch-ab b/security/openpam/patches/patch-ab
index 08b053bf302..06510c8f4df 100644
--- a/security/openpam/patches/patch-ab
+++ b/security/openpam/patches/patch-ab
@@ -1,6 +1,9 @@
-$NetBSD: patch-ab,v 1.3 2008/02/18 18:22:18 jlam Exp $
+$NetBSD: patch-ab,v 1.3.34.1 2011/12/14 02:42:40 sbd Exp $
 
---- lib/openpam_configure.c.orig	2007-12-21 06:36:24.000000000 -0500
+- pkgsrcification
+- prevention of CVE-2011-4122 taken from NetBSD src
+
+--- lib/openpam_configure.c.orig	2007-12-21 11:36:24.000000000 +0000
 +++ lib/openpam_configure.c
 @@ -70,7 +70,7 @@ static int
  match_word(const char *str, const char *word)
@@ -47,3 +50,16 @@ $NetBSD: patch-ab,v 1.3 2008/02/18 18:22:18 jlam Exp $
  	NULL
  };
  
+@@ -285,6 +287,12 @@ openpam_load_chain(pam_handle_t *pamh,
+ 	size_t len;
+ 	int r;
+ 
++	/* Don't allow an escape from policy_path. */
++	if (strchr(service, '/') != NULL) {
++		openpam_log(PAM_LOG_ERROR, "illegal service \"%s\"", service);
++		return (-PAM_SYSTEM_ERR);
++	}
++
+ 	for (path = openpam_policy_path; *path != NULL; ++path) {
+ 		len = strlen(*path);
+ 		if ((*path)[len - 1] == '/') {