pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/pam-mysql Update pam-mysql to 0.7RC1. This fi...
details: https://anonhg.NetBSD.org/pkgsrc/rev/1873881c0db5
branches: trunk
changeset: 509232:1873881c0db5
user: joerg <joerg%pkgsrc.org@localhost>
date: Tue Mar 07 01:22:16 2006 +0000
description:
Update pam-mysql to 0.7RC1. This fixes a number of security issues.
>From NEWS:
Version 0.7-RC1 2006/1/10 <moriyoshi%users.sourceforge.net@localhost>
* Add a option "disconnect_every_op" option that forces pam_mysql to
disconnect from the database every operation (PR #1325395). -moriyoshi
* Use geteuid() instead of getuid() to check if the current user is authorized
to change the password (PR #1338667). -moriyoshi
* Allow root (uid=0) to change the passwords of other users without their old
password. -moriyoshi
Version 0.7-pre3 2005/9/29 <moriyoshi%users.sourceforge.net@localhost>
* Changed handling of the "where" option to not escape meta characters
(PR #1261484). -moriyoshi
* Overhauled the SQL logging facility (PR #1256243). -moriyoshi
* Added logrhostcolumn (log.rhost_column) option that enables you to log the
value of the "rhost" item specified by the application. -moriyoshi
* Fixed possible security flaw (though not considered to be severe). -moriyoshi
* Fixed memory leaks spotted when "config_file" option is used. -moriyoshi
* Fixed try_first_pass behaviour. -moriyoshi
* Changed option parsing behaviour so "=" following each option name is not
needed. -moriyoshi
Version 0.7-pre2 2005/9/18 <moriyoshi%users.sourceforge.net@localhost>
* Changed column name handling to not escape meta characters. Now you can
specify an expression to every XXXcolumn variable like "CONCAT(a, b, c)".
-moriyoshi
* Supported SHA1 hash (PR #1117036). -moriyoshi, alexeen
* Supported use_first_pass and try_first_pass options. -moriyoshi
Version 0.7-pre1 2005/6/13 <moriyoshi%users.sourceforge.net@localhost>
* Support for NSS-mysql style configuration file which is inspired
by the Florian's work. -moriyoshi
Version 0.6.2 2005/9/29 <moriyoshi%users.sourceforge.net@localhost>
* Overhauled the SQL logging facility (PR #1256243). -moriyoshi
* Fixed possible security flaw (though not considered to be severe). -moriyoshi
Version 0.6.1 2005/9/18 <moriyoshi%users.sourceforge.net@localhost>
* Added use_323_passwd option that allows you to use an encryption function
used in the old MySQL versions (3.23.x). -moriyoshi, Daniel Renaud
* Fixed account management code that wouldn't work at all :-p -moriyoshi
* Included pam_mysql.spec to the tarball by default. This enables you to
make a RPM with the following oneliner: (rpmbuild -tb pam_mysql.tar.gz).
-moriyoshi
* Fixed compile failure that occurs with the old mysql_config (< 4.0.16).
-moriyoshi
* Fixed compile failure on Solaris when --with-openssl is specified to the
configure script.
Version 0.6 2005/6/13 <moriyoshi%users.sourceforge.net@localhost>
* Adopted autoconf / automake for build system. -moriyoshi
* Portable MD5 support by using OpenSSL / Cyrus-SASL. -moriyoshi
* MySQL library detection. -moriyoshi
* Added RPM spec file. -moriyoshi
* Tidied up the entire code for security and maintainability. -moriyoshi
* Modified log output to be more verbose. -moriyoshi
* Changed log facility type to LOG_AUTHPRIV as per the recommendation in
the PAM documentation. -moriyoshi
* Added support for unix socket and non-default ports. -moriyoshi
* Added account management and authentication token alteration code. -moriyoshi
* Remove default values for string parameters for the sake of performance.
-moriyoshi
* Enhanced SQL logging function to log session state as well. -moriyoshi
* Solaris support. -moriyoshi
diffstat:
security/pam-mysql/Makefile | 31 ++++-------
security/pam-mysql/PLIST | 8 +-
security/pam-mysql/distinfo | 9 +-
security/pam-mysql/patches/patch-aa | 93 -------------------------------------
4 files changed, 20 insertions(+), 121 deletions(-)
diffs (176 lines):
diff -r dd568023742e -r 1873881c0db5 security/pam-mysql/Makefile
--- a/security/pam-mysql/Makefile Mon Mar 06 23:03:20 2006 +0000
+++ b/security/pam-mysql/Makefile Tue Mar 07 01:22:16 2006 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.5 2006/03/04 21:30:37 jlam Exp $
+# $NetBSD: Makefile,v 1.6 2006/03/07 01:22:16 joerg Exp $
-DISTNAME= pam_mysql-0.5
-PKGNAME= ${DISTNAME:S/_/-/}
-PKGREVISION= 2
+DISTNAME= pam_mysql-0.7RC1
+PKGNAME= ${DISTNAME:S/_/-/:S/RC/rc/}
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=pam-mysql/}
@@ -10,26 +9,20 @@
HOMEPAGE= http://pam-mysql.sourceforge.net/
COMMENT= PAM module for authenticating with MySQL
-WRKSRC= ${WRKDIR}/pam_mysql
DOCDIR= ${PREFIX}/share/doc/pam-mysql
-INSTALLATION_DIRS= lib
+GNU_CONFIGURE= yes
+USE_LIBTOOL= yes
-do-build:
- ${CC} -fpic -DPIC -Wall -I${LOCALBASE}/include \
- -c ${WRKSRC}/pam_mysql.c -o ${WRKSRC}/pam_mysql.o
- ${LD} -x --shared -o ${WRKSRC}/pam_mysql.so ${WRKSRC}/pam_mysql.o \
- -lpam -lcrypt -L${LOCALBASE}/lib/mysql \
- ${COMPILER_RPATH_FLAG}${LOCALBASE}/lib/mysql -lmysqlclient \
- -L${LOCALBASE}/lib ${COMPILER_RPATH_FLAG}${LOCALBASE}/lib
+CONFIGURE_ARGS+= --with-mysql=${BUILDLINK_PREFIX.mysql-client:Q}
+CONFIGURE_ARGS+= --with-pam-mods-dir=${PREFIX:Q}/lib/security
+CONFIGURE_ARGS+= --disable-static
-do-install:
- ${INSTALL_LIB} ${WRKSRC}/pam_mysql.so ${PREFIX}/lib
- ${INSTALL_DATA_DIR} ${DOCDIR}
- ${INSTALL_DATA} ${WRKSRC}/Changelog ${DOCDIR}
- ${INSTALL_DATA} ${WRKSRC}/CREDITS ${DOCDIR}
- ${INSTALL_DATA} ${WRKSRC}/Readme ${DOCDIR}
+post-install:
+ ${INSTALL_DATA_DIR} ${DOCDIR:Q}
+ cd ${WRKSRC:Q} && ${INSTALL_DATA} CREDITS ChangeLog README ${DOCDIR:Q}
+.include "../../security/openssl/buildlink3.mk"
.include "../../mk/mysql.buildlink3.mk"
.include "../../mk/pam.buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
diff -r dd568023742e -r 1873881c0db5 security/pam-mysql/PLIST
--- a/security/pam-mysql/PLIST Mon Mar 06 23:03:20 2006 +0000
+++ b/security/pam-mysql/PLIST Tue Mar 07 01:22:16 2006 +0000
@@ -1,6 +1,6 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2005/05/05 20:16:42 xtraeme Exp $
-lib/pam_mysql.so
+@comment $NetBSD: PLIST,v 1.2 2006/03/07 01:22:16 joerg Exp $
+lib/security/pam_mysql.la
share/doc/pam-mysql/CREDITS
-share/doc/pam-mysql/Changelog
-share/doc/pam-mysql/Readme
+share/doc/pam-mysql/ChangeLog
+share/doc/pam-mysql/README
@dirrm share/doc/pam-mysql
diff -r dd568023742e -r 1873881c0db5 security/pam-mysql/distinfo
--- a/security/pam-mysql/distinfo Mon Mar 06 23:03:20 2006 +0000
+++ b/security/pam-mysql/distinfo Tue Mar 07 01:22:16 2006 +0000
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.1.1.1 2005/05/05 20:16:42 xtraeme Exp $
+$NetBSD: distinfo,v 1.2 2006/03/07 01:22:16 joerg Exp $
-SHA1 (pam_mysql-0.5.tar.gz) = 6e974a3ee78a968b0069c4abbd1d8602c145e177
-RMD160 (pam_mysql-0.5.tar.gz) = 788246f050ce0b531799af3e8d816248b974638f
-Size (pam_mysql-0.5.tar.gz) = 11587 bytes
-SHA1 (patch-aa) = 05300eb46da816015567195dc755f39522d1f5d8
+SHA1 (pam_mysql-0.7RC1.tar.gz) = a139c4b4bf1a2e591a016069405428eb862f7690
+RMD160 (pam_mysql-0.7RC1.tar.gz) = ffa908bf2f458c48571f0f172f841ef861ad0b47
+Size (pam_mysql-0.7RC1.tar.gz) = 335240 bytes
diff -r dd568023742e -r 1873881c0db5 security/pam-mysql/patches/patch-aa
--- a/security/pam-mysql/patches/patch-aa Mon Mar 06 23:03:20 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,93 +0,0 @@
-$NetBSD: patch-aa,v 1.1.1.1 2005/05/05 20:16:42 xtraeme Exp $
-
---- pam_mysql.c.orig Sun Sep 15 10:28:58 2002
-+++ pam_mysql.c Thu Feb 13 14:58:21 2003
-@@ -23,6 +23,7 @@
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
-+#include <time.h>
-
-
- /* AFAIK, only FreeBSD has MD5Data() defined in md5.h
-@@ -54,7 +55,53 @@
- #define DEBUG
-
- #include <security/pam_modules.h>
-+#ifdef _OPENPAM
-+#include <security/pam_appl.h>
-+#else
- #include <security/pam_misc.h>
-+#endif
-+
-+#ifdef _OPENPAM
-+/* some macros not defined in OpenPAM */
-+
-+/* Good policy to strike out passwords with some characters not just
-+ free the memory */
-+
-+#define _pam_overwrite(x) \
-+do { \
-+ register char *__xx__; \
-+ if ((__xx__=(x))) \
-+ while (*__xx__) \
-+ *__xx__++ = '\0'; \
-+} while (0)
-+
-+/*
-+ * Don't just free it, forget it too.
-+ */
-+
-+#define _pam_drop(X) \
-+do { \
-+ if (X) { \
-+ free(X); \
-+ X=NULL; \
-+ } \
-+} while (0)
-+
-+#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
-+do { \
-+ int reply_i; \
-+ \
-+ for (reply_i=0; reply_i<replies; ++reply_i) { \
-+ if (reply[reply_i].resp) { \
-+ _pam_overwrite(reply[reply_i].resp); \
-+ free(reply[reply_i].resp); \
-+ } \
-+ } \
-+ if (reply) \
-+ free(reply); \
-+} while (0)
-+
-+#endif
-
- struct optionstruct {
- char host[257];
-@@ -620,7 +667,11 @@
- retval = conv->conv(nargs,
- (const struct pam_message **) message,
- response, conv->appdata_ptr);
-- if ((retval != PAM_SUCCESS) && (retval != PAM_CONV_AGAIN))
-+ if ((retval != PAM_SUCCESS)
-+#ifndef _OPENPAM
-+ && (retval != PAM_CONV_AGAIN)
-+#endif
-+ )
- syslog(LOG_DEBUG, "pam_mysql: conversation failure [%s]",
- pam_strerror(pamh, retval));
- } else {
-@@ -827,8 +878,12 @@
- if (retval != PAM_SUCCESS) {
- if (resp != NULL)
- _pam_drop_reply(resp,i);
-+#ifndef _OPENPAM
- return ((retval == PAM_CONV_AGAIN)
- ? PAM_INCOMPLETE : PAM_AUTHINFO_UNAVAIL);
-+#else
-+ return PAM_AUTHINFO_UNAVAIL;
-+#endif
- }
-
- /* we have a password so set AUTHTOK
-
Home |
Main Index |
Thread Index |
Old Index