Update OpenPAM to Ourouparia including Errata fix.

6 files changed, 70 insertions, 160 deletions

diff --git a/security/openpam/Makefile b/security/openpam/Makefile
index 45b6810f66d..e2cef27d2e4 100644
--- a/security/openpam/Makefile
+++ b/security/openpam/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.21 2014/06/10 13:17:42 joerg Exp $
+# $NetBSD: Makefile,v 1.22 2015/06/07 22:46:08 joerg Exp $
 
-DISTNAME=	openpam-20130907
+DISTNAME=	openpam-20140912
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=openpam/}
 
diff --git a/security/openpam/distinfo b/security/openpam/distinfo
index d962ee0e629..8877bfc1c1b 100644
--- a/security/openpam/distinfo
+++ b/security/openpam/distinfo
@@ -1,9 +1,7 @@
-$NetBSD: distinfo,v 1.9 2014/06/10 13:17:42 joerg Exp $
+$NetBSD: distinfo,v 1.10 2015/06/07 22:46:08 joerg Exp $
 
-SHA1 (openpam-20130907.tar.gz) = c6d33913c2e90b463ef8ecc04358a14e6467c11f
-RMD160 (openpam-20130907.tar.gz) = 501c36f07b78bece4a96b21acadef659a68634f1
-Size (openpam-20130907.tar.gz) = 459949 bytes
-SHA1 (patch-bin_openpam__dump__policy_openpam__dump__policy.c) = 8485ecba73ec4f1fe3c5133d9f00cc74788534af
-SHA1 (patch-lib_libpam_openpam__configure.c) = 0d2d6b3bcb4ab86b253fbe13c751e8c5c8607ee0
+SHA1 (openpam-20140912.tar.gz) = 45b335d2cb3a4edcc66046ae56d689113e59a67a
+RMD160 (openpam-20140912.tar.gz) = 547cb3cf81d5b4526ddf2a702b83d5303430f764
+Size (openpam-20140912.tar.gz) = 457600 bytes
 SHA1 (patch-lib_libpam_openpam__constants.c) = 7dd63e288408939a73057b3e4d90382983c1d559
-SHA1 (patch-lib_libpam_openpam__ctype.h) = 14866f4cfbdd5c6f67f97d4f3755a4e80782cce0
+SHA1 (patch-lib_libpam_openpam__readword.c) = 75875dc75f76c6caa267ce7c6c905e0ac2790ad1
diff --git a/security/openpam/patches/patch-bin_openpam__dump__policy_openpam__dump__policy.c b/security/openpam/patches/patch-bin_openpam__dump__policy_openpam__dump__policy.c
deleted file mode 100644
index 766b8050027..00000000000
--- a/security/openpam/patches/patch-bin_openpam__dump__policy_openpam__dump__policy.c
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-bin_openpam__dump__policy_openpam__dump__policy.c,v 1.1 2014/06/10 13:17:42 joerg Exp $
-
---- bin/openpam_dump_policy/openpam_dump_policy.c.orig	2013-09-07 13:28:00.000000000 +0000
-+++ bin/openpam_dump_policy/openpam_dump_policy.c
-@@ -64,7 +64,7 @@ openpam_facility_index_name(pam_facility
- 	if (asprintf(&name, "PAM_%s", facility) == -1)
- 		return (NULL);
- 	for (p = name + 4; *p; ++p)
--		*p = toupper(*p);
-+		*p = toupper((unsigned char)*p);
- 	return (name);
- }
- 
diff --git a/security/openpam/patches/patch-lib_libpam_openpam__configure.c b/security/openpam/patches/patch-lib_libpam_openpam__configure.c
deleted file mode 100644
index ee810f4429d..00000000000
--- a/security/openpam/patches/patch-lib_libpam_openpam__configure.c
+++ /dev/null
@@ -1,125 +0,0 @@
-$NetBSD: patch-lib_libpam_openpam__configure.c,v 1.1 2014/06/10 13:17:42 joerg Exp $
-
---- lib/libpam/openpam_configure.c.orig	2013-09-07 13:28:00.000000000 +0000
-+++ lib/libpam/openpam_configure.c
-@@ -1,6 +1,6 @@
- /*-
-  * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
-- * Copyright (c) 2004-2012 Dag-Erling Smørgrav
-+ * Copyright (c) 2004-2014 Dag-Erling Smørgrav
-  * All rights reserved.
-  *
-  * This software was developed for the FreeBSD Project by ThinkSec AS and
-@@ -193,6 +193,7 @@ openpam_parse_chain(pam_handle_t *pamh,
- 			openpam_log(PAM_LOG_ERROR,
- 			    "%s(%d): missing or invalid facility",
- 			    filename, lineno);
-+			errno = EINVAL;
- 			goto fail;
- 		}
- 		if (facility != fclt && facility != PAM_FACILITY_ANY) {
-@@ -208,18 +209,28 @@ openpam_parse_chain(pam_handle_t *pamh,
- 				openpam_log(PAM_LOG_ERROR,
- 				    "%s(%d): missing or invalid service name",
- 				    filename, lineno);
-+				errno = EINVAL;
- 				goto fail;
- 			}
- 			if (wordv[i] != NULL) {
- 				openpam_log(PAM_LOG_ERROR,
- 				    "%s(%d): garbage at end of line",
- 				    filename, lineno);
-+				errno = EINVAL;
- 				goto fail;
- 			}
- 			ret = openpam_load_chain(pamh, servicename, fclt);
- 			FREEV(wordc, wordv);
--			if (ret < 0)
-+			if (ret < 0) {
-+				/*
-+				 * Bogus errno, but this ensures that the
-+				 * outer loop does not just ignore the
-+				 * error and keep searching.
-+				 */
-+				if (errno == ENOENT)
-+					errno = EINVAL;
- 				goto fail;
-+			}
- 			continue;
- 		}
- 
-@@ -229,6 +240,7 @@ openpam_parse_chain(pam_handle_t *pamh,
- 			openpam_log(PAM_LOG_ERROR,
- 			    "%s(%d): missing or invalid control flag",
- 			    filename, lineno);
-+			errno = EINVAL;
- 			goto fail;
- 		}
- 
-@@ -238,6 +250,7 @@ openpam_parse_chain(pam_handle_t *pamh,
- 			openpam_log(PAM_LOG_ERROR,
- 			    "%s(%d): missing or invalid module name",
- 			    filename, lineno);
-+			errno = EINVAL;
- 			goto fail;
- 		}
- 
-@@ -247,8 +260,11 @@ openpam_parse_chain(pam_handle_t *pamh,
- 		this->flag = ctlf;
- 
- 		/* load module */
--		if ((this->module = openpam_load_module(modulename)) == NULL)
-+		if ((this->module = openpam_load_module(modulename)) == NULL) {
-+			if (errno == ENOENT)
-+				errno = ENOEXEC;
- 			goto fail;
-+		}
- 
- 		/*
- 		 * The remaining items in wordv are the module's
-@@ -281,7 +297,11 @@ openpam_parse_chain(pam_handle_t *pamh,
- 	 * The loop ended because openpam_readword() returned NULL, which
- 	 * can happen for four different reasons: an I/O error (ferror(f)
- 	 * is true), a memory allocation failure (ferror(f) is false,
--	 * errno is non-zero)
-+	 * feof(f) is false, errno is non-zero), the file ended with an
-+	 * unterminated quote or backslash escape (ferror(f) is false,
-+	 * feof(f) is true, errno is non-zero), or the end of the file was
-+	 * reached without error (ferror(f) is false, feof(f) is true,
-+	 * errno is zero).
- 	 */
- 	if (ferror(f) || errno != 0)
- 		goto syserr;
-@@ -402,6 +422,9 @@ openpam_load_chain(pam_handle_t *pamh,
- 		}
- 		ret = openpam_load_file(pamh, service, facility,
- 		    filename, style);
-+		/* success */
-+		if (ret > 0)
-+			RETURNN(ret);
- 		/* the file exists, but an error occurred */
- 		if (ret == -1 && errno != ENOENT)
- 			RETURNN(ret);
-@@ -411,7 +434,8 @@ openpam_load_chain(pam_handle_t *pamh,
- 	}
- 
- 	/* no hit */
--	RETURNN(0);
-+	errno = ENOENT;
-+	RETURNN(-1);
- }
- 
- /*
-@@ -432,8 +456,10 @@ openpam_configure(pam_handle_t *pamh,
- 		openpam_log(PAM_LOG_ERROR, "invalid service name");
- 		RETURNC(PAM_SYSTEM_ERR);
- 	}
--	if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0)
--		goto load_err;
-+	if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) {
-+		if (errno != ENOENT)
-+			goto load_err;
-+	}
- 	for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
- 		if (pamh->chains[fclt] != NULL)
- 			continue;
diff --git a/security/openpam/patches/patch-lib_libpam_openpam__ctype.h b/security/openpam/patches/patch-lib_libpam_openpam__ctype.h
deleted file mode 100644
index 868788a0fc7..00000000000
--- a/security/openpam/patches/patch-lib_libpam_openpam__ctype.h
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-lib_libpam_openpam__ctype.h,v 1.1 2014/06/10 13:17:42 joerg Exp $
-
---- lib/libpam/openpam_ctype.h.orig	2013-09-07 13:28:00.000000000 +0000
-+++ lib/libpam/openpam_ctype.h
-@@ -42,7 +42,7 @@
-  * Evaluates to non-zero if the argument is an uppercase letter.
-  */
- #define is_upper(ch)				\
--	(ch >= 'A' && ch <= 'A')
-+	(ch >= 'A' && ch <= 'Z')
- 
- /*
-  * Evaluates to non-zero if the argument is a lowercase letter.
diff --git a/security/openpam/patches/patch-lib_libpam_openpam__readword.c b/security/openpam/patches/patch-lib_libpam_openpam__readword.c
new file mode 100644
index 00000000000..3a62363981a
--- /dev/null
+++ b/security/openpam/patches/patch-lib_libpam_openpam__readword.c
@@ -0,0 +1,63 @@
+$NetBSD: patch-lib_libpam_openpam__readword.c,v 1.1 2015/06/07 22:46:08 joerg Exp $
+
+--- lib/libpam/openpam_readword.c.orig	2015-06-05 20:50:30.000000000 +0000
++++ lib/libpam/openpam_readword.c
+@@ -55,18 +55,35 @@ openpam_readword(FILE *f, int *lineno, s
+ {
+ 	char *word;
+ 	size_t size, len;
+-	int ch, comment, escape, quote;
++	int ch, escape, quote;
+ 	int serrno;
+ 
+ 	errno = 0;
+ 
+ 	/* skip initial whitespace */
+-	comment = 0;
+-	while ((ch = getc(f)) != EOF && ch != '\n') {
+-		if (ch == '#')
+-			comment = 1;
+-		if (!is_lws(ch) && !comment)
++	escape = quote = 0;
++	while ((ch = getc(f)) != EOF) {
++		if (ch == '\n') {
++			/* either EOL or line continuation */
++			if (!escape)
++				break;
++			if (lineno != NULL)
++				++*lineno;
++			escape = 0;
++		} else if (escape) {
++			/* escaped something else */
++			break;
++		} else if (ch == '#') {
++			/* comment: until EOL, no continuation */
++			while ((ch = getc(f)) != EOF)
++				if (ch == '\n')
++					break;
+ 			break;
++		} else if (ch == '\\') {
++			escape = 1;
++		} else if (!is_ws(ch)) {
++			break;
++		}
+ 	}
+ 	if (ch == EOF)
+ 		return (NULL);
+@@ -76,7 +93,6 @@ openpam_readword(FILE *f, int *lineno, s
+ 
+ 	word = NULL;
+ 	size = len = 0;
+-	escape = quote = 0;
+ 	while ((ch = fgetc(f)) != EOF && (!is_ws(ch) || quote || escape)) {
+ 		if (ch == '\\' && !escape && quote != '\'') {
+ 			/* escape next character */
+@@ -90,7 +106,7 @@ openpam_readword(FILE *f, int *lineno, s
+ 		} else if (ch == quote && !escape) {
+ 			/* end quote */
+ 			quote = 0;
+-		} else if (ch == '\n' && escape && quote != '\'') {
++		} else if (ch == '\n' && escape) {
+ 			/* line continuation */
+ 			escape = 0;
+ 		} else {