diff options
| author | triaxx <triaxx@pkgsrc.org> | 2018-05-15 07:57:32 +0000 |
|---|---|---|
| committer | triaxx <triaxx@pkgsrc.org> | 2018-05-15 07:57:32 +0000 |
| commit | 5f6d2aca6e7f45b8121d5ae67c763a0fcb18298d (patch) | |
| tree | a703b6340b5c476bb6aba64e2fa6cdd1bde6c7aa /security | |
| parent | c4be952be334527eb085b97a7b0f4e6e82a300ab (diff) | |
| download | pkgsrc-5f6d2aca6e7f45b8121d5ae67c763a0fcb18298d.tar.gz | |
openpam: update to 20170430
* patch-lib_libpam_openpam__constants.c:
* comment it (make pkglint happy)
* fix OPENPAM_MODULES_DIR (avoid openpam loading basesystem modules)
* remove "CONFIGURE_ARGS+= --without-pam-su" (option not recognized by configure)
* change '_dep_' to 'dep' in builtin.mk (make pkglint happy)
* fix paths in manpages
Changes from upstream:
============================================================================
OpenPAM Resedacea 2017-04-30
- BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
OpenPAM Radula, as it breaks common error-handling constructs.
- BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
dispatcher when the required service function could not be found.
- ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
NULL in API functions that have a NULL check.
- ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
PAM_BAD_CONSTANT error codes for situations where we previously
incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
had been passed to an API function.
- ENHANCE: Improve the RETURN VALUES section in API man pages,
especially for functions that cannot fail, which were incorrectly
documented as returning -1 on failure.
============================================================================
OpenPAM Radula 2017-02-19
- BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
pam_get_user(3) from using application-provided custom prompts.
- BUGFIX: Plug a memory leak in pam_set_item(3).
- BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
- BUGFIX: In openpam_readword(3), support line continuations within
whitespace.
- ENHANCE: Add a feature flag to control fallback to "other" policy.
- ENHANCE: Add a pam_return(8) module which returns an arbitrary
code specified in the module options.
- ENHANCE: More and better unit tests.
Diffstat (limited to 'security')
| -rw-r--r-- | security/openpam/Makefile | 12 | ||||
| -rw-r--r-- | security/openpam/PLIST | 3 | ||||
| -rw-r--r-- | security/openpam/builtin.mk | 6 | ||||
| -rw-r--r-- | security/openpam/distinfo | 14 | ||||
| -rw-r--r-- | security/openpam/patches/patch-doc_man_pam.conf.5 | 40 | ||||
| -rw-r--r-- | security/openpam/patches/patch-lib_libpam_openpam__constants.c | 17 |
6 files changed, 74 insertions, 18 deletions
diff --git a/security/openpam/Makefile b/security/openpam/Makefile index 5864da37b2d..20e045396d2 100644 --- a/security/openpam/Makefile +++ b/security/openpam/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.26 2018/01/01 18:16:39 rillig Exp $ +# $NetBSD: Makefile,v 1.27 2018/05/15 07:57:32 triaxx Exp $ -DISTNAME= openpam-20140912 -PKGREVISION= 2 +DISTNAME= openpam-20170430 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=openpam/} @@ -15,7 +14,6 @@ CONFLICTS+= PAM-[0-9]* USE_LIBTOOL= yes GNU_CONFIGURE= yes CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q} -CONFIGURE_ARGS+= --without-pam-su CONFIGURE_ARGS+= --with-pam-unix CONFIGURE_ARGS+= --with-modules-dir=${PREFIX}/lib/security @@ -23,6 +21,12 @@ CPPFLAGS+= -DSYSCONFDIR=\"${PKG_SYSCONFDIR}\" OWN_DIRS= ${PKG_SYSCONFDIR}/pam.d +SUBST_CLASSES+= man +SUBST_MESSAGE.man= Fixing hardcoded paths in manpages. +SUBST_STAGE.man= post-build +SUBST_FILES.man= doc/man/pam.conf.5 +SUBST_VARS.man= PKG_SYSCONFDIR PREFIX + .include "../../mk/dlopen.buildlink3.mk" # Create a fake perl binary to avoid recreating the man pages. diff --git a/security/openpam/PLIST b/security/openpam/PLIST index 2989f4f462a..4e5a7592acd 100644 --- a/security/openpam/PLIST +++ b/security/openpam/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.8 2018/01/01 22:29:54 rillig Exp $ +@comment $NetBSD: PLIST,v 1.9 2018/05/15 07:57:32 triaxx Exp $ include/security/openpam.h include/security/openpam_attr.h include/security/openpam_version.h @@ -9,6 +9,7 @@ include/security/pam_types.h lib/libpam.la lib/security/pam_deny.la lib/security/pam_permit.la +lib/security/pam_return.la lib/security/pam_unix.la man/man3/openpam.3 man/man3/openpam_borrow_cred.3 diff --git a/security/openpam/builtin.mk b/security/openpam/builtin.mk index 197a0c1f7c7..ef8e57db799 100644 --- a/security/openpam/builtin.mk +++ b/security/openpam/builtin.mk @@ -1,4 +1,4 @@ -# $NetBSD: builtin.mk,v 1.9 2013/11/23 12:10:13 obache Exp $ +# $NetBSD: builtin.mk,v 1.10 2018/05/15 07:57:32 triaxx Exp $ BUILTIN_PKG:= openpam @@ -45,10 +45,10 @@ USE_BUILTIN.openpam= ${IS_BUILTIN.openpam} . if defined(BUILTIN_PKG.openpam) && \ !empty(IS_BUILTIN.openpam:M[yY][eE][sS]) USE_BUILTIN.openpam= yes -. for _dep_ in ${BUILDLINK_API_DEPENDS.openpam} +. for dep in ${BUILDLINK_API_DEPENDS.openpam} . if !empty(USE_BUILTIN.openpam:M[yY][eE][sS]) USE_BUILTIN.openpam!= \ - if ${PKG_ADMIN} pmatch ${_dep_:Q} ${BUILTIN_PKG.openpam:Q}; then \ + if ${PKG_ADMIN} pmatch ${dep:Q} ${BUILTIN_PKG.openpam:Q}; then \ ${ECHO} yes; \ else \ ${ECHO} no; \ diff --git a/security/openpam/distinfo b/security/openpam/distinfo index 116309903e3..9b44977eac3 100644 --- a/security/openpam/distinfo +++ b/security/openpam/distinfo @@ -1,10 +1,10 @@ -$NetBSD: distinfo,v 1.12 2016/03/10 12:57:09 tnn Exp $ +$NetBSD: distinfo,v 1.13 2018/05/15 07:57:32 triaxx Exp $ -SHA1 (openpam-20140912.tar.gz) = 45b335d2cb3a4edcc66046ae56d689113e59a67a -RMD160 (openpam-20140912.tar.gz) = 547cb3cf81d5b4526ddf2a702b83d5303430f764 -SHA512 (openpam-20140912.tar.gz) = c6cfbd669fe1b67af43a33c33bf2587e1512c27f1b96b9b38df37b81ecc4999d85e04b361b19a7265dbf271ebd3de3bd55342ee4fdbee9c68836b69714706423 -Size (openpam-20140912.tar.gz) = 457600 bytes +SHA1 (openpam-20170430.tar.gz) = 758bd47cddcc1e444dd865a8724a943931762e43 +RMD160 (openpam-20170430.tar.gz) = 20553bf5f46c7b77bfacae424d561d9b047affae +SHA512 (openpam-20170430.tar.gz) = 04b320bf0e581f4ff75f12fd43cb07df9a417a3e08371f3a71ad9f94caec9ff9742b49391bfb4ae81a7237817ed4eccdc1485a105b35f9d970fb92e4341b9510 +Size (openpam-20170430.tar.gz) = 494372 bytes +SHA1 (patch-doc_man_pam.conf.5) = 0c9ad45f67333ecbcd5085a536a25b5ed2b01b93 SHA1 (patch-lib_libpam_openpam__configure.c) = 5f4271121d03eb6b9ea7e3e1b85f9b27c9f4eaae -SHA1 (patch-lib_libpam_openpam__constants.c) = 7dd63e288408939a73057b3e4d90382983c1d559 +SHA1 (patch-lib_libpam_openpam__constants.c) = 14b11cda3dbbfafd5a45865a868295e801bd1733 SHA1 (patch-lib_libpam_openpam__dynamic.c) = 0bed21f16b74dbdb312ce4f09c17055a0891bdd5 -SHA1 (patch-lib_libpam_openpam__readword.c) = 75875dc75f76c6caa267ce7c6c905e0ac2790ad1 diff --git a/security/openpam/patches/patch-doc_man_pam.conf.5 b/security/openpam/patches/patch-doc_man_pam.conf.5 new file mode 100644 index 00000000000..af0e8d436b4 --- /dev/null +++ b/security/openpam/patches/patch-doc_man_pam.conf.5 @@ -0,0 +1,40 @@ +$NetBSD: patch-doc_man_pam.conf.5,v 1.1 2018/05/15 07:57:32 triaxx Exp $ + +Fix hardcoded paths. + +--- doc/man/pam.conf.5.orig 2017-04-30 21:36:51.000000000 +0000 ++++ doc/man/pam.conf.5 +@@ -39,13 +39,9 @@ The PAM library searches for policies in + decreasing order of preference: + .Bl -enum + .It +-.Pa /etc/pam.d/ Ns Ar service-name ++.Pa @PKG_SYSCONFDIR@/pam.d/ Ns Ar service-name + .It +-.Pa /etc/pam.conf +-.It +-.Pa /usr/local/etc/pam.d/ Ns Ar service-name +-.It +-.Pa /usr/local/etc/pam.conf ++.Pa @PKG_SYSCONFDIR@/pam.conf + .El + .Pp + If none of these locations contains a policy for the given service, +@@ -144,13 +140,10 @@ The + .Ar module-path + field specifies the name or full path of the module to call. + If only the name is specified, the PAM library will search for it in +-the following locations: +-.Bl -enum +-.It +-.Pa /usr/lib +-.It +-.Pa /usr/local/lib +-.El ++the following location: ++.Bd -unfilled -offset indent ++.Ar @PREFIX@/lib/security ++.Ed + .Pp + The remaining fields, if any, are passed unmodified to the module if + and when it is invoked. diff --git a/security/openpam/patches/patch-lib_libpam_openpam__constants.c b/security/openpam/patches/patch-lib_libpam_openpam__constants.c index 5868ca3fcad..5fb03008665 100644 --- a/security/openpam/patches/patch-lib_libpam_openpam__constants.c +++ b/security/openpam/patches/patch-lib_libpam_openpam__constants.c @@ -1,8 +1,11 @@ -$NetBSD: patch-lib_libpam_openpam__constants.c,v 1.1 2014/06/10 13:17:42 joerg Exp $ +$NetBSD: patch-lib_libpam_openpam__constants.c,v 1.2 2018/05/15 07:57:32 triaxx Exp $ ---- lib/libpam/openpam_constants.c.orig 2014-06-10 13:01:39.996428375 +0000 +Change hardcoded configuration paths to ones depending on compiler variables. +Fix OPENPAM_MODULES_DIR to avoid openpam loading basesystem modules. + +--- lib/libpam/openpam_constants.c.orig 2017-04-30 21:34:49.000000000 +0000 +++ lib/libpam/openpam_constants.c -@@ -127,10 +127,8 @@ const char *pam_sm_func_name[PAM_NUM_PRI +@@ -167,16 +167,14 @@ const char *pam_sm_func_name[PAM_NUM_PRI }; const char *openpam_policy_path[] = { @@ -15,3 +18,11 @@ $NetBSD: patch-lib_libpam_openpam__constants.c,v 1.1 2014/06/10 13:17:42 joerg E NULL }; + const char *openpam_module_path[] = { +-#ifdef OPENPAM_MODULES_DIRECTORY +- OPENPAM_MODULES_DIRECTORY, ++#ifdef OPENPAM_MODULES_DIR ++ OPENPAM_MODULES_DIR, + #else + "/usr/lib", + "/usr/local/lib", |