122357 2006-02-10 04:58 0000 sys-auth/pam_pkcs11 - handle fork correctly 2006-09-19 14:19:52 0000 1 1 1 Unclassified Gentoo Linux Ebuilds unspecified All Linux RESOLVED FIXED P2 normal --- 121078 1 alonbl@gentoo.org crypto@gentoo.org alonbl@gentoo.org 2006-02-10 04:58:47 0000 Hello, Congratulations for adding this ebuild!!! I posted an ebuild a long time ago (bug#95962). Reported this issue to upstream long ago... Please consider to add attached patch: After fork, PKCS#11 should be reinitialized, this is stated explicitly in PKCS#11 standard. Best Regards, Alon Bar-Lev. alonbl@gentoo.org 2006-02-10 05:04:13 0000 Created an attachment (id=79421) pam_pkcs11-0.5.3-daemon-init.patch patch alonbl@gentoo.org 2006-02-10 05:06:06 0000 Created an attachment (id=79422) pam_pkcs11-0.5.3.ebuild.diff Modified ebuild alonbl@gentoo.org 2006-02-10 06:01:26 0000 One last comment... I believe that pam_pkcs11 should be placed in a different branch, since it is not a development tool. flameeyes@gentoo.org 2006-04-21 04:52:11 0000 The move is now done, it was already requested actually. Removing pam-bugs from CC as this package is under crypto herd and the change doesn't seem to relate to PAM itself. dsd@gentoo.org 2006-09-11 19:42:39 0000 Alon, whenever you post a patch you should identify it's origin. Who wrote it, where did it come from? They should be credited in the changelog entry that goes along with the commit, so the information needs to be available on the bug. Ideally the patch should already be included in the upstream development tree - whenever it is the case then the ebuild maintainer doesn't really have to think twice about including it in Gentoo - its quality is confirmed. So, if this patch has come from upstream, say so. If it hasn't, have you sent it there? It's usually best to send it upstream before getting it included in Gentoo, or maybe doing both at the same time. Personally I always wait for patches to be accepted upstream before adding them, but that's just me. If you send it to a public mailing list, it's also a good idea to post the URL to the thread. alonbl@gentoo.org 2006-09-11 23:34:25 0000 (In reply to comment #5) > Alon, whenever you post a patch you should identify it's origin. Who wrote it, Me. > where did it come from? My mind :) > They should be credited in the changelog entry that > goes along with the commit, so the information needs to be available on the > bug. OK. > Ideally the patch should already be included in the upstream development tree - > whenever it is the case then the ebuild maintainer doesn't really have to think > twice about including it in Gentoo - its quality is confirmed. So, if this > patch has come from upstream, say so. No. Upstream is not receptive. In the past pam_pkcs11 was a separate component, I've mailed the developered this patch, but no reply. Then pam_pkcs11 became hosted on opensc project. I thought someone will take it over. Then they redo the site and added ticket system, so I've open a ticket. http://www.opensc-project.org/pam_pkcs11/ticket/14 And nothing. > If it hasn't, have you sent it there? It's usually best to send it upstream > before getting it included in Gentoo, or maybe doing both at the same time. > Personally I always wait for patches to be accepted upstream before adding > them, but that's just me. If you send it to a public mailing list, it's also a > good idea to post the URL to the thread. I agree... This is what I am doing. But if upstream is not receptive, I think major issues like this one should be fixed. There is no question that what they are doing violates PKCS#11 standard. They have some more major problems in the slotevent component... But people can live with it. dragonheart@gentoo.org 2006-09-19 14:19:52 0000 fixed. Thanks for being persistent. 79421 2006-02-10 05:04 0000 pam_pkcs11-0.5.3-daemon-init.patch pam_pkcs11-0.5.3-daemon-init.patch text/plain ZGlmZiAtdXJOcCBwYW1fcGtjczExLTAuNS4zL3NyYy9jb21tb24vcGtjczExLmMgcGFtX3BrY3Mx MS0wLjUuMy5uZXcvc3JjL2NvbW1vbi9wa2NzMTEuYwotLS0gcGFtX3BrY3MxMS0wLjUuMy9zcmMv Y29tbW9uL3BrY3MxMS5jCTIwMDUtMDktMTIgMDk6MTI6NTUuMDAwMDAwMDAwICswMDAwCisrKyBw YW1fcGtjczExLTAuNS4zLm5ldy9zcmMvY29tbW9uL3BrY3MxMS5jCTIwMDUtMTAtMDUgMDM6MDc6 MzAuMDAwMDAwMDAwICswMDAwCkBAIC04Miw3ICs4Miw5IEBAIGludCBpbml0X3BrY3MxMV9tb2R1 bGUocGtjczExX2hhbmRsZV90ICoKIAogICAvKiBpbml0aWFsaXNlIHRoZSBtb2R1bGUgKi8KICAg cnYgPSBoLT5mbC0+Q19Jbml0aWFsaXplKE5VTEwpOwotICBpZiAocnYgIT0gQ0tSX09LKSB7Cisg IGlmIChydiA9PSBDS1JfT0spCisgICAgaC0+c2hvdWxkX2ZpbmFsaXplID0gMTsKKyAgZWxzZSBp ZiAocnYgIT0gQ0tSX0NSWVBUT0tJX0FMUkVBRFlfSU5JVElBTElaRUQpIHsKICAgICBzZXRfZXJy b3IoIkNfSW5pdGlhbGl6ZSgpIGZhaWxlZDogJXgiLCBydik7CiAgICAgcmV0dXJuIC0xOwogICB9 CkBAIC0xNzAsNyArMTcyLDggQEAgdm9pZCByZWxlYXNlX3BrY3MxMV9tb2R1bGUocGtjczExX2hh bmRsZQogewogICAvKiBmaW5hbGlzZSBwa2NzICMxMSBtb2R1bGUgKi8KICAgaWYgKGgtPmZsICE9 IE5VTEwpCi0gICAgaC0+ZmwtPkNfRmluYWxpemUoTlVMTCk7CisgICAgaWYgKGgtPnNob3VsZF9m aW5hbGl6ZSkKKwkgICAgaC0+ZmwtPkNfRmluYWxpemUoTlVMTCk7CiAgIC8qIHVubG9hZCB0aGUg bW9kdWxlICovCiAgIGlmIChoLT5tb2R1bGVfaGFuZGxlICE9IE5VTEwpCiAgICAgZGxjbG9zZSho LT5tb2R1bGVfaGFuZGxlKTsKZGlmZiAtdXJOcCBwYW1fcGtjczExLTAuNS4zL3NyYy9jb21tb24v cGtjczExLmggcGFtX3BrY3MxMS0wLjUuMy5uZXcvc3JjL2NvbW1vbi9wa2NzMTEuaAotLS0gcGFt X3BrY3MxMS0wLjUuMy9zcmMvY29tbW9uL3BrY3MxMS5oCTIwMDUtMDktMTIgMDk6MTI6NTUuMDAw MDAwMDAwICswMDAwCisrKyBwYW1fcGtjczExLTAuNS4zLm5ldy9zcmMvY29tbW9uL3BrY3MxMS5o CTIwMDUtMTAtMDUgMDM6MDc6MzAuMDAwMDAwMDAwICswMDAwCkBAIC0xMzYsNiArMTM2LDcgQEAg dHlwZWRlZiBzdHJ1Y3QgewogdHlwZWRlZiBzdHJ1Y3QgewogICB2b2lkICptb2R1bGVfaGFuZGxl OwogICBDS19GVU5DVElPTl9MSVNUX1BUUiBmbDsKKyAgaW50IHNob3VsZF9maW5hbGl6ZTsKICAg c2xvdF90ICpzbG90czsgCiAgIENLX1VMT05HIHNsb3RfY291bnQ7CiAgIENLX1NFU1NJT05fSEFO RExFIHNlc3Npb247CmRpZmYgLXVyTnAgcGFtX3BrY3MxMS0wLjUuMy9zcmMvdG9vbHMvcGtjczEx X2V2ZW50bWdyLmMgcGFtX3BrY3MxMS0wLjUuMy5uZXcvc3JjL3Rvb2xzL3BrY3MxMV9ldmVudG1n ci5jCi0tLSBwYW1fcGtjczExLTAuNS4zL3NyYy90b29scy9wa2NzMTFfZXZlbnRtZ3IuYwkyMDA1 LTA5LTEyIDA5OjEyOjU0LjAwMDAwMDAwMCArMDAwMAorKysgcGFtX3BrY3MxMS0wLjUuMy5uZXcv c3JjL3Rvb2xzL3BrY3MxMV9ldmVudG1nci5jCTIwMDUtMTAtMDUgMDM6MTE6MjQuMDAwMDAwMDAw ICswMDAwCkBAIC0yODMsMTUgKzI4Myw2IEBAIGludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2 W10pIHsKICAgICAgICAgcmV0dXJuIDE7CiAgICAgfQogCi0gICAgLyogb3BlbiBwa2NzMTEgc2Vz aW9uICovCi0gICAgREJHKCJpbml0aWFsaXNpbmcgcGtjcyAjMTEgbW9kdWxlLi4uIik7Ci0gICAg cnYgPSBwaC5mbC0+Q19Jbml0aWFsaXplKE5VTEwpOwotICAgIGlmIChydiAhPSAwKSB7Ci0gICAg ICAgIHJlbGVhc2VfcGtjczExX21vZHVsZSgmcGgpOwotICAgICAgICBEQkcxKCJDX0luaXRpYWxp emUoKSBmYWlsZWQ6ICVkIiwgcnYpOwotICAgICAgICByZXR1cm4gMTsKLSAgICB9Ci0KICAgICAv KiBwdXQgbXkgc2VsZiBpbnRvIGJhY2tncm91bmQgaWYgZmxhZyBpcyBzZXQgKi8KICAgICBpZiAo ZGFlbW9uaXplKSB7CiAJREJHKCJHb2luZyB0byBiZSBkYWVtb24uLi4iKTsKQEAgLTMwMyw2ICsy OTQsMTcgQEAgaW50IG1haW4oaW50IGFyZ2MsIGNoYXIgKmFyZ3ZbXSkgewogCX0KICAgICB9CiAK KyAgICAvKiBvcGVuIHBrY3MxMSBzZXNpb24gKi8KKyAgICBEQkcoImluaXRpYWxpc2luZyBwa2Nz ICMxMSBtb2R1bGUuLi4iKTsKKyAgICBydiA9IHBoLmZsLT5DX0luaXRpYWxpemUoTlVMTCk7Cisg ICAgaWYgKHJ2ICE9IDApIHsKKyAgICAgICAgcmVsZWFzZV9wa2NzMTFfbW9kdWxlKCZwaCk7CisJ aWYgKGN0eCkgc2Njb25mX2ZyZWUoY3R4KTsKKyAgICAgICAgREJHMSgiQ19Jbml0aWFsaXplKCkg ZmFpbGVkOiAlZCIsIHJ2KTsKKyAgICAgICAgcmV0dXJuIDE7CisgICAgfQorICAgIHBoLnNob3Vs ZF9maW5hbGl6ZSA9IDE7CisKICAgICAvKiAKICAgICAgKiBXYWl0IGVuZGxlc3NseSBmb3IgYWxs IGV2ZW50cyBpbiB0aGUgbGlzdCBvZiByZWFkZXJzCiAgICAgICogV2Ugb25seSBzdG9wIGluIGNh c2Ugb2YgYW4gZXJyb3IKQEAgLTMyNCw3ICszMjYsOSBAQCBpbnQgbWFpbihpbnQgYXJnYywgY2hh ciAqYXJndltdKSB7CiAJICAgbmV3X3N0YXRlID0gZ2V0X2FfdG9rZW4oKTsKIAkgICBpZiAobmV3 X3N0YXRlID09IENBUkRfRVJST1IpIHsKICAgICAJCURCRygiRXJyb3IgdHJ5aW5nIHRvIGdldCBh IHRva2VuIik7Ci0gICAgCQlicmVhazsKKyAgICAJCXJ2ID0gcGguZmwtPkNfRmluYWxpemUoTlVM TCk7CisgICAgCQlydiA9IHBoLmZsLT5DX0luaXRpYWxpemUoTlVMTCk7CisJCWNvbnRpbnVlOwog CSAgIH0KIAkgICBpZiAob2xkX3N0YXRlID09IG5ld19zdGF0ZSApIHsgLyogc3RhdGUgdW5jaGFu Z2VkICovCiAJCS8qIG9uIGNhcmQgbm90IHByZXNlbnQsIGluY3JlYXNlIGFuZCBjaGVjayBleHBp cmUgdGltZSAqLwo= 79422 2006-02-10 05:06 0000 pam_pkcs11-0.5.3.ebuild.diff pam_pkcs11-0.5.3.ebuild.diff text/plain LS0tIHBhbV9wa2NzMTEtMC41LjMuZWJ1aWxkCTIwMDYtMDItMTAgMDM6MzU6NDYuMDAwMDAwMDAw ICswMjAwCisrKyBwYW1fcGtjczExLTAuNS4zLmVidWlsZAkyMDA2LTAyLTEwIDE0OjM3OjM3LjAw MDAwMDAwMCArMDIwMApAQCAtMiw2ICsyLDggQEAKICMgRGlzdHJpYnV0ZWQgdW5kZXIgdGhlIHRl cm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2MgogIyAkSGVhZGVyOiAvdmFy L2N2c3Jvb3QvZ2VudG9vLXg4Ni9kZXYtbGlicy9wYW1fcGtjczExL3BhbV9wa2NzMTEtMC41LjMu ZWJ1aWxkLHYgMS4xIDIwMDYvMDIvMTAgMDE6MzU6NDYgdmFucXVpcml1cyBFeHAgJAogCitpbmhl cml0IGV1dGlscworCiBERVNDUklQVElPTj0iUEtDUzExIFBhbSBsaWJyYXJ5IgogSE9NRVBBR0U9 Imh0dHA6Ly93d3cub3BlbnNjLXByb2plY3Qub3JnL3BhbV9wa2NzMTEiCiBTUkNfVVJJPSJodHRw Oi8vd3d3Lm9wZW5zYy1wcm9qZWN0Lm9yZy9maWxlcy9wYW1fcGtjczExLyR7UH0udGFyLmd6IgpA QCAtMTgsNiArMjAsMTEgQEAKIAlwY3NjLWxpdGU/ICggc3lzLWFwcHMvcGNzYy1saXRlICkKIAlk ZXYtbGlicy9vcGVuc3NsIgogCitzcmNfdW5wYWNrKCkgeworCXVucGFjayAke0F9CisJZXBhdGNo ICIke0ZJTEVTRElSfS8ke1B9LWRhZW1vbi1pbml0LnBhdGNoIgorfQorCiBzcmNfY29tcGlsZSgp IHsKIAkJZWNvbmYgXAogCQkJJCh1c2Vfd2l0aCBjdXJsKSBcCg==