[pkgsrc/trunk]: pkgsrc/security/openpam openpam: update to 20170430

[triaxx <triaxx%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/62c228169023
branches:  trunk
changeset: 307956:62c228169023
user:      triaxx <triaxx%pkgsrc.org@localhost>
date:      Tue May 15 07:57:32 2018 +0000
description:
openpam: update to 20170430

* patch-lib_libpam_openpam__constants.c:
  * comment it (make pkglint happy)
  * fix OPENPAM_MODULES_DIR (avoid openpam loading basesystem modules)
* remove "CONFIGURE_ARGS+=  --without-pam-su" (option not recognized by configure)
* change '_dep_' to 'dep' in builtin.mk (make pkglint happy)
* fix paths in manpages

Changes from upstream:
============================================================================
OpenPAM Resedacea                                               2017-04-30

  - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
    OpenPAM Radula, as it breaks common error-handling constructs.

  - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
    dispatcher when the required service function could not be found.

  - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
    NULL in API functions that have a NULL check.

  - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
    PAM_BAD_CONSTANT error codes for situations where we previously
    incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
    had been passed to an API function.

  - ENHANCE: Improve the RETURN VALUES section in API man pages,
    especially for functions that cannot fail, which were incorrectly
    documented as returning -1 on failure.
 ============================================================================
OpenPAM Radula                                                  2017-02-19

  - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
    pam_get_user(3) from using application-provided custom prompts.

  - BUGFIX: Plug a memory leak in pam_set_item(3).

  - BUGFIX: Plug a potential memory leak in openpam_readlinev(3).

  - BUGFIX: In openpam_readword(3), support line continuations within
    whitespace.

  - ENHANCE: Add a feature flag to control fallback to "other" policy.

  - ENHANCE: Add a pam_return(8) module which returns an arbitrary
    code specified in the module options.

  - ENHANCE: More and better unit tests.

diffstat:

 security/openpam/Makefile                                      |  12 ++-
 security/openpam/PLIST                                         |   3 +-
 security/openpam/builtin.mk                                    |   6 +-
 security/openpam/distinfo                                      |  14 +-
 security/openpam/patches/patch-doc_man_pam.conf.5              |  40 ++++++++++
 security/openpam/patches/patch-lib_libpam_openpam__constants.c |  17 +++-
 6 files changed, 74 insertions(+), 18 deletions(-)

diffs (168 lines):

diff -r c0fff4a99699 -r 62c228169023 security/openpam/Makefile
--- a/security/openpam/Makefile Tue May 15 06:50:19 2018 +0000
+++ b/security/openpam/Makefile Tue May 15 07:57:32 2018 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.26 2018/01/01 18:16:39 rillig Exp $
+# $NetBSD: Makefile,v 1.27 2018/05/15 07:57:32 triaxx Exp $
 
-DISTNAME=      openpam-20140912
-PKGREVISION=   2
+DISTNAME=      openpam-20170430
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=openpam/}
 
@@ -15,7 +14,6 @@
 USE_LIBTOOL=           yes
 GNU_CONFIGURE=         yes
 CONFIGURE_ARGS+=       --sysconfdir=${PKG_SYSCONFDIR:Q}
-CONFIGURE_ARGS+=       --without-pam-su
 CONFIGURE_ARGS+=       --with-pam-unix
 CONFIGURE_ARGS+=       --with-modules-dir=${PREFIX}/lib/security
 
@@ -23,6 +21,12 @@
 
 OWN_DIRS=              ${PKG_SYSCONFDIR}/pam.d
 
+SUBST_CLASSES+=                man
+SUBST_MESSAGE.man=     Fixing hardcoded paths in manpages.
+SUBST_STAGE.man=       post-build
+SUBST_FILES.man=       doc/man/pam.conf.5
+SUBST_VARS.man=                PKG_SYSCONFDIR PREFIX
+
 .include "../../mk/dlopen.buildlink3.mk"
 
 # Create a fake perl binary to avoid recreating the man pages.
diff -r c0fff4a99699 -r 62c228169023 security/openpam/PLIST
--- a/security/openpam/PLIST    Tue May 15 06:50:19 2018 +0000
+++ b/security/openpam/PLIST    Tue May 15 07:57:32 2018 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2018/01/01 22:29:54 rillig Exp $
+@comment $NetBSD: PLIST,v 1.9 2018/05/15 07:57:32 triaxx Exp $
 include/security/openpam.h
 include/security/openpam_attr.h
 include/security/openpam_version.h
@@ -9,6 +9,7 @@
 lib/libpam.la
 lib/security/pam_deny.la
 lib/security/pam_permit.la
+lib/security/pam_return.la
 lib/security/pam_unix.la
 man/man3/openpam.3
 man/man3/openpam_borrow_cred.3
diff -r c0fff4a99699 -r 62c228169023 security/openpam/builtin.mk
--- a/security/openpam/builtin.mk       Tue May 15 06:50:19 2018 +0000
+++ b/security/openpam/builtin.mk       Tue May 15 07:57:32 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: builtin.mk,v 1.9 2013/11/23 12:10:13 obache Exp $
+# $NetBSD: builtin.mk,v 1.10 2018/05/15 07:57:32 triaxx Exp $
 
 BUILTIN_PKG:=  openpam
 
@@ -45,10 +45,10 @@
 .    if defined(BUILTIN_PKG.openpam) && \
         !empty(IS_BUILTIN.openpam:M[yY][eE][sS])
 USE_BUILTIN.openpam=   yes
-.      for _dep_ in ${BUILDLINK_API_DEPENDS.openpam}
+.      for dep in ${BUILDLINK_API_DEPENDS.openpam}
 .        if !empty(USE_BUILTIN.openpam:M[yY][eE][sS])
 USE_BUILTIN.openpam!=                                                  \
-       if ${PKG_ADMIN} pmatch ${_dep_:Q} ${BUILTIN_PKG.openpam:Q}; then \
+       if ${PKG_ADMIN} pmatch ${dep:Q} ${BUILTIN_PKG.openpam:Q}; then \
                ${ECHO} yes;                                            \
        else                                                            \
                ${ECHO} no;                                             \
diff -r c0fff4a99699 -r 62c228169023 security/openpam/distinfo
--- a/security/openpam/distinfo Tue May 15 06:50:19 2018 +0000
+++ b/security/openpam/distinfo Tue May 15 07:57:32 2018 +0000
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.12 2016/03/10 12:57:09 tnn Exp $
+$NetBSD: distinfo,v 1.13 2018/05/15 07:57:32 triaxx Exp $
 
-SHA1 (openpam-20140912.tar.gz) = 45b335d2cb3a4edcc66046ae56d689113e59a67a
-RMD160 (openpam-20140912.tar.gz) = 547cb3cf81d5b4526ddf2a702b83d5303430f764
-SHA512 (openpam-20140912.tar.gz) = c6cfbd669fe1b67af43a33c33bf2587e1512c27f1b96b9b38df37b81ecc4999d85e04b361b19a7265dbf271ebd3de3bd55342ee4fdbee9c68836b69714706423
-Size (openpam-20140912.tar.gz) = 457600 bytes
+SHA1 (openpam-20170430.tar.gz) = 758bd47cddcc1e444dd865a8724a943931762e43
+RMD160 (openpam-20170430.tar.gz) = 20553bf5f46c7b77bfacae424d561d9b047affae
+SHA512 (openpam-20170430.tar.gz) = 04b320bf0e581f4ff75f12fd43cb07df9a417a3e08371f3a71ad9f94caec9ff9742b49391bfb4ae81a7237817ed4eccdc1485a105b35f9d970fb92e4341b9510
+Size (openpam-20170430.tar.gz) = 494372 bytes
+SHA1 (patch-doc_man_pam.conf.5) = 0c9ad45f67333ecbcd5085a536a25b5ed2b01b93
 SHA1 (patch-lib_libpam_openpam__configure.c) = 5f4271121d03eb6b9ea7e3e1b85f9b27c9f4eaae
-SHA1 (patch-lib_libpam_openpam__constants.c) = 7dd63e288408939a73057b3e4d90382983c1d559
+SHA1 (patch-lib_libpam_openpam__constants.c) = 14b11cda3dbbfafd5a45865a868295e801bd1733
 SHA1 (patch-lib_libpam_openpam__dynamic.c) = 0bed21f16b74dbdb312ce4f09c17055a0891bdd5
-SHA1 (patch-lib_libpam_openpam__readword.c) = 75875dc75f76c6caa267ce7c6c905e0ac2790ad1
diff -r c0fff4a99699 -r 62c228169023 security/openpam/patches/patch-doc_man_pam.conf.5
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/openpam/patches/patch-doc_man_pam.conf.5 Tue May 15 07:57:32 2018 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-doc_man_pam.conf.5,v 1.1 2018/05/15 07:57:32 triaxx Exp $
+
+Fix hardcoded paths.
+
+--- doc/man/pam.conf.5.orig    2017-04-30 21:36:51.000000000 +0000
++++ doc/man/pam.conf.5
+@@ -39,13 +39,9 @@ The PAM library searches for policies in
+ decreasing order of preference:
+ .Bl -enum
+ .It
+-.Pa /etc/pam.d/ Ns Ar service-name
++.Pa @PKG_SYSCONFDIR@/pam.d/ Ns Ar service-name
+ .It
+-.Pa /etc/pam.conf
+-.It
+-.Pa /usr/local/etc/pam.d/ Ns Ar service-name
+-.It
+-.Pa /usr/local/etc/pam.conf
++.Pa @PKG_SYSCONFDIR@/pam.conf
+ .El
+ .Pp
+ If none of these locations contains a policy for the given service,
+@@ -144,13 +140,10 @@ The
+ .Ar module-path
+ field specifies the name or full path of the module to call.
+ If only the name is specified, the PAM library will search for it in
+-the following locations:
+-.Bl -enum
+-.It
+-.Pa /usr/lib
+-.It
+-.Pa /usr/local/lib
+-.El
++the following location:
++.Bd -unfilled -offset indent
++.Ar @PREFIX@/lib/security
++.Ed
+ .Pp
+ The remaining fields, if any, are passed unmodified to the module if
+ and when it is invoked.
diff -r c0fff4a99699 -r 62c228169023 security/openpam/patches/patch-lib_libpam_openpam__constants.c
--- a/security/openpam/patches/patch-lib_libpam_openpam__constants.c    Tue May 15 06:50:19 2018 +0000
+++ b/security/openpam/patches/patch-lib_libpam_openpam__constants.c    Tue May 15 07:57:32 2018 +0000
@@ -1,8 +1,11 @@
-$NetBSD: patch-lib_libpam_openpam__constants.c,v 1.1 2014/06/10 13:17:42 joerg Exp $
+$NetBSD: patch-lib_libpam_openpam__constants.c,v 1.2 2018/05/15 07:57:32 triaxx Exp $
 
---- lib/libpam/openpam_constants.c.orig        2014-06-10 13:01:39.996428375 +0000
+Change hardcoded configuration paths to ones depending on compiler variables.
+Fix OPENPAM_MODULES_DIR to avoid openpam loading basesystem modules.
+
+--- lib/libpam/openpam_constants.c.orig        2017-04-30 21:34:49.000000000 +0000
 +++ lib/libpam/openpam_constants.c
-@@ -127,10 +127,8 @@ const char *pam_sm_func_name[PAM_NUM_PRI
+@@ -167,16 +167,14 @@ const char *pam_sm_func_name[PAM_NUM_PRI
  };
  
  const char *openpam_policy_path[] = {
@@ -15,3 +18,11 @@
        NULL
  };
  
+ const char *openpam_module_path[] = {
+-#ifdef OPENPAM_MODULES_DIRECTORY
+-      OPENPAM_MODULES_DIRECTORY,
++#ifdef OPENPAM_MODULES_DIR
++      OPENPAM_MODULES_DIR,
+ #else
+       "/usr/lib",
+       "/usr/local/lib",