[gentoo-commits] repo/gentoo:master commit in: sys-auth/pam_p11/files/, sys-auth/pam_p11/

Wed, 24 Oct 2018 05:06:49 -0700 

commit:     3e50a2a015fe3d523bfc4e72ed2175d4d6033e97
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 24 12:05:16 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Oct 24 12:05:48 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e50a2a0

sys-auth/pam_p11: Fixed build with openssl-1.1

Closes: https://bugs.gentoo.org/658036
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 .../pam_p11/files/pam_p11-0.2.0-openssl11.patch    | 76 ++++++++++++++++++++++
 sys-auth/pam_p11/pam_p11-0.2.0.ebuild              | 10 ++-
 2 files changed, 84 insertions(+), 2 deletions(-)

diff --git a/sys-auth/pam_p11/files/pam_p11-0.2.0-openssl11.patch 
b/sys-auth/pam_p11/files/pam_p11-0.2.0-openssl11.patch
new file mode 100644
index 00000000000..8c41e29bed1
--- /dev/null
+++ b/sys-auth/pam_p11/files/pam_p11-0.2.0-openssl11.patch
@@ -0,0 +1,76 @@
+From 46a6079817c67a09e5ac493af3381c655bd91c26 Mon Sep 17 00:00:00 2001
+From: Peter Popovec <[email protected]>
+Date: Tue, 21 Aug 2018 10:24:36 +0200
+Subject: [PATCH] Replacing deprecated OpenSSL API functions (#12)
+
+fixes https://github.com/OpenSC/pam_p11/issues/10
+---
+ configure.ac  |  5 +++++
+ src/pam_p11.c | 17 ++++++++++++++---
+ 2 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5bcbdd6..2854a99 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -85,6 +85,11 @@ PKG_CHECK_MODULES(
+       )]
+ )
+ 
++saved_LIBS="$LIBS"
++LIBS="$OPENSSL_LIBS $LIBS"
++AC_CHECK_FUNCS(EVP_MD_CTX_new EVP_MD_CTX_free EVP_MD_CTX_reset)
++LIBS="$saved_LIBS"
++
+ if test -z "${PAM_LIBS}"; then
+       AC_ARG_VAR([PAM_CFLAGS], [C compiler flags for pam])
+       AC_ARG_VAR([PAM_LIBS], [linker flags for pam])
+diff --git a/src/pam_p11.c b/src/pam_p11.c
+index 2b4bfbe..60380e5 100644
+--- a/src/pam_p11.c
++++ b/src/pam_p11.c
+@@ -31,6 +31,17 @@
+ #include <openssl/crypto.h>
+ #include <libp11.h>
+ 
++/* openssl deprecated API emulation */
++#ifndef HAVE_EVP_MD_CTX_NEW
++#define EVP_MD_CTX_new()      EVP_MD_CTX_create()
++#endif
++#ifndef HAVE_EVP_MD_CTX_FREE
++#define EVP_MD_CTX_free(ctx)  EVP_MD_CTX_destroy((ctx))
++#endif
++#ifndef HAVE_EVP_MD_CTX_RESET
++#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_cleanup((ctx))
++#endif
++
+ #ifdef ENABLE_NLS
+ #include <libintl.h>
+ #include <locale.h>
+@@ -578,7 +589,7 @@ static int key_verify(pam_handle_t *pamh, int flags, 
PKCS11_KEY *authkey)
+       unsigned char signature[256];
+       unsigned int siglen = sizeof signature;
+       const EVP_MD *md = EVP_sha1();
+-      EVP_MD_CTX *md_ctx = EVP_MD_CTX_create();
++      EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+       EVP_PKEY *privkey = PKCS11_get_private_key(authkey);
+       EVP_PKEY *pubkey = PKCS11_get_public_key(authkey);
+ 
+@@ -596,7 +607,7 @@ static int key_verify(pam_handle_t *pamh, int flags, 
PKCS11_KEY *authkey)
+                       || !EVP_SignInit(md_ctx, md)
+                       || !EVP_SignUpdate(md_ctx, challenge, sizeof challenge)
+                       || !EVP_SignFinal(md_ctx, signature, &siglen, privkey)
+-                      || !EVP_MD_CTX_cleanup(md_ctx)
++                      || !EVP_MD_CTX_reset(md_ctx)
+                       || !EVP_VerifyInit(md_ctx, md)
+                       || !EVP_VerifyUpdate(md_ctx, challenge, sizeof 
challenge)
+                       || 1 != EVP_VerifyFinal(md_ctx, signature, siglen, 
pubkey)) {
+@@ -613,7 +624,7 @@ static int key_verify(pam_handle_t *pamh, int flags, 
PKCS11_KEY *authkey)
+       if (NULL != privkey)
+               EVP_PKEY_free(privkey);
+       if (NULL != md_ctx) {
+-              EVP_MD_CTX_destroy(md_ctx);
++              EVP_MD_CTX_free(md_ctx);
+       }
+       return ok;
+ }

diff --git a/sys-auth/pam_p11/pam_p11-0.2.0.ebuild 
b/sys-auth/pam_p11/pam_p11-0.2.0.ebuild
index cc81b3a08cb..6156029daf1 100644
--- a/sys-auth/pam_p11/pam_p11-0.2.0.ebuild
+++ b/sys-auth/pam_p11/pam_p11-0.2.0.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
 
-inherit pam
+inherit autotools pam
 
 DESCRIPTION="PAM module for authenticating against PKCS#11 tokens"
 HOMEPAGE="https://github.com/opensc/pam_p11/wiki";
@@ -22,8 +22,14 @@ BDEPEND="virtual/pkgconfig"
 
 PATCHES=(
        "${FILESDIR}/${P}-build.patch"
+       "${FILESDIR}/${P}-openssl11.patch" #658036
 )
 
+src_prepare() {
+       default
+       eautoreconf
+}
+
 src_configure() {
        econf --with-pamdir="$(getpam_mod_dir)"
 }

Reply via email to