NetBSD Problem Report #47168

From root@bofh.its.iastate.edu  Wed Nov  7 19:24:50 2012
Return-Path: <root@bofh.its.iastate.edu>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id 50FDA63E51F
	for <gnats-bugs@gnats.NetBSD.org>; Wed,  7 Nov 2012 19:24:50 +0000 (UTC)
Message-Id: <20121107182243.000861CA67D@bofh.its.iastate.edu>
Date: Wed,  7 Nov 2012 12:22:42 -0600 (CST)
From: jdwhite@iastate.edu
Reply-To: jdwhite@iastate.edu
To: gnats-bugs@gnats.NetBSD.org
Subject: pkgsrc update for security/pam_ssh_agent_auth
X-Send-Pr-Version: 3.95

>Number:         47168
>Category:       pkg
>Synopsis:       Does not build and/or run under NetBSD 5.x/6.x, i386/amd64
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    agc
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed Nov 07 19:25:00 +0000 2012
>Last-Modified:  Thu Nov 08 20:35:35 +0000 2012
>Originator:     Jason White
>Release:        NetBSD 6.0
>Organization:
>Environment:
System: NetBSD bofh.its.iastate.edu 6.0 NetBSD 6.0 (GENERIC) i386
Architecture: i386
Machine: i386
>Description:
This package fails to build and/or function under NetBSD 5.x and 6.x,
i386 and amd64.

1) When invoking this module, the following appears in /var/log/authlog:
in openpam_dispatch(): pam_ssh_agent_auth.so: no pam_sm_authenticate()

2) Because the ordering of arguments to strnvis() changed in NetBSD 6.0,
this module will build but segfault when invoked. Same issue as PR/44977.

>How-To-Repeat:
Build it.  Add it to a pam stack (say, su) and try to su.
With NetBSD <6.0 you get condition #1 above.
With NetBSD >=6.0 you get both conditions above.

>Fix:
1) To fix the "no pam_sm_authenticate()" message, the module must be built
with the compiler flag -DNO_STATIC_MODULES.  [patch below]

2) To fix the issue with strnvis, check to see if we're compiling on
NetBSD 6.0 or later and tweak the order of the arguments to strnvis()
accordingly. [patch below]

The following patch fixes these issues and also updates the 
module version from 0.9.2 to 0.9.3.  I attempted to make 0.9.4 (latest)
work under NetBSD, but kept getting bogus messages about not
being able to find the module though ktrace showed otherwise.
0.9.4 does not offer any significant features or functionality
over 0.9.3, but was trying to be current.

Patch also fixes some compiler warnings in openbsd-compat library.

Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/pam_ssh_agent_auth/Makefile,v
retrieving revision 1.4
diff -u -r1.4 Makefile
--- Makefile	23 Oct 2012 18:16:49 -0000	1.4
+++ Makefile	7 Nov 2012 17:15:36 -0000
@@ -1,6 +1,6 @@
 # $NetBSD: Makefile,v 1.4 2012/10/23 18:16:49 asau Exp $

-DISTNAME=	pam_ssh_agent_auth-0.9.2
+DISTNAME=	pam_ssh_agent_auth-0.9.3
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=pamsshagentauth/}
 EXTRACT_SUFX=	.tar.bz2
@@ -13,4 +13,6 @@
 GNU_CONFIGURE=	yes
 USE_TOOLS+=	pod2man

+CFLAGS.NetBSD+=	-DNO_STATIC_MODULES
+
 .include "../../mk/bsd.pkg.mk"
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/security/pam_ssh_agent_auth/distinfo,v
retrieving revision 1.2
diff -u -r1.2 distinfo
--- distinfo	15 Jan 2010 22:23:48 -0000	1.2
+++ distinfo	7 Nov 2012 17:15:36 -0000
@@ -1,8 +1,10 @@
 $NetBSD: distinfo,v 1.2 2010/01/15 22:23:48 agc Exp $

-SHA1 (pam_ssh_agent_auth-0.9.2.tar.bz2) = 0f3d9455a8f983907cfad293105cfb16c4a08a0a
-RMD160 (pam_ssh_agent_auth-0.9.2.tar.bz2) = 2ef2a4dbb1f3115751f596629c0518e65500cdf4
-Size (pam_ssh_agent_auth-0.9.2.tar.bz2) = 237156 bytes
+SHA1 (pam_ssh_agent_auth-0.9.3.tar.bz2) = 5761a2d5e3ea29e0b415424338d27deaabdd75f4
+RMD160 (pam_ssh_agent_auth-0.9.3.tar.bz2) = cd4846adf8f131991b18c8af48b750440bd636c6
+Size (pam_ssh_agent_auth-0.9.3.tar.bz2) = 239596 bytes
 SHA1 (patch-aa) = a32866ae59734b94c55a3531094bbd6b6d9cdbfc
 SHA1 (patch-ab) = 9ef4711ea6a65a627e581d8905a3a9f8ef0cf202
 SHA1 (patch-ac) = ade7a45c5e42307ee0e9ffbdbd708a6fef64ada0
+SHA1 (patch-ad) = a29719b21e80115e9b1c54b0c3f965f934effba6
+SHA1 (patch-ae) = 3a09dbeed4dd0991127e1e1c7b3b142ac3a2e44b
Index: patches/patch-ad
===================================================================
RCS file: patches/patch-ad
diff -N patches/patch-ad
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-ad	7 Nov 2012 17:15:36 -0000
@@ -0,0 +1,15 @@
+--- log.c	2012-11-07 10:03:34.000000000 -0600
++++ log.c	2012-11-07 10:03:44.000000000 -0600
+@@ -361,7 +361,11 @@
+ 		vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args);
+ 	}
+ 
+-	strnvis(fmtbuf, msgbuf, sizeof(fmtbuf),
++#if (defined(__NetBSD_Version__) && __NetBSD_Version__ >= 600000000)
++        strnvis(fmtbuf, sizeof(fmtbuf), msgbuf,
++#else
++        strnvis(fmtbuf, msgbuf, sizeof(fmtbuf),
++#endif
+ 	    log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS);
+ 
+     if(level == SYSLOG_LEVEL_FATAL) {
Index: patches/patch-ae
===================================================================
RCS file: patches/patch-ae
diff -N patches/patch-ae
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-ae	7 Nov 2012 17:15:36 -0000
@@ -0,0 +1,17 @@
+--- openbsd-compat/readpassphrase.c	2012-11-07 10:09:52.000000000 -0600
++++ openbsd-compat/readpassphrase.c	2012-11-07 10:18:38.000000000 -0600
+@@ -124,11 +124,11 @@
+ 		if (p < end) {
+ 			if ((flags & RPP_SEVENBIT))
+ 				ch &= 0x7f;
+-			if (isalpha(ch)) {
++			if (isalpha((int)ch)) {
+ 				if ((flags & RPP_FORCELOWER))
+-					ch = tolower(ch);
++					ch = tolower((int)ch);
+ 				if ((flags & RPP_FORCEUPPER))
+-					ch = toupper(ch);
++					ch = toupper((int)ch);
+ 			}
+ 			*p++ = ch;
+ 		}

>Release-Note:

>Audit-Trail:
From: Alistair Crooks <agc@pkgsrc.org>
To: gnats-bugs@NetBSD.org
Cc: pkg-manager@NetBSD.org, gnats-admin@NetBSD.org, pkgsrc-bugs@NetBSD.org
Subject: Re: pkg/47168: pkgsrc update for security/pam_ssh_agent_auth
Date: Wed, 7 Nov 2012 22:52:17 +0100

 Thanks for the PR!

 On Wed, Nov 07, 2012 at 07:25:00PM +0000, jdwhite@iastate.edu wrote:
 > +--- openbsd-compat/readpassphrase.c	2012-11-07 10:09:52.000000000 -0600
 > ++++ openbsd-compat/readpassphrase.c	2012-11-07 10:18:38.000000000 -0600
 > +@@ -124,11 +124,11 @@
 > + 		if (p < end) {
 > + 			if ((flags & RPP_SEVENBIT))
 > + 				ch &= 0x7f;
 > +-			if (isalpha(ch)) {
 > ++			if (isalpha((int)ch)) {
 > + 				if ((flags & RPP_FORCELOWER))
 > +-					ch = tolower(ch);
 > ++					ch = tolower((int)ch);
 > + 				if ((flags & RPP_FORCEUPPER))
 > +-					ch = toupper(ch);
 > ++					ch = toupper((int)ch);
 > + 			}
 > + 			*p++ = ch;
 > + 		}

 Slight area of concern about this - the casts to the ctype macros are
 supposed to prevent negative subscript access to the ctypes array, so
 casting them to int isn't really doing any good - most of the examples
 use (unsigned char) or (unsigned) for this.

 Definitely needed in something like this module :-)

 Best,
 Alistair

From: christos@zoulas.com (Christos Zoulas)
To: Alistair Crooks <agc@pkgsrc.org>, gnats-bugs@NetBSD.org
Cc: pkg-manager@NetBSD.org, gnats-admin@NetBSD.org, pkgsrc-bugs@NetBSD.org
Subject: Re: pkg/47168: pkgsrc update for security/pam_ssh_agent_auth
Date: Wed, 7 Nov 2012 17:10:20 -0500

 On Nov 7, 10:52pm, agc@pkgsrc.org (Alistair Crooks) wrote:
 -- Subject: Re: pkg/47168: pkgsrc update for security/pam_ssh_agent_auth

 | Thanks for the PR!

 You are much better off doing what I did for:
     /usr/src/crypto/external/bsd/openssh/dist/readpassphrase.c and avoid
 all the complexity.

 christos

Responsible-Changed-From-To: pkg-manager->agc
Responsible-Changed-By: hauke@NetBSD.org
Responsible-Changed-When: Thu, 08 Nov 2012 20:35:35 +0000
Responsible-Changed-Why:
Over to maintainer.


>Unformatted:
 B

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.