[1/2] cups: fix build without PAM

Add upstream patch removing MD5 code that builds when PAM is not
enabled.

Fixes:
http://autobuild.buildroot.net/results/48d/48d53bdeceafdbb51756d5c0b9936ce7c98b4ddc/
http://autobuild.buildroot.net/results/13c/13cb03a8d0ae215c418fe2520a27b2940efd4a39/
http://autobuild.buildroot.net/results/fd3/fd3c56b60bb0411b38dc7279880d1fab7228c20a/

Cc: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 ...05-Fix-builds-without-PAM-Issue-5283.patch | 189 ++++++++++++++++++
 1 file changed, 189 insertions(+)
 create mode 100644 package/cups/0005-Fix-builds-without-PAM-Issue-5283.patch

Acked-by: Olivier Schonken <olivier.schonken@gmail.com>

On Mon, 30 Apr 2018, 21:21 Baruch Siach, <baruch@tkos.co.il> wrote:

> Add upstream patch removing MD5 code that builds when PAM is not
> enabled.
>
> Fixes:
>
> http://autobuild.buildroot.net/results/48d/48d53bdeceafdbb51756d5c0b9936ce7c98b4ddc/
>
> http://autobuild.buildroot.net/results/13c/13cb03a8d0ae215c418fe2520a27b2940efd4a39/
>
> http://autobuild.buildroot.net/results/fd3/fd3c56b60bb0411b38dc7279880d1fab7228c20a/
>
> Cc: Olivier Schonken <olivier.schonken@gmail.com>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
>  ...05-Fix-builds-without-PAM-Issue-5283.patch | 189 ++++++++++++++++++
>  1 file changed, 189 insertions(+)
>  create mode 100644
> package/cups/0005-Fix-builds-without-PAM-Issue-5283.patch
>
> diff --git a/package/cups/0005-Fix-builds-without-PAM-Issue-5283.patch
> b/package/cups/0005-Fix-builds-without-PAM-Issue-5283.patch
> new file mode 100644
> index 000000000000..ff242f82760b
> --- /dev/null
> +++ b/package/cups/0005-Fix-builds-without-PAM-Issue-5283.patch
> @@ -0,0 +1,189 @@
> +From 570933a6a3597371bae1beeb754ee8711d6305ab Mon Sep 17 00:00:00 2001
> +From: Michael R Sweet <michael.r.sweet@gmail.com>
> +Date: Mon, 2 Apr 2018 20:05:13 -0400
> +Subject: [PATCH] Fix builds without PAM (Issue #5283)
> +
> +[baruch: drop CHANGES.md hunk]
> +Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> +---
> +Upstream status: commit 570933a6a3
> +
> + CHANGES.md       |   8 ++-
> + scheduler/auth.c | 134 ++---------------------------------------------
> + 2 files changed, 11 insertions(+), 131 deletions(-)
> +
> +diff --git a/scheduler/auth.c b/scheduler/auth.c
> +index 8b134b5d7257..fa4e2715de34 100644
> +--- a/scheduler/auth.c
> ++++ b/scheduler/auth.c
> +@@ -1,8 +1,8 @@
> + /*
> +  * Authorization routines for the CUPS scheduler.
> +  *
> +- * Copyright 2007-2016 by Apple Inc.
> +- * Copyright 1997-2007 by Easy Software Products, all rights reserved.
> ++ * Copyright © 2007-2018 by Apple Inc.
> ++ * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
> +  *
> +  * This file contains Kerberos support code, copyright 2006 by
> +  * Jelmer Vernooij.
> +@@ -71,9 +71,6 @@ static int           check_authref(cupsd_client_t *con,
> const char *right);
> + static int            compare_locations(cupsd_location_t *a,
> +                                         cupsd_location_t *b);
> + static cupsd_authmask_t       *copy_authmask(cupsd_authmask_t *am, void
> *data);
> +-#if !HAVE_LIBPAM
> +-static char           *cups_crypt(const char *pw, const char *salt);
> +-#endif /* !HAVE_LIBPAM */
> + static void           free_authmask(cupsd_authmask_t *am, void *data);
> + #if HAVE_LIBPAM
> + static int            pam_func(int, const struct pam_message **,
> +@@ -694,14 +691,14 @@ cupsdAuthorize(cupsd_client_t *con)      /* I -
> Client connection */
> +           * client...
> +           */
> +
> +-          pass = cups_crypt(password, pw->pw_passwd);
> ++          pass = crypt(password, pw->pw_passwd);
> +
> +           if (!pass || strcmp(pw->pw_passwd, pass))
> +           {
> + #  ifdef HAVE_SHADOW_H
> +             if (spw)
> +             {
> +-              pass = cups_crypt(password, spw->sp_pwdp);
> ++              pass = crypt(password, spw->sp_pwdp);
> +
> +               if (pass == NULL || strcmp(spw->sp_pwdp, pass))
> +               {
> +@@ -1995,129 +1992,6 @@ copy_authmask(cupsd_authmask_t *mask,  /* I -
> Existing auth mask */
> + }
> +
> +
> +-#if !HAVE_LIBPAM
> +-/*
> +- * 'cups_crypt()' - Encrypt the password using the DES or MD5 algorithms,
> +- *                  as needed.
> +- */
> +-
> +-static char *                         /* O - Encrypted password */
> +-cups_crypt(const char *pw,            /* I - Password string */
> +-           const char *salt)          /* I - Salt (key) string */
> +-{
> +-  if (!strncmp(salt, "$1$", 3))
> +-  {
> +-   /*
> +-    * Use MD5 passwords without the benefit of PAM; this is for
> +-    * Slackware Linux, and the algorithm was taken from the
> +-    * old shadow-19990827/lib/md5crypt.c source code... :(
> +-    */
> +-
> +-    int                       i;              /* Looping var */
> +-    unsigned long     n;              /* Output number */
> +-    int                       pwlen;          /* Length of password
> string */
> +-    const char                *salt_end;      /* End of "salt" data for
> MD5 */
> +-    char              *ptr;           /* Pointer into result string */
> +-    _cups_md5_state_t state;          /* Primary MD5 state info */
> +-    _cups_md5_state_t state2;         /* Secondary MD5 state info */
> +-    unsigned char     digest[16];     /* MD5 digest result */
> +-    static char               result[120];    /* Final password string */
> +-
> +-
> +-   /*
> +-    * Get the salt data between dollar signs, e.g. $1$saltdata$md5.
> +-    * Get a maximum of 8 characters of salt data after $1$...
> +-    */
> +-
> +-    for (salt_end = salt + 3; *salt_end && (salt_end - salt) < 11;
> salt_end ++)
> +-      if (*salt_end == '$')
> +-        break;
> +-
> +-   /*
> +-    * Compute the MD5 sum we need...
> +-    */
> +-
> +-    pwlen = strlen(pw);
> +-
> +-    _cupsMD5Init(&state);
> +-    _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
> +-    _cupsMD5Append(&state, (unsigned char *)salt, salt_end - salt);
> +-
> +-    _cupsMD5Init(&state2);
> +-    _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
> +-    _cupsMD5Append(&state2, (unsigned char *)salt + 3, salt_end - salt -
> 3);
> +-    _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
> +-    _cupsMD5Finish(&state2, digest);
> +-
> +-    for (i = pwlen; i > 0; i -= 16)
> +-      _cupsMD5Append(&state, digest, i > 16 ? 16 : i);
> +-
> +-    for (i = pwlen; i > 0; i >>= 1)
> +-      _cupsMD5Append(&state, (unsigned char *)((i & 1) ? "" : pw), 1);
> +-
> +-    _cupsMD5Finish(&state, digest);
> +-
> +-    for (i = 0; i < 1000; i ++)
> +-    {
> +-      _cupsMD5Init(&state);
> +-
> +-      if (i & 1)
> +-        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
> +-      else
> +-        _cupsMD5Append(&state, digest, 16);
> +-
> +-      if (i % 3)
> +-        _cupsMD5Append(&state, (unsigned char *)salt + 3, salt_end -
> salt - 3);
> +-
> +-      if (i % 7)
> +-        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
> +-
> +-      if (i & 1)
> +-        _cupsMD5Append(&state, digest, 16);
> +-      else
> +-        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
> +-
> +-      _cupsMD5Finish(&state, digest);
> +-    }
> +-
> +-   /*
> +-    * Copy the final sum to the result string and return...
> +-    */
> +-
> +-    memcpy(result, salt, (size_t)(salt_end - salt));
> +-    ptr = result + (salt_end - salt);
> +-    *ptr++ = '$';
> +-
> +-    for (i = 0; i < 5; i ++, ptr += 4)
> +-    {
> +-      n = ((((unsigned)digest[i] << 8) | (unsigned)digest[i + 6]) << 8);
> +-
> +-      if (i < 4)
> +-        n |= (unsigned)digest[i + 12];
> +-      else
> +-        n |= (unsigned)digest[5];
> +-
> +-      to64(ptr, n, 4);
> +-    }
> +-
> +-    to64(ptr, (unsigned)digest[11], 2);
> +-    ptr += 2;
> +-    *ptr = '\0';
> +-
> +-    return (result);
> +-  }
> +-  else
> +-  {
> +-   /*
> +-    * Use the standard crypt() function...
> +-    */
> +-
> +-    return (crypt(pw, salt));
> +-  }
> +-}
> +-#endif /* !HAVE_LIBPAM */
> +-
> +-
> + /*
> +  * 'free_authmask()' - Free function for auth masks.
> +  */
> +--
> +2.17.0
> +
> --
> 2.17.0
>
>
<div dir="auto"><span style="font-family:sans-serif;font-size:12.8px">Acked-by: Olivier Schonken &lt;</span><a href="mailto:olivier.schonken@gmail.com" style="text-decoration-line:none;color:rgb(66,133,244);font-family:sans-serif;font-size:12.8px">olivier.schonken@gmail.com</a><span style="font-family:sans-serif;font-size:12.8px">&gt;</span></div><br><div class="gmail_quote"><div dir="ltr">On Mon, 30 Apr 2018, 21:21 Baruch Siach, &lt;<a href="mailto:baruch@tkos.co.il">baruch@tkos.co.il</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Add upstream patch removing MD5 code that builds when PAM is not<br>
enabled.<br>
<br>
Fixes:<br>
<a href="http://autobuild.buildroot.net/results/48d/48d53bdeceafdbb51756d5c0b9936ce7c98b4ddc/" rel="noreferrer noreferrer" target="_blank">http://autobuild.buildroot.net/results/48d/48d53bdeceafdbb51756d5c0b9936ce7c98b4ddc/</a><br>
<a href="http://autobuild.buildroot.net/results/13c/13cb03a8d0ae215c418fe2520a27b2940efd4a39/" rel="noreferrer noreferrer" target="_blank">http://autobuild.buildroot.net/results/13c/13cb03a8d0ae215c418fe2520a27b2940efd4a39/</a><br>
<a href="http://autobuild.buildroot.net/results/fd3/fd3c56b60bb0411b38dc7279880d1fab7228c20a/" rel="noreferrer noreferrer" target="_blank">http://autobuild.buildroot.net/results/fd3/fd3c56b60bb0411b38dc7279880d1fab7228c20a/</a><br>
<br>
Cc: Olivier Schonken &lt;<a href="mailto:olivier.schonken@gmail.com" target="_blank" rel="noreferrer">olivier.schonken@gmail.com</a>&gt;<br>
Signed-off-by: Baruch Siach &lt;<a href="mailto:baruch@tkos.co.il" target="_blank" rel="noreferrer">baruch@tkos.co.il</a>&gt;<br>
---<br>
 ...05-Fix-builds-without-PAM-Issue-5283.patch | 189 ++++++++++++++++++<br>
 1 file changed, 189 insertions(+)<br>
 create mode 100644 package/cups/0005-Fix-builds-without-PAM-Issue-5283.patch<br>
<br>
diff --git a/package/cups/0005-Fix-builds-without-PAM-Issue-5283.patch b/package/cups/0005-Fix-builds-without-PAM-Issue-5283.patch<br>
new file mode 100644<br>
index 000000000000..ff242f82760b<br>
--- /dev/null<br>
+++ b/package/cups/0005-Fix-builds-without-PAM-Issue-5283.patch<br>
@@ -0,0 +1,189 @@<br>
+From 570933a6a3597371bae1beeb754ee8711d6305ab Mon Sep 17 00:00:00 2001<br>
+From: Michael R Sweet &lt;<a href="mailto:michael.r.sweet@gmail.com" target="_blank" rel="noreferrer">michael.r.sweet@gmail.com</a>&gt;<br>
+Date: Mon, 2 Apr 2018 20:05:13 -0400<br>
+Subject: [PATCH] Fix builds without PAM (Issue #5283)<br>
+<br>
+[baruch: drop CHANGES.md hunk]<br>
+Signed-off-by: Baruch Siach &lt;<a href="mailto:baruch@tkos.co.il" target="_blank" rel="noreferrer">baruch@tkos.co.il</a>&gt;<br>
+---<br>
+Upstream status: commit 570933a6a3<br>
+<br>
+ CHANGES.md       |   8 ++-<br>
+ scheduler/auth.c | 134 ++---------------------------------------------<br>
+ 2 files changed, 11 insertions(+), 131 deletions(-)<br>
+<br>
+diff --git a/scheduler/auth.c b/scheduler/auth.c<br>
+index 8b134b5d7257..fa4e2715de34 100644<br>
+--- a/scheduler/auth.c<br>
++++ b/scheduler/auth.c<br>
+@@ -1,8 +1,8 @@<br>
+ /*<br>
+  * Authorization routines for the CUPS scheduler.<br>
+  *<br>
+- * Copyright 2007-2016 by Apple Inc.<br>
+- * Copyright 1997-2007 by Easy Software Products, all rights reserved.<br>
++ * Copyright © 2007-2018 by Apple Inc.<br>
++ * Copyright © 1997-2007 by Easy Software Products, all rights reserved.<br>
+  *<br>
+  * This file contains Kerberos support code, copyright 2006 by<br>
+  * Jelmer Vernooij.<br>
+@@ -71,9 +71,6 @@ static int           check_authref(cupsd_client_t *con, const char *right);<br>
+ static int            compare_locations(cupsd_location_t *a,<br>
+                                         cupsd_location_t *b);<br>
+ static cupsd_authmask_t       *copy_authmask(cupsd_authmask_t *am, void *data);<br>
+-#if !HAVE_LIBPAM<br>
+-static char           *cups_crypt(const char *pw, const char *salt);<br>
+-#endif /* !HAVE_LIBPAM */<br>
+ static void           free_authmask(cupsd_authmask_t *am, void *data);<br>
+ #if HAVE_LIBPAM<br>
+ static int            pam_func(int, const struct pam_message **,<br>
+@@ -694,14 +691,14 @@ cupsdAuthorize(cupsd_client_t *con)      /* I - Client connection */<br>
+           * client...<br>
+           */<br>
+ <br>
+-          pass = cups_crypt(password, pw-&gt;pw_passwd);<br>
++          pass = crypt(password, pw-&gt;pw_passwd);<br>
+ <br>
+           if (!pass || strcmp(pw-&gt;pw_passwd, pass))<br>
+           {<br>
+ #  ifdef HAVE_SHADOW_H<br>
+             if (spw)<br>
+             {<br>
+-              pass = cups_crypt(password, spw-&gt;sp_pwdp);<br>
++              pass = crypt(password, spw-&gt;sp_pwdp);<br>
+ <br>
+               if (pass == NULL || strcmp(spw-&gt;sp_pwdp, pass))<br>
+               {<br>
+@@ -1995,129 +1992,6 @@ copy_authmask(cupsd_authmask_t *mask,  /* I - Existing auth mask */<br>
+ }<br>
+ <br>
+ <br>
+-#if !HAVE_LIBPAM<br>
+-/*<br>
+- * &#39;cups_crypt()&#39; - Encrypt the password using the DES or MD5 algorithms,<br>
+- *                  as needed.<br>
+- */<br>
+-<br>
+-static char *                         /* O - Encrypted password */<br>
+-cups_crypt(const char *pw,            /* I - Password string */<br>
+-           const char *salt)          /* I - Salt (key) string */<br>
+-{<br>
+-  if (!strncmp(salt, &quot;$1$&quot;, 3))<br>
+-  {<br>
+-   /*<br>
+-    * Use MD5 passwords without the benefit of PAM; this is for<br>
+-    * Slackware Linux, and the algorithm was taken from the<br>
+-    * old shadow-19990827/lib/md5crypt.c source code... :(<br>
+-    */<br>
+-<br>
+-    int                       i;              /* Looping var */<br>
+-    unsigned long     n;              /* Output number */<br>
+-    int                       pwlen;          /* Length of password string */<br>
+-    const char                *salt_end;      /* End of &quot;salt&quot; data for MD5 */<br>
+-    char              *ptr;           /* Pointer into result string */<br>
+-    _cups_md5_state_t state;          /* Primary MD5 state info */<br>
+-    _cups_md5_state_t state2;         /* Secondary MD5 state info */<br>
+-    unsigned char     digest[16];     /* MD5 digest result */<br>
+-    static char               result[120];    /* Final password string */<br>
+-<br>
+-<br>
+-   /*<br>
+-    * Get the salt data between dollar signs, e.g. $1$saltdata$md5.<br>
+-    * Get a maximum of 8 characters of salt data after $1$...<br>
+-    */<br>
+-<br>
+-    for (salt_end = salt + 3; *salt_end &amp;&amp; (salt_end - salt) &lt; 11; salt_end ++)<br>
+-      if (*salt_end == &#39;$&#39;)<br>
+-        break;<br>
+-<br>
+-   /*<br>
+-    * Compute the MD5 sum we need...<br>
+-    */<br>
+-<br>
+-    pwlen = strlen(pw);<br>
+-<br>
+-    _cupsMD5Init(&amp;state);<br>
+-    _cupsMD5Append(&amp;state, (unsigned char *)pw, pwlen);<br>
+-    _cupsMD5Append(&amp;state, (unsigned char *)salt, salt_end - salt);<br>
+-<br>
+-    _cupsMD5Init(&amp;state2);<br>
+-    _cupsMD5Append(&amp;state2, (unsigned char *)pw, pwlen);<br>
+-    _cupsMD5Append(&amp;state2, (unsigned char *)salt + 3, salt_end - salt - 3);<br>
+-    _cupsMD5Append(&amp;state2, (unsigned char *)pw, pwlen);<br>
+-    _cupsMD5Finish(&amp;state2, digest);<br>
+-<br>
+-    for (i = pwlen; i &gt; 0; i -= 16)<br>
+-      _cupsMD5Append(&amp;state, digest, i &gt; 16 ? 16 : i);<br>
+-<br>
+-    for (i = pwlen; i &gt; 0; i &gt;&gt;= 1)<br>
+-      _cupsMD5Append(&amp;state, (unsigned char *)((i &amp; 1) ? &quot;&quot; : pw), 1);<br>
+-<br>
+-    _cupsMD5Finish(&amp;state, digest);<br>
+-<br>
+-    for (i = 0; i &lt; 1000; i ++)<br>
+-    {<br>
+-      _cupsMD5Init(&amp;state);<br>
+-<br>
+-      if (i &amp; 1)<br>
+-        _cupsMD5Append(&amp;state, (unsigned char *)pw, pwlen);<br>
+-      else<br>
+-        _cupsMD5Append(&amp;state, digest, 16);<br>
+-<br>
+-      if (i % 3)<br>
+-        _cupsMD5Append(&amp;state, (unsigned char *)salt + 3, salt_end - salt - 3);<br>
+-<br>
+-      if (i % 7)<br>
+-        _cupsMD5Append(&amp;state, (unsigned char *)pw, pwlen);<br>
+-<br>
+-      if (i &amp; 1)<br>
+-        _cupsMD5Append(&amp;state, digest, 16);<br>
+-      else<br>
+-        _cupsMD5Append(&amp;state, (unsigned char *)pw, pwlen);<br>
+-<br>
+-      _cupsMD5Finish(&amp;state, digest);<br>
+-    }<br>
+-<br>
+-   /*<br>
+-    * Copy the final sum to the result string and return...<br>
+-    */<br>
+-<br>
+-    memcpy(result, salt, (size_t)(salt_end - salt));<br>
+-    ptr = result + (salt_end - salt);<br>
+-    *ptr++ = &#39;$&#39;;<br>
+-<br>
+-    for (i = 0; i &lt; 5; i ++, ptr += 4)<br>
+-    {<br>
+-      n = ((((unsigned)digest[i] &lt;&lt; 8) | (unsigned)digest[i + 6]) &lt;&lt; 8);<br>
+-<br>
+-      if (i &lt; 4)<br>
+-        n |= (unsigned)digest[i + 12];<br>
+-      else<br>
+-        n |= (unsigned)digest[5];<br>
+-<br>
+-      to64(ptr, n, 4);<br>
+-    }<br>
+-<br>
+-    to64(ptr, (unsigned)digest[11], 2);<br>
+-    ptr += 2;<br>
+-    *ptr = &#39;\0&#39;;<br>
+-<br>
+-    return (result);<br>
+-  }<br>
+-  else<br>
+-  {<br>
+-   /*<br>
+-    * Use the standard crypt() function...<br>
+-    */<br>
+-<br>
+-    return (crypt(pw, salt));<br>
+-  }<br>
+-}<br>
+-#endif /* !HAVE_LIBPAM */<br>
+-<br>
+-<br>
+ /*<br>
+  * &#39;free_authmask()&#39; - Free function for auth masks.<br>
+  */<br>
+-- <br>
+2.17.0<br>
+<br>
-- <br>
2.17.0<br>
<br>
</blockquote></div>

>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:

 > Add upstream patch removing MD5 code that builds when PAM is not
 > enabled.

 > Fixes:
 > http://autobuild.buildroot.net/results/48d/48d53bdeceafdbb51756d5c0b9936ce7c98b4ddc/
 > http://autobuild.buildroot.net/results/13c/13cb03a8d0ae215c418fe2520a27b2940efd4a39/
 > http://autobuild.buildroot.net/results/fd3/fd3c56b60bb0411b38dc7279880d1fab7228c20a/

 > Cc: Olivier Schonken <olivier.schonken@gmail.com>
 > Signed-off-by: Baruch Siach <baruch@tkos.co.il>

Committed, thanks.