Apply patches from Fedora fixing security bug #407603 and add support for Python3.

(Portage version: 2.2.20/cvs/Linux x86_64, signed Manifest commit with key )
author: Manuel Rüger <mrueg@gentoo.org> 2015-06-13 14:13:35 +0000
committer: Manuel Rüger <mrueg@gentoo.org> 2015-06-13 14:13:35 +0000
commit: 7c575377b85d973a4bdd10f88bb3b9857a74065d (patch)
tree: 391ea33713f05ee07ca84070f9d52c91b431d521 /dev-python/pypam
parent: [QA] Remove first hunk from patch, otherwise it will fail due to CVS keyword ... (diff)
download: gentoo-2-7c575377b85d973a4bdd10f88bb3b9857a74065d.tar.gz
gentoo-2-7c575377b85d973a4bdd10f88bb3b9857a74065d.tar.bz2
gentoo-2-7c575377b85d973a4bdd10f88bb3b9857a74065d.zip
7 files changed, 517 insertions, 1 deletions
diff --git a/dev-python/pypam/ChangeLog b/dev-python/pypam/ChangeLog
index f12fe6b39555..516db39775f2 100644
--- a/dev-python/pypam/ChangeLog
+++ b/dev-python/pypam/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for dev-python/pypam
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-python/pypam/ChangeLog,v 1.17 2015/04/08 08:05:13 mgorny Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-python/pypam/ChangeLog,v 1.18 2015/06/13 14:13:35 mrueg Exp $
+
+*pypam-0.5.0-r3 (13 Jun 2015)
+
+  13 Jun 2015; Manuel Rüger <mrueg@gentoo.org> +files/PyPAM-0.5.0-dealloc.patch,
+  +files/PyPAM-0.5.0-memory-errors.patch, +files/PyPAM-0.5.0-nofree.patch,
+  +files/PyPAM-0.5.0-return-value.patch, +files/PyPAM-python3-support.patch,
+  +pypam-0.5.0-r3.ebuild:
+  Apply patches from Fedora fixing security bug #407603 and add support for
+  Python3.
 
   08 Apr 2015; Michał Górny <mgorny@gentoo.org> pypam-0.5.0-r2.ebuild:
   Drop old Python implementations
diff --git a/dev-python/pypam/files/PyPAM-0.5.0-dealloc.patch b/dev-python/pypam/files/PyPAM-0.5.0-dealloc.patch
new file mode 100644
index 000000000000..b73dd0b08c59
--- /dev/null
+++ b/dev-python/pypam/files/PyPAM-0.5.0-dealloc.patch
@@ -0,0 +1,17 @@
+diff -up PyPAM-0.5.0/PAMmodule.c.dealloc PyPAM-0.5.0/PAMmodule.c
+--- PyPAM-0.5.0/PAMmodule.c.dealloc	2011-01-17 22:48:22.000000000 +0100
++++ PyPAM-0.5.0/PAMmodule.c	2011-01-18 21:24:59.000000000 +0100
+@@ -538,10 +538,11 @@ static void PyPAM_dealloc(PyPAMObject *s
+     free(self->service);
+     free(self->user);
+     free(self->conv);
+-    pam_end(self->pamh, PAM_SUCCESS);
++    if (self->pamh)
++        pam_end(self->pamh, PAM_SUCCESS);
+     dlclose(self->dlh2);
+     dlclose(self->dlh1);
+-    PyMem_DEL(self);
++    PyObject_Del(self);
+ }
+ 
+ static PyObject * PyPAM_getattr(PyPAMObject *self, char *name)
diff --git a/dev-python/pypam/files/PyPAM-0.5.0-memory-errors.patch b/dev-python/pypam/files/PyPAM-0.5.0-memory-errors.patch
new file mode 100644
index 000000000000..6e0b4c0dce4b
--- /dev/null
+++ b/dev-python/pypam/files/PyPAM-0.5.0-memory-errors.patch
@@ -0,0 +1,128 @@
+diff -up PyPAM-0.5.0/PAMmodule.c.memory PyPAM-0.5.0/PAMmodule.c
+--- PyPAM-0.5.0/PAMmodule.c.memory	2012-05-07 17:22:54.503914026 +0200
++++ PyPAM-0.5.0/PAMmodule.c	2012-05-07 17:23:15.644381942 +0200
+@@ -37,33 +37,48 @@ static void PyPAM_Err(PyPAMObject *self,
+ 
+     err_msg = pam_strerror(self->pamh, result);
+     error = Py_BuildValue("(si)", err_msg, result);
+-    Py_INCREF(PyPAM_Error);
+     PyErr_SetObject(PyPAM_Error, error);
++    Py_XDECREF(error);
+ }
+ 
+ static int PyPAM_conv(int num_msg, const struct pam_message **msg,
+     struct pam_response **resp, void *appdata_ptr)
+ {
+-    PyObject                *args;
+-
++    PyObject *args, *msgList, *respList, *item;
++    struct pam_response *response, *spr;
+     PyPAMObject* self = (PyPAMObject *) appdata_ptr;
++
+     if (self->callback == NULL)
+         return PAM_CONV_ERR;
+ 
+     Py_INCREF(self);
+ 
+-    PyObject* msgList = PyList_New(num_msg);
+-    
++    msgList = PyList_New(num_msg);
++    if (msgList == NULL) {
++        Py_DECREF(self);
++        return PAM_CONV_ERR;
++    }
++
+     for (int i = 0; i < num_msg; i++) {
+-        PyList_SetItem(msgList, i,
+-            Py_BuildValue("(si)", msg[i]->msg, msg[i]->msg_style));
++        item = Py_BuildValue("(si)", msg[i]->msg, msg[i]->msg_style);
++        if (item == NULL) {
++            Py_DECREF(msgList);
++            Py_DECREF(self);
++            return PAM_CONV_ERR;
++        }
++        PyList_SetItem(msgList, i, item);
+     }
+-    
++
+     args = Py_BuildValue("(OO)", self, msgList);
+-    PyObject* respList = PyEval_CallObject(self->callback, args);
++    if (args == NULL) {
++        Py_DECREF(self);
++	Py_DECREF(msgList);
++        return PAM_CONV_ERR;
++    }
++    respList = PyEval_CallObject(self->callback, args);
+     Py_DECREF(args);
+     Py_DECREF(self);
+-    
++
+     if (respList == NULL)
+         return PAM_CONV_ERR;
+ 
+@@ -71,11 +86,15 @@ static int PyPAM_conv(int num_msg, const
+         Py_DECREF(respList);
+         return PAM_CONV_ERR;
+     }
+-    
+-    *resp = (struct pam_response *) malloc(
++
++    response = (struct pam_response *) malloc(
+         PyList_Size(respList) * sizeof(struct pam_response));
++    if (response == NULL) {
++        Py_DECREF(respList);
++        return PAM_CONV_ERR;
++    }
++    spr = response;
+ 
+-    struct pam_response* spr = *resp;
+     for (int i = 0; i < PyList_Size(respList); i++, spr++) {
+         PyObject* respTuple = PyList_GetItem(respList, i);
+         char* resp_text;
+@@ -85,7 +104,7 @@ static int PyPAM_conv(int num_msg, const
+                 free((--spr)->resp);
+                 --i;
+             }
+-            free(*resp);
++            free(response);
+             Py_DECREF(respList);
+             return PAM_CONV_ERR;
+         }
+@@ -95,7 +114,8 @@ static int PyPAM_conv(int num_msg, const
+     }
+ 
+     Py_DECREF(respList);
+-    
++    *resp = response;
++
+     return PAM_SUCCESS;
+ }
+ 
+@@ -122,7 +142,11 @@ static PyObject * PyPAM_pam(PyObject *se
+     PyPAMObject_Type.ob_type = &PyType_Type;
+     p = (PyPAMObject *) PyObject_NEW(PyPAMObject, &PyPAMObject_Type);
+ 
++    if (p == NULL)
++        return NULL;
++
+     if ((spc = (struct pam_conv *) malloc(sizeof(struct pam_conv))) == NULL) {
++        Py_DECREF((PyObject *)p);
+         PyErr_SetString(PyExc_MemoryError, "out of memory");
+         return NULL;
+     }
+@@ -455,9 +479,15 @@ static PyObject * PyPAM_getenvlist(PyObj
+     }
+     
+     retval = PyList_New(0);
++    if (retval == NULL)
++	return NULL;
+     
+     while ((cp = *(result++)) != NULL) {
+         entry = Py_BuildValue("s", cp);
++        if (entry == NULL) {
++            Py_DECREF(retval);
++            return NULL;
++        }
+         PyList_Append(retval, entry);
+         Py_DECREF(entry);
+     }
diff --git a/dev-python/pypam/files/PyPAM-0.5.0-nofree.patch b/dev-python/pypam/files/PyPAM-0.5.0-nofree.patch
new file mode 100644
index 000000000000..f27e9d543d06
--- /dev/null
+++ b/dev-python/pypam/files/PyPAM-0.5.0-nofree.patch
@@ -0,0 +1,60 @@
+diff --git a/PAMmodule.c b/PAMmodule.c
+index 03cb799..a7ff8a5 100644
+--- a/PAMmodule.c
++++ b/PAMmodule.c
+@@ -24,8 +24,6 @@ typedef struct {
+     char                *service;
+     char                *user;
+     PyObject            *callback;
+-    struct pam_response *response_data;
+-    int                 response_len;
+     PyObject            *user_data;
+     void                *dlh1, *dlh2;
+ } PyPAMObject;
+@@ -54,15 +52,6 @@ static int PyPAM_conv(int num_msg, const struct pam_message **msg,
+ 
+     Py_INCREF(self);
+ 
+-    if (NULL != self->response_data) {
+-        for (int i = 0; i < self->response_len; i++) {
+-            free(self->response_data[0].resp);
+-        }
+-        free(self->response_data);
+-        self->response_data = NULL;
+-        self->response_len = 0;
+-    }
+-
+     PyObject* msgList = PyList_New(num_msg);
+     
+     for (int i = 0; i < num_msg; i++) {
+@@ -92,6 +81,10 @@ static int PyPAM_conv(int num_msg, const struct pam_message **msg,
+         char* resp_text;
+         int resp_retcode = 0;
+         if (!PyArg_ParseTuple(respTuple, "si", &resp_text, &resp_retcode)) {
++            while (i > 0) {
++                free((--spr)->resp);
++                --i;
++            }
+             free(*resp);
+             Py_DECREF(respList);
+             return PAM_CONV_ERR;
+@@ -100,10 +93,6 @@ static int PyPAM_conv(int num_msg, const struct pam_message **msg,
+         spr->resp_retcode = resp_retcode;
+         Py_DECREF(respTuple);
+     }
+-    
+-    // Save this so we can free it later.
+-    self->response_data = *resp;
+-    self->response_len = PyList_Size(respList);
+ 
+     Py_DECREF(respList);
+     
+@@ -144,8 +133,6 @@ static PyObject * PyPAM_pam(PyObject *self, PyObject *args)
+     p->user = NULL;
+     Py_INCREF(Py_None);
+     p->callback = Py_None;
+-    p->response_data = NULL;
+-    p->response_len = 0;
+     Py_INCREF(Py_None);
+     p->user_data = Py_None;
+     
diff --git a/dev-python/pypam/files/PyPAM-0.5.0-return-value.patch b/dev-python/pypam/files/PyPAM-0.5.0-return-value.patch
new file mode 100644
index 000000000000..6e771e9949a3
--- /dev/null
+++ b/dev-python/pypam/files/PyPAM-0.5.0-return-value.patch
@@ -0,0 +1,57 @@
+diff -up PyPAM-0.5.0/PAMmodule.c.retval PyPAM-0.5.0/PAMmodule.c
+--- PyPAM-0.5.0/PAMmodule.c.retval	2012-05-04 21:47:51.000000000 +0200
++++ PyPAM-0.5.0/PAMmodule.c	2012-05-07 09:42:27.690963206 +0200
+@@ -248,7 +248,7 @@ static PyObject * PyPAM_setcred(PyObject
+     result = pam_setcred(_self->pamh, flags);
+     
+     if (result != PAM_SUCCESS) {
+-        PyErr_SetString(PyPAM_Error, "Not authenticated");
++        PyPAM_Err(_self, result);
+         return NULL;
+     }
+ 
+@@ -270,7 +270,7 @@ static PyObject * PyPAM_acct_mgmt(PyObje
+     result = pam_acct_mgmt(_self->pamh, flags);
+     
+     if (result != PAM_SUCCESS) {
+-        PyErr_SetString(PyPAM_Error, "Not authenticated");
++        PyPAM_Err(_self, result);
+         return NULL;
+     }
+ 
+@@ -292,7 +292,7 @@ static PyObject * PyPAM_chauthtok(PyObje
+     result = pam_chauthtok(_self->pamh, flags);
+     
+     if (result != PAM_SUCCESS) {
+-        PyErr_SetString(PyPAM_Error, "Not authenticated");
++        PyPAM_Err(_self, result);
+         return NULL;
+     }
+ 
+@@ -314,7 +314,7 @@ static PyObject * PyPAM_open_session(PyO
+     result = pam_open_session(_self->pamh, flags);
+     
+     if (result != PAM_SUCCESS) {
+-        PyErr_SetString(PyPAM_Error, "Not authenticated");
++        PyPAM_Err(_self, result);
+         return NULL;
+     }
+ 
+@@ -336,7 +336,7 @@ static PyObject * PyPAM_close_session(Py
+     result = pam_close_session(_self->pamh, flags);
+     
+     if (result != PAM_SUCCESS) {
+-        PyErr_SetString(PyPAM_Error, "Not authenticated");
++        PyPAM_Err(_self, result);
+         return NULL;
+     }
+ 
+@@ -433,7 +433,7 @@ static PyObject * PyPAM_putenv(PyObject
+     result = pam_putenv(_self->pamh, val);
+     
+     if (result != PAM_SUCCESS) {
+-        PyErr_SetString(PyPAM_Error, "Not authenticated");
++        PyPAM_Err(_self, result);
+         return NULL;
+     }
+ 
diff --git a/dev-python/pypam/files/PyPAM-python3-support.patch b/dev-python/pypam/files/PyPAM-python3-support.patch
new file mode 100644
index 000000000000..2aec60eabdf4
--- /dev/null
+++ b/dev-python/pypam/files/PyPAM-python3-support.patch
@@ -0,0 +1,198 @@
+--- PAMmodule.c.python3	2014-06-24 11:29:10.958299393 +0200
++++ PAMmodule.c	2014-06-24 15:20:02.728118493 +0200
+@@ -15,6 +15,14 @@
+ #include <stdio.h>
+ #include <dlfcn.h>
+ 
++#if PY_MAJOR_VERSION >= 3
++#define IS_PY3K
++#else
++// include bytesobject.h to map PyBytes_* to PyString_*
++#include <bytesobject.h>
++#endif
++
++
+ static PyObject *PyPAM_Error;
+ 
+ typedef struct {
+@@ -28,7 +36,11 @@
+     void                *dlh1, *dlh2;
+ } PyPAMObject;
+ 
++#ifdef IS_PY3K
++static PyTypeObject PyPAMObject_Type;
++#else
+ staticforward PyTypeObject PyPAMObject_Type;
++#endif
+ 
+ static void PyPAM_Err(PyPAMObject *self, int result)
+ {
+@@ -139,7 +151,6 @@
+         return NULL;
+     }
+ 
+-    PyPAMObject_Type.ob_type = &PyType_Type;
+     p = (PyPAMObject *) PyObject_NEW(PyPAMObject, &PyPAMObject_Type);
+ 
+     if (p == NULL)
+@@ -562,35 +573,44 @@
+     PyObject_Del(self);
+ }
+ 
+-static PyObject * PyPAM_getattr(PyPAMObject *self, char *name)
+-{
+-    return Py_FindMethod(PyPAMObject_Methods, (PyObject *) self, name);
+-}
+-
+ static PyObject * PyPAM_repr(PyPAMObject *self)
+ {
+     char                buf[1024];
+     
+     snprintf(buf, 1024, "<pam object, service=\"%s\", user=\"%s\", conv=%p, pamh=%p>",
+         self->service, self->user, self->conv, self->pamh);
+-    return PyString_FromString(buf);
++    return PyBytes_FromString(buf);
+ }
+ 
+ static PyTypeObject PyPAMObject_Type = {
+-    PyObject_HEAD_INIT(0)    /* Must fill in type value later */
+-    0,
+-    "pam",
+-    sizeof(PyPAMObject),
+-    0,
+-    (destructor)PyPAM_dealloc,        /*tp_dealloc*/
+-    0,        /*tp_print*/
+-    (getattrfunc)PyPAM_getattr,        /*tp_getattr*/
+-    0,        /*tp_setattr*/
+-    0,        /*tp_compare*/
+-    (reprfunc)PyPAM_repr,            /*tp_repr*/
+-    0,        /*tp_as_number*/
+-    0,        /*tp_as_sequence*/
+-    0,        /*tp_as_mapping*/
++    PyVarObject_HEAD_INIT(NULL, 0)    /* Must fill in type value later */
++    "pam",                              /* tp_name */
++    sizeof(PyPAMObject),                /* tp_basicsize */
++    0,                                  /* tp_itemsize */
++    (destructor)PyPAM_dealloc,          /* tp_dealloc */
++    0,                                  /* tp_print */
++    0,                                  /* tp_getattr */
++    0,                                  /* tp_setattr */
++    0,                                  /* tp_compare */
++    (reprfunc)PyPAM_repr,               /* tp_repr */
++    0,                                  /* tp_as_number */
++    0,                                  /* tp_as_sequence */
++    0,                                  /* tp_as_mapping */
++    0,                                  /* tp_hash */
++    0,                                  /* tp_call */
++    0,                                  /* tp_str */
++    PyObject_GenericGetAttr,            /* tp_getattro */
++    0,                                  /* tp_setattro */
++    0,                                  /* tp_as_buffer */
++    Py_TPFLAGS_DEFAULT,                 /* tp_flags */
++    "PyPAM",                            /* tp_doc */
++    0,                                  /* tp_traverse */
++    0,                                  /* tp_clear */
++    0,                                  /* tp_richcompare */
++    0,                                  /* tp_weaklistoffset */
++    0,                                  /* tp_iter */
++    0,                                  /* tp_iternext */
++    PyPAMObject_Methods,                /* tp_methods */
+ };
+ 
+ static PyMethodDef PyPAM_Methods[] = {
+@@ -607,7 +627,12 @@
+  */
+ static void insint(PyObject *d, char *name, int value)
+ {
+-    PyObject*        v = PyInt_FromLong((long) value);
++    PyObject*        v;
++#ifdef IS_PY3K
++    v = PyLong_FromLong((long) value);
++#else
++    v = PyInt_FromLong((long) value);
++#endif
+ 
+     if (!v || PyDict_SetItemString(d, name, v))
+         PyErr_Clear();
+@@ -615,19 +640,42 @@
+     Py_XDECREF(v);
+ }
+ 
++#ifdef IS_PY3K
++static struct PyModuleDef pamdef = {
++        PyModuleDef_HEAD_INIT,
++        "PAM",
++        NULL,
++        -1,
++        PyPAM_Methods,
++        NULL,
++        NULL,
++        NULL,
++        NULL
++};
++
++#define INITERROR return NULL
++PyObject *PyInit_PAM(void)
++
++#else
++#define INITERROR return
+ void initPAM(void)
++#endif
+ {
+     PyObject            *m, *d;
+ 
++#ifdef IS_PY3K
++    m = PyModule_Create(&pamdef);
++#else
+     m = Py_InitModule("PAM", PyPAM_Methods);
++#endif
+     d = PyModule_GetDict(m);
+     
+     PyPAM_Error = PyErr_NewException("PAM.error", NULL, NULL);
+     if (PyPAM_Error == NULL)
+-        return;
++        INITERROR;
+     PyDict_SetItemString(d, "error", PyPAM_Error);
+ 
+-    PyPAMObject_Type.ob_type = &PyType_Type;
++    Py_TYPE(&PyPAMObject_Type) = &PyType_Type;
+     PyPAMObject_Type.tp_doc = PyPAMObject_doc;
+     Py_INCREF(&PyPAMObject_Type);
+ 
+@@ -692,4 +740,7 @@
+     insint(d, "PAM_BINARY_PROMPT", PAM_BINARY_PROMPT);
+ #endif
+ 
++#ifdef IS_PY3K
++    return m;
++#endif
+ }
+--- setup.py.python3	2014-06-24 15:58:07.792172439 +0200
++++ setup.py	2014-06-24 15:58:13.714909021 +0200
+@@ -12,7 +12,7 @@
+     license='LGPL',
+     ext_modules=[
+         Extension(
+-            'PAMmodule',
++            'PAM',
+             ['PAMmodule.c'],
+             libraries=['pam', 'pam_misc'],
+             extra_compile_args = ['-std=c99'],
+--- tests/PamTest.py.python3	2014-06-24 16:54:28.902998249 +0200
++++ tests/PamTest.py	2014-06-24 17:07:11.392094775 +0200
+@@ -41,13 +41,13 @@
+     def test_userdata_default(self):
+         """The default value for userdata is None."""
+     
+-        self.failUnless(self.pam.get_userdata() is None)
++        self.assertTrue(self.pam.get_userdata() is None)
+ 
+     def test_userdata(self):
+         """The userdata getter and setter will store and return any data."""
+     
+         self.pam.set_userdata(1)
+-        self.failUnless(self.pam.get_userdata() == 1)
++        self.assertTrue(self.pam.get_userdata() == 1)
+ 
+     def test_start(self):
+         """pam.start() works as expected."""
diff --git a/dev-python/pypam/pypam-0.5.0-r3.ebuild b/dev-python/pypam/pypam-0.5.0-r3.ebuild
new file mode 100644
index 000000000000..8428c9ee53de
--- /dev/null
+++ b/dev-python/pypam/pypam-0.5.0-r3.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-python/pypam/pypam-0.5.0-r3.ebuild,v 1.1 2015/06/13 14:13:35 mrueg Exp $
+
+EAPI=5
+PYTHON_COMPAT=( python{2_7,3_3} )
+
+inherit distutils-r1 flag-o-matic
+
+MY_PN="PyPAM"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="Python Bindings for PAM (Pluggable Authentication Modules)"
+HOMEPAGE="http://www.pangalactic.org/PyPAM"
+SRC_URI="http://www.pangalactic.org/PyPAM/${MY_P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+IUSE=""
+
+DEPEND=">=sys-libs/pam-0.64"
+RDEPEND="${DEPEND}"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=( AUTHORS examples/pamtest.py )
+
+PATCHES=(
+	# Pull patches from fedora.
+	"${FILESDIR}/PyPAM-${PV}-dealloc.patch"
+	"${FILESDIR}/PyPAM-${PV}-nofree.patch"
+	"${FILESDIR}/PyPAM-${PV}-memory-errors.patch"
+	"${FILESDIR}/PyPAM-${PV}-return-value.patch"
+	"${FILESDIR}/PyPAM-python3-support.patch"
+	# Fix a missing include.
+	"${FILESDIR}/${P}-stricter.patch"
+)
+
+src_compile() {
+	append-cflags -fno-strict-aliasing
+	distutils-r1_src_compile
+}
+
+python_test() {
+	"${PYTHON}" tests/PamTest.py
+}
author	Manuel Rüger <mrueg@gentoo.org>	2015-06-13 14:13:35 +0000
committer	Manuel Rüger <mrueg@gentoo.org>	2015-06-13 14:13:35 +0000
commit	7c575377b85d973a4bdd10f88bb3b9857a74065d (patch)
tree	391ea33713f05ee07ca84070f9d52c91b431d521 /dev-python/pypam
parent	[QA] Remove first hunk from patch, otherwise it will fail due to CVS keyword ... (diff)
download	gentoo-2-7c575377b85d973a4bdd10f88bb3b9857a74065d.tar.gz gentoo-2-7c575377b85d973a4bdd10f88bb3b9857a74065d.tar.bz2 gentoo-2-7c575377b85d973a4bdd10f88bb3b9857a74065d.zip