Add support for openssl 1.1.x and NLS.

svn path=/head/; revision=482904
2024-10-18 19:49:40 +00:00 · 2018-10-24 12:48:46 +00:00 · 2018-10-24 12:48:46 +00:00 · 9c3ef81bc8 · 2021-03-31 03:12:20 +00:00
commit 9c3ef81bc8
parent 335d8e16f1
5 changed files with 86 additions and 19 deletions
--- a/security/pam_p11/Makefile
+++ b/security/pam_p11/Makefile
@ -3,6 +3,7 @@

 PORTNAME=	pam_p11
 PORTVERSION=	0.2.0
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	https://github.com/OpenSC/pam_p11/releases/download/pam_p11-${PORTVERSION}/

@ -13,12 +14,18 @@ LICENSE=	LGPL21

 LIB_DEPENDS=	libp11.so:security/libp11

-USES=		libtool pkgconfig ssl
+USES=		libtool pkgconfig ssl autoreconf

-OPTIONS_DEFINE=	DOCS
+OPTIONS_DEFINE=	DOCS NLS

 GNU_CONFIGURE=	yes

+NLS_CONFIGURE_ENABLE=	nls
+NLS_USES=	gettext
+NLS_PLIST_FILES=share/locale/de/LC_MESSAGES/pam_p11.mo
+
+CONFIGURE_ARGS=	--with-libintl-prefix=${LOCALBASE}
+
 CONFIGURE_ENV=	OPENSSL_CFLAGS="-I${OPENSSLINC}" \
 		OPENSSL_LIBS="-L${OPENSSLLIB} -lcrypto"

--- a/security/pam_p11/files/patch-configure.ac
+++ b/security/pam_p11/files/patch-configure.ac
@ -0,0 +1,14 @@
+--- configure.ac.orig	2018-10-24 11:06:32 UTC
+++ configure.ac
+@@ -85,6 +85,11 @@ PKG_CHECK_MODULES(
+ 	)]
+ )
+ 
+saved_LIBS="$LIBS"
+LIBS="$OPENSSL_LIBS $LIBS"
+AC_CHECK_FUNCS(EVP_MD_CTX_new EVP_MD_CTX_free EVP_MD_CTX_reset)
+LIBS="$saved_LIBS"
+
+ if test -z "${PAM_LIBS}"; then
+ 	AC_ARG_VAR([PAM_CFLAGS], [C compiler flags for pam])
+ 	AC_ARG_VAR([PAM_LIBS], [linker flags for pam])
--- a/security/pam_p11/files/patch-src_Makefile.am
+++ b/security/pam_p11/files/patch-src_Makefile.am
@ -0,0 +1,16 @@
+--- src/Makefile.am.orig	2018-10-24 12:39:40 UTC
+++ src/Makefile.am
+@@ -14,11 +14,11 @@ pam_p11_la_SOURCES = pam_p11.c base64.c 
+ noinst_PROGRAMS = test-login test-passwd
+ 
+ test_login_SOURCES = test.c login.c $(pam_p11_la_SOURCES)
+-test_login_LDADD   = -lpam_misc
+test_login_LDADD   = ${INTLLIBS}
+ test_login_CFLAGS  = $(AM_CFLAGS) -DLIBDIR=\"$(libdir)\" -DTEST
+ 
+ test_passwd_SOURCES = test.c passwd.c $(pam_p11_la_SOURCES)
+-test_passwd_LDADD   = -lpam_misc
+test_passwd_LDADD   = ${INTLLIBS}
+ test_passwd_CFLAGS  = $(AM_CFLAGS) -DLIBDIR=\"$(libdir)\" -DTEST
+ 
+ format:
--- a/security/pam_p11/files/patch-src_Makefile.in
+++ b/security/pam_p11/files/patch-src_Makefile.in
@ -1,15 +0,0 @@
--- src/Makefile.in.orig	2018-10-16 10:16:04 UTC
-+++ src/Makefile.in
-@@ -384,10 +384,10 @@ pam_p11_la_SOURCES = pam_p11.c base64.c 
- 	pam_p11.exports
- 
- test_login_SOURCES = test.c login.c $(pam_p11_la_SOURCES)
-test_login_LDADD = -lpam_misc
-+test_login_LDADD =
- test_login_CFLAGS = $(AM_CFLAGS) -DLIBDIR=\"$(libdir)\" -DTEST
- test_passwd_SOURCES = test.c passwd.c $(pam_p11_la_SOURCES)
-test_passwd_LDADD = -lpam_misc
-+test_passwd_LDADD =
- test_passwd_CFLAGS = $(AM_CFLAGS) -DLIBDIR=\"$(libdir)\" -DTEST
- all: all-am
- 
--- a/security/pam_p11/files/patch-src_pam__p11.c
+++ b/security/pam_p11/files/patch-src_pam__p11.c
@ -1,6 +1,24 @@
 --- src/pam_p11.c.orig	2018-05-04 14:52:04 UTC
 +++ src/pam_p11.c
-@@ -53,7 +53,7 @@
+@@ -31,6 +31,17 @@
+ #include <openssl/crypto.h>
+ #include <libp11.h>
+ 
+/* openssl deprecated API emulation */
+#ifndef HAVE_EVP_MD_CTX_NEW
+#define EVP_MD_CTX_new()	EVP_MD_CTX_create()
+#endif
+#ifndef HAVE_EVP_MD_CTX_FREE
+#define EVP_MD_CTX_free(ctx)	EVP_MD_CTX_destroy((ctx))
+#endif
+#ifndef HAVE_EVP_MD_CTX_RESET
+#define EVP_MD_CTX_reset(ctx)	EVP_MD_CTX_cleanup((ctx))
+#endif
+
+ #ifdef ENABLE_NLS
+ #include <libintl.h>
+ #include <locale.h>
+@@ -53,7 +64,7 @@
 #include <security/pam_ext.h>
 #else
 #define pam_syslog(handle, level, msg...) syslog(level, ## msg)
@ -9,7 +27,7 @@
 		const char *fmt, va_list args)
 {
 	int r = PAM_CRED_INSUFFICIENT;
-@@ -549,7 +549,7 @@ static int key_find(pam_handle_t *pamh, 
+@@ -549,7 +560,7 @@ static int key_find(pam_handle_t *pamh, 
 	return 0;
 }
 
@ -18,3 +36,30 @@
 {
 	int ok = 0;
 	int fd = open("/dev/urandom", O_RDONLY);
+@@ -572,7 +583,7 @@ static int key_verify(pam_handle_t *pamh
+ 	unsigned char signature[256];
+ 	unsigned int siglen = sizeof signature;
+ 	const EVP_MD *md = EVP_sha1();
+-	EVP_MD_CTX *md_ctx = EVP_MD_CTX_create();
+	EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+ 	EVP_PKEY *privkey = PKCS11_get_private_key(authkey);
+ 	EVP_PKEY *pubkey = PKCS11_get_public_key(authkey);
+ 
+@@ -590,7 +601,7 @@ static int key_verify(pam_handle_t *pamh
+ 			|| !EVP_SignInit(md_ctx, md)
+ 			|| !EVP_SignUpdate(md_ctx, challenge, sizeof challenge)
+ 			|| !EVP_SignFinal(md_ctx, signature, &siglen, privkey)
+-			|| !EVP_MD_CTX_cleanup(md_ctx)
+			|| !EVP_MD_CTX_reset(md_ctx)
+ 			|| !EVP_VerifyInit(md_ctx, md)
+ 			|| !EVP_VerifyUpdate(md_ctx, challenge, sizeof challenge)
+ 			|| 1 != EVP_VerifyFinal(md_ctx, signature, siglen, pubkey)) {
+@@ -607,7 +618,7 @@ err:
+ 	if (NULL != privkey)
+ 		EVP_PKEY_free(privkey);
+ 	if (NULL != md_ctx) {
+-		EVP_MD_CTX_destroy(md_ctx);
+		EVP_MD_CTX_free(md_ctx);
+ 	}
+ 	return ok;
+ }