From 17adc4db78f18063bcf3a9914d3e176370d9e4cf Mon Sep 17 00:00:00 2001 From: Diego Elio Pettenò Date: Wed, 7 Apr 2010 14:35:55 +0000 Subject: Add important fix for MD5-based password hashes on non-Alpha 64-bit architectures. Thanks to Petr Bravenec for reporting. (Portage version: 2.2_rc67/cvs/Linux x86_64) --- sys-auth/pam-pgsql/ChangeLog | 10 +- .../pam-pgsql/files/pam-pgsql-0.7.1-64bit.patch | 138 +++++++++++++++++++++ sys-auth/pam-pgsql/pam-pgsql-0.7.1-r1.ebuild | 54 ++++++++ sys-auth/pam-pgsql/pam-pgsql-0.7.1.ebuild | 50 -------- 4 files changed, 201 insertions(+), 51 deletions(-) create mode 100644 sys-auth/pam-pgsql/files/pam-pgsql-0.7.1-64bit.patch create mode 100644 sys-auth/pam-pgsql/pam-pgsql-0.7.1-r1.ebuild delete mode 100644 sys-auth/pam-pgsql/pam-pgsql-0.7.1.ebuild (limited to 'sys-auth') diff --git a/sys-auth/pam-pgsql/ChangeLog b/sys-auth/pam-pgsql/ChangeLog index 6cf573c635b7..b244b06b0e1a 100644 --- a/sys-auth/pam-pgsql/ChangeLog +++ b/sys-auth/pam-pgsql/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for sys-auth/pam-pgsql # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam-pgsql/ChangeLog,v 1.3 2010/03/16 11:56:16 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam-pgsql/ChangeLog,v 1.4 2010/04/07 14:35:55 flameeyes Exp $ + +*pam-pgsql-0.7.1-r1 (07 Apr 2010) + + 07 Apr 2010; Diego E. Pettenò + -pam-pgsql-0.7.1.ebuild, +pam-pgsql-0.7.1-r1.ebuild, + +files/pam-pgsql-0.7.1-64bit.patch: + Add important fix for MD5-based password hashes on non-Alpha 64-bit + architectures. Thanks to Petr Bravenec for reporting. *pam-pgsql-0.7.1 (16 Mar 2010) diff --git a/sys-auth/pam-pgsql/files/pam-pgsql-0.7.1-64bit.patch b/sys-auth/pam-pgsql/files/pam-pgsql-0.7.1-64bit.patch new file mode 100644 index 000000000000..94f171aa67fa --- /dev/null +++ b/sys-auth/pam-pgsql/files/pam-pgsql-0.7.1-64bit.patch @@ -0,0 +1,138 @@ +From 30361fa5f3266c0f088bbc89eb06dddbd032fc54 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Diego=20Elio=20'Flameeyes'=20Petten=C3=B2?= +Date: Wed, 7 Apr 2010 15:58:04 +0200 +Subject: [PATCH] Fix md5 code under 64-bit platforms. + +The code was previously singling out the Alpha platform as 64-bit, but +that's definitely not the only platform where unsigned long is 64-bit +rather than 32. + +This change actually relies on C89 standard integers (uint32_t) so that +there is no more risk of getting it wrong. +--- + src/md5.c | 28 ++++++++++++++-------------- + src/md5.h | 10 +++------- + 2 files changed, 17 insertions(+), 21 deletions(-) + +diff --git a/src/md5.c b/src/md5.c +index 3b51e76..df24f16 100644 +--- a/src/md5.c ++++ b/src/md5.c +@@ -17,7 +17,7 @@ + #include /* for memcpy() */ + #include "md5.h" + +-static void MD5Transform(uint32 buf[4], uint32 const in[16]); ++static void MD5Transform(uint32_t buf[4], uint32_t const in[16]); + + #ifndef HIGHFIRST + #define byteReverse(buf, len) /* Nothing */ +@@ -30,11 +30,11 @@ void byteReverse(unsigned char *buf, unsigned longs); + */ + void byteReverse(unsigned char *buf, unsigned longs) + { +- uint32 t; ++ uint32_t t; + do { +- t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | ++ t = (uint32_t) ((unsigned) buf[3] << 8 | buf[2]) << 16 | + ((unsigned) buf[1] << 8 | buf[0]); +- *(uint32 *) buf = t; ++ *(uint32_t *) buf = t; + buf += 4; + } while (--longs); + } +@@ -62,12 +62,12 @@ void MD5Init(struct MD5Context *ctx) + */ + void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len) + { +- uint32 t; ++ uint32_t t; + + /* Update bitcount */ + + t = ctx->bits[0]; +- if ((ctx->bits[0] = t + ((uint32) len << 3)) < t) ++ if ((ctx->bits[0] = t + ((uint32_t) len << 3)) < t) + ctx->bits[1]++; /* Carry from low to high */ + ctx->bits[1] += len >> 29; + +@@ -85,7 +85,7 @@ void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len) + } + memcpy(p, buf, t); + byteReverse(ctx->in, 16); +- MD5Transform(ctx->buf, (uint32 *) ctx->in); ++ MD5Transform(ctx->buf, (uint32_t *) ctx->in); + buf += t; + len -= t; + } +@@ -94,7 +94,7 @@ void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len) + while (len >= 64) { + memcpy(ctx->in, buf, 64); + byteReverse(ctx->in, 16); +- MD5Transform(ctx->buf, (uint32 *) ctx->in); ++ MD5Transform(ctx->buf, (uint32_t *) ctx->in); + buf += 64; + len -= 64; + } +@@ -129,7 +129,7 @@ void MD5Final(unsigned char *digest, struct MD5Context *ctx) + /* Two lots of padding: Pad the first block to 64 bytes */ + memset(p, 0, count); + byteReverse(ctx->in, 16); +- MD5Transform(ctx->buf, (uint32 *) ctx->in); ++ MD5Transform(ctx->buf, (uint32_t *) ctx->in); + + /* Now fill the next block with 56 bytes */ + memset(ctx->in, 0, 56); +@@ -140,10 +140,10 @@ void MD5Final(unsigned char *digest, struct MD5Context *ctx) + byteReverse(ctx->in, 14); + + /* Append length in bits and transform */ +- ((uint32 *) ctx->in)[14] = ctx->bits[0]; +- ((uint32 *) ctx->in)[15] = ctx->bits[1]; ++ ((uint32_t *) ctx->in)[14] = ctx->bits[0]; ++ ((uint32_t *) ctx->in)[15] = ctx->bits[1]; + +- MD5Transform(ctx->buf, (uint32 *) ctx->in); ++ MD5Transform(ctx->buf, (uint32_t *) ctx->in); + byteReverse((unsigned char *) ctx->buf, 4); + memcpy(digest, ctx->buf, 16); + memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ +@@ -173,9 +173,9 @@ void MD5Final(unsigned char *digest, struct MD5Context *ctx) + * reflect the addition of 16 longwords of new data. MD5Update blocks + * the data and converts bytes into longwords for this routine. + */ +-static void MD5Transform(uint32 buf[4], uint32 const in[16]) ++static void MD5Transform(uint32_t buf[4], uint32_t const in[16]) + { +- register uint32 a, b, c, d; ++ register uint32_t a, b, c, d; + + a = buf[0]; + b = buf[1]; +diff --git a/src/md5.h b/src/md5.h +index 6d8d047..a8a952f 100644 +--- a/src/md5.h ++++ b/src/md5.h +@@ -1,15 +1,11 @@ + #ifndef MD5_H + #define MD5_H + +-#ifdef __alpha +-typedef unsigned int uint32; +-#else +-typedef unsigned long uint32; +-#endif ++#include + + struct MD5Context { +- uint32 buf[4]; +- uint32 bits[2]; ++ uint32_t buf[4]; ++ uint32_t bits[2]; + unsigned char in[64]; + }; + +-- +1.7.0.4 + diff --git a/sys-auth/pam-pgsql/pam-pgsql-0.7.1-r1.ebuild b/sys-auth/pam-pgsql/pam-pgsql-0.7.1-r1.ebuild new file mode 100644 index 000000000000..e54e641dcfea --- /dev/null +++ b/sys-auth/pam-pgsql/pam-pgsql-0.7.1-r1.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam-pgsql/pam-pgsql-0.7.1-r1.ebuild,v 1.1 2010/04/07 14:35:55 flameeyes Exp $ + +EAPI=2 + +inherit eutils pam + +DESCRIPTION="pam_pgsql is a module for pam to authenticate users with PostgreSQL" +HOMEPAGE="http://sourceforge.net/projects/pam-pgsql/" + +if [[ ${PV} = *_p* ]]; then + SRC_URI="http://www.flameeyes.eu/gentoo-distfiles/${P}.tar.gz" +else + SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" +fi + +DEPEND="virtual/pam + >=dev-db/postgresql-base-8.0" +RDEPEND="${DEPEND}" + +LICENSE="GPL-2" + +IUSE="" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +src_prepare() { + epatch "${FILESDIR}"/${P}-64bit.patch +} + +src_configure() { + econf \ + --sysconfdir=/etc/security \ + --libdir=/$(get_libdir) \ + --docdir=/usr/share/doc/${PF} || die "econf failed" +} + +src_compile() { + emake pammoddir="$(getpam_mod_dir)" || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" pammoddir="$(getpam_mod_dir)" install || die "emake install failed" + find "${D}" -name '*.la' -delete +} + +pkg_postinst() { + elog "Please see the documentation and configuration examples in the" + elog "documentation directory at /usr/share/doc/${PF}." + elog "" + elog "Please note that the default configuration file in Gentoo has been" + elog "moved to /etc/security/pam-pgsql.conf to follow the other PAM modules." +} diff --git a/sys-auth/pam-pgsql/pam-pgsql-0.7.1.ebuild b/sys-auth/pam-pgsql/pam-pgsql-0.7.1.ebuild deleted file mode 100644 index 1152c58aeae6..000000000000 --- a/sys-auth/pam-pgsql/pam-pgsql-0.7.1.ebuild +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 1999-2010 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam-pgsql/pam-pgsql-0.7.1.ebuild,v 1.1 2010/03/16 11:56:16 flameeyes Exp $ - -EAPI=2 - -inherit eutils pam - -DESCRIPTION="pam_pgsql is a module for pam to authenticate users with PostgreSQL" -HOMEPAGE="http://sourceforge.net/projects/pam-pgsql/" - -if [[ ${PV} = *_p* ]]; then - SRC_URI="http://www.flameeyes.eu/gentoo-distfiles/${P}.tar.gz" -else - SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" -fi - -DEPEND="virtual/pam - >=dev-db/postgresql-base-8.0" -RDEPEND="${DEPEND}" - -LICENSE="GPL-2" - -IUSE="" -SLOT="0" -KEYWORDS="~amd64 ~x86" - -src_configure() { - econf \ - --sysconfdir=/etc/security \ - --libdir=/$(get_libdir) \ - --docdir=/usr/share/doc/${PF} || die "econf failed" -} - -src_compile() { - emake pammoddir="$(getpam_mod_dir)" || die "emake failed" -} - -src_install() { - emake DESTDIR="${D}" pammoddir="$(getpam_mod_dir)" install || die "emake install failed" - find "${D}" -name '*.la' -delete -} - -pkg_postinst() { - elog "Please see the documentation and configuration examples in the" - elog "documentation directory at /usr/share/doc/${PF}." - elog "" - elog "Please note that the default configuration file in Gentoo has been" - elog "moved to /etc/security/pam-pgsql.conf to follow the other PAM modules." -} -- cgit v1.2.3-65-gdbad