diff options
| author |   Paweł Hajdan <phajdan.jr@gentoo.org> | 2010-02-12 10:00:24 +0000 |
|---|---|---|
| committer | Paweł Hajdan <phajdan.jr@gentoo.org> | 2010-02-12 10:00:24 +0000 |
| commit | b12d0a9cc7f5cd11a2056d9ec6bc10b49de5277a (patch) | |
| tree | bb5f192ddf5d46e6c697c4cb412ffcfc07353d43 /sys-auth/tcb | |
| parent | version bump (#297289) - dont pre-strip (#297989) (diff) | |
| download | gentoo-2-b12d0a9cc7f5cd11a2056d9ec6bc10b49de5277a.tar.gz gentoo-2-b12d0a9cc7f5cd11a2056d9ec6bc10b49de5277a.tar.bz2 gentoo-2-b12d0a9cc7f5cd11a2056d9ec6bc10b49de5277a.zip | |
Version bump. Remove old. Update the compatibility patch. Drop old patches.
(Portage version: 2.1.7.16/cvs/Linux i686)
Diffstat (limited to 'sys-auth/tcb')
| -rw-r--r-- | sys-auth/tcb/ChangeLog | 10 | ||||
| -rw-r--r-- | sys-auth/tcb/files/tcb-1.0.2-build.patch | 37 | ||||
| -rw-r--r-- | sys-auth/tcb/files/tcb-gentoo.patch | 162 | ||||
| -rw-r--r-- | sys-auth/tcb/files/tcb-xcrypt.patch | 50 | ||||
| -rw-r--r-- | sys-auth/tcb/tcb-1.0.3-r1.ebuild | 53 | ||||
| -rw-r--r-- | sys-auth/tcb/tcb-1.0.4.ebuild (renamed from sys-auth/tcb/tcb-1.0.3-r2.ebuild) | 19 |
6 files changed, 77 insertions, 254 deletions
diff --git a/sys-auth/tcb/ChangeLog b/sys-auth/tcb/ChangeLog index 2c0b51630a1c..08bdcdd5bf5a 100644 --- a/sys-auth/tcb/ChangeLog +++ b/sys-auth/tcb/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for sys-auth/tcb # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/tcb/ChangeLog,v 1.6 2010/01/19 14:37:41 phajdan.jr Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/tcb/ChangeLog,v 1.7 2010/02/12 10:00:24 phajdan.jr Exp $ + +*tcb-1.0.4 (12 Feb 2010) + + 12 Feb 2010; Pawel Hajdan jr <phajdan.jr@gentoo.org> + -files/tcb-1.0.2-build.patch, -tcb-1.0.3-r1.ebuild, -tcb-1.0.3-r2.ebuild, + +tcb-1.0.4.ebuild, files/tcb-gentoo.patch, -files/tcb-xcrypt.patch: + Version bump. Remove old. Update the compatibility patch. Drop old + patches. 19 Jan 2010; Pawel Hajdan jr <phajdan.jr@gentoo.org> files/tcb-1.0.2-build.patch: diff --git a/sys-auth/tcb/files/tcb-1.0.2-build.patch b/sys-auth/tcb/files/tcb-1.0.2-build.patch deleted file mode 100644 index 60cc1c519354..000000000000 --- a/sys-auth/tcb/files/tcb-1.0.2-build.patch +++ /dev/null @@ -1,37 +0,0 @@ ---- tcb-1.0/libs/Makefile -+++ tcb-1.0/libs/Makefile -@@ -17,13 +17,13 @@ - $(CC) $(CFLAGS) $(DBGFLAG) -c $< -o $@ - - $(LIBTCB_LONG): libtcb.o $(LIB_MAP) -- $(CC) $(DBGFLAG) -shared -o $@ -Wl,-soname,$(LIBTCB) \ -+ $(CC) $(LDFLAGS) $(DBGFLAG) -shared -o $@ -Wl,-soname,$(LIBTCB) \ - -Wl,--version-script=$(LIB_MAP) $< -lc - ln -sf $@ $(LIBTCB) - ln -sf $(LIBTCB) libtcb.so - - $(LIBNSS): nss.o $(NSS_MAP) $(LIBTCB_LONG) -- $(CC) $(DBGFLAG) -shared -o $@ -Wl,--version-script=$(NSS_MAP) \ -+ $(CC) $(LDFLAGS) $(DBGFLAG) -shared -o $@ -Wl,-soname,$@ -Wl,--version-script=$(NSS_MAP) \ - $< -L. $(LIBNSL) -ltcb - - .c.o: ---- tcb-1.0/progs/Makefile -+++ tcb-1.0/progs/Makefile -@@ -7,13 +7,13 @@ - all: $(CONVERT) $(UNCONVERT) $(CHKPWD) - - $(CONVERT): $(CONVERT).o -- $(CC) -o $@ $< -+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< - - $(UNCONVERT): $(UNCONVERT).o -- $(CC) -o $@ $< -L../libs -ltcb -+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -L../libs -ltcb - - $(CHKPWD): $(CHKPWD).o -- $(CC) -o $@ $< -lcrypt -+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -lcrypt - - .c.o: - $(CC) $(CFLAGS) -c $< -o $@ diff --git a/sys-auth/tcb/files/tcb-gentoo.patch b/sys-auth/tcb/files/tcb-gentoo.patch index ee681854f784..3cdab6e25879 100644 --- a/sys-auth/tcb/files/tcb-gentoo.patch +++ b/sys-auth/tcb/files/tcb-gentoo.patch @@ -1,121 +1,51 @@ --- pam_tcb/support.c.orig 2010-01-17 12:22:29.000000000 +0100 -+++ pam_tcb/support.c 2010-01-17 15:47:38.000000000 +0100 -@@ -466,6 +466,39 @@ ++++ pam_tcb/support.c 2010-02-12 10:47:37.000000000 +0100 +@@ -466,6 +466,44 @@ return retval; } -+static char i64c(int i) -+{ -+ if (i < 0) -+ return '.'; -+ if (i > 63) -+ return 'z'; -+ -+ if (i == 0) -+ return '.'; -+ if (i == 1) -+ return '/'; -+ if (i >= 2 && i <= 11) -+ return ('0' - 2 + i); -+ if (i >= 12 && i <= 37) -+ return ('A' - 12 + i); -+ if (i >= 38 && i <= 63) -+ return ('a' - 38 + i); -+ -+ return '\0'; -+} ++static unsigned char _crypt_itoa64[64 + 1] = ++ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + -+static char *make_salt(const char *prefix, const char *entropy, -+ int entropy_size) ++static char *crypt_gensalt_ra(const char *prefix, unsigned long count, ++ const char *entropy, int entropy_size) +{ -+ char salt[64]; ++ if (count != 0) ++ return NULL; ++ if (entropy_size < 3) ++ return NULL; ++ char* salt = malloc(strlen(prefix) + entropy_size/3*4 + 1); ++ if (!salt) ++ return NULL; + char *sp = stpcpy(salt, prefix); + int i; -+ for (i = 0; i < entropy_size / 2; i++) -+ *sp++ = i64c(entropy[i] & 077); ++ for (i = 0; entropy_size >= 3 * (i + 1); i++) { ++ unsigned long value = ++ ((unsigned long)(unsigned char)entropy[3 * i]) | ++ ((unsigned long)(unsigned char)entropy[3 * i + 1] << 8) | ++ ((unsigned long)(unsigned char)entropy[3 * i + 2] << 16); ++ *sp++ = _crypt_itoa64[value & 0x3f]; ++ *sp++ = _crypt_itoa64[(value >> 6) & 0x3f]; ++ *sp++ = _crypt_itoa64[(value >> 12) & 0x3f]; ++ *sp++ = _crypt_itoa64[(value >> 18) & 0x3f]; ++ } + *sp = '\0'; -+ return strdup(salt); ++ return salt; ++} ++ ++static char *crypt_ra(const char *key, const char *salt, ++ void **data, int *size) ++{ ++ *size = sizeof(struct crypt_data); ++ if (!(*data = calloc(1, *size))) ++ return NULL; ++ return crypt_r(key, salt, *data); +} + static int check_crypt(pam_handle_t *pamh, const char *pass, const char *stored_hash) { -@@ -481,11 +514,11 @@ - - /* This exists because of timing attacks. */ - memset(input, 0x55, sizeof(input)); -- fake_salt = crypt_gensalt_ra(pam_unix_param.crypt_prefix, -- pam_unix_param.count, input, sizeof(input)); -+ fake_salt = make_salt(pam_unix_param.crypt_prefix, -+ input, sizeof(input)); - - if (!fake_salt) { -- pam_syslog(pamh, LOG_CRIT, "crypt_gensalt_ra: %m"); -+ pam_syslog(pamh, LOG_CRIT, "make_salt: %m"); - return PAM_BUF_ERR; - } - -@@ -816,22 +849,21 @@ - return PAM_SUCCESS; - } - --static char *crypt_wrapper_ra(pam_handle_t *pamh, const char *key, -+static char *crypt_wrapper_r(pam_handle_t *pamh, const char *key, - const char *salt) - { -- char *retval; -- void *data = NULL; -- int size = 0; -+ char *retval = NULL; -+ struct crypt_data *cdata = malloc(sizeof(*cdata)); - -- retval = crypt_ra(key, salt, &data, &size); -- if (retval) -- retval = strdup(retval); /* we return NULL if strdup fails */ -- else -- pam_syslog(pamh, LOG_CRIT, "crypt_ra: %m"); -- if (data) { -- memset(data, 0, size); -- free(data); -+ if (cdata != NULL) { -+ cdata->initialized = 0; -+ retval = strdup(crypt_r(key, salt, cdata)); -+ if (!retval) -+ pam_syslog(pamh, LOG_CRIT, "crypt_r: %m"); -+ memset(cdata, '\0', sizeof(*cdata)); -+ free(cdata); - } -+ - return retval; - } - -@@ -841,7 +873,7 @@ - char *retval; - - if (off(UNIX_PLAIN_CRYPT)) -- return crypt_wrapper_ra(pamh, key, salt); -+ return crypt_wrapper_r(pamh, key, salt); - - errno = 0; - retval = crypt(key, salt); -@@ -873,13 +905,13 @@ - } - close(fd); - -- salt = crypt_gensalt_ra(pam_unix_param.crypt_prefix, -- pam_unix_param.count, entropy, sizeof(entropy)); -+ salt = make_salt(pam_unix_param.crypt_prefix, -+ entropy, sizeof(entropy)); - - memset(entropy, 0, sizeof(entropy)); - - if (!salt) { -- pam_syslog(pamh, LOG_CRIT, "crypt_gensalt_ra: %m"); -+ pam_syslog(pamh, LOG_CRIT, "make_salt: %m"); - return NULL; - } - -@@ -1019,7 +1051,7 @@ +@@ -1019,28 +1057,16 @@ if (!parse_opt(pamh, *argv, the_cmdline_opts)) return 0; param = get_optval("prefix=", the_cmdline_opts); @@ -124,3 +54,27 @@ param = get_optval("helper=", the_cmdline_opts); pam_unix_param.helper = param ?: CHKPWD_HELPER; + + param = get_optval("count=", the_cmdline_opts); + if (param) { +- char *end; +- /* +- * SUSv2 says: +- * Because 0 and ULONG_MAX are returned on error and +- * are also valid returns on success, an application +- * wishing to check for error situations should set +- * errno to 0, then call strtoul(), then check errno. +- */ +- errno = 0; +- pam_unix_param.count = strtoul(param, &end, 10); +- if (errno || !*param || *end) { +- pam_syslog(pamh, LOG_ERR, +- "Invalid count= argument: %s", param); +- return 0; +- } ++ pam_syslog(pamh, LOG_ERR, ++ "count= parameter is not supported without Openwall libcrypt extensions"); ++ return 0; + } else + pam_unix_param.count = 0; + diff --git a/sys-auth/tcb/files/tcb-xcrypt.patch b/sys-auth/tcb/files/tcb-xcrypt.patch deleted file mode 100644 index ec7f08c0b37b..000000000000 --- a/sys-auth/tcb/files/tcb-xcrypt.patch +++ /dev/null @@ -1,50 +0,0 @@ ---- pam_tcb/support.c.orig 2009-12-27 16:33:28.000000000 +0100 -+++ pam_tcb/support.c 2009-12-27 16:34:03.000000000 +0100 -@@ -10,7 +10,7 @@ - #include <signal.h> - #include <pwd.h> - #include <shadow.h> --#include <crypt.h> -+#include <xcrypt.h> - #include <sys/types.h> - #include <sys/wait.h> - #include <rpcsvc/ypclnt.h> -@@ -481,11 +481,11 @@ - - /* This exists because of timing attacks. */ - memset(input, 0x55, sizeof(input)); -- fake_salt = crypt_gensalt_ra(pam_unix_param.crypt_prefix, -+ fake_salt = xcrypt_gensalt_ra(pam_unix_param.crypt_prefix, - pam_unix_param.count, input, sizeof(input)); - - if (!fake_salt) { -- pam_syslog(pamh, LOG_CRIT, "crypt_gensalt_ra: %m"); -+ pam_syslog(pamh, LOG_CRIT, "xcrypt_gensalt_ra: %m"); - return PAM_BUF_ERR; - } - -@@ -823,11 +823,11 @@ - void *data = NULL; - int size = 0; - -- retval = crypt_ra(key, salt, &data, &size); -+ retval = xcrypt_ra(key, salt, &data, &size); - if (retval) - retval = strdup(retval); /* we return NULL if strdup fails */ - else -- pam_syslog(pamh, LOG_CRIT, "crypt_ra: %m"); -+ pam_syslog(pamh, LOG_CRIT, "xcrypt_ra: %m"); - if (data) { - memset(data, 0, size); - free(data); ---- pam_tcb/Makefile.orig 2009-12-27 16:38:53.000000000 +0100 -+++ pam_tcb/Makefile 2009-12-27 16:39:10.000000000 +0100 -@@ -13,7 +13,7 @@ - - $(PAM_TCB): $(LIBOBJ) $(PAM_MAP) - $(CC) $(LDFLAGS) -shared -o $@ -Wl,--version-script=$(PAM_MAP) \ -- $(LIBOBJ) -lnsl -lcrypt -lpam -ltcb -+ $(LIBOBJ) -lnsl -lxcrypt -lpam -ltcb - - .c.o: - $(CC) $(CFLAGS) -fPIC -c $< -o $@ diff --git a/sys-auth/tcb/tcb-1.0.3-r1.ebuild b/sys-auth/tcb/tcb-1.0.3-r1.ebuild deleted file mode 100644 index 51c9ec111320..000000000000 --- a/sys-auth/tcb/tcb-1.0.3-r1.ebuild +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright 1999-2010 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/tcb/tcb-1.0.3-r1.ebuild,v 1.1 2010/01/12 17:59:48 phajdan.jr Exp $ - -inherit eutils multilib - -DESCRIPTION="Libraries and tools implementing the tcb password shadowing scheme" -HOMEPAGE="http://www.openwall.com/tcb/" -SRC_URI="ftp://ftp.openwall.com/pub/projects/tcb/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="pam" - -DEPEND=">=sys-libs/libxcrypt-2.4 - pam? ( >=sys-libs/pam-0.75 )" -RDEPEND="${DEPEND}" - -pkg_setup() { - for group in auth chkpwd shadow ; do - enewgroup ${group} - done - - mymakeopts=" - SLIBDIR=/$(get_libdir) - LIBDIR=/usr/$(get_libdir) - MANDIR=/usr/share/man - DESTDIR='${D}'" -} - -src_unpack() { - unpack ${A} - cd "${S}" - - epatch "${FILESDIR}"/${PN}-1.0.2-build.patch - epatch "${FILESDIR}"/${PN}-xcrypt.patch - use pam || sed -i '/pam/d' Makefile -} - -src_compile() { - emake $mymakeopts || die "emake failed" -} - -src_install() { - emake $mymakeopts install || die "emake install failed" - dodoc ChangeLog -} - -pkg_postinst() { - einfo "You must now run /sbin/tcb_convert to convert your shadow to tcb" - einfo "To remove this you must first run /sbin/tcp_unconvert and then unmerge" -} diff --git a/sys-auth/tcb/tcb-1.0.3-r2.ebuild b/sys-auth/tcb/tcb-1.0.4.ebuild index fab566c5e830..e4923a643ef3 100644 --- a/sys-auth/tcb/tcb-1.0.3-r2.ebuild +++ b/sys-auth/tcb/tcb-1.0.4.ebuild @@ -1,6 +1,8 @@ # Copyright 1999-2010 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/tcb/tcb-1.0.3-r2.ebuild,v 1.1 2010/01/17 14:55:16 phajdan.jr Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/tcb/tcb-1.0.4.ebuild,v 1.1 2010/02/12 10:00:24 phajdan.jr Exp $ + +EAPI="2" inherit eutils multilib @@ -11,9 +13,9 @@ SRC_URI="ftp://ftp.openwall.com/pub/projects/tcb/${P}.tar.gz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~amd64 ~x86" -IUSE="pam" +IUSE="" -DEPEND="pam? ( >=sys-libs/pam-0.75 )" +DEPEND=">=sys-libs/pam-0.75" RDEPEND="${DEPEND}" pkg_setup() { @@ -28,13 +30,12 @@ pkg_setup() { DESTDIR='${D}'" } -src_unpack() { - unpack ${A} - cd "${S}" - - epatch "${FILESDIR}"/${PN}-1.0.2-build.patch +src_prepare() { + # We don't have Openwall glibc extensions. The patch makes it possible + # to run tcb with normal glibc. It has been reviewed by upstream, but + # is not going to be accepted. The plan is to add support for sha hashes + # to Openwall's crypto routines and use them when that's available. epatch "${FILESDIR}"/${PN}-gentoo.patch - use pam || sed -i '/pam/d' Makefile } src_compile() { |