pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/46577: Old PAM problem with -DNO_STATIC_MODULES has come back.
>Number: 46577
>Category: pkg
>Synopsis: Old PAM problem with -DNO_STATIC_MODULES has come back.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Jun 10 19:50:00 +0000 2012
>Originator: Rhialto
>Release: NetBSD 5.1
>Organization:
>Environment:
System: NetBSD radl.falu.nl 5.1 NetBSD 5.1
(Radl-s_Pervasion_of_the_Incorrect_Chord) #0: Mon Jan 24 20:25:13 CET 2011
root%vargaz.falu.nl@localhost:/usr/src/sys/arch/amd64/compile/RADL5.1 amd64
Architecture: x86_64
Machine: amd64
>Description:
Since I last updated to pkgsrc-2012Q1, I am seeing this in my syslog
very often:
Jun 10 20:48:31 radl sshd: in openpam_dispatch():
/usr/pkg/lib/security/pam_af.so: no pam_sm_setcred()
This is apparentklty from the security/pam-af package.
Strangely enough, it seems it was updated a pkgsrc stable branch
earlier, but I only see this effect now.
Apparently this problem happened before, and was "fixed" by adding
-DNO_STATIC_MODULES to CFLAGS:
http://mail-index.netbsd.org/current-users/2009/08/05/msg010266.html
and followup
but it is back.
Somehow the -DNO_STATIC_MODULES disappears; I can't see a trace of it
in the build output:
===> configure-message [pam-af-1.0.2nb1] ===> Configuring for pam-af-1.0.2nb1
=> Checking for portability problems in extracted files
=> replace hard-coded paths
===> build-message [pam-af-1.0.2nb1] ===> Building for pam-af-1.0.2nb1
if [ "`uname -s`" = "FreeBSD" -o "`uname -s`" = "NetBSD" -o "`uname -s`" =
"OpenBSD" -o "`uname -s`" = "DragonFly" ]; then /usr/bin/make
CFLAGS="-I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k
-Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow
-Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_
-D_HAVE_ERR_H_ -D_HAVE_GETPROGNAME_ -D_USE_MODULE_ENTRY_ -D_HAVE_SALEN_" LD=ld
LDFLAGS=" -s --shared -lpam -lcrypt" ./pam_af.so; /usr/bin/make
CFLAGS="-I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k -Wreturn-type
-Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wchar-subscripts -Winline
-Wnested-externs -fPIC -D_HAVE_PATHS_H_ -D_HAVE_ERR_H_ -D_HAVE_GETPROGNAME_
-D_USE_MODULE_ENTRY_ -D_HAVE_SALEN_" LDFLAGS="" ./pam_af_tool/pam_af_tool;
elif [ "`uname -s`" = "Linux" ]; then /usr/bin/make CFLAGS="-I./common/ -DPIC
-O2 -Wall -Werror -Wno-format-y2k -Wreturn-type -Wcast-qual
-Wwrite-strings -Wswitch !
-Wshadow -Wchar-subscripts -Winline -Wnested-externs -fPIC -D_GNU_SOURCE
-D_HAVE_PATHS_H_ -D_HAVE_ERR_H_ -D_HAVE_FLOCK_ -D_HAVE_SYS_FILE_H_" LD=ld
LDFLAGS="-lgdbm -lgdbm_compat -s --shared -lpam -lcrypt" ./pam_af.so;
/usr/bin/make CFLAGS="-I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k
-Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow
-Wchar-subscripts -Winline -Wnested-externs -fPIC -D_GNU_SOURCE
-D_HAVE_PATHS_H_ -D_HAVE_ERR_H_ -D_HAVE_FLOCK_ -D_HAVE_SYS_FILE_H_"
LDFLAGS="-lgdbm -lgdbm_compat" ./pam_af_tool/pam_af_tool; elif [ "`uname -s`"
= "SunOS" ]; then /usr/bin/make CFLAGS="-I./common/ -DPIC -fPIC -O2
-D_SUN_PAM_ -D_HAVE_USERDEFS_H_" LD=ld LDFLAGS="-lnsl -lsocket -s -G -lpam
-lcrypt" ./pam_af.so; /usr/bin/make CFLAGS="-I./common/ -DPIC -fPIC -O2
-D_SUN_PAM_ -D_HAVE_USERDEFS_H_" LDFLAGS="-lnsl -lsocket"
./pam_af_tool/pam_af_tool; elif [ "`uname -s`" = "HP-UX" ]; then
/usr/bin/make CFLAGS="-Ae +w1 +W 474,486,542 +z +O!
2" LD=ld LDFLAGS=" -s -b -lpam -lsec" ./pam_af.so; /usr/bin!
/make CFLAGS="-I./common/ -DPIC -Ae +w1 +W 474,486,542 +z +O2" LDFLAGS=""
./pam_af_tool/pam_af_tool; else /usr/bin/make ./pam_af.so; /usr/bin/make
./pam_af_tool/pam_af_tool; fi
cc -I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k
-Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow
-Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_
-D_HAVE_ERR_H_ -D_HAVE_GETPROGNAME_ -D_USE_MODULE_ENTRY_ -D_HAVE_SALEN_ -c
./pam_af.c -o ./pam_af.o
cc -I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k
-Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow
-Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_
-D_HAVE_ERR_H_ -D_HAVE_GETPROGNAME_ -D_USE_MODULE_ENTRY_ -D_HAVE_SALEN_
-DPAM_AF_DEFS -c ./common/subr.c -o ./subr.o
ld -s --shared -lpam -lcrypt ./pam_af.o ./subr.o -o ./pam_af.so
cc -I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k
-Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow
-Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_
-D_HAVE_ERR_H_ -D_HAVE_GETPROGNAME_ -D_USE_MODULE_ENTRY_ -D_HAVE_SALEN_ -c
./pam_af_tool/pam_af_tool.c -o ./pam_af_tool/pam_af_tool.o
cc -I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k
-Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow
-Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_
-D_HAVE_ERR_H_ -D_HAVE_GETPROGNAME_ -D_USE_MODULE_ENTRY_ -D_HAVE_SALEN_ -c
./common/subr.c -o ./pam_af_tool/subr.o
cc ./pam_af_tool/pam_af_tool.o ./pam_af_tool/subr.o -o
./pam_af_tool/pam_af_tool
=> Unwrapping files-to-be-installed.
radl.4:.../pkgsrc/security/pam-af$
>How-To-Repeat:
Install security/pam-af to protect against bulk ssh intrusions.
See notices that make you think it doesn't work.
>Fix:
As a workaround, I changed the provided patches of the
security/pam-af/work.x86_64/pam_af-1.0.2/Makefile so that it adds this
line:
CFLAGS_BSD += -DNO_STATIC_MODULES
This seems to make it work for me, but it is probably too drastic in
general.
The email thread alludes to a proper fix that there is to be made.
-Olaf.
--
___ Olaf 'Rhialto' Seibert -- There's no point being grown-up if you
\X/ rhialto/at/xs4all.nl -- can't be childish sometimes. -The 4th Doctor
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index