From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Oct 10 19:20:08 2011 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2A49A1065675 for ; Mon, 10 Oct 2011 19:20:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0602D8FC1B for ; Mon, 10 Oct 2011 19:20:08 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p9AJK7dX091729 for ; Mon, 10 Oct 2011 19:20:07 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p9AJK74c091728; Mon, 10 Oct 2011 19:20:07 GMT (envelope-from gnats) Resent-Date: Mon, 10 Oct 2011 19:20:07 GMT Resent-Message-Id: <201110101920.p9AJK74c091728@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Corey Smith Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4E86E10656D2 for ; Mon, 10 Oct 2011 19:19:32 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 3CD9D8FC1F for ; Mon, 10 Oct 2011 19:19:32 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p9AJJWps030360 for ; Mon, 10 Oct 2011 19:19:32 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id p9AJJWur030359; Mon, 10 Oct 2011 19:19:32 GMT (envelope-from nobody) Message-Id: <201110101919.p9AJJWur030359@red.freebsd.org> Date: Mon, 10 Oct 2011 19:19:32 GMT From: Corey Smith To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/161473: security/pam_ssh_agent_auth: update to fix segmentation fault in 0.9.3 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2011 19:20:08 -0000 >Number: 161473 >Category: ports >Synopsis: security/pam_ssh_agent_auth: update to fix segmentation fault in 0.9.3 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Mon Oct 10 19:20:07 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Corey Smith >Release: 8.2-RELEASE-p4 >Organization: >Environment: FreeBSD tst 8.2-RELEASE-p4 FreeBSD 8.2-RELEASE-p4 #1: Sun Oct 9 09:36:36 EDT 2011 root@tst:/usr/src/sys/amd64/compile/CUSTOM amd64 >Description: When using this port with the current version of sudo a segmentation fault occurs. More information can be found at: http://lists.freebsd.org/pipermail/freebsd-security/2011-September/006014.html This patch fixes the problem by renaming the function call in pam_ssh_agent_auth. The purpose of this update is to provide a work-able solution until a more permanent fix is available from the developer. -Corey Smith >How-To-Repeat: # update to latest security/sudo and security/pam_ssh_agent_auth sudo su - # segmentation fault >Fix: Patch attached Patch attached with submission follows: diff -urN pam_ssh_agent_auth.orig/Makefile pam_ssh_agent_auth/Makefile --- pam_ssh_agent_auth.orig/Makefile 2011-06-25 01:29:26.000000000 -0400 +++ pam_ssh_agent_auth/Makefile 2011-10-10 14:58:03.000000000 -0400 @@ -7,6 +7,7 @@ PORTNAME= pam_ssh_agent_auth PORTVERSION= 0.9.3 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= SF/pamsshagentauth/${PORTNAME}/v${PORTVERSION}/ diff -urN pam_ssh_agent_auth.orig/files/patch-entropy.c pam_ssh_agent_auth/files/patch-entropy.c --- pam_ssh_agent_auth.orig/files/patch-entropy.c 1969-12-31 19:00:00.000000000 -0500 +++ pam_ssh_agent_auth/files/patch-entropy.c 2011-10-10 14:53:51.000000000 -0400 @@ -0,0 +1,25 @@ +--- ./entropy.c 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/entropy.c 2011-10-10 13:10:35.864389493 -0400 +@@ -79,11 +79,11 @@ + mysig_t old_sigchld; + + if (RAND_status() == 1) { +- verbose("RNG is ready, skipping seeding"); ++ pam_ssh_auth_verbose("RNG is ready, skipping seeding"); + return; + } + +- verbose("Seeding PRNG from %s", SSH_RAND_HELPER); ++ pam_ssh_auth_verbose("Seeding PRNG from %s", SSH_RAND_HELPER); + + if ((devnull = open("/dev/null", O_RDWR)) == -1) + fatal("Couldn't open /dev/null: %s", strerror(errno)); +@@ -187,7 +187,7 @@ + + buf = buffer_get_string_ret(m, &len); + if (buf != NULL) { +- verbose("rexec_recv_rng_seed: seeding rng with %u bytes", len); ++ pam_ssh_auth_verbose("rexec_recv_rng_seed: seeding rng with %u bytes", len); + RAND_add(buf, len, len); + } + } diff -urN pam_ssh_agent_auth.orig/files/patch-iterate_ssh_agent_keys.c pam_ssh_agent_auth/files/patch-iterate_ssh_agent_keys.c --- pam_ssh_agent_auth.orig/files/patch-iterate_ssh_agent_keys.c 1969-12-31 19:00:00.000000000 -0500 +++ pam_ssh_agent_auth/files/patch-iterate_ssh_agent_keys.c 2011-10-10 14:54:07.000000000 -0400 @@ -0,0 +1,20 @@ +--- ./iterate_ssh_agent_keys.c 2010-01-12 21:17:01.000000000 -0500 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/iterate_ssh_agent_keys.c 2011-10-10 13:10:35.864389493 -0400 +@@ -82,7 +82,7 @@ + session_id2 = session_id2_gen(); + + if ((ac = ssh_get_authentication_connection(uid))) { +- verbose("Contacted ssh-agent of user %s (%u)", getpwuid(uid)->pw_name, uid); ++ pam_ssh_auth_verbose("Contacted ssh-agent of user %s (%u)", getpwuid(uid)->pw_name, uid); + for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2)) + { + if(key != NULL) { +@@ -103,7 +103,7 @@ + ssh_close_authentication_connection(ac); + } + else { +- verbose("No ssh-agent could be contacted"); ++ pam_ssh_auth_verbose("No ssh-agent could be contacted"); + } + xfree(session_id2); + EVP_cleanup(); diff -urN pam_ssh_agent_auth.orig/files/patch-key.c pam_ssh_agent_auth/files/patch-key.c --- pam_ssh_agent_auth.orig/files/patch-key.c 1969-12-31 19:00:00.000000000 -0500 +++ pam_ssh_agent_auth/files/patch-key.c 2011-10-10 14:54:32.000000000 -0400 @@ -0,0 +1,51 @@ +--- ./key.c 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/key.c 2011-10-10 13:10:35.865388224 -0400 +@@ -420,26 +420,26 @@ + case KEY_DSA: + space = strchr(cp, ' '); + if (space == NULL) { +- verbose("key_read: missing whitespace"); ++ pam_ssh_auth_verbose("key_read: missing whitespace"); + return -1; + } + *space = '\0'; + type = key_type_from_name(cp); + *space = ' '; + if (type == KEY_UNSPEC) { +- verbose("key_read: missing keytype"); ++ pam_ssh_auth_verbose("key_read: missing keytype"); + return -1; + } + cp = space+1; + if (*cp == '\0') { +- verbose("key_read: short string"); ++ pam_ssh_auth_verbose("key_read: short string"); + return -1; + } + if (ret->type == KEY_UNSPEC) { + ret->type = type; + } else if (ret->type != type) { + /* is a key, but different type */ +- verbose("key_read: type mismatch"); ++ pam_ssh_auth_verbose("key_read: type mismatch"); + return -1; + } + len = 2*strlen(cp); +@@ -656,7 +656,7 @@ + } else if (strcmp(name, "ssh-dss") == 0) { + return KEY_DSA; + } +- verbose("key_type_from_name: unknown key type '%s'", name); ++ pam_ssh_auth_verbose("key_type_from_name: unknown key type '%s'", name); + return KEY_UNSPEC; + } + +@@ -677,7 +677,7 @@ + return 0; + } + } +- verbose("key names ok: [%s]", names); ++ pam_ssh_auth_verbose("key names ok: [%s]", names); + xfree(s); + return 1; + } diff -urN pam_ssh_agent_auth.orig/files/patch-log.c pam_ssh_agent_auth/files/patch-log.c --- pam_ssh_agent_auth.orig/files/patch-log.c 1969-12-31 19:00:00.000000000 -0500 +++ pam_ssh_agent_auth/files/patch-log.c 2011-10-10 14:54:51.000000000 -0400 @@ -0,0 +1,11 @@ +--- ./log.c 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/log.c 2011-10-10 13:10:35.865388224 -0400 +@@ -166,7 +166,7 @@ + /* More detailed messages (information that does not need to go to the log). */ + + void +-verbose(const char *fmt,...) ++pam_ssh_auth_verbose(const char *fmt,...) + { + va_list args; + diff -urN pam_ssh_agent_auth.orig/files/patch-log.h pam_ssh_agent_auth/files/patch-log.h --- pam_ssh_agent_auth.orig/files/patch-log.h 1969-12-31 19:00:00.000000000 -0500 +++ pam_ssh_agent_auth/files/patch-log.h 2011-10-10 14:55:03.000000000 -0400 @@ -0,0 +1,11 @@ +--- ./log.h 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/log.h 2011-10-10 13:10:38.856166661 -0400 +@@ -55,7 +55,7 @@ + void logerror(const char *, ...) __attribute__((format(printf, 1, 2))); + void sigdie(const char *, ...) __attribute__((format(printf, 1, 2))); + void logit(const char *, ...) __attribute__((format(printf, 1, 2))); +-void verbose(const char *, ...) __attribute__((format(printf, 1, 2))); ++void pam_ssh_auth_verbose(const char *, ...) __attribute__((format(printf, 1, 2))); + void debug(const char *, ...) __attribute__((format(printf, 1, 2))); + void debug2(const char *, ...) __attribute__((format(printf, 1, 2))); + void debug3(const char *, ...) __attribute__((format(printf, 1, 2))); diff -urN pam_ssh_agent_auth.orig/files/patch-misc.c pam_ssh_agent_auth/files/patch-misc.c --- pam_ssh_agent_auth.orig/files/patch-misc.c 1969-12-31 19:00:00.000000000 -0500 +++ pam_ssh_agent_auth/files/patch-misc.c 2011-10-10 14:55:23.000000000 -0400 @@ -0,0 +1,102 @@ +--- ./misc.c 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/misc.c 2011-10-10 13:10:35.866387792 -0400 +@@ -84,13 +84,13 @@ + return (-1); + } + if (val & O_NONBLOCK) { +- verbose("fd %d is O_NONBLOCK", fd); ++ pam_ssh_auth_verbose("fd %d is O_NONBLOCK", fd); + return (0); + } +- verbose("fd %d setting O_NONBLOCK", fd); ++ pam_ssh_auth_verbose("fd %d setting O_NONBLOCK", fd); + val |= O_NONBLOCK; + if (fcntl(fd, F_SETFL, val) == -1) { +- verbose("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, ++ pam_ssh_auth_verbose("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, + strerror(errno)); + return (-1); + } +@@ -108,13 +108,13 @@ + return (-1); + } + if (!(val & O_NONBLOCK)) { +- verbose("fd %d is not O_NONBLOCK", fd); ++ pam_ssh_auth_verbose("fd %d is not O_NONBLOCK", fd); + return (0); + } +- verbose("fd %d clearing O_NONBLOCK", fd); ++ pam_ssh_auth_verbose("fd %d clearing O_NONBLOCK", fd); + val &= ~O_NONBLOCK; + if (fcntl(fd, F_SETFL, val) == -1) { +- verbose("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s", ++ pam_ssh_auth_verbose("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s", + fd, strerror(errno)); + return (-1); + } +@@ -138,15 +138,15 @@ + + optlen = sizeof opt; + if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) { +- verbose("getsockopt TCP_NODELAY: %.100s", strerror(errno)); ++ pam_ssh_auth_verbose("getsockopt TCP_NODELAY: %.100s", strerror(errno)); + return; + } + if (opt == 1) { +- verbose("fd %d is TCP_NODELAY", fd); ++ pam_ssh_auth_verbose("fd %d is TCP_NODELAY", fd); + return; + } + opt = 1; +- verbose("fd %d setting TCP_NODELAY", fd); ++ pam_ssh_auth_verbose("fd %d setting TCP_NODELAY", fd); + if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1) + logerror("setsockopt TCP_NODELAY: %.100s", strerror(errno)); + } +@@ -367,7 +367,7 @@ + return(xstrdup(host)); + if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0) + fatal("put_host_port: asprintf: %s", strerror(errno)); +- verbose("put_host_port: %s", hoststr); ++ pam_ssh_auth_verbose("put_host_port: %s", hoststr); + return hoststr; + } + +@@ -631,7 +631,7 @@ + if (buf[strlen(buf) - 1] == '\n' || feof(f)) { + return 0; + } else { +- verbose("%s: %s line %lu exceeds size limit", __func__, ++ pam_ssh_auth_verbose("%s: %s line %lu exceeds size limit", __func__, + filename, *lineno); + /* discard remainder of line */ + while (fgetc(f) != '\n' && !feof(f)) +@@ -662,16 +662,16 @@ + break; + } + } else { +- verbose("%s: invalid tunnel %u", __func__, tun); ++ pam_ssh_auth_verbose("%s: invalid tunnel %u", __func__, tun); + return (-1); + } + + if (fd < 0) { +- verbose("%s: %s open failed: %s", __func__, name, strerror(errno)); ++ pam_ssh_auth_verbose("%s: %s open failed: %s", __func__, name, strerror(errno)); + return (-1); + } + +- verbose("%s: %s mode %d fd %d", __func__, name, mode, fd); ++ pam_ssh_auth_verbose("%s: %s mode %d fd %d", __func__, name, mode, fd); + + /* Set the tunnel device operation mode */ + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun); +@@ -703,7 +703,7 @@ + close(fd); + if (sock >= 0) + close(sock); +- verbose("%s: failed to set %s mode %d: %s", __func__, name, ++ pam_ssh_auth_verbose("%s: failed to set %s mode %d: %s", __func__, name, + mode, strerror(errno)); + return (-1); + #else diff -urN pam_ssh_agent_auth.orig/files/patch-pam_ssh_agent_auth.c pam_ssh_agent_auth/files/patch-pam_ssh_agent_auth.c --- pam_ssh_agent_auth.orig/files/patch-pam_ssh_agent_auth.c 1969-12-31 19:00:00.000000000 -0500 +++ pam_ssh_agent_auth/files/patch-pam_ssh_agent_auth.c 2011-10-10 14:55:48.000000000 -0400 @@ -0,0 +1,58 @@ +--- ./pam_ssh_agent_auth.c 2011-01-26 15:59:21.000000000 -0500 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/pam_ssh_agent_auth.c 2011-10-10 13:10:35.866387792 -0400 +@@ -124,7 +124,7 @@ + pam_get_item(pamh, PAM_USER, (void *) &user); + pam_get_item(pamh, PAM_RUSER, (void *) &ruser_ptr); + +- verbose("Beginning pam_ssh_agent_auth for user %s", user); ++ pam_ssh_auth_verbose("Beginning pam_ssh_agent_auth for user %s", user); + + if(ruser_ptr) { + strncpy(ruser, ruser_ptr, sizeof(ruser) - 1); +@@ -139,12 +139,12 @@ + #ifdef ENABLE_SUDO_HACK + if( (strlen(sudo_service_name) > 0) && strncasecmp(servicename, sudo_service_name, sizeof(sudo_service_name) - 1) == 0 && getenv("SUDO_USER") ) { + strncpy(ruser, getenv("SUDO_USER"), sizeof(ruser) - 1 ); +- verbose( "Using environment variable SUDO_USER (%s)", ruser ); ++ pam_ssh_auth_verbose( "Using environment variable SUDO_USER (%s)", ruser ); + } else + #endif + { + if( ! getpwuid(getuid()) ) { +- verbose("Unable to getpwuid(getuid())"); ++ pam_ssh_auth_verbose("Unable to getpwuid(getuid())"); + goto cleanexit; + } + strncpy(ruser, getpwuid(getuid())->pw_name, sizeof(ruser) - 1); +@@ -153,11 +153,11 @@ + + /* Might as well explicitely confirm the user exists here */ + if(! getpwnam(ruser) ) { +- verbose("getpwnam(%s) failed, bailing out", ruser); ++ pam_ssh_auth_verbose("getpwnam(%s) failed, bailing out", ruser); + goto cleanexit; + } + if( ! getpwnam(user) ) { +- verbose("getpwnam(%s) failed, bailing out", user); ++ pam_ssh_auth_verbose("getpwnam(%s) failed, bailing out", user); + goto cleanexit; + } + +@@ -167,7 +167,7 @@ + */ + parse_authorized_key_file(user, authorized_keys_file_input); + } else { +- verbose("Using default file=/etc/security/authorized_keys"); ++ pam_ssh_auth_verbose("Using default file=/etc/security/authorized_keys"); + authorized_keys_file = xstrdup("/etc/security/authorized_keys"); + } + +@@ -177,7 +177,7 @@ + */ + + if(user && strlen(ruser) > 0) { +- verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file); ++ pam_ssh_auth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file); + + /* + * this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user diff -urN pam_ssh_agent_auth.orig/files/patch-pam_user_key_allowed2.c pam_ssh_agent_auth/files/patch-pam_user_key_allowed2.c --- pam_ssh_agent_auth.orig/files/patch-pam_user_key_allowed2.c 1969-12-31 19:00:00.000000000 -0500 +++ pam_ssh_agent_auth/files/patch-pam_user_key_allowed2.c 2011-10-10 14:56:12.000000000 -0400 @@ -0,0 +1,42 @@ +--- ./pam_user_key_allowed2.c 2011-06-07 02:32:46.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/pam_user_key_allowed2.c 2011-10-10 13:10:35.866387792 -0400 +@@ -63,11 +63,11 @@ + Key *found; + char *fp; + +- verbose("trying public key file %s", file); ++ pam_ssh_auth_verbose("trying public key file %s", file); + + /* Fail not so quietly if file does not exist */ + if (stat(file, &st) < 0) { +- verbose("File not found: %s", file); ++ pam_ssh_auth_verbose("File not found: %s", file); + return 0; + } + /* Open the file containing the authorized keys. */ +@@ -97,7 +97,7 @@ + if (key_read(found, &cp) != 1) { + /* no key? check if there are options for this key */ + int quoted = 0; +- verbose("user_key_allowed: check options: '%s'", cp); ++ pam_ssh_auth_verbose("user_key_allowed: check options: '%s'", cp); + key_options = cp; + for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { + if (*cp == '\\' && cp[1] == '"') +@@ -109,7 +109,7 @@ + for (; *cp == ' ' || *cp == '\t'; cp++) + ; + if (key_read(found, &cp) != 1) { +- verbose("user_key_allowed: advance: '%s'", cp); ++ pam_ssh_auth_verbose("user_key_allowed: advance: '%s'", cp); + /* still no key? advance to next line*/ + continue; + } +@@ -128,6 +128,6 @@ + fclose(f); + key_free(found); + if (!found_key) +- verbose("key not found"); ++ pam_ssh_auth_verbose("key not found"); + return found_key; + } diff -urN pam_ssh_agent_auth.orig/files/patch-secure_filename.c pam_ssh_agent_auth/files/patch-secure_filename.c --- pam_ssh_agent_auth.orig/files/patch-secure_filename.c 1969-12-31 19:00:00.000000000 -0500 +++ pam_ssh_agent_auth/files/patch-secure_filename.c 2011-10-10 14:56:35.000000000 -0400 @@ -0,0 +1,29 @@ +--- ./secure_filename.c 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/secure_filename.c 2011-10-10 13:10:35.867387919 -0400 +@@ -80,7 +80,7 @@ + int comparehome = 0; + struct stat st; + +- verbose("secure_filename: checking for uid: %u", uid); ++ pam_ssh_auth_verbose("secure_filename: checking for uid: %u", uid); + + if (realpath(file, buf) == NULL) { + snprintf(err, errlen, "realpath %s failed: %s", file, +@@ -107,7 +107,7 @@ + } + strlcpy(buf, cp, sizeof(buf)); + +- verbose("secure_filename: checking '%s'", buf); ++ pam_ssh_auth_verbose("secure_filename: checking '%s'", buf); + if (stat(buf, &st) < 0 || + (st.st_uid != 0 && st.st_uid != uid) || + (st.st_mode & 022) != 0) { +@@ -118,7 +118,7 @@ + + /* If are passed the homedir then we can stop */ + if (comparehome && strcmp(homedir, buf) == 0) { +- verbose("secure_filename: terminating check at '%s'", ++ pam_ssh_auth_verbose("secure_filename: terminating check at '%s'", + buf); + break; + } diff -urN pam_ssh_agent_auth.orig/files/patch-ssh-dss.c pam_ssh_agent_auth/files/patch-ssh-dss.c --- pam_ssh_agent_auth.orig/files/patch-ssh-dss.c 1969-12-31 19:00:00.000000000 -0500 +++ pam_ssh_agent_auth/files/patch-ssh-dss.c 2011-10-10 14:56:52.000000000 -0400 @@ -0,0 +1,11 @@ +--- ./ssh-dss.c 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/ssh-dss.c 2011-10-10 13:10:35.867387919 -0400 +@@ -179,7 +179,7 @@ + + DSA_SIG_free(sig); + +- verbose("ssh_dss_verify: signature %s", ++ pam_ssh_auth_verbose("ssh_dss_verify: signature %s", + ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); + return ret; + } diff -urN pam_ssh_agent_auth.orig/files/patch-ssh-rsa.c pam_ssh_agent_auth/files/patch-ssh-rsa.c --- pam_ssh_agent_auth.orig/files/patch-ssh-rsa.c 1969-12-31 19:00:00.000000000 -0500 +++ pam_ssh_agent_auth/files/patch-ssh-rsa.c 2011-10-10 14:57:05.000000000 -0400 @@ -0,0 +1,29 @@ +--- ./ssh-rsa.c 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/ssh-rsa.c 2011-10-10 13:10:35.867387919 -0400 +@@ -75,7 +75,7 @@ + } + if (len < slen) { + u_int diff = slen - len; +- verbose("slen %u > len %u", slen, len); ++ pam_ssh_auth_verbose("slen %u > len %u", slen, len); + memmove(sig + diff, sig, len); + memset(sig, 0, diff); + } else if (len > slen) { +@@ -148,7 +148,7 @@ + return -1; + } else if (len < modlen) { + u_int diff = modlen - len; +- verbose("ssh_rsa_verify: add padding: modlen %u > len %u", ++ pam_ssh_auth_verbose("ssh_rsa_verify: add padding: modlen %u > len %u", + modlen, len); + sigblob = xrealloc(sigblob, 1, modlen); + memmove(sigblob + diff, sigblob, len); +@@ -169,7 +169,7 @@ + memset(digest, 'd', sizeof(digest)); + memset(sigblob, 's', len); + xfree(sigblob); +- verbose("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); ++ pam_ssh_auth_verbose("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); + return ret; + } + >Release-Note: >Audit-Trail: >Unformatted: