summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2005-07-03 19:09:46 +0000
committerRobin H. Johnson <robbat2@gentoo.org>2005-07-03 19:09:46 +0000
commit6c117b6168d82b332777eb2291f30ae7fa4ef892 (patch)
treeaf18f7a90ca8aadee291f554465f479bcc387500 /sys-auth
parentRemove old versions. (diff)
downloadgentoo-2-6c117b6168d82b332777eb2291f30ae7fa4ef892.tar.gz
gentoo-2-6c117b6168d82b332777eb2291f30ae7fa4ef892.tar.bz2
gentoo-2-6c117b6168d82b332777eb2291f30ae7fa4ef892.zip
Security Bug #96767, ssl not being used always. Note that both 176-r1 and 178-r1 have the patch.
(Portage version: 2.0.51.22-r1)
Diffstat (limited to 'sys-auth')
-rw-r--r--sys-auth/pam_ldap/ChangeLog11
-rw-r--r--sys-auth/pam_ldap/Manifest29
-rw-r--r--sys-auth/pam_ldap/files/digest-pam_ldap-176-r11
-rw-r--r--sys-auth/pam_ldap/files/digest-pam_ldap-178-r11
-rw-r--r--sys-auth/pam_ldap/files/pam_ldap-176-fix-referral-tls.patch29
-rw-r--r--sys-auth/pam_ldap/pam_ldap-176-r1.ebuild43
-rw-r--r--sys-auth/pam_ldap/pam_ldap-178-r1.ebuild43
7 files changed, 139 insertions, 18 deletions
diff --git a/sys-auth/pam_ldap/ChangeLog b/sys-auth/pam_ldap/ChangeLog
index ce7d4bea2c26..c897464f477e 100644
--- a/sys-auth/pam_ldap/ChangeLog
+++ b/sys-auth/pam_ldap/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for sys-auth/pam_ldap
# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ldap/ChangeLog,v 1.1 2005/07/02 21:29:53 flameeyes Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ldap/ChangeLog,v 1.2 2005/07/03 19:09:46 robbat2 Exp $
+
+*pam_ldap-178-r1 (03 Jul 2005)
+*pam_ldap-176-r1 (03 Jul 2005)
+
+ 03 Jul 2005; Robin H. Johnson <robbat2@gentoo.org>
+ +files/pam_ldap-176-fix-referral-tls.patch, +pam_ldap-176-r1.ebuild,
+ +pam_ldap-178-r1.ebuild:
+ Security Bug #96767, ssl not being used always. Note that both 176-r1 and
+ 178-r1 have the patch.
*pam_ldap-176 (02 Jul 2005)
diff --git a/sys-auth/pam_ldap/Manifest b/sys-auth/pam_ldap/Manifest
index 34feca0b766c..a8a401000648 100644
--- a/sys-auth/pam_ldap/Manifest
+++ b/sys-auth/pam_ldap/Manifest
@@ -1,15 +1,14 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 f347c30a39d21989a58d084733236d2c ChangeLog 3217
-MD5 1d05f0436f1c273d7862099f309afe4d metadata.xml 156
-MD5 4b023670a3fda1682f07b431782f0982 pam_ldap-156.ebuild 795
-MD5 8d79b755dad3224b3299639b1b29f92e pam_ldap-161.ebuild 787
-MD5 b4163ed88541904ea1f9cca28305a9ce pam_ldap-164.ebuild 787
-MD5 bb30ee3ecc04f56295c52355c62c9b9e pam_ldap-167.ebuild 870
-MD5 c440eed4ae209f40c014491f59b67abc pam_ldap-171.ebuild 888
MD5 5bbc539df75bd714f7edc0a204fba3fe pam_ldap-176.ebuild 905
+MD5 c440eed4ae209f40c014491f59b67abc pam_ldap-171.ebuild 888
+MD5 bb30ee3ecc04f56295c52355c62c9b9e pam_ldap-167.ebuild 870
MD5 35d27202dc788579d73b378aff38c077 pam_ldap-178.ebuild 916
+MD5 b4163ed88541904ea1f9cca28305a9ce pam_ldap-164.ebuild 787
+MD5 c65c42be427e61e9fa75575fff45721e pam_ldap-176-r1.ebuild 1127
+MD5 8d79b755dad3224b3299639b1b29f92e pam_ldap-161.ebuild 787
+MD5 8826c63102b9663a638a94566d0fa8e3 pam_ldap-178-r1.ebuild 1126
+MD5 f347c30a39d21989a58d084733236d2c ChangeLog 3217
+MD5 4b023670a3fda1682f07b431782f0982 pam_ldap-156.ebuild 795
+MD5 1d05f0436f1c273d7862099f309afe4d metadata.xml 156
MD5 f6a188644f736d46d200c045eff82bea files/digest-pam_ldap-156 64
MD5 e7be3daad202a50aecd0d3888bf5c46e files/digest-pam_ldap-161 64
MD5 58a43c49c9c6fac27d940fccdbfd5cf3 files/digest-pam_ldap-164 64
@@ -17,10 +16,6 @@ MD5 4ca7e1ee799ccfbd7c71824bbbb752bd files/digest-pam_ldap-167 64
MD5 593769a88e934c0a00456d35cce22316 files/digest-pam_ldap-171 64
MD5 92d9af6315a0760b81ac9345845545d9 files/digest-pam_ldap-176 64
MD5 61dd00aa31218ca526651f07c4341122 files/digest-pam_ldap-178 64
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.1 (GNU/Linux)
-
-iD8DBQFCxwdbj5H05b2HAEkRAqVPAJ46UmtN2HQsnFQK/H4OG+lQvozFdQCeNx2M
-PirjndSRuoJeqyGlG4Odc2I=
-=NFqm
------END PGP SIGNATURE-----
+MD5 92d9af6315a0760b81ac9345845545d9 files/digest-pam_ldap-176-r1 64
+MD5 61dd00aa31218ca526651f07c4341122 files/digest-pam_ldap-178-r1 64
+MD5 b9c4286d38a1e35b660f7b6a1fa09c85 files/pam_ldap-176-fix-referral-tls.patch 783
diff --git a/sys-auth/pam_ldap/files/digest-pam_ldap-176-r1 b/sys-auth/pam_ldap/files/digest-pam_ldap-176-r1
new file mode 100644
index 000000000000..f8e47dc8aaef
--- /dev/null
+++ b/sys-auth/pam_ldap/files/digest-pam_ldap-176-r1
@@ -0,0 +1 @@
+MD5 3f49fe6d5d33d33d708908e7f7d180b2 pam_ldap-176.tar.gz 121531
diff --git a/sys-auth/pam_ldap/files/digest-pam_ldap-178-r1 b/sys-auth/pam_ldap/files/digest-pam_ldap-178-r1
new file mode 100644
index 000000000000..286968f60fcd
--- /dev/null
+++ b/sys-auth/pam_ldap/files/digest-pam_ldap-178-r1
@@ -0,0 +1 @@
+MD5 222186c498d24a7035e8a7494fc0797d pam_ldap-178.tar.gz 127074
diff --git a/sys-auth/pam_ldap/files/pam_ldap-176-fix-referral-tls.patch b/sys-auth/pam_ldap/files/pam_ldap-176-fix-referral-tls.patch
new file mode 100644
index 000000000000..e4a5a464a832
--- /dev/null
+++ b/sys-auth/pam_ldap/files/pam_ldap-176-fix-referral-tls.patch
@@ -0,0 +1,29 @@
+diff -urN pam_ldap-176/pam_ldap.c pam_ldap-176.new/pam_ldap.c
+--- pam_ldap-176/pam_ldap.c 2004-10-01 03:33:14.000000000 +0100
++++ pam_ldap-176.new/pam_ldap.c 2005-06-22 01:40:06.000000000 +0100
+@@ -1587,6 +1587,7 @@
+ pam_ldap_session_t *session = global_session;
+ #endif
+ char *who, *cred;
++ int rc;
+
+ if (session->info != NULL && session->info->bound_as_user == 1)
+ {
+@@ -1607,6 +1608,17 @@
+ }
+ }
+
++ if (session->conf->ssl_on == SSL_START_TLS)
++ {
++ rc = ldap_start_tls_s (session->ld, NULL, NULL);
++ if (rc != LDAP_SUCCESS)
++ {
++ syslog (LOG_ERR, "pam_ldap: ldap_starttls_s: %s",
++ ldap_err2string (rc));
++ return PAM_SERVICE_ERR;
++ }
++ }
++
+ return ldap_simple_bind_s (ld, who, cred);
+ }
+ #else
diff --git a/sys-auth/pam_ldap/pam_ldap-176-r1.ebuild b/sys-auth/pam_ldap/pam_ldap-176-r1.ebuild
new file mode 100644
index 000000000000..729c000a6023
--- /dev/null
+++ b/sys-auth/pam_ldap/pam_ldap-176-r1.ebuild
@@ -0,0 +1,43 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ldap/pam_ldap-176-r1.ebuild,v 1.1 2005/07/03 19:09:46 robbat2 Exp $
+
+inherit eutils
+
+DESCRIPTION="PAM LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/pam_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+LICENSE="|| ( GPL-2 LGPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~hppa ~ppc ~sparc ~x86"
+IUSE="ssl"
+DEPEND=">=sys-libs/glibc-2.1.3
+ >=sys-libs/pam-0.72
+ >=net-nds/openldap-1.2.11"
+
+src_unpack() {
+ unpack ${A}
+ EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-176-fix-referral-tls.patch
+
+ cd ${S}
+ export WANT_AUTOCONF=2.5
+ aclocal || die "aclocal failed"
+ autoconf || die "autoconf failed"
+ automake --add-missing || die "automake failed"
+}
+
+src_compile() {
+ econf --with-ldap-lib=openldap `use_enable ssl` || die
+ emake || die
+}
+
+src_install() {
+ exeinto /lib/security
+ doexe pam_ldap.so
+
+ dodoc pam.conf ldap.conf ldapns.schema chsh chfn certutil
+ dodoc ChangeLog COPYING.* CVSVersionInfo.txt README AUTHORS ns-pwd-policy.schema
+ docinto pam.d
+ dodoc pam.d/*
+}
diff --git a/sys-auth/pam_ldap/pam_ldap-178-r1.ebuild b/sys-auth/pam_ldap/pam_ldap-178-r1.ebuild
new file mode 100644
index 000000000000..8bd0af81bde9
--- /dev/null
+++ b/sys-auth/pam_ldap/pam_ldap-178-r1.ebuild
@@ -0,0 +1,43 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ldap/pam_ldap-178-r1.ebuild,v 1.1 2005/07/03 19:09:46 robbat2 Exp $
+
+inherit eutils
+
+DESCRIPTION="PAM LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/pam_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+LICENSE="|| ( GPL-2 LGPL-2 )"
+SLOT="0"
+KEYWORDS="~x86 ~sparc ~ppc ~hppa ~alpha"
+IUSE="ssl"
+DEPEND=">=sys-libs/glibc-2.1.3
+ >=sys-libs/pam-0.72
+ >=net-nds/openldap-1.2.11"
+
+src_unpack() {
+ unpack ${A}
+ EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-176-fix-referral-tls.patch
+
+ cd ${S}
+ export WANT_AUTOCONF=2.5
+ aclocal || die "aclocal failed"
+ autoconf || die "autoconf failed"
+ automake --add-missing || die "automake failed"
+}
+
+src_compile() {
+ econf --with-ldap-lib=openldap `use_enable ssl` || die
+ emake || die
+}
+
+src_install() {
+ exeinto /lib/security
+ doexe pam_ldap.so
+
+ dodoc pam.conf ldap.conf ldapns.schema chsh chfn certutil
+ dodoc ChangeLog COPYING.* CVSVersionInfo.txt README AUTHORS ns-pwd-policy.schema
+ docinto pam.d
+ dodoc pam.d/*
+}