diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2005-07-03 19:09:46 +0000 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2005-07-03 19:09:46 +0000 |
commit | 6c117b6168d82b332777eb2291f30ae7fa4ef892 (patch) | |
tree | af18f7a90ca8aadee291f554465f479bcc387500 /sys-auth | |
parent | Remove old versions. (diff) | |
download | gentoo-2-6c117b6168d82b332777eb2291f30ae7fa4ef892.tar.gz gentoo-2-6c117b6168d82b332777eb2291f30ae7fa4ef892.tar.bz2 gentoo-2-6c117b6168d82b332777eb2291f30ae7fa4ef892.zip |
Security Bug #96767, ssl not being used always. Note that both 176-r1 and 178-r1 have the patch.
(Portage version: 2.0.51.22-r1)
Diffstat (limited to 'sys-auth')
-rw-r--r-- | sys-auth/pam_ldap/ChangeLog | 11 | ||||
-rw-r--r-- | sys-auth/pam_ldap/Manifest | 29 | ||||
-rw-r--r-- | sys-auth/pam_ldap/files/digest-pam_ldap-176-r1 | 1 | ||||
-rw-r--r-- | sys-auth/pam_ldap/files/digest-pam_ldap-178-r1 | 1 | ||||
-rw-r--r-- | sys-auth/pam_ldap/files/pam_ldap-176-fix-referral-tls.patch | 29 | ||||
-rw-r--r-- | sys-auth/pam_ldap/pam_ldap-176-r1.ebuild | 43 | ||||
-rw-r--r-- | sys-auth/pam_ldap/pam_ldap-178-r1.ebuild | 43 |
7 files changed, 139 insertions, 18 deletions
diff --git a/sys-auth/pam_ldap/ChangeLog b/sys-auth/pam_ldap/ChangeLog index ce7d4bea2c26..c897464f477e 100644 --- a/sys-auth/pam_ldap/ChangeLog +++ b/sys-auth/pam_ldap/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for sys-auth/pam_ldap # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ldap/ChangeLog,v 1.1 2005/07/02 21:29:53 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ldap/ChangeLog,v 1.2 2005/07/03 19:09:46 robbat2 Exp $ + +*pam_ldap-178-r1 (03 Jul 2005) +*pam_ldap-176-r1 (03 Jul 2005) + + 03 Jul 2005; Robin H. Johnson <robbat2@gentoo.org> + +files/pam_ldap-176-fix-referral-tls.patch, +pam_ldap-176-r1.ebuild, + +pam_ldap-178-r1.ebuild: + Security Bug #96767, ssl not being used always. Note that both 176-r1 and + 178-r1 have the patch. *pam_ldap-176 (02 Jul 2005) diff --git a/sys-auth/pam_ldap/Manifest b/sys-auth/pam_ldap/Manifest index 34feca0b766c..a8a401000648 100644 --- a/sys-auth/pam_ldap/Manifest +++ b/sys-auth/pam_ldap/Manifest @@ -1,15 +1,14 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -MD5 f347c30a39d21989a58d084733236d2c ChangeLog 3217 -MD5 1d05f0436f1c273d7862099f309afe4d metadata.xml 156 -MD5 4b023670a3fda1682f07b431782f0982 pam_ldap-156.ebuild 795 -MD5 8d79b755dad3224b3299639b1b29f92e pam_ldap-161.ebuild 787 -MD5 b4163ed88541904ea1f9cca28305a9ce pam_ldap-164.ebuild 787 -MD5 bb30ee3ecc04f56295c52355c62c9b9e pam_ldap-167.ebuild 870 -MD5 c440eed4ae209f40c014491f59b67abc pam_ldap-171.ebuild 888 MD5 5bbc539df75bd714f7edc0a204fba3fe pam_ldap-176.ebuild 905 +MD5 c440eed4ae209f40c014491f59b67abc pam_ldap-171.ebuild 888 +MD5 bb30ee3ecc04f56295c52355c62c9b9e pam_ldap-167.ebuild 870 MD5 35d27202dc788579d73b378aff38c077 pam_ldap-178.ebuild 916 +MD5 b4163ed88541904ea1f9cca28305a9ce pam_ldap-164.ebuild 787 +MD5 c65c42be427e61e9fa75575fff45721e pam_ldap-176-r1.ebuild 1127 +MD5 8d79b755dad3224b3299639b1b29f92e pam_ldap-161.ebuild 787 +MD5 8826c63102b9663a638a94566d0fa8e3 pam_ldap-178-r1.ebuild 1126 +MD5 f347c30a39d21989a58d084733236d2c ChangeLog 3217 +MD5 4b023670a3fda1682f07b431782f0982 pam_ldap-156.ebuild 795 +MD5 1d05f0436f1c273d7862099f309afe4d metadata.xml 156 MD5 f6a188644f736d46d200c045eff82bea files/digest-pam_ldap-156 64 MD5 e7be3daad202a50aecd0d3888bf5c46e files/digest-pam_ldap-161 64 MD5 58a43c49c9c6fac27d940fccdbfd5cf3 files/digest-pam_ldap-164 64 @@ -17,10 +16,6 @@ MD5 4ca7e1ee799ccfbd7c71824bbbb752bd files/digest-pam_ldap-167 64 MD5 593769a88e934c0a00456d35cce22316 files/digest-pam_ldap-171 64 MD5 92d9af6315a0760b81ac9345845545d9 files/digest-pam_ldap-176 64 MD5 61dd00aa31218ca526651f07c4341122 files/digest-pam_ldap-178 64 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (GNU/Linux) - -iD8DBQFCxwdbj5H05b2HAEkRAqVPAJ46UmtN2HQsnFQK/H4OG+lQvozFdQCeNx2M -PirjndSRuoJeqyGlG4Odc2I= -=NFqm ------END PGP SIGNATURE----- +MD5 92d9af6315a0760b81ac9345845545d9 files/digest-pam_ldap-176-r1 64 +MD5 61dd00aa31218ca526651f07c4341122 files/digest-pam_ldap-178-r1 64 +MD5 b9c4286d38a1e35b660f7b6a1fa09c85 files/pam_ldap-176-fix-referral-tls.patch 783 diff --git a/sys-auth/pam_ldap/files/digest-pam_ldap-176-r1 b/sys-auth/pam_ldap/files/digest-pam_ldap-176-r1 new file mode 100644 index 000000000000..f8e47dc8aaef --- /dev/null +++ b/sys-auth/pam_ldap/files/digest-pam_ldap-176-r1 @@ -0,0 +1 @@ +MD5 3f49fe6d5d33d33d708908e7f7d180b2 pam_ldap-176.tar.gz 121531 diff --git a/sys-auth/pam_ldap/files/digest-pam_ldap-178-r1 b/sys-auth/pam_ldap/files/digest-pam_ldap-178-r1 new file mode 100644 index 000000000000..286968f60fcd --- /dev/null +++ b/sys-auth/pam_ldap/files/digest-pam_ldap-178-r1 @@ -0,0 +1 @@ +MD5 222186c498d24a7035e8a7494fc0797d pam_ldap-178.tar.gz 127074 diff --git a/sys-auth/pam_ldap/files/pam_ldap-176-fix-referral-tls.patch b/sys-auth/pam_ldap/files/pam_ldap-176-fix-referral-tls.patch new file mode 100644 index 000000000000..e4a5a464a832 --- /dev/null +++ b/sys-auth/pam_ldap/files/pam_ldap-176-fix-referral-tls.patch @@ -0,0 +1,29 @@ +diff -urN pam_ldap-176/pam_ldap.c pam_ldap-176.new/pam_ldap.c +--- pam_ldap-176/pam_ldap.c 2004-10-01 03:33:14.000000000 +0100 ++++ pam_ldap-176.new/pam_ldap.c 2005-06-22 01:40:06.000000000 +0100 +@@ -1587,6 +1587,7 @@ + pam_ldap_session_t *session = global_session; + #endif + char *who, *cred; ++ int rc; + + if (session->info != NULL && session->info->bound_as_user == 1) + { +@@ -1607,6 +1608,17 @@ + } + } + ++ if (session->conf->ssl_on == SSL_START_TLS) ++ { ++ rc = ldap_start_tls_s (session->ld, NULL, NULL); ++ if (rc != LDAP_SUCCESS) ++ { ++ syslog (LOG_ERR, "pam_ldap: ldap_starttls_s: %s", ++ ldap_err2string (rc)); ++ return PAM_SERVICE_ERR; ++ } ++ } ++ + return ldap_simple_bind_s (ld, who, cred); + } + #else diff --git a/sys-auth/pam_ldap/pam_ldap-176-r1.ebuild b/sys-auth/pam_ldap/pam_ldap-176-r1.ebuild new file mode 100644 index 000000000000..729c000a6023 --- /dev/null +++ b/sys-auth/pam_ldap/pam_ldap-176-r1.ebuild @@ -0,0 +1,43 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ldap/pam_ldap-176-r1.ebuild,v 1.1 2005/07/03 19:09:46 robbat2 Exp $ + +inherit eutils + +DESCRIPTION="PAM LDAP Module" +HOMEPAGE="http://www.padl.com/OSS/pam_ldap.html" +SRC_URI="http://www.padl.com/download/${P}.tar.gz" + +LICENSE="|| ( GPL-2 LGPL-2 )" +SLOT="0" +KEYWORDS="~alpha ~hppa ~ppc ~sparc ~x86" +IUSE="ssl" +DEPEND=">=sys-libs/glibc-2.1.3 + >=sys-libs/pam-0.72 + >=net-nds/openldap-1.2.11" + +src_unpack() { + unpack ${A} + EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-176-fix-referral-tls.patch + + cd ${S} + export WANT_AUTOCONF=2.5 + aclocal || die "aclocal failed" + autoconf || die "autoconf failed" + automake --add-missing || die "automake failed" +} + +src_compile() { + econf --with-ldap-lib=openldap `use_enable ssl` || die + emake || die +} + +src_install() { + exeinto /lib/security + doexe pam_ldap.so + + dodoc pam.conf ldap.conf ldapns.schema chsh chfn certutil + dodoc ChangeLog COPYING.* CVSVersionInfo.txt README AUTHORS ns-pwd-policy.schema + docinto pam.d + dodoc pam.d/* +} diff --git a/sys-auth/pam_ldap/pam_ldap-178-r1.ebuild b/sys-auth/pam_ldap/pam_ldap-178-r1.ebuild new file mode 100644 index 000000000000..8bd0af81bde9 --- /dev/null +++ b/sys-auth/pam_ldap/pam_ldap-178-r1.ebuild @@ -0,0 +1,43 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ldap/pam_ldap-178-r1.ebuild,v 1.1 2005/07/03 19:09:46 robbat2 Exp $ + +inherit eutils + +DESCRIPTION="PAM LDAP Module" +HOMEPAGE="http://www.padl.com/OSS/pam_ldap.html" +SRC_URI="http://www.padl.com/download/${P}.tar.gz" + +LICENSE="|| ( GPL-2 LGPL-2 )" +SLOT="0" +KEYWORDS="~x86 ~sparc ~ppc ~hppa ~alpha" +IUSE="ssl" +DEPEND=">=sys-libs/glibc-2.1.3 + >=sys-libs/pam-0.72 + >=net-nds/openldap-1.2.11" + +src_unpack() { + unpack ${A} + EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-176-fix-referral-tls.patch + + cd ${S} + export WANT_AUTOCONF=2.5 + aclocal || die "aclocal failed" + autoconf || die "autoconf failed" + automake --add-missing || die "automake failed" +} + +src_compile() { + econf --with-ldap-lib=openldap `use_enable ssl` || die + emake || die +} + +src_install() { + exeinto /lib/security + doexe pam_ldap.so + + dodoc pam.conf ldap.conf ldapns.schema chsh chfn certutil + dodoc ChangeLog COPYING.* CVSVersionInfo.txt README AUTHORS ns-pwd-policy.schema + docinto pam.d + dodoc pam.d/* +} |