pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/46577: Old PAM problem with -DNO_STATIC_MODULES has come back.

>Number:         46577
>Category:       pkg
>Synopsis:       Old PAM problem with -DNO_STATIC_MODULES has come back.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jun 10 19:50:00 +0000 2012
>Originator:     Rhialto
>Release:        NetBSD 5.1
System: NetBSD 5.1 NetBSD 5.1 
(Radl-s_Pervasion_of_the_Incorrect_Chord) #0: Mon Jan 24 20:25:13 CET 2011 amd64
Architecture: x86_64
Machine: amd64
        Since I last updated to pkgsrc-2012Q1, I am seeing this in my syslog
        very often:

        Jun 10 20:48:31 radl sshd: in openpam_dispatch(): 
/usr/pkg/lib/security/ no pam_sm_setcred()

        This is apparentklty from the security/pam-af package.
        Strangely enough, it seems it was updated a pkgsrc stable branch
        earlier, but I only see this effect now.

        Apparently this problem happened before, and was "fixed" by adding
        and followup

        but it is back.

        Somehow the -DNO_STATIC_MODULES disappears; I can't see a trace of it
        in the build output:

===> configure-message [pam-af-1.0.2nb1] ===> Configuring for pam-af-1.0.2nb1
=> Checking for portability problems in extracted files
=> replace hard-coded paths
===> build-message [pam-af-1.0.2nb1] ===> Building for pam-af-1.0.2nb1
if [ "`uname -s`" = "FreeBSD" -o "`uname -s`" = "NetBSD" -o "`uname -s`" = 
"OpenBSD" -o "`uname -s`" = "DragonFly" ]; then  /usr/bin/make 
CFLAGS="-I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k                    
-Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch      -Wshadow 
-Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_ 
LDFLAGS=" -s --shared -lpam -lcrypt"  ./;  /usr/bin/make 
CFLAGS="-I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k      -Wreturn-type 
-Wcast-qual -Wwrite-strings -Wswitch       -Wshadow -Wchar-subscripts -Winline 
-D_USE_MODULE_ENTRY_ -D_HAVE_SALEN_"  LDFLAGS="" ./pam_af_tool/pam_af_tool;  
elif [ "`uname -s`" = "Linux" ]; then  /usr/bin/make CFLAGS="-I./common/ -DPIC 
-O2 -Wall -Werror -Wno-format-y2k                   -Wreturn-type -Wcast-qual 
-Wwrite-strings -Wswitch  !
     -Wshadow -Wchar-subscripts -Winline -Wnested-externs -fPIC -D_GNU_SOURCE 
LDFLAGS="-lgdbm -lgdbm_compat -s --shared -lpam -lcrypt"  ./;  
/usr/bin/make CFLAGS="-I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k       
           -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch     -Wshadow 
-Wchar-subscripts -Winline -Wnested-externs -fPIC -D_GNU_SOURCE 
LDFLAGS="-lgdbm -lgdbm_compat" ./pam_af_tool/pam_af_tool;  elif [ "`uname -s`" 
= "SunOS" ]; then  /usr/bin/make CFLAGS="-I./common/ -DPIC -fPIC -O2 
-D_SUN_PAM_ -D_HAVE_USERDEFS_H_"  LD=ld LDFLAGS="-lnsl -lsocket -s -G -lpam 
-lcrypt"  ./;  /usr/bin/make CFLAGS="-I./common/ -DPIC -fPIC -O2 
-D_SUN_PAM_ -D_HAVE_USERDEFS_H_"  LDFLAGS="-lnsl -lsocket" 
./pam_af_tool/pam_af_tool;  elif [ "`uname -s`" = "HP-UX" ]; then  
/usr/bin/make CFLAGS="-Ae +w1 +W 474,486,542 +z +O!
 2"  LD=ld LDFLAGS=" -s -b -lpam -lsec"  ./;  /usr/bin!
 /make CFLAGS="-I./common/ -DPIC -Ae +w1 +W 474,486,542 +z +O2"  LDFLAGS="" 
./pam_af_tool/pam_af_tool;  else  /usr/bin/make ./;  /usr/bin/make 
./pam_af_tool/pam_af_tool;  fi
cc -I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k                   
-Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch      -Wshadow 
-Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_ 
./pam_af.c -o ./pam_af.o
cc -I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k                   
-Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch      -Wshadow 
-Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_ 
-DPAM_AF_DEFS -c ./common/subr.c -o ./subr.o
ld -s --shared -lpam -lcrypt ./pam_af.o ./subr.o -o ./
cc -I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k                   
-Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch      -Wshadow 
-Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_ 
./pam_af_tool/pam_af_tool.c -o ./pam_af_tool/pam_af_tool.o
cc -I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k                   
-Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch      -Wshadow 
-Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_ 
./common/subr.c -o ./pam_af_tool/subr.o
cc  ./pam_af_tool/pam_af_tool.o ./pam_af_tool/subr.o -o 
=> Unwrapping files-to-be-installed.


        Install security/pam-af to protect against bulk ssh intrusions.
        See notices that make you think it doesn't work.

        As a workaround, I changed the provided patches of the
        security/pam-af/work.x86_64/pam_af-1.0.2/Makefile so that it adds this


        This seems to make it work for me, but it is probably too drastic in
        The email thread alludes to a proper fix that there is to be made.

___ Olaf 'Rhialto' Seibert  -- There's no point being grown-up if you 
\X/ rhialto/at/    -- can't be childish sometimes. -The 4th Doctor


Home | Main Index | Thread Index | Old Index