NetBSD Problem Report #47168
From root@bofh.its.iastate.edu Wed Nov 7 19:24:50 2012
Return-Path: <root@bofh.its.iastate.edu>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id 50FDA63E51F
for <gnats-bugs@gnats.NetBSD.org>; Wed, 7 Nov 2012 19:24:50 +0000 (UTC)
Message-Id: <20121107182243.000861CA67D@bofh.its.iastate.edu>
Date: Wed, 7 Nov 2012 12:22:42 -0600 (CST)
From: jdwhite@iastate.edu
Reply-To: jdwhite@iastate.edu
To: gnats-bugs@gnats.NetBSD.org
Subject: pkgsrc update for security/pam_ssh_agent_auth
X-Send-Pr-Version: 3.95
>Number: 47168
>Category: pkg
>Synopsis: security/pam does not build and/or run under NetBSD 5.x/6.x, i386/amd64
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: agc
>State: closed
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Wed Nov 07 19:25:00 +0000 2012
>Closed-Date: Sat Dec 31 06:17:55 +0000 2022
>Last-Modified: Sat Dec 31 06:17:55 +0000 2022
>Originator: Jason White
>Release: NetBSD 6.0
>Organization:
>Environment:
System: NetBSD bofh.its.iastate.edu 6.0 NetBSD 6.0 (GENERIC) i386
Architecture: i386
Machine: i386
>Description:
This package fails to build and/or function under NetBSD 5.x and 6.x,
i386 and amd64.
1) When invoking this module, the following appears in /var/log/authlog:
in openpam_dispatch(): pam_ssh_agent_auth.so: no pam_sm_authenticate()
2) Because the ordering of arguments to strnvis() changed in NetBSD 6.0,
this module will build but segfault when invoked. Same issue as PR/44977.
>How-To-Repeat:
Build it. Add it to a pam stack (say, su) and try to su.
With NetBSD <6.0 you get condition #1 above.
With NetBSD >=6.0 you get both conditions above.
>Fix:
1) To fix the "no pam_sm_authenticate()" message, the module must be built
with the compiler flag -DNO_STATIC_MODULES. [patch below]
2) To fix the issue with strnvis, check to see if we're compiling on
NetBSD 6.0 or later and tweak the order of the arguments to strnvis()
accordingly. [patch below]
The following patch fixes these issues and also updates the
module version from 0.9.2 to 0.9.3. I attempted to make 0.9.4 (latest)
work under NetBSD, but kept getting bogus messages about not
being able to find the module though ktrace showed otherwise.
0.9.4 does not offer any significant features or functionality
over 0.9.3, but was trying to be current.
Patch also fixes some compiler warnings in openbsd-compat library.
Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/pam_ssh_agent_auth/Makefile,v
retrieving revision 1.4
diff -u -r1.4 Makefile
--- Makefile 23 Oct 2012 18:16:49 -0000 1.4
+++ Makefile 7 Nov 2012 17:15:36 -0000
@@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.4 2012/10/23 18:16:49 asau Exp $
-DISTNAME= pam_ssh_agent_auth-0.9.2
+DISTNAME= pam_ssh_agent_auth-0.9.3
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=pamsshagentauth/}
EXTRACT_SUFX= .tar.bz2
@@ -13,4 +13,6 @@
GNU_CONFIGURE= yes
USE_TOOLS+= pod2man
+CFLAGS.NetBSD+= -DNO_STATIC_MODULES
+
.include "../../mk/bsd.pkg.mk"
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/security/pam_ssh_agent_auth/distinfo,v
retrieving revision 1.2
diff -u -r1.2 distinfo
--- distinfo 15 Jan 2010 22:23:48 -0000 1.2
+++ distinfo 7 Nov 2012 17:15:36 -0000
@@ -1,8 +1,10 @@
$NetBSD: distinfo,v 1.2 2010/01/15 22:23:48 agc Exp $
-SHA1 (pam_ssh_agent_auth-0.9.2.tar.bz2) = 0f3d9455a8f983907cfad293105cfb16c4a08a0a
-RMD160 (pam_ssh_agent_auth-0.9.2.tar.bz2) = 2ef2a4dbb1f3115751f596629c0518e65500cdf4
-Size (pam_ssh_agent_auth-0.9.2.tar.bz2) = 237156 bytes
+SHA1 (pam_ssh_agent_auth-0.9.3.tar.bz2) = 5761a2d5e3ea29e0b415424338d27deaabdd75f4
+RMD160 (pam_ssh_agent_auth-0.9.3.tar.bz2) = cd4846adf8f131991b18c8af48b750440bd636c6
+Size (pam_ssh_agent_auth-0.9.3.tar.bz2) = 239596 bytes
SHA1 (patch-aa) = a32866ae59734b94c55a3531094bbd6b6d9cdbfc
SHA1 (patch-ab) = 9ef4711ea6a65a627e581d8905a3a9f8ef0cf202
SHA1 (patch-ac) = ade7a45c5e42307ee0e9ffbdbd708a6fef64ada0
+SHA1 (patch-ad) = a29719b21e80115e9b1c54b0c3f965f934effba6
+SHA1 (patch-ae) = 3a09dbeed4dd0991127e1e1c7b3b142ac3a2e44b
Index: patches/patch-ad
===================================================================
RCS file: patches/patch-ad
diff -N patches/patch-ad
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-ad 7 Nov 2012 17:15:36 -0000
@@ -0,0 +1,15 @@
+--- log.c 2012-11-07 10:03:34.000000000 -0600
++++ log.c 2012-11-07 10:03:44.000000000 -0600
+@@ -361,7 +361,11 @@
+ vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args);
+ }
+
+- strnvis(fmtbuf, msgbuf, sizeof(fmtbuf),
++#if (defined(__NetBSD_Version__) && __NetBSD_Version__ >= 600000000)
++ strnvis(fmtbuf, sizeof(fmtbuf), msgbuf,
++#else
++ strnvis(fmtbuf, msgbuf, sizeof(fmtbuf),
++#endif
+ log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS);
+
+ if(level == SYSLOG_LEVEL_FATAL) {
Index: patches/patch-ae
===================================================================
RCS file: patches/patch-ae
diff -N patches/patch-ae
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-ae 7 Nov 2012 17:15:36 -0000
@@ -0,0 +1,17 @@
+--- openbsd-compat/readpassphrase.c 2012-11-07 10:09:52.000000000 -0600
++++ openbsd-compat/readpassphrase.c 2012-11-07 10:18:38.000000000 -0600
+@@ -124,11 +124,11 @@
+ if (p < end) {
+ if ((flags & RPP_SEVENBIT))
+ ch &= 0x7f;
+- if (isalpha(ch)) {
++ if (isalpha((int)ch)) {
+ if ((flags & RPP_FORCELOWER))
+- ch = tolower(ch);
++ ch = tolower((int)ch);
+ if ((flags & RPP_FORCEUPPER))
+- ch = toupper(ch);
++ ch = toupper((int)ch);
+ }
+ *p++ = ch;
+ }
>Release-Note:
>Audit-Trail:
From: Alistair Crooks <agc@pkgsrc.org>
To: gnats-bugs@NetBSD.org
Cc: pkg-manager@NetBSD.org, gnats-admin@NetBSD.org, pkgsrc-bugs@NetBSD.org
Subject: Re: pkg/47168: pkgsrc update for security/pam_ssh_agent_auth
Date: Wed, 7 Nov 2012 22:52:17 +0100
Thanks for the PR!
On Wed, Nov 07, 2012 at 07:25:00PM +0000, jdwhite@iastate.edu wrote:
> +--- openbsd-compat/readpassphrase.c 2012-11-07 10:09:52.000000000 -0600
> ++++ openbsd-compat/readpassphrase.c 2012-11-07 10:18:38.000000000 -0600
> +@@ -124,11 +124,11 @@
> + if (p < end) {
> + if ((flags & RPP_SEVENBIT))
> + ch &= 0x7f;
> +- if (isalpha(ch)) {
> ++ if (isalpha((int)ch)) {
> + if ((flags & RPP_FORCELOWER))
> +- ch = tolower(ch);
> ++ ch = tolower((int)ch);
> + if ((flags & RPP_FORCEUPPER))
> +- ch = toupper(ch);
> ++ ch = toupper((int)ch);
> + }
> + *p++ = ch;
> + }
Slight area of concern about this - the casts to the ctype macros are
supposed to prevent negative subscript access to the ctypes array, so
casting them to int isn't really doing any good - most of the examples
use (unsigned char) or (unsigned) for this.
Definitely needed in something like this module :-)
Best,
Alistair
From: christos@zoulas.com (Christos Zoulas)
To: Alistair Crooks <agc@pkgsrc.org>, gnats-bugs@NetBSD.org
Cc: pkg-manager@NetBSD.org, gnats-admin@NetBSD.org, pkgsrc-bugs@NetBSD.org
Subject: Re: pkg/47168: pkgsrc update for security/pam_ssh_agent_auth
Date: Wed, 7 Nov 2012 17:10:20 -0500
On Nov 7, 10:52pm, agc@pkgsrc.org (Alistair Crooks) wrote:
-- Subject: Re: pkg/47168: pkgsrc update for security/pam_ssh_agent_auth
| Thanks for the PR!
You are much better off doing what I did for:
/usr/src/crypto/external/bsd/openssh/dist/readpassphrase.c and avoid
all the complexity.
christos
Responsible-Changed-From-To: pkg-manager->agc
Responsible-Changed-By: hauke@NetBSD.org
Responsible-Changed-When: Thu, 08 Nov 2012 20:35:35 +0000
Responsible-Changed-Why:
Over to maintainer.
State-Changed-From-To: open->feedback
State-Changed-By: bsiegert@NetBSD.org
State-Changed-When: Wed, 01 Jan 2020 15:33:29 +0000
State-Changed-Why:
Alistair, is this still an open issue?
State-Changed-From-To: feedback->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sat, 31 Dec 2022 06:17:55 +0000
State-Changed-Why:
The cited problems seem to have been fixed upstream in the meantime.
>Unformatted:
B
(Contact us)
$NetBSD: gnats-precook-prs,v 1.4 2018/12/21 14:20:20 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home