[gentoo-commits] repo/gentoo:master commit in: sys-auth/pam_p11/, sys-auth/pam_p11/files/
commit: b4d09bb5d767ebb39c3133c6456c018c74562e0e Author: orbea riseup net> AuthorDate: Wed Apr 26 16:00:23 2023 + Commit: Sam James gentoo org> CommitDate: Fri Apr 28 00:48:09 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4d09bb5 sys-auth/pam_p11: Add upstream libressl patch This patch was accepted upstream and fixes the build with libressl >= 3.0.0. Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/OpenSC/pam_p11/pull/26 Upstream-Commit: https://github.com/OpenSC/pam_p11/commit/cb2f0c318c94e30addfce3b432ed91496a43e411 Signed-off-by: orbea riseup.net> Closes: https://github.com/gentoo/gentoo/pull/30771 Signed-off-by: Sam James gentoo.org> .../pam_p11/files/pam_p11-0.3.1-libressl.patch | 28 ++ sys-auth/pam_p11/pam_p11-0.3.1.ebuild | 6 - 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/sys-auth/pam_p11/files/pam_p11-0.3.1-libressl.patch b/sys-auth/pam_p11/files/pam_p11-0.3.1-libressl.patch new file mode 100644 index ..e085e06e9006 --- /dev/null +++ b/sys-auth/pam_p11/files/pam_p11-0.3.1-libressl.patch @@ -0,0 +1,28 @@ +https://bugs.gentoo.org/903001 +https://github.com/OpenSC/pam_p11/pull/26 +https://github.com/OpenSC/pam_p11/commit/cb2f0c318c94e30addfce3b432ed91496a43e411 + +From b307045a93d042ac9e3871e35f8495e8bb201574 Mon Sep 17 00:00:00 2001 +From: orbea +Date: Tue, 11 Apr 2023 07:29:12 -0700 +Subject: [PATCH] match_openssh: Fix the build for LibreSSL >= 3.0.0 + +Newer LibreSSL versions no longer need the older OpenSSL APIs. +--- + src/match_openssh.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/match_openssh.c b/src/match_openssh.c +index 89cbd73..fb59308 100644 +--- a/src/match_openssh.c b/src/match_openssh.c +@@ -22,7 +22,8 @@ + + #define OPENSSH_LINE_MAX 16384/* from openssh SSH_MAX_PUBKEY_BYTES */ + +-#if (OPENSSL_VERSION_NUMBER < 0x1010L) || defined (LIBRESSL_VERSION_NUMBER) ++#if (OPENSSL_VERSION_NUMBER < 0x1010L) || \ ++(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x300L) + void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) + { diff --git a/sys-auth/pam_p11/pam_p11-0.3.1.ebuild b/sys-auth/pam_p11/pam_p11-0.3.1.ebuild index 0322e3038be0..4b50c70d2edc 100644 --- a/sys-auth/pam_p11/pam_p11-0.3.1.ebuild +++ b/sys-auth/pam_p11/pam_p11-0.3.1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -20,6 +20,10 @@ RDEPEND="sys-libs/pam DEPEND="${RDEPEND}" BDEPEND="virtual/pkgconfig" +PATCHES=( + "${FILESDIR}/${P}-libressl.patch" #903001 +) + src_configure() { # Ugly way to work around deprecated declarations in openssl-3 append-cflags -Wno-error=deprecated-declarations
[gentoo-commits] repo/gentoo:master commit in: sys-auth/pam_p11/, sys-auth/pam_p11/files/
commit: cee16c81ab7597ce05a1e0b985a533014653c234 Author: Alon Bar-Lev gentoo org> AuthorDate: Thu Jun 27 10:08:09 2019 + Commit: Alon Bar-Lev gentoo org> CommitDate: Thu Jun 27 10:08:52 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cee16c81 sys-auth/pam_p11: cleanup old Signed-off-by: Alon Bar-Lev gentoo.org> Package-Manager: Portage-2.3.66, Repoman-2.3.11 sys-auth/pam_p11/Manifest | 1 - sys-auth/pam_p11/files/pam_p11-0.2.0-build.patch | 26 .../pam_p11/files/pam_p11-0.2.0-openssl11.patch| 76 -- sys-auth/pam_p11/pam_p11-0.2.0.ebuild | 42 4 files changed, 145 deletions(-) diff --git a/sys-auth/pam_p11/Manifest b/sys-auth/pam_p11/Manifest index 55e93521a67..7b93d357274 100644 --- a/sys-auth/pam_p11/Manifest +++ b/sys-auth/pam_p11/Manifest @@ -1,2 +1 @@ -DIST pam_p11-0.2.0.tar.gz 417550 BLAKE2B e3c5bb32d6c7c84776341796ebdb9850a9561778aee820acb2a6c61112a2a5df5ee7c539cb5974439e565046e944f4710b87c3b51dea61fdb2cd9171daac3a0c SHA512 2cadf6fe880c953554757099741f3cfe992067f251b7e7e977a6dda5f65cbe1f55b1de6d180638997eada0d3b760887091014b99f8ae4b6d31b25af8e555343c DIST pam_p11-0.3.0.tar.gz 422806 BLAKE2B 60ac1cc0b8fff536553b2502f906f7730c1be760b2948389f5a6399979f994b3fcfa04226f1605c64d02bad47f46c9bd28fa076d819814b9121241b034407d4b SHA512 f89cf57f6365c25e54830d18180aad7d14b7eaef82eb0d419bcc3d8b881e1e07993a2c4e635e90b4f2fb779fec24fa0d912388f898d726e387bc0db63d772d49 diff --git a/sys-auth/pam_p11/files/pam_p11-0.2.0-build.patch b/sys-auth/pam_p11/files/pam_p11-0.2.0-build.patch deleted file mode 100644 index 813499acd3a..000 --- a/sys-auth/pam_p11/files/pam_p11-0.2.0-build.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 659a6eb5434039c27b41a9d06edc64923e5042b9 Mon Sep 17 00:00:00 2001 -From: Alon Bar-Lev -Date: Wed, 15 Aug 2018 18:30:51 +0300 -Subject: [PATCH] build: pam_p11: unsigned comparison - -Signed-off-by: Alon Bar-Lev - src/pam_p11.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/pam_p11.c b/src/pam_p11.c -index 960c164..1cf6cb2 100644 a/src/pam_p11.c -+++ b/src/pam_p11.c -@@ -553,7 +553,7 @@ static int randomize(pam_handle_t *pamh, unsigned char *r, unsigned int r_len) - { - int ok = 0; - int fd = open("/dev/urandom", O_RDONLY); -- if (0 <= fd && read(fd, r, r_len) == r_len) { -+ if (0 <= fd && read(fd, r, r_len) == (ssize_t)r_len) { - ok = 1; - } else { - pam_syslog(pamh, LOG_CRIT, "Error reading from /dev/urandom: %s", --- -2.16.4 - diff --git a/sys-auth/pam_p11/files/pam_p11-0.2.0-openssl11.patch b/sys-auth/pam_p11/files/pam_p11-0.2.0-openssl11.patch deleted file mode 100644 index 8c41e29bed1..000 --- a/sys-auth/pam_p11/files/pam_p11-0.2.0-openssl11.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 46a6079817c67a09e5ac493af3381c655bd91c26 Mon Sep 17 00:00:00 2001 -From: Peter Popovec -Date: Tue, 21 Aug 2018 10:24:36 +0200 -Subject: [PATCH] Replacing deprecated OpenSSL API functions (#12) - -fixes https://github.com/OpenSC/pam_p11/issues/10 - configure.ac | 5 + - src/pam_p11.c | 17 ++--- - 2 files changed, 19 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 5bcbdd6..2854a99 100644 a/configure.ac -+++ b/configure.ac -@@ -85,6 +85,11 @@ PKG_CHECK_MODULES( - )] - ) - -+saved_LIBS="$LIBS" -+LIBS="$OPENSSL_LIBS $LIBS" -+AC_CHECK_FUNCS(EVP_MD_CTX_new EVP_MD_CTX_free EVP_MD_CTX_reset) -+LIBS="$saved_LIBS" -+ - if test -z "${PAM_LIBS}"; then - AC_ARG_VAR([PAM_CFLAGS], [C compiler flags for pam]) - AC_ARG_VAR([PAM_LIBS], [linker flags for pam]) -diff --git a/src/pam_p11.c b/src/pam_p11.c -index 2b4bfbe..60380e5 100644 a/src/pam_p11.c -+++ b/src/pam_p11.c -@@ -31,6 +31,17 @@ - #include - #include - -+/* openssl deprecated API emulation */ -+#ifndef HAVE_EVP_MD_CTX_NEW -+#define EVP_MD_CTX_new() EVP_MD_CTX_create() -+#endif -+#ifndef HAVE_EVP_MD_CTX_FREE -+#define EVP_MD_CTX_free(ctx) EVP_MD_CTX_destroy((ctx)) -+#endif -+#ifndef HAVE_EVP_MD_CTX_RESET -+#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_cleanup((ctx)) -+#endif -+ - #ifdef ENABLE_NLS - #include - #include -@@ -578,7 +589,7 @@ static int key_verify(pam_handle_t *pamh, int flags, PKCS11_KEY *authkey) - unsigned char signature[256]; - unsigned int siglen = sizeof signature; - const EVP_MD *md = EVP_sha1(); -- EVP_MD_CTX *md_ctx = EVP_MD_CTX_create(); -+ EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); - EVP_PKEY *privkey = PKCS11_get_private_key(authkey); - EVP_PKEY *pubkey = PKCS11_get_public_key(authkey); - -@@ -596,7 +607,7 @@ static int key_verify(pam_handle_t *pamh, int flags, PKCS11_KEY *authkey) - || !EVP_SignInit(md_ctx, md) - || !EVP_SignUpdate(md_ctx, challenge, sizeof challenge) - || !EVP_SignFinal(md_ctx,
[gentoo-commits] repo/gentoo:master commit in: sys-auth/pam_p11/, sys-auth/pam_p11/files/
commit: fb8fbfe2f28e7ce11892e6bc27840c1cf48519f9 Author: Alon Bar-Lev gentoo org> AuthorDate: Mon Mar 6 19:23:12 2017 + Commit: Alon Bar-Lev gentoo org> CommitDate: Mon Mar 6 19:25:38 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fb8fbfe2 sys-auth/pam_p11: avoid using ldscript fix build Bug: 611874 Package-Manager: Portage-2.3.3, Repoman-2.3.1 sys-auth/pam_p11/files/pam_p11-0.1.5-build.patch | 41 sys-auth/pam_p11/pam_p11-0.1.5-r2.ebuild | 17 -- 2 files changed, 48 insertions(+), 10 deletions(-) diff --git a/sys-auth/pam_p11/files/pam_p11-0.1.5-build.patch b/sys-auth/pam_p11/files/pam_p11-0.1.5-build.patch new file mode 100644 index 000..5ca0b76d5e5 --- /dev/null +++ b/sys-auth/pam_p11/files/pam_p11-0.1.5-build.patch @@ -0,0 +1,41 @@ +From 8d09661398f14102703e19418f15e9cf3f3707d1 Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev+Date: Mon, 6 Mar 2017 21:19:15 +0200 +Subject: [PATCH] build: export only needed symbols + +Signed-off-by: Alon Bar-Lev +--- + src/Makefile.am | 3 ++- + src/pam_p11.exports | 6 ++ + 2 files changed, 8 insertions(+), 1 deletion(-) + create mode 100644 src/pam_p11.exports + +diff --git a/src/Makefile.am b/src/Makefile.am +index 8bfb0bd..83a3e3d 100644 +--- a/src/Makefile.am b/src/Makefile.am +@@ -3,7 +3,8 @@ + MAINTAINERCLEANFILES = Makefile.in + + AM_CFLAGS = -Wall -fno-strict-aliasing $(OPENSSL_CFLAGS) $(LIBP11_CFLAGS) +-AM_LDFLAGS = -module -avoid-version ++AM_LDFLAGS = -module -avoid-version -shared -no-undefined \ ++ -export-symbols "$(srcdir)/pam_p11.exports" + + lib_LTLIBRARIES = pam_p11_openssh.la pam_p11_opensc.la + +diff --git a/src/pam_p11.exports b/src/pam_p11.exports +new file mode 100644 +index 000..416cde1 +--- /dev/null b/src/pam_p11.exports +@@ -0,0 +1,6 @@ ++pam_sm_authenticate ++pam_sm_setcred ++pam_sm_acct_mgmt ++pam_sm_open_session ++pam_sm_close_session ++pam_sm_chauthtok +-- +2.10.2 + diff --git a/sys-auth/pam_p11/pam_p11-0.1.5-r2.ebuild b/sys-auth/pam_p11/pam_p11-0.1.5-r2.ebuild index 45058fdce0e..8e7e780a8cc 100644 --- a/sys-auth/pam_p11/pam_p11-0.1.5-r2.ebuild +++ b/sys-auth/pam_p11/pam_p11-0.1.5-r2.ebuild @@ -3,7 +3,7 @@ EAPI=6 -inherit pam flag-o-matic +inherit autotools pam flag-o-matic DESCRIPTION="PAM module for authenticating against PKCS#11 tokens" HOMEPAGE="https://github.com/opensc/pam_p11/wiki; @@ -20,16 +20,13 @@ RDEPEND="virtual/pam DEPEND="${RDEPEND} virtual/pkgconfig" -src_configure() { - # hide all the otherwise-exported symbols that may clash with - # other software loading the PAM modules (see bug #274924 as an - # example). - append-ldflags -Wl,--version-script="${FILESDIR}"/pam_symbols.ver +PATCHES=( + "${FILESDIR}/${P}-build.patch" +) - econf \ - --disable-static \ - --enable-fast-install \ - || die +src_prepare() { + default + eautoreconf } src_install() {