* [gentoo-commits] proj/hardened-dev:uclibc commit in: sys-libs/pam/, sys-libs/pam/files/
@ 2012-01-03 20:54 Anthony G. Basile
0 siblings, 0 replies; 3+ messages in thread
From: Anthony G. Basile @ 2012-01-03 20:54 UTC (permalink / raw
To: gentoo-commits
commit: 12bb0798022e7c77ccb830b66c647e2dfb215c4a
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 3 20:54:04 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Jan 3 20:54:04 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=12bb0798
sys-libs/pam: imported from git://git.overlays.gentoo.org/proj/embedded-cross.git
---
...Linux-PAM-0.99.7.0-disable-regenerate-man.patch | 18 ++
sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch | 18 ++
sys-libs/pam/files/Linux-PAM-1.0.2-noyp.patch | 247 ++++++++++++++++++++
.../pam/files/Linux-PAM-1.0.4-cross-compile.patch | 35 +++
sys-libs/pam/files/Linux-PAM-1.0.4-fix-tests.patch | 13 +
sys-libs/pam/files/Linux-PAM-1.1.0-debug.patch | 13 +
sys-libs/pam/files/Linux-PAM-1.1.0-nonls.patch | 11 +
sys-libs/pam/files/Linux-PAM-1.1.0-uclibc.patch | 82 +++++++
sys-libs/pam/files/Linux-PAM-1.1.0-xcrypt.patch | 16 ++
sys-libs/pam/files/Linux-PAM-1.1.1+berkdb-5.patch | 12 +
sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch | 20 ++
sys-libs/pam/files/Linux-PAM-1.1.1-xcrypt.patch | 21 ++
sys-libs/pam/files/other.pamd | 6 +
sys-libs/pam/files/system-auth.pamd.epam | 15 ++
sys-libs/pam/metadata.xml | 29 +++
sys-libs/pam/pam-1.0.4.ebuild | 188 +++++++++++++++
sys-libs/pam/pam-1.1.0.ebuild | 164 +++++++++++++
sys-libs/pam/pam-1.1.1-r2.ebuild | 186 +++++++++++++++
sys-libs/pam/pam-1.1.2.ebuild | 192 +++++++++++++++
19 files changed, 1286 insertions(+), 0 deletions(-)
diff --git a/sys-libs/pam/files/Linux-PAM-0.99.7.0-disable-regenerate-man.patch b/sys-libs/pam/files/Linux-PAM-0.99.7.0-disable-regenerate-man.patch
new file mode 100644
index 0000000..a988b18
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-0.99.7.0-disable-regenerate-man.patch
@@ -0,0 +1,18 @@
+Index: Linux-PAM-0.99.7.0/configure.in
+===================================================================
+--- Linux-PAM-0.99.7.0.orig/configure.in
++++ Linux-PAM-0.99.7.0/configure.in
+@@ -420,10 +420,12 @@ AC_CHECK_FUNCS(inet_ntop inet_pton ruser
+ AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
+ AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
+
++AC_ARG_ENABLE([regenerate-man],
++ AC_HELP_STRING([--disable-regenerate-man], [Don't re-build manpages from XML souces]),
++ [enable_man=$enableval], [enable_man=yes])
+ dnl
+ dnl Check for xsltproc
+ dnl
+-enable_man=yes
+ AC_PATH_PROG([XSLTPROC], [xsltproc])
+ if test -z "$XSLTPROC"; then
+ enable_man=no
diff --git a/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch b/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch
new file mode 100644
index 0000000..2cd3e95
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch
@@ -0,0 +1,18 @@
+This patch makes sure that the xtests programs don't get build when running
+'make all', as they might fail to build (for instance if GLIBC 2.3 is used).
+
+Note that the tests are not executed by default at make check because they
+are anyway broken.
+Index: Linux-PAM-0.99.9.0/xtests/Makefile.am
+===================================================================
+--- Linux-PAM-0.99.9.0.orig/xtests/Makefile.am
++++ Linux-PAM-0.99.9.0/xtests/Makefile.am
+@@ -29,7 +29,7 @@ XTESTS = tst-pam_dispatch1 tst-pam_dispa
+ tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \
+ tst-pam_group1
+
+-noinst_PROGRAMS = $(XTESTS)
++check_PROGRAMS = $(XTESTS)
+
+ xtests: $(XTESTS) run-xtests.sh
+ "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS}
diff --git a/sys-libs/pam/files/Linux-PAM-1.0.2-noyp.patch b/sys-libs/pam/files/Linux-PAM-1.0.2-noyp.patch
new file mode 100644
index 0000000..a0457b6
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.0.2-noyp.patch
@@ -0,0 +1,247 @@
+Index: Linux-PAM-1.0.2/configure.in
+===================================================================
+--- Linux-PAM-1.0.2.orig/configure.in
++++ Linux-PAM-1.0.2/configure.in
+@@ -399,12 +399,27 @@ fi
+ AC_SUBST(LIBDB)
+ AM_CONDITIONAL([HAVE_LIBDB], [test ! -z "$LIBDB"])
+
+-AC_CHECK_LIB([nsl],[yp_get_default_domain], LIBNSL="-lnsl", LIBNSL="")
+-BACKUP_LIBS=$LIBS
+-LIBS="$LIBS $LIBNSL"
+-AC_CHECK_FUNCS(yp_get_default_domain)
+-LIBS=$BACKUP_LIBS
+-AC_SUBST(LIBNSL)
++LIBNSL=""; AC_SUBST(LIBNSL)
++have_nis="yes"
++
++AC_CHECK_HEADERS([rpcsvc/ypclnt.h rpcsvc/yp_prot.h netdb.h], [:],
++ [have_nis=no; break; ])
++
++AS_IF([test "x$have_nis" = "xyes"], [
++ AC_CHECK_FUNCS([yp_get_default_domain], [:],
++ AC_CHECK_LIB([nsl], [yp_get_default_domain], [LIBNSL="-lnsl"],
++ [have_nis=no]))
++])
++
++AS_IF([test "x$have_nis" = "xyes"], [
++ AC_CHECK_FUNCS([innetgr], [:], [have_nis=no; break;])
++])
++
++AS_IF([test "x$have_nis" = "xyes"], [
++ AC_DEFINE([HAVE_NIS], [1], [Define this if you have NIS support])
++])
++
++AM_CONDITIONAL([HAVE_NIS], [test "x$have_nis" = "xyes"])
+
+ AC_ARG_ENABLE([selinux],
+ AC_HELP_STRING([--disable-selinux],[do not use SELinux]),
+Index: Linux-PAM-1.0.2/modules/pam_access/pam_access.c
+===================================================================
+--- Linux-PAM-1.0.2.orig/modules/pam_access/pam_access.c
++++ Linux-PAM-1.0.2/modules/pam_access/pam_access.c
+@@ -41,7 +41,9 @@
+ #include <errno.h>
+ #include <ctype.h>
+ #include <sys/utsname.h>
++#ifdef HAVE_NIS
+ #include <rpcsvc/ypclnt.h>
++#endif
+ #include <arpa/inet.h>
+ #include <netdb.h>
+ #include <sys/socket.h>
+@@ -471,11 +473,11 @@ static char *myhostname(void)
+ }
+
+ /* netgroup_match - match group against machine or user */
+-
+ static int
+ netgroup_match (pam_handle_t *pamh, const char *netgroup,
+ const char *machine, const char *user, int debug)
+ {
++#ifdef HAVE_NIS
+ char *mydomain = NULL;
+ int retval;
+
+@@ -490,7 +492,12 @@ netgroup_match (pam_handle_t *pamh, cons
+ machine ? machine : "NULL",
+ user ? user : "NULL", mydomain ? mydomain : "NULL");
+ return retval;
++#else
++ pam_syslog(pamh, LOG_DEBUG,
++ "netgroup match: no YellowPages support.");
+
++ return NO;
++#endif
+ }
+
+ /* user_match - match a username against one token */
+Index: Linux-PAM-1.0.2/modules/pam_unix/Makefile.am
+===================================================================
+--- Linux-PAM-1.0.2.orig/modules/pam_unix/Makefile.am
++++ Linux-PAM-1.0.2/modules/pam_unix/Makefile.am
+@@ -40,7 +40,11 @@ noinst_PROGRAMS = bigcrypt
+
+ pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \
+ pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \
+- passverify.c yppasswd_xdr.c md5_good.c md5_broken.c
++ passverify.c md5_good.c md5_broken.c
++
++if HAVE_NIS
++pam_unix_la_SOURCES += yppasswd_xdr.c
++endif
+
+ bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c
+ bigcrypt_CFLAGS = $(AM_CFLAGS)
+Index: Linux-PAM-1.0.2/modules/pam_unix/pam_unix_passwd.c
+===================================================================
+--- Linux-PAM-1.0.2.orig/modules/pam_unix/pam_unix_passwd.c
++++ Linux-PAM-1.0.2/modules/pam_unix/pam_unix_passwd.c
+@@ -55,8 +55,10 @@
+ #include <sys/time.h>
+ #include <sys/stat.h>
+ #include <rpc/rpc.h>
++#ifdef HAVE_NIS
+ #include <rpcsvc/yp_prot.h>
+ #include <rpcsvc/ypclnt.h>
++#endif
+
+ #include <signal.h>
+ #include <errno.h>
+@@ -103,6 +105,7 @@ extern int getrpcport(const char *host,
+
+ #define MAX_PASSWD_TRIES 3
+
++#ifdef HAVE_NIS
+ static char *getNISserver(pam_handle_t *pamh)
+ {
+ char *master;
+@@ -132,6 +135,7 @@ static char *getNISserver(pam_handle_t *
+ }
+ return master;
+ }
++#endif
+
+ #ifdef WITH_SELINUX
+
+@@ -299,6 +303,7 @@ static int _do_setpass(pam_handle_t* pam
+ goto done;
+ }
+
++#ifdef HAVE_NIS
+ if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
+ if ((master=getNISserver(pamh)) != NULL) {
+ struct timeval timeout;
+@@ -366,6 +371,7 @@ static int _do_setpass(pam_handle_t* pam
+ retval = PAM_TRY_AGAIN;
+ }
+ }
++#endif
+
+ if (_unix_comesfromsource(pamh, forwho, 1, 0)) {
+ if(unlocked) {
+Index: Linux-PAM-1.0.2/modules/pam_unix/support.c
+===================================================================
+--- Linux-PAM-1.0.2.orig/modules/pam_unix/support.c
++++ Linux-PAM-1.0.2/modules/pam_unix/support.c
+@@ -19,7 +19,9 @@
+ #include <ctype.h>
+ #include <syslog.h>
+ #include <sys/resource.h>
++#ifdef HAVE_NIS
+ #include <rpcsvc/ypclnt.h>
++#endif
+
+ #include <security/_pam_macros.h>
+ #include <security/pam_modules.h>
+@@ -263,6 +265,7 @@ int _unix_getpwnam(pam_handle_t *pamh, c
+ }
+ }
+
++#ifdef HAVE_NIS
+ if (!matched && nis) {
+ char *userinfo = NULL, *domain = NULL;
+ int len = 0, i;
+@@ -281,6 +284,7 @@ int _unix_getpwnam(pam_handle_t *pamh, c
+ }
+ }
+ }
++#endif
+
+ if (matched && (ret != NULL)) {
+ *ret = NULL;
+Index: Linux-PAM-1.0.2/modules/pam_group/pam_group.c
+===================================================================
+--- Linux-PAM-1.0.2.orig/modules/pam_group/pam_group.c
++++ Linux-PAM-1.0.2/modules/pam_group/pam_group.c
+@@ -659,7 +659,11 @@ static int check_account(pam_handle_t *p
+ }
+ /* If buffer starts with @, we are using netgroups */
+ if (buffer[0] == '@')
++#ifdef HAVE_NIS
+ good &= innetgr (&buffer[1], NULL, user, NULL);
++#else
++ good = 0;
++#endif
+ else
+ good &= logic_field(pamh,user, buffer, count, is_same);
+ D(("with user: %s", good ? "passes":"fails" ));
+Index: Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.c
+===================================================================
+--- Linux-PAM-1.0.2.orig/modules/pam_succeed_if/pam_succeed_if.c
++++ Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.c
+@@ -229,6 +229,7 @@ evaluate_notingroup(pam_handle_t *pamh,
+ return PAM_SUCCESS;
+ return PAM_AUTH_ERR;
+ }
++#ifdef HAVE_NIS
+ /* Return PAM_SUCCESS if the (host,user) is in the netgroup. */
+ static int
+ evaluate_innetgr(const char *host, const char *user, const char *group)
+@@ -245,6 +246,7 @@ evaluate_notinnetgr(const char *host, co
+ return PAM_SUCCESS;
+ return PAM_AUTH_ERR;
+ }
++#endif
+
+ /* Match a triple. */
+ static int
+@@ -356,6 +358,7 @@ evaluate(pam_handle_t *pamh, int debug,
+ if (strcasecmp(qual, "notingroup") == 0) {
+ return evaluate_notingroup(pamh, pwd->pw_name, right);
+ }
++#ifdef HAVE_NIS
+ /* (Rhost, user) is in this netgroup. */
+ if (strcasecmp(qual, "innetgr") == 0) {
+ const void *rhost;
+@@ -370,6 +373,14 @@ evaluate(pam_handle_t *pamh, int debug,
+ rhost = NULL;
+ return evaluate_notinnetgr(rhost, pwd->pw_name, right);
+ }
++#else
++ if (strcasecmp(qual, "innetgr") == 0 ||
++ strcasecmp(qual, "notinnetgr") == 0) {
++ pam_syslog(pamh, LOG_CRIT, "option \"%s\" not supported as no NIS support is present", qual);
++ return PAM_SERVICE_ERR;
++ }
++#endif
++
+ /* Fail closed. */
+ return PAM_SERVICE_ERR;
+ }
+Index: Linux-PAM-1.0.2/modules/pam_time/pam_time.c
+===================================================================
+--- Linux-PAM-1.0.2.orig/modules/pam_time/pam_time.c
++++ Linux-PAM-1.0.2/modules/pam_time/pam_time.c
+@@ -555,7 +555,11 @@ check_account(pam_handle_t *pamh, const
+ }
+ /* If buffer starts with @, we are using netgroups */
+ if (buffer[0] == '@')
++#ifdef HAVE_NIS
+ good &= innetgr (&buffer[1], NULL, user, NULL);
++#else
++ good = 0;
++#endif
+ else
+ good &= logic_field(pamh, user, buffer, count, is_same);
+ D(("with user: %s", good ? "passes":"fails" ));
diff --git a/sys-libs/pam/files/Linux-PAM-1.0.4-cross-compile.patch b/sys-libs/pam/files/Linux-PAM-1.0.4-cross-compile.patch
new file mode 100644
index 0000000..23a830b
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.0.4-cross-compile.patch
@@ -0,0 +1,35 @@
+--- configure.in 2009-05-28 17:05:03.000000000 +0000
++++ configure.in.new 2009-05-28 17:05:25.000000000 +0000
+@@ -129,6 +129,21 @@
+ AC_C___ATTRIBUTE__
+
+ dnl
++dnl Get the host compiler if cross-compiling
++dnl
++AM_CONDITIONAL(CROSS_COMPILING, [ test $cross_compiling = yes ])
++AC_MSG_CHECKING([for CC_FOR_BUILD])
++if test "x${CC_FOR_BUILD+set}" != "xset" ; then
++ if test "x$cross_compiling" = "xyes" ; then
++ CC_FOR_BUILD=${CC_FOR_BUILD-gcc}
++ else
++ CC_FOR_BUILD=${CC}
++ fi
++fi
++AC_MSG_RESULT([$CC_FOR_BUILD])
++AC_SUBST(CC_FOR_BUILD)
++
++dnl
+ dnl Check if --version-script is supported by ld
+ dnl
+ AC_CACHE_CHECK(for .symver assembler directive, libc_cv_asm_symver_directive,
+--- doc/specs/Makefile.am 2009-05-28 17:05:03.000000000 +0000
++++ doc/specs/Makefile.am.new 2009-05-28 17:06:06.000000000 +0000
+@@ -19,4 +19,8 @@
+
+ padout_LDADD = @LEXLIB@
+
++CC = @CC_FOR_BUILD@
++CFLAGS =
++LDFLAGS =
++
+ doc_DATA = draft-morgan-pam-current.txt rfc86.0.txt
diff --git a/sys-libs/pam/files/Linux-PAM-1.0.4-fix-tests.patch b/sys-libs/pam/files/Linux-PAM-1.0.4-fix-tests.patch
new file mode 100644
index 0000000..b705f36
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.0.4-fix-tests.patch
@@ -0,0 +1,13 @@
+Index: Linux-PAM-1.0.4/tests/tst-pam_mkargv.c
+===================================================================
+--- Linux-PAM-1.0.4.orig/tests/tst-pam_mkargv.c
++++ Linux-PAM-1.0.4/tests/tst-pam_mkargv.c
+@@ -35,7 +35,7 @@ int main(void)
+ printf ("\n");
+ #endif
+
+- if (argvlen != 333)
++ if (argvlen != ( 37 + ( 37 * sizeof(char*) ) ))
+ return 1;
+
+ if (myargc != 4)
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.0-debug.patch b/sys-libs/pam/files/Linux-PAM-1.1.0-debug.patch
new file mode 100644
index 0000000..ec9f99b
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.1.0-debug.patch
@@ -0,0 +1,13 @@
+Index: Linux-PAM-1.1.0/modules/pam_env/pam_env.c
+===================================================================
+--- Linux-PAM-1.1.0.orig/modules/pam_env/pam_env.c
++++ Linux-PAM-1.1.0/modules/pam_env/pam_env.c
+@@ -120,7 +120,7 @@ _pam_parse (const pam_handle_t *pamh, in
+ "user_envfile= specification missing argument - ignored");
+ } else {
+ *user_envfile = 13+*argv;
+- D(("new User Env File: %s", *user_env_file));
++ D(("new User Env File: %s", *user_envfile));
+ }
+ } else if (!strncmp(*argv,"readenv=",8))
+ *readenv = atoi(8+*argv);
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.0-nonls.patch b/sys-libs/pam/files/Linux-PAM-1.1.0-nonls.patch
new file mode 100644
index 0000000..d52b6a0
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.1.0-nonls.patch
@@ -0,0 +1,11 @@
+--- Linux-PAM-1.1.0/modules/pam_lastlog/pam_lastlog.c.orig
++++ Linux-PAM-1.1.0/modules/pam_lastlog/pam_lastlog.c
+@@ -471,7 +471,7 @@ last_login_failed(pam_handle_t *pamh, in
+ failed),
+ failed);
+ #else
+- if (daysleft == 1)
++ if (failed == 1)
+ retval = asprintf(&line,
+ _("There was %d failed login attempt since the last successful login."),
+ failed);
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.0-uclibc.patch b/sys-libs/pam/files/Linux-PAM-1.1.0-uclibc.patch
new file mode 100644
index 0000000..6b8fa25
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.1.0-uclibc.patch
@@ -0,0 +1,82 @@
+Index: Linux-PAM-1.1.0/modules/pam_pwhistory/opasswd.c
+===================================================================
+--- Linux-PAM-1.1.0.orig/modules/pam_pwhistory/opasswd.c
++++ Linux-PAM-1.1.0/modules/pam_pwhistory/opasswd.c
+@@ -94,6 +94,23 @@ parse_entry (char *line, opwd *data)
+ return 0;
+ }
+
++static int
++compare_password(const char *newpass, const char *oldpass)
++{
++ char *outval;
++#ifdef HAVE_CRYPT_R
++ struct crypt_data output;
++
++ output.initialized = 0;
++
++ outval = crypt_r (newpass, oldpass, &output);
++#else
++ outval = crypt (newpass, oldpass);
++#endif
++
++ return strcmp(outval, oldpass) == 0;
++}
++
+ /* Check, if the new password is already in the opasswd file. */
+ int
+ check_old_password (pam_handle_t *pamh, const char *user,
+@@ -167,12 +184,9 @@ check_old_password (pam_handle_t *pamh,
+ if (found)
+ {
+ const char delimiters[] = ",";
+- struct crypt_data output;
+ char *running;
+ char *oldpass;
+
+- memset (&output, 0, sizeof (output));
+-
+ running = strdupa (entry.old_passwords);
+ if (running == NULL)
+ return PAM_BUF_ERR;
+@@ -180,7 +194,7 @@ check_old_password (pam_handle_t *pamh,
+ do {
+ oldpass = strsep (&running, delimiters);
+ if (oldpass && strlen (oldpass) > 0 &&
+- strcmp (crypt_r (newpass, oldpass, &output), oldpass) == 0)
++ compare_password(newpass, oldpass) )
+ {
+ if (debug)
+ pam_syslog (pamh, LOG_DEBUG, "New password already used");
+Index: Linux-PAM-1.1.0/configure.in
+===================================================================
+--- Linux-PAM-1.1.0.orig/configure.in
++++ Linux-PAM-1.1.0/configure.in
+@@ -458,7 +458,7 @@ AC_FUNC_MEMCMP
+ AC_FUNC_VPRINTF
+ AC_CHECK_FUNCS(fseeko gethostname gettimeofday lckpwdf mkdir select)
+ AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
+-AC_CHECK_FUNCS(getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
++AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
+ AC_CHECK_FUNCS(getgrouplist getline getdelim)
+ AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af)
+
+Index: Linux-PAM-1.1.0/modules/pam_timestamp/pam_timestamp.c
+===================================================================
+--- Linux-PAM-1.1.0.orig/modules/pam_timestamp/pam_timestamp.c
++++ Linux-PAM-1.1.0/modules/pam_timestamp/pam_timestamp.c
+@@ -200,7 +200,13 @@ check_login_time(const char *ruser, time
+ time_t oldest_login = 0;
+
+ setutent();
+- while(!getutent_r(&utbuf, &ut)) {
++ while(
++#ifdef HAVE_GETUTENT_R
++ !getutent_r(&utbuf, &ut)
++#else
++ (ut = getutent()) != NULL
++#endif
++ ) {
+ if (ut->ut_type != USER_PROCESS) {
+ continue;
+ }
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.0-xcrypt.patch b/sys-libs/pam/files/Linux-PAM-1.1.0-xcrypt.patch
new file mode 100644
index 0000000..4f4872d
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.1.0-xcrypt.patch
@@ -0,0 +1,16 @@
+Index: Linux-PAM-1.1.1/configure.in
+===================================================================
+--- Linux-PAM-1.1.1.orig/configure.in
++++ Linux-PAM-1.1.1/configure.in
+@@ -360,6 +360,10 @@ AC_SUBST(LIBAUDIT)
+ AC_CHECK_HEADERS(xcrypt.h crypt.h)
++AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"],
++ [crypt_libs="xcrypt crypt"],
++ [crypt_libs="crypt"])
++
+ BACKUP_LIBS=$LIBS
+-AC_SEARCH_LIBS([crypt],[xcrypt crypt], LIBCRYPT="-l$ac_lib", LIBCRYPT="")
++AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="-l$ac_lib", LIBCRYPT="")
+ AC_CHECK_FUNCS(crypt_r crypt_gensalt_rn)
+ LIBS=$BACKUP_LIBS
+ AC_SUBST(LIBCRYPT)
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.1+berkdb-5.patch b/sys-libs/pam/files/Linux-PAM-1.1.1+berkdb-5.patch
new file mode 100644
index 0000000..ece9211
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.1.1+berkdb-5.patch
@@ -0,0 +1,12 @@
+Index: Linux-PAM-1.1.1/modules/pam_userdb/pam_userdb.c
+===================================================================
+--- Linux-PAM-1.1.1.orig/modules/pam_userdb/pam_userdb.c
++++ Linux-PAM-1.1.1/modules/pam_userdb/pam_userdb.c
+@@ -30,6 +30,7 @@
+ #else
+ # ifdef HAVE_DB_H
+ # define DB_DBM_HSEARCH 1 /* use the dbm interface */
++# define HAVE_DBM /* for BerkDB 5.0 and later */
+ # include <db.h>
+ # else
+ # error "failed to find a libdb or equivalent"
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch b/sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch
new file mode 100644
index 0000000..0334496
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch
@@ -0,0 +1,20 @@
+Index: Linux-PAM-1.1.1/configure.in
+===================================================================
+--- Linux-PAM-1.1.1.orig/configure.in
++++ Linux-PAM-1.1.1/configure.in
+@@ -389,10 +389,11 @@ AC_ARG_WITH([db-uniquename],
+ AS_HELP_STRING([--with-db-uniquename=extension],[Unique name for db libraries and functions.]))
+ if test x"$WITH_DB" != xno ; then
+ if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then
+- AC_CHECK_LIB([db$with_db_uniquename], [db_create$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="")
+- if test -z "$LIBDB" ; then
+- AC_CHECK_LIB([db$with_db_uniquename], [dbm_store$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="")
+- fi
++ old_libs=$LIBS
++ LIBS="$LIBS -ldb$with_db_uniquename"
++ AC_CHECK_FUNCS([db_create$with_db_uniquename db_create dbm_store$with_db_uniquename dbm_store],
++ [LIBDB="-ldb$with_db_uniquename"; break])
++ LIBS=$old_libs
+ fi
+ if test -z "$LIBDB" ; then
+ AC_CHECK_LIB([ndbm],[dbm_store], LIBDB="-lndbm", LIBDB="")
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.1-xcrypt.patch b/sys-libs/pam/files/Linux-PAM-1.1.1-xcrypt.patch
new file mode 100644
index 0000000..f842da7
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.1.1-xcrypt.patch
@@ -0,0 +1,21 @@
+Index: Linux-PAM-1.1.1/configure.in
+===================================================================
+--- Linux-PAM-1.1.1.orig/configure.in
++++ Linux-PAM-1.1.1/configure.in
+@@ -361,10 +361,14 @@ AM_CONDITIONAL([HAVE_AUDIT_TTY_STATUS],
+ [test "x$HAVE_AUDIT_TTY_STATUS" = xyes])
+
+ AC_CHECK_HEADERS(xcrypt.h crypt.h)
++AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"],
++ [crypt_libs="xcrypt crypt"],
++ [crypt_libs="crypt"])
++
+ BACKUP_LIBS=$LIBS
+-AC_SEARCH_LIBS([crypt],[xcrypt crypt], LIBCRYPT="-l$ac_lib", LIBCRYPT="")
++AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="-l$ac_lib", LIBCRYPT="")
+ AC_CHECK_FUNCS(crypt_r crypt_gensalt_r)
+-Libs=$BACKUP_LIBS
++LIBS=$BACKUP_LIBS
+ AC_SUBST(LIBCRYPT)
+ if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then
+ AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.])
diff --git a/sys-libs/pam/files/other.pamd b/sys-libs/pam/files/other.pamd
new file mode 100644
index 0000000..85ca04e
--- /dev/null
+++ b/sys-libs/pam/files/other.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+
+auth required pam_deny.so
+account required pam_deny.so
+password required pam_deny.so
+session required pam_deny.so
diff --git a/sys-libs/pam/files/system-auth.pamd.epam b/sys-libs/pam/files/system-auth.pamd.epam
new file mode 100644
index 0000000..bdee6f4
--- /dev/null
+++ b/sys-libs/pam/files/system-auth.pamd.epam
@@ -0,0 +1,15 @@
+#%PAM-1.0
+
+auth required pam_env.so
+auth sufficient pam_unix.so try_first_pass likeauth nullok
+auth required pam_deny.so
+
+account required pam_unix.so
+
+#%EPAM-Use-Flag:cracklib%#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3
+#%EPAM-Use-Flag:cracklib%#password sufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow
+#%EPAM-Use-Flag:!cracklib%#password sufficient pam_unix.so try_first_pass nullok md5 shadow
+password required pam_deny.so
+
+session required pam_limits.so
+session required pam_unix.so
diff --git a/sys-libs/pam/metadata.xml b/sys-libs/pam/metadata.xml
new file mode 100644
index 0000000..e5b58f5
--- /dev/null
+++ b/sys-libs/pam/metadata.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>pam</herd>
+ <maintainer>
+ <email>pam-bugs@gentoo.org</email>
+ </maintainer>
+ <use>
+ <flag name='audit'>Enable support for <pkg>sys-process/audit</pkg></flag>
+
+ <flag name="berkdb">
+ Build the pam_userdb module, that allows to authenticate users
+ against a Berkeley DB file. Please note that enabling this USE
+ flag will create a PAM module that links to the Berkeley DB (as
+ provided by <pkg>sys-libs/db</pkg>) installed in /usr/lib and
+ will thus not work for boot-critical services authentication.
+ </flag>
+
+ <flag name="cracklib">
+ Build the pam_cracklib module, that allows to verify the chosen
+ passwords' strength through the use of
+ <pkg>sys-libs/cracklib</pkg>. Please note that simply enabling
+ the USE flag on this package will not make use of pam_cracklib
+ by default, you should also enable it in
+ <pkg>sys-auth/pambase</pkg> as well as update your configuration
+ files.
+ </flag>
+ </use>
+</pkgmetadata>
diff --git a/sys-libs/pam/pam-1.0.4.ebuild b/sys-libs/pam/pam-1.0.4.ebuild
new file mode 100644
index 0000000..1632431
--- /dev/null
+++ b/sys-libs/pam/pam-1.0.4.ebuild
@@ -0,0 +1,188 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.0.4.ebuild,v 1.11 2009/03/27 17:08:40 armin76 Exp $
+
+WANT_AUTOCONF="latest"
+WANT_AUTOMAKE="latest"
+
+inherit libtool multilib eutils autotools pam toolchain-funcs flag-o-matic
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="mirror://kernel/linux/libs/pam/library/${MY_P}.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc"
+
+RDEPEND="nls? ( virtual/libintl )
+ cracklib? ( >=sys-libs/cracklib-2.8.3 )
+ audit? ( sys-process/audit )
+ selinux? ( >=sys-libs/libselinux-1.28 )"
+DEPEND="${RDEPEND}
+ sys-devel/flex
+ test? ( elibc_glibc? ( >=sys-libs/glibc-2.4 ) )
+ nls? ( sys-devel/gettext )"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+
+S="${WORKDIR}/${MY_P}"
+
+PROVIDE="virtual/pam"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+ ebeep 15
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|timestamp|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_timestamp, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+ ebeep 10
+
+ retval=1
+ fi
+
+ # Produce the warnings only during upgrade, for the following two
+ has_version '<sys-libs/pam-0.99' || return $retval
+
+ # This works only for those modules that are moved to sys-auth/$module, or the
+ # message will be wrong.
+ for module in pam_chroot pam_userdb pam_radius; do
+ if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q ${module}.so; then
+ ewarn ""
+ ewarn "Your current setup is using the ${module} module."
+ ewarn "Since version 0.99, ${CATEGORY}/${PN} does not provide this module"
+ ewarn "anymore; if you want to continue using this module, you should install"
+ ewarn "sys-auth/${module}."
+ ewarn ""
+ ebeep 5
+ fi
+ done
+
+ return $retval
+}
+
+pkg_setup() {
+ check_old_modules
+}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ mkdir -p doc/txts
+ for readme in modules/pam_*/README; do
+ cp -f "${readme}" doc/txts/README.$(dirname "${readme}" | \
+ sed -e 's|^modules/||')
+ done
+
+ epatch "${FILESDIR}/${MY_PN}-0.99.7.0-disable-regenerate-man.patch"
+ epatch "${FILESDIR}/${MY_PN}-0.99.8.1-xtests.patch"
+
+ # Remove NIS dependencies, see bug #235431
+ epatch "${FILESDIR}/${MY_PN}-1.0.2-noyp.patch"
+
+ # Fix building of doc/specs
+ epatch "${FILESDIR}/${MY_PN}-1.0.4-cross-compile.patch"
+
+ # Fix tests on systems where sizeof(void*) != 8
+ epatch "${FILESDIR}/${MY_PN}-1.0.4-fix-tests.patch"
+
+ # Remove libtool-2 libtool macros, see bug 261167
+ rm m4/libtool.m4 m4/lt*.m4 || die "rm libtool macros failed."
+
+ AT_M4DIR="m4" eautoreconf
+
+ elibtoolize
+}
+
+src_compile() {
+ local myconf
+
+ if use hppa || use elibc_FreeBSD; then
+ myconf="${myconf} --disable-pie"
+ fi
+
+ # KEEP COMMENTED OUT! It seems like it fails to build with USE=debug!
+ # Do _not_ move this to $(use_enable) without checking if the
+ # configure.in has been fixed. As of 2009/03/03 it's still broken
+ # on upstream's CVS, and --disable-debug means --enable-debug too.
+ # if use debug; then
+ # myconf="${myconf} --enable-debug"
+ # fi
+
+ econf \
+ --libdir=/usr/$(get_libdir) \
+ --docdir=/usr/share/doc/${PF} \
+ --htmldir=/usr/share/doc/${PF}/html \
+ --enable-securedir=/$(get_libdir)/security \
+ --enable-isadir=/$(get_libdir)/security \
+ $(use_enable nls) \
+ $(use_enable selinux) \
+ $(use_enable cracklib) \
+ $(use_enable audit) \
+ --disable-db \
+ --disable-dependency-tracking \
+ --disable-prelude \
+ --disable-regenerate-man \
+ ${myconf} || die "econf failed"
+ emake sepermitlockdir="/var/run/sepermit" || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="/var/run/sepermit" || die "make install failed"
+
+ # Need to be suid
+ fperms u+s /sbin/unix_chkpwd
+
+ dodir /$(get_libdir)
+ mv "${D}/usr/$(get_libdir)/libpam.so"* "${D}/$(get_libdir)/"
+ mv "${D}/usr/$(get_libdir)/libpamc.so"* "${D}/$(get_libdir)/"
+ mv "${D}/usr/$(get_libdir)/libpam_misc.so"* "${D}/$(get_libdir)/"
+ gen_usr_ldscript libpam.so libpamc.so libpam_misc.so
+
+ dodoc CHANGELOG ChangeLog README AUTHORS Copyright
+ docinto modules ; dodoc doc/txts/README.*
+
+ # Remove the wrongly installed manpages
+ rm "${D}"/usr/share/man/man8/pam_userdb.8*
+ use cracklib || rm "${D}"/usr/share/man/man8/pam_cracklib.8*
+
+ # Get rid of the .la files. We certainly don't need them for PAM
+ # modules, and libpam is installed as a shared object only, so we
+ # don't ned them for static linking either.
+ find "${D}" -name '*.la' -delete
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
diff --git a/sys-libs/pam/pam-1.1.0.ebuild b/sys-libs/pam/pam-1.1.0.ebuild
new file mode 100644
index 0000000..8b1a1d2
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.0.ebuild
@@ -0,0 +1,164 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.1.0.ebuild,v 1.5 2009/06/21 16:50:28 flameeyes Exp $
+
+inherit libtool multilib eutils autotools pam toolchain-funcs flag-o-matic
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="mirror://kernel/linux/libs/pam/library/${MY_P}.tar.bz2
+ mirror://kernel/linux/libs/pam/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug"
+
+RDEPEND="nls? ( virtual/libintl )
+ cracklib? ( >=sys-libs/cracklib-2.8.3 )
+ audit? ( sys-process/audit )
+ selinux? ( >=sys-libs/libselinux-1.28 )
+ elibc_glibc? ( >=sys-libs/glibc-2.7 )"
+DEPEND="${RDEPEND}
+ sys-devel/flex
+ nls? ( sys-devel/gettext )"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+
+S="${WORKDIR}/${MY_P}"
+
+PROVIDE="virtual/pam"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+ ebeep 15
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+ ebeep 10
+
+ retval=1
+ fi
+
+ return $retval
+}
+
+pkg_setup() {
+ check_old_modules
+}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ # Avoid building xtests during "make all"; note that for what
+ # we're concerned xtests are not even executed, so we should
+ # probably use EXTRA_PROGRAMS.
+ epatch "${FILESDIR}/${MY_PN}-0.99.8.1-xtests.patch"
+
+ # Remove NIS dependencies, see bug #235431
+ epatch "${FILESDIR}/${MY_PN}-1.0.2-noyp.patch"
+
+ # Fix building with debug USE flag enabled
+ epatch "${FILESDIR}/${MY_PN}-1.1.0-debug.patch"
+
+ # Fix building with nls USE flag disabled
+ epatch "${FILESDIR}/${MY_PN}-1.1.0-nonls.patch"
+
+ # Fix building of doc/specs
+ epatch "${FILESDIR}/${MY_PN}-1.0.4-cross-compile.patch"
+
+ # Remove libtool-2 libtool macros, see bug 261167
+ rm m4/libtool.m4 m4/lt*.m4 || die "rm libtool macros failed."
+
+ AT_M4DIR="m4" eautoreconf
+
+ elibtoolize
+}
+
+src_compile() {
+ local myconf
+
+ if use hppa || use elibc_FreeBSD; then
+ myconf="${myconf} --disable-pie"
+ fi
+
+ econf \
+ --libdir=/usr/$(get_libdir) \
+ --docdir=/usr/share/doc/${PF} \
+ --htmldir=/usr/share/doc/${PF}/html \
+ --enable-securedir=/$(get_libdir)/security \
+ --enable-isadir=/$(get_libdir)/security \
+ $(use_enable nls) \
+ $(use_enable selinux) \
+ $(use_enable cracklib) \
+ $(use_enable audit) \
+ $(use_enable debug) \
+ --disable-db \
+ --disable-dependency-tracking \
+ --disable-prelude \
+ ${myconf} || die "econf failed"
+ emake sepermitlockdir="/var/run/sepermit" || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="/var/run/sepermit" || die "make install failed"
+
+ # Need to be suid
+ fperms u+s /sbin/unix_chkpwd
+
+ dodir /$(get_libdir)
+ mv "${D}/usr/$(get_libdir)/libpam.so"* "${D}/$(get_libdir)/"
+ mv "${D}/usr/$(get_libdir)/libpamc.so"* "${D}/$(get_libdir)/"
+ mv "${D}/usr/$(get_libdir)/libpam_misc.so"* "${D}/$(get_libdir)/"
+ gen_usr_ldscript libpam.so libpamc.so libpam_misc.so
+
+ dodoc CHANGELOG ChangeLog README AUTHORS Copyright NEWS || die
+
+ docinto modules
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ # Remove the wrongly installed manpages
+ rm "${D}"/usr/share/man/man8/pam_userdb.8*
+ use cracklib || rm "${D}"/usr/share/man/man8/pam_cracklib.8*
+
+ # Get rid of the .la files. We certainly don't need them for PAM
+ # modules, and libpam is installed as a shared object only, so we
+ # don't ned them for static linking either.
+ find "${D}" -name '*.la' -delete
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
diff --git a/sys-libs/pam/pam-1.1.1-r2.ebuild b/sys-libs/pam/pam-1.1.1-r2.ebuild
new file mode 100644
index 0000000..d5f433e
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.1-r2.ebuild
@@ -0,0 +1,186 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.1.1-r2.ebuild,v 1.4 2010/05/22 09:09:08 jlec Exp $
+
+EAPI="3"
+
+inherit libtool multilib eutils autotools pam toolchain-funcs flag-o-matic db-use
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="mirror://kernel/linux/libs/pam/library/${MY_P}.tar.bz2
+ mirror://kernel/linux/libs/pam/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb"
+
+RDEPEND="nls? ( virtual/libintl )
+ cracklib? ( >=sys-libs/cracklib-2.8.3 )
+ audit? ( sys-process/audit )
+ selinux? ( >=sys-libs/libselinux-1.28 )
+ berkdb? ( sys-libs/db )
+ elibc_glibc? ( >=sys-libs/glibc-2.7 )"
+DEPEND="${RDEPEND}
+ sys-devel/flex
+ nls? ( sys-devel/gettext )"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+ !sys-auth/pam_userdb"
+
+S="${WORKDIR}/${MY_P}"
+
+PROVIDE="virtual/pam"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ return $retval
+}
+
+pkg_setup() {
+ check_old_modules
+}
+
+src_prepare() {
+ # Avoid building xtests during "make all"; note that for what
+ # we're concerned xtests are not even executed, so we should
+ # probably use EXTRA_PROGRAMS.
+ epatch "${FILESDIR}/${MY_PN}-0.99.8.1-xtests.patch"
+
+ # Fix building on uClibc; it is added since 1.1.1 but applies to
+ # 1.1.0 as well.
+ epatch "${FILESDIR}/${MY_PN}-1.1.0-uclibc.patch"
+
+ # Fix tests to find Berkeley DB as installed by Gentoo (with a
+ # library suffix but no suffix on the ELF symbols).
+ epatch "${FILESDIR}/${MY_PN}-1.1.1-gentoodb.patch"
+
+ # make it possible to skip libxcrypt detection if header is not
+ # found
+ epatch "${FILESDIR}/${MY_PN}-1.1.1-xcrypt.patch"
+
+ # fix building with Berkeley DB 5.0 and later; now defining
+ # DB_DBM_HSEARCH is not enough; bug #319831
+ epatch "${FILESDIR}/${MY_PN}-1.1.1+berkdb-5.patch"
+
+ # Fix building of doc/specs
+ epatch "${FILESDIR}/${MY_PN}-1.0.4-cross-compile.patch"
+
+ # Remove libtool-2 libtool macros, see bug 261167
+ rm m4/libtool.m4 m4/lt*.m4 || die "rm libtool macros failed."
+
+ eautoreconf
+
+ elibtoolize
+}
+
+src_configure() {
+ local myconf
+
+ if use hppa || use elibc_FreeBSD; then
+ myconf="${myconf} --disable-pie"
+ fi
+
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+ export ac_cv_header_xcrypt_h=no
+
+ econf \
+ --libdir="${EPREFIX}"/usr/$(get_libdir) \
+ --docdir="${EPREFIX}"/usr/share/doc/${PF} \
+ --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security \
+ --enable-isadir="${EPREFIX}"/$(get_libdir)/security \
+ $(use_enable nls) \
+ $(use_enable selinux) \
+ $(use_enable cracklib) \
+ $(use_enable audit) \
+ $(use_enable debug) \
+ $(use_enable berkdb db) \
+ --with-db-uniquename=-$(db_findver sys-libs/db) \
+ --disable-dependency-tracking \
+ --disable-prelude \
+ ${myconf}
+}
+
+src_compile() {
+ emake sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "emake failed"
+}
+
+src_test() {
+ # explicitly allow parallel-build during testing
+ emake sepermitlockdir="${EPREFIX}/var/run/sepermit" check || die "emake check failed"
+}
+
+src_install() {
+ local lib
+
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "make install failed"
+
+ # Need to be suid
+ fperms u+s /sbin/unix_chkpwd
+
+ gen_usr_ldscript -a pam pamc pam_misc
+
+ # create extra symlinks just in case something depends on them...
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+
+ dodoc CHANGELOG ChangeLog README AUTHORS Copyright NEWS || die
+
+ docinto modules
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ # Get rid of the .la files. We certainly don't need them for PAM
+ # modules, and libpam is installed as a shared object only, so we
+ # don't ned them for static linking either.
+ find "${D}" -name '*.la' -delete
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
diff --git a/sys-libs/pam/pam-1.1.2.ebuild b/sys-libs/pam/pam-1.1.2.ebuild
new file mode 100644
index 0000000..90b6c6b
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.2.ebuild
@@ -0,0 +1,192 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.1.2.ebuild,v 1.1 2010/08/31 12:32:45 flameeyes Exp $
+
+EAPI="3"
+
+inherit libtool multilib eutils autotools pam toolchain-funcs flag-o-matic db-use
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="mirror://kernel/linux/libs/pam/library/${MY_P}.tar.bz2
+ mirror://kernel/linux/libs/pam/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb"
+
+RDEPEND="nls? ( virtual/libintl )
+ cracklib? ( >=sys-libs/cracklib-2.8.3 )
+ audit? ( sys-process/audit )
+ selinux? ( >=sys-libs/libselinux-1.28 )
+ berkdb? ( sys-libs/db )
+ elibc_glibc? ( >=sys-libs/glibc-2.7 )"
+DEPEND="${RDEPEND}
+ sys-devel/flex
+ nls? ( sys-devel/gettext )"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+ !sys-auth/pam_userdb"
+
+S="${WORKDIR}/${MY_P}"
+
+PROVIDE="virtual/pam"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ return $retval
+}
+
+pkg_setup() {
+ check_old_modules
+}
+
+src_prepare() {
+ # Avoid building xtests during "make all"; note that for what
+ # we're concerned xtests are not even executed, so we should
+ # probably use EXTRA_PROGRAMS.
+ epatch "${FILESDIR}/${MY_PN}-0.99.8.1-xtests.patch"
+
+ # Fix tests to find Berkeley DB as installed by Gentoo (with a
+ # library suffix but no suffix on the ELF symbols).
+ epatch "${FILESDIR}/${MY_PN}-1.1.1-gentoodb.patch"
+
+ # Fix building of doc/specs, see bug 339174
+ epatch "${FILESDIR}/${MY_PN}-1.0.4-cross-compile.patch"
+
+ # Remove libtool-2 libtool macros, see bug 261167
+ rm m4/libtool.m4 m4/lt*.m4 || die "rm libtool macros failed."
+
+ eautoreconf
+
+ elibtoolize
+}
+
+src_configure() {
+ local myconf
+
+ if use hppa || use elibc_FreeBSD; then
+ myconf="${myconf} --disable-pie"
+ fi
+
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+ export ac_cv_header_xcrypt_h=no
+
+ econf \
+ --disable-dependency-tracking \
+ --enable-fast-install \
+ --libdir="${EPREFIX}"/usr/$(get_libdir) \
+ --docdir="${EPREFIX}"/usr/share/doc/${PF} \
+ --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security \
+ --enable-isadir="${EPREFIX}"/$(get_libdir)/security \
+ $(use_enable nls) \
+ $(use_enable selinux) \
+ $(use_enable cracklib) \
+ $(use_enable audit) \
+ $(use_enable debug) \
+ $(use_enable berkdb db) \
+ --with-db-uniquename=-$(db_findver sys-libs/db) \
+ --disable-prelude \
+ ${myconf}
+}
+
+src_compile() {
+ emake sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "emake failed"
+}
+
+src_test() {
+ # explicitly allow parallel-build during testing
+ emake sepermitlockdir="${EPREFIX}/var/run/sepermit" check || die "emake check failed"
+}
+
+src_install() {
+ local lib
+
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "make install failed"
+
+ # Need to be suid
+ fperms u+s /sbin/unix_chkpwd
+
+ gen_usr_ldscript -a pam pamc pam_misc
+
+ # create extra symlinks just in case something depends on them...
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+
+ dodoc CHANGELOG ChangeLog README AUTHORS Copyright NEWS || die
+
+ docinto modules
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ # Get rid of the .la files. We certainly don't need them for PAM
+ # modules, and libpam is installed as a shared object only, so we
+ # don't ned them for static linking either.
+ find "${D}" -name '*.la' -delete
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep 'DEL.*libpam\\.so'"
+ elog ""
+ elog "Because of a bug present up to version 1.1.1-r2, you might have"
+ elog "an executable /var/log/tallylog file. If it is so, you can safely"
+ elog "correct it by running the command"
+ elog " chmod -x /var/log/tallylog"
+ elog ""
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] proj/hardened-dev:uclibc commit in: sys-libs/pam/, sys-libs/pam/files/
@ 2012-01-03 21:28 Anthony G. Basile
0 siblings, 0 replies; 3+ messages in thread
From: Anthony G. Basile @ 2012-01-03 21:28 UTC (permalink / raw
To: gentoo-commits
commit: 8d80d1cea25ddf6e1fcd1a0539fb0cb895e3f18f
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 3 21:28:28 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Jan 3 21:28:28 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=8d80d1ce
sys-libs/pam: stripped down ebuild for our purposes
(Portage version: 2.1.10.41/git/Linux x86_64, signed Manifest commit with key 0xD0455535)
---
...Linux-PAM-0.99.7.0-disable-regenerate-man.patch | 18 --
sys-libs/pam/files/Linux-PAM-1.0.2-noyp.patch | 247 --------------------
.../pam/files/Linux-PAM-1.0.4-cross-compile.patch | 35 ---
sys-libs/pam/files/Linux-PAM-1.0.4-fix-tests.patch | 13 -
sys-libs/pam/files/Linux-PAM-1.1.0-debug.patch | 13 -
sys-libs/pam/files/Linux-PAM-1.1.0-nonls.patch | 11 -
sys-libs/pam/files/Linux-PAM-1.1.0-uclibc.patch | 82 -------
sys-libs/pam/files/Linux-PAM-1.1.0-xcrypt.patch | 16 --
sys-libs/pam/files/Linux-PAM-1.1.1+berkdb-5.patch | 12 -
sys-libs/pam/files/Linux-PAM-1.1.1-xcrypt.patch | 21 --
sys-libs/pam/files/other.pamd | 6 -
sys-libs/pam/files/system-auth.pamd.epam | 15 --
sys-libs/pam/pam-1.0.4.ebuild | 188 ---------------
sys-libs/pam/pam-1.1.0.ebuild | 164 -------------
sys-libs/pam/pam-1.1.1-r2.ebuild | 186 ---------------
sys-libs/pam/pam-1.1.2.ebuild | 30 +--
16 files changed, 4 insertions(+), 1053 deletions(-)
diff --git a/sys-libs/pam/files/Linux-PAM-0.99.7.0-disable-regenerate-man.patch b/sys-libs/pam/files/Linux-PAM-0.99.7.0-disable-regenerate-man.patch
deleted file mode 100644
index a988b18..0000000
--- a/sys-libs/pam/files/Linux-PAM-0.99.7.0-disable-regenerate-man.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Index: Linux-PAM-0.99.7.0/configure.in
-===================================================================
---- Linux-PAM-0.99.7.0.orig/configure.in
-+++ Linux-PAM-0.99.7.0/configure.in
-@@ -420,10 +420,12 @@ AC_CHECK_FUNCS(inet_ntop inet_pton ruser
- AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
- AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
-
-+AC_ARG_ENABLE([regenerate-man],
-+ AC_HELP_STRING([--disable-regenerate-man], [Don't re-build manpages from XML souces]),
-+ [enable_man=$enableval], [enable_man=yes])
- dnl
- dnl Check for xsltproc
- dnl
--enable_man=yes
- AC_PATH_PROG([XSLTPROC], [xsltproc])
- if test -z "$XSLTPROC"; then
- enable_man=no
diff --git a/sys-libs/pam/files/Linux-PAM-1.0.2-noyp.patch b/sys-libs/pam/files/Linux-PAM-1.0.2-noyp.patch
deleted file mode 100644
index a0457b6..0000000
--- a/sys-libs/pam/files/Linux-PAM-1.0.2-noyp.patch
+++ /dev/null
@@ -1,247 +0,0 @@
-Index: Linux-PAM-1.0.2/configure.in
-===================================================================
---- Linux-PAM-1.0.2.orig/configure.in
-+++ Linux-PAM-1.0.2/configure.in
-@@ -399,12 +399,27 @@ fi
- AC_SUBST(LIBDB)
- AM_CONDITIONAL([HAVE_LIBDB], [test ! -z "$LIBDB"])
-
--AC_CHECK_LIB([nsl],[yp_get_default_domain], LIBNSL="-lnsl", LIBNSL="")
--BACKUP_LIBS=$LIBS
--LIBS="$LIBS $LIBNSL"
--AC_CHECK_FUNCS(yp_get_default_domain)
--LIBS=$BACKUP_LIBS
--AC_SUBST(LIBNSL)
-+LIBNSL=""; AC_SUBST(LIBNSL)
-+have_nis="yes"
-+
-+AC_CHECK_HEADERS([rpcsvc/ypclnt.h rpcsvc/yp_prot.h netdb.h], [:],
-+ [have_nis=no; break; ])
-+
-+AS_IF([test "x$have_nis" = "xyes"], [
-+ AC_CHECK_FUNCS([yp_get_default_domain], [:],
-+ AC_CHECK_LIB([nsl], [yp_get_default_domain], [LIBNSL="-lnsl"],
-+ [have_nis=no]))
-+])
-+
-+AS_IF([test "x$have_nis" = "xyes"], [
-+ AC_CHECK_FUNCS([innetgr], [:], [have_nis=no; break;])
-+])
-+
-+AS_IF([test "x$have_nis" = "xyes"], [
-+ AC_DEFINE([HAVE_NIS], [1], [Define this if you have NIS support])
-+])
-+
-+AM_CONDITIONAL([HAVE_NIS], [test "x$have_nis" = "xyes"])
-
- AC_ARG_ENABLE([selinux],
- AC_HELP_STRING([--disable-selinux],[do not use SELinux]),
-Index: Linux-PAM-1.0.2/modules/pam_access/pam_access.c
-===================================================================
---- Linux-PAM-1.0.2.orig/modules/pam_access/pam_access.c
-+++ Linux-PAM-1.0.2/modules/pam_access/pam_access.c
-@@ -41,7 +41,9 @@
- #include <errno.h>
- #include <ctype.h>
- #include <sys/utsname.h>
-+#ifdef HAVE_NIS
- #include <rpcsvc/ypclnt.h>
-+#endif
- #include <arpa/inet.h>
- #include <netdb.h>
- #include <sys/socket.h>
-@@ -471,11 +473,11 @@ static char *myhostname(void)
- }
-
- /* netgroup_match - match group against machine or user */
--
- static int
- netgroup_match (pam_handle_t *pamh, const char *netgroup,
- const char *machine, const char *user, int debug)
- {
-+#ifdef HAVE_NIS
- char *mydomain = NULL;
- int retval;
-
-@@ -490,7 +492,12 @@ netgroup_match (pam_handle_t *pamh, cons
- machine ? machine : "NULL",
- user ? user : "NULL", mydomain ? mydomain : "NULL");
- return retval;
-+#else
-+ pam_syslog(pamh, LOG_DEBUG,
-+ "netgroup match: no YellowPages support.");
-
-+ return NO;
-+#endif
- }
-
- /* user_match - match a username against one token */
-Index: Linux-PAM-1.0.2/modules/pam_unix/Makefile.am
-===================================================================
---- Linux-PAM-1.0.2.orig/modules/pam_unix/Makefile.am
-+++ Linux-PAM-1.0.2/modules/pam_unix/Makefile.am
-@@ -40,7 +40,11 @@ noinst_PROGRAMS = bigcrypt
-
- pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \
- pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \
-- passverify.c yppasswd_xdr.c md5_good.c md5_broken.c
-+ passverify.c md5_good.c md5_broken.c
-+
-+if HAVE_NIS
-+pam_unix_la_SOURCES += yppasswd_xdr.c
-+endif
-
- bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c
- bigcrypt_CFLAGS = $(AM_CFLAGS)
-Index: Linux-PAM-1.0.2/modules/pam_unix/pam_unix_passwd.c
-===================================================================
---- Linux-PAM-1.0.2.orig/modules/pam_unix/pam_unix_passwd.c
-+++ Linux-PAM-1.0.2/modules/pam_unix/pam_unix_passwd.c
-@@ -55,8 +55,10 @@
- #include <sys/time.h>
- #include <sys/stat.h>
- #include <rpc/rpc.h>
-+#ifdef HAVE_NIS
- #include <rpcsvc/yp_prot.h>
- #include <rpcsvc/ypclnt.h>
-+#endif
-
- #include <signal.h>
- #include <errno.h>
-@@ -103,6 +105,7 @@ extern int getrpcport(const char *host,
-
- #define MAX_PASSWD_TRIES 3
-
-+#ifdef HAVE_NIS
- static char *getNISserver(pam_handle_t *pamh)
- {
- char *master;
-@@ -132,6 +135,7 @@ static char *getNISserver(pam_handle_t *
- }
- return master;
- }
-+#endif
-
- #ifdef WITH_SELINUX
-
-@@ -299,6 +303,7 @@ static int _do_setpass(pam_handle_t* pam
- goto done;
- }
-
-+#ifdef HAVE_NIS
- if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
- if ((master=getNISserver(pamh)) != NULL) {
- struct timeval timeout;
-@@ -366,6 +371,7 @@ static int _do_setpass(pam_handle_t* pam
- retval = PAM_TRY_AGAIN;
- }
- }
-+#endif
-
- if (_unix_comesfromsource(pamh, forwho, 1, 0)) {
- if(unlocked) {
-Index: Linux-PAM-1.0.2/modules/pam_unix/support.c
-===================================================================
---- Linux-PAM-1.0.2.orig/modules/pam_unix/support.c
-+++ Linux-PAM-1.0.2/modules/pam_unix/support.c
-@@ -19,7 +19,9 @@
- #include <ctype.h>
- #include <syslog.h>
- #include <sys/resource.h>
-+#ifdef HAVE_NIS
- #include <rpcsvc/ypclnt.h>
-+#endif
-
- #include <security/_pam_macros.h>
- #include <security/pam_modules.h>
-@@ -263,6 +265,7 @@ int _unix_getpwnam(pam_handle_t *pamh, c
- }
- }
-
-+#ifdef HAVE_NIS
- if (!matched && nis) {
- char *userinfo = NULL, *domain = NULL;
- int len = 0, i;
-@@ -281,6 +284,7 @@ int _unix_getpwnam(pam_handle_t *pamh, c
- }
- }
- }
-+#endif
-
- if (matched && (ret != NULL)) {
- *ret = NULL;
-Index: Linux-PAM-1.0.2/modules/pam_group/pam_group.c
-===================================================================
---- Linux-PAM-1.0.2.orig/modules/pam_group/pam_group.c
-+++ Linux-PAM-1.0.2/modules/pam_group/pam_group.c
-@@ -659,7 +659,11 @@ static int check_account(pam_handle_t *p
- }
- /* If buffer starts with @, we are using netgroups */
- if (buffer[0] == '@')
-+#ifdef HAVE_NIS
- good &= innetgr (&buffer[1], NULL, user, NULL);
-+#else
-+ good = 0;
-+#endif
- else
- good &= logic_field(pamh,user, buffer, count, is_same);
- D(("with user: %s", good ? "passes":"fails" ));
-Index: Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.c
-===================================================================
---- Linux-PAM-1.0.2.orig/modules/pam_succeed_if/pam_succeed_if.c
-+++ Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.c
-@@ -229,6 +229,7 @@ evaluate_notingroup(pam_handle_t *pamh,
- return PAM_SUCCESS;
- return PAM_AUTH_ERR;
- }
-+#ifdef HAVE_NIS
- /* Return PAM_SUCCESS if the (host,user) is in the netgroup. */
- static int
- evaluate_innetgr(const char *host, const char *user, const char *group)
-@@ -245,6 +246,7 @@ evaluate_notinnetgr(const char *host, co
- return PAM_SUCCESS;
- return PAM_AUTH_ERR;
- }
-+#endif
-
- /* Match a triple. */
- static int
-@@ -356,6 +358,7 @@ evaluate(pam_handle_t *pamh, int debug,
- if (strcasecmp(qual, "notingroup") == 0) {
- return evaluate_notingroup(pamh, pwd->pw_name, right);
- }
-+#ifdef HAVE_NIS
- /* (Rhost, user) is in this netgroup. */
- if (strcasecmp(qual, "innetgr") == 0) {
- const void *rhost;
-@@ -370,6 +373,14 @@ evaluate(pam_handle_t *pamh, int debug,
- rhost = NULL;
- return evaluate_notinnetgr(rhost, pwd->pw_name, right);
- }
-+#else
-+ if (strcasecmp(qual, "innetgr") == 0 ||
-+ strcasecmp(qual, "notinnetgr") == 0) {
-+ pam_syslog(pamh, LOG_CRIT, "option \"%s\" not supported as no NIS support is present", qual);
-+ return PAM_SERVICE_ERR;
-+ }
-+#endif
-+
- /* Fail closed. */
- return PAM_SERVICE_ERR;
- }
-Index: Linux-PAM-1.0.2/modules/pam_time/pam_time.c
-===================================================================
---- Linux-PAM-1.0.2.orig/modules/pam_time/pam_time.c
-+++ Linux-PAM-1.0.2/modules/pam_time/pam_time.c
-@@ -555,7 +555,11 @@ check_account(pam_handle_t *pamh, const
- }
- /* If buffer starts with @, we are using netgroups */
- if (buffer[0] == '@')
-+#ifdef HAVE_NIS
- good &= innetgr (&buffer[1], NULL, user, NULL);
-+#else
-+ good = 0;
-+#endif
- else
- good &= logic_field(pamh, user, buffer, count, is_same);
- D(("with user: %s", good ? "passes":"fails" ));
diff --git a/sys-libs/pam/files/Linux-PAM-1.0.4-cross-compile.patch b/sys-libs/pam/files/Linux-PAM-1.0.4-cross-compile.patch
deleted file mode 100644
index 23a830b..0000000
--- a/sys-libs/pam/files/Linux-PAM-1.0.4-cross-compile.patch
+++ /dev/null
@@ -1,35 +0,0 @@
---- configure.in 2009-05-28 17:05:03.000000000 +0000
-+++ configure.in.new 2009-05-28 17:05:25.000000000 +0000
-@@ -129,6 +129,21 @@
- AC_C___ATTRIBUTE__
-
- dnl
-+dnl Get the host compiler if cross-compiling
-+dnl
-+AM_CONDITIONAL(CROSS_COMPILING, [ test $cross_compiling = yes ])
-+AC_MSG_CHECKING([for CC_FOR_BUILD])
-+if test "x${CC_FOR_BUILD+set}" != "xset" ; then
-+ if test "x$cross_compiling" = "xyes" ; then
-+ CC_FOR_BUILD=${CC_FOR_BUILD-gcc}
-+ else
-+ CC_FOR_BUILD=${CC}
-+ fi
-+fi
-+AC_MSG_RESULT([$CC_FOR_BUILD])
-+AC_SUBST(CC_FOR_BUILD)
-+
-+dnl
- dnl Check if --version-script is supported by ld
- dnl
- AC_CACHE_CHECK(for .symver assembler directive, libc_cv_asm_symver_directive,
---- doc/specs/Makefile.am 2009-05-28 17:05:03.000000000 +0000
-+++ doc/specs/Makefile.am.new 2009-05-28 17:06:06.000000000 +0000
-@@ -19,4 +19,8 @@
-
- padout_LDADD = @LEXLIB@
-
-+CC = @CC_FOR_BUILD@
-+CFLAGS =
-+LDFLAGS =
-+
- doc_DATA = draft-morgan-pam-current.txt rfc86.0.txt
diff --git a/sys-libs/pam/files/Linux-PAM-1.0.4-fix-tests.patch b/sys-libs/pam/files/Linux-PAM-1.0.4-fix-tests.patch
deleted file mode 100644
index b705f36..0000000
--- a/sys-libs/pam/files/Linux-PAM-1.0.4-fix-tests.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: Linux-PAM-1.0.4/tests/tst-pam_mkargv.c
-===================================================================
---- Linux-PAM-1.0.4.orig/tests/tst-pam_mkargv.c
-+++ Linux-PAM-1.0.4/tests/tst-pam_mkargv.c
-@@ -35,7 +35,7 @@ int main(void)
- printf ("\n");
- #endif
-
-- if (argvlen != 333)
-+ if (argvlen != ( 37 + ( 37 * sizeof(char*) ) ))
- return 1;
-
- if (myargc != 4)
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.0-debug.patch b/sys-libs/pam/files/Linux-PAM-1.1.0-debug.patch
deleted file mode 100644
index ec9f99b..0000000
--- a/sys-libs/pam/files/Linux-PAM-1.1.0-debug.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: Linux-PAM-1.1.0/modules/pam_env/pam_env.c
-===================================================================
---- Linux-PAM-1.1.0.orig/modules/pam_env/pam_env.c
-+++ Linux-PAM-1.1.0/modules/pam_env/pam_env.c
-@@ -120,7 +120,7 @@ _pam_parse (const pam_handle_t *pamh, in
- "user_envfile= specification missing argument - ignored");
- } else {
- *user_envfile = 13+*argv;
-- D(("new User Env File: %s", *user_env_file));
-+ D(("new User Env File: %s", *user_envfile));
- }
- } else if (!strncmp(*argv,"readenv=",8))
- *readenv = atoi(8+*argv);
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.0-nonls.patch b/sys-libs/pam/files/Linux-PAM-1.1.0-nonls.patch
deleted file mode 100644
index d52b6a0..0000000
--- a/sys-libs/pam/files/Linux-PAM-1.1.0-nonls.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- Linux-PAM-1.1.0/modules/pam_lastlog/pam_lastlog.c.orig
-+++ Linux-PAM-1.1.0/modules/pam_lastlog/pam_lastlog.c
-@@ -471,7 +471,7 @@ last_login_failed(pam_handle_t *pamh, in
- failed),
- failed);
- #else
-- if (daysleft == 1)
-+ if (failed == 1)
- retval = asprintf(&line,
- _("There was %d failed login attempt since the last successful login."),
- failed);
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.0-uclibc.patch b/sys-libs/pam/files/Linux-PAM-1.1.0-uclibc.patch
deleted file mode 100644
index 6b8fa25..0000000
--- a/sys-libs/pam/files/Linux-PAM-1.1.0-uclibc.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-Index: Linux-PAM-1.1.0/modules/pam_pwhistory/opasswd.c
-===================================================================
---- Linux-PAM-1.1.0.orig/modules/pam_pwhistory/opasswd.c
-+++ Linux-PAM-1.1.0/modules/pam_pwhistory/opasswd.c
-@@ -94,6 +94,23 @@ parse_entry (char *line, opwd *data)
- return 0;
- }
-
-+static int
-+compare_password(const char *newpass, const char *oldpass)
-+{
-+ char *outval;
-+#ifdef HAVE_CRYPT_R
-+ struct crypt_data output;
-+
-+ output.initialized = 0;
-+
-+ outval = crypt_r (newpass, oldpass, &output);
-+#else
-+ outval = crypt (newpass, oldpass);
-+#endif
-+
-+ return strcmp(outval, oldpass) == 0;
-+}
-+
- /* Check, if the new password is already in the opasswd file. */
- int
- check_old_password (pam_handle_t *pamh, const char *user,
-@@ -167,12 +184,9 @@ check_old_password (pam_handle_t *pamh,
- if (found)
- {
- const char delimiters[] = ",";
-- struct crypt_data output;
- char *running;
- char *oldpass;
-
-- memset (&output, 0, sizeof (output));
--
- running = strdupa (entry.old_passwords);
- if (running == NULL)
- return PAM_BUF_ERR;
-@@ -180,7 +194,7 @@ check_old_password (pam_handle_t *pamh,
- do {
- oldpass = strsep (&running, delimiters);
- if (oldpass && strlen (oldpass) > 0 &&
-- strcmp (crypt_r (newpass, oldpass, &output), oldpass) == 0)
-+ compare_password(newpass, oldpass) )
- {
- if (debug)
- pam_syslog (pamh, LOG_DEBUG, "New password already used");
-Index: Linux-PAM-1.1.0/configure.in
-===================================================================
---- Linux-PAM-1.1.0.orig/configure.in
-+++ Linux-PAM-1.1.0/configure.in
-@@ -458,7 +458,7 @@ AC_FUNC_MEMCMP
- AC_FUNC_VPRINTF
- AC_CHECK_FUNCS(fseeko gethostname gettimeofday lckpwdf mkdir select)
- AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
--AC_CHECK_FUNCS(getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
-+AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
- AC_CHECK_FUNCS(getgrouplist getline getdelim)
- AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af)
-
-Index: Linux-PAM-1.1.0/modules/pam_timestamp/pam_timestamp.c
-===================================================================
---- Linux-PAM-1.1.0.orig/modules/pam_timestamp/pam_timestamp.c
-+++ Linux-PAM-1.1.0/modules/pam_timestamp/pam_timestamp.c
-@@ -200,7 +200,13 @@ check_login_time(const char *ruser, time
- time_t oldest_login = 0;
-
- setutent();
-- while(!getutent_r(&utbuf, &ut)) {
-+ while(
-+#ifdef HAVE_GETUTENT_R
-+ !getutent_r(&utbuf, &ut)
-+#else
-+ (ut = getutent()) != NULL
-+#endif
-+ ) {
- if (ut->ut_type != USER_PROCESS) {
- continue;
- }
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.0-xcrypt.patch b/sys-libs/pam/files/Linux-PAM-1.1.0-xcrypt.patch
deleted file mode 100644
index 4f4872d..0000000
--- a/sys-libs/pam/files/Linux-PAM-1.1.0-xcrypt.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Index: Linux-PAM-1.1.1/configure.in
-===================================================================
---- Linux-PAM-1.1.1.orig/configure.in
-+++ Linux-PAM-1.1.1/configure.in
-@@ -360,6 +360,10 @@ AC_SUBST(LIBAUDIT)
- AC_CHECK_HEADERS(xcrypt.h crypt.h)
-+AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"],
-+ [crypt_libs="xcrypt crypt"],
-+ [crypt_libs="crypt"])
-+
- BACKUP_LIBS=$LIBS
--AC_SEARCH_LIBS([crypt],[xcrypt crypt], LIBCRYPT="-l$ac_lib", LIBCRYPT="")
-+AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="-l$ac_lib", LIBCRYPT="")
- AC_CHECK_FUNCS(crypt_r crypt_gensalt_rn)
- LIBS=$BACKUP_LIBS
- AC_SUBST(LIBCRYPT)
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.1+berkdb-5.patch b/sys-libs/pam/files/Linux-PAM-1.1.1+berkdb-5.patch
deleted file mode 100644
index ece9211..0000000
--- a/sys-libs/pam/files/Linux-PAM-1.1.1+berkdb-5.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-Index: Linux-PAM-1.1.1/modules/pam_userdb/pam_userdb.c
-===================================================================
---- Linux-PAM-1.1.1.orig/modules/pam_userdb/pam_userdb.c
-+++ Linux-PAM-1.1.1/modules/pam_userdb/pam_userdb.c
-@@ -30,6 +30,7 @@
- #else
- # ifdef HAVE_DB_H
- # define DB_DBM_HSEARCH 1 /* use the dbm interface */
-+# define HAVE_DBM /* for BerkDB 5.0 and later */
- # include <db.h>
- # else
- # error "failed to find a libdb or equivalent"
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.1-xcrypt.patch b/sys-libs/pam/files/Linux-PAM-1.1.1-xcrypt.patch
deleted file mode 100644
index f842da7..0000000
--- a/sys-libs/pam/files/Linux-PAM-1.1.1-xcrypt.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Index: Linux-PAM-1.1.1/configure.in
-===================================================================
---- Linux-PAM-1.1.1.orig/configure.in
-+++ Linux-PAM-1.1.1/configure.in
-@@ -361,10 +361,14 @@ AM_CONDITIONAL([HAVE_AUDIT_TTY_STATUS],
- [test "x$HAVE_AUDIT_TTY_STATUS" = xyes])
-
- AC_CHECK_HEADERS(xcrypt.h crypt.h)
-+AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"],
-+ [crypt_libs="xcrypt crypt"],
-+ [crypt_libs="crypt"])
-+
- BACKUP_LIBS=$LIBS
--AC_SEARCH_LIBS([crypt],[xcrypt crypt], LIBCRYPT="-l$ac_lib", LIBCRYPT="")
-+AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="-l$ac_lib", LIBCRYPT="")
- AC_CHECK_FUNCS(crypt_r crypt_gensalt_r)
--Libs=$BACKUP_LIBS
-+LIBS=$BACKUP_LIBS
- AC_SUBST(LIBCRYPT)
- if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then
- AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.])
diff --git a/sys-libs/pam/files/other.pamd b/sys-libs/pam/files/other.pamd
deleted file mode 100644
index 85ca04e..0000000
--- a/sys-libs/pam/files/other.pamd
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-
-auth required pam_deny.so
-account required pam_deny.so
-password required pam_deny.so
-session required pam_deny.so
diff --git a/sys-libs/pam/files/system-auth.pamd.epam b/sys-libs/pam/files/system-auth.pamd.epam
deleted file mode 100644
index bdee6f4..0000000
--- a/sys-libs/pam/files/system-auth.pamd.epam
+++ /dev/null
@@ -1,15 +0,0 @@
-#%PAM-1.0
-
-auth required pam_env.so
-auth sufficient pam_unix.so try_first_pass likeauth nullok
-auth required pam_deny.so
-
-account required pam_unix.so
-
-#%EPAM-Use-Flag:cracklib%#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3
-#%EPAM-Use-Flag:cracklib%#password sufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow
-#%EPAM-Use-Flag:!cracklib%#password sufficient pam_unix.so try_first_pass nullok md5 shadow
-password required pam_deny.so
-
-session required pam_limits.so
-session required pam_unix.so
diff --git a/sys-libs/pam/pam-1.0.4.ebuild b/sys-libs/pam/pam-1.0.4.ebuild
deleted file mode 100644
index 1632431..0000000
--- a/sys-libs/pam/pam-1.0.4.ebuild
+++ /dev/null
@@ -1,188 +0,0 @@
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.0.4.ebuild,v 1.11 2009/03/27 17:08:40 armin76 Exp $
-
-WANT_AUTOCONF="latest"
-WANT_AUTOMAKE="latest"
-
-inherit libtool multilib eutils autotools pam toolchain-funcs flag-o-matic
-
-MY_PN="Linux-PAM"
-MY_P="${MY_PN}-${PV}"
-
-HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
-DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
-
-SRC_URI="mirror://kernel/linux/libs/pam/library/${MY_P}.tar.bz2"
-
-LICENSE="|| ( BSD GPL-2 )"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc"
-
-RDEPEND="nls? ( virtual/libintl )
- cracklib? ( >=sys-libs/cracklib-2.8.3 )
- audit? ( sys-process/audit )
- selinux? ( >=sys-libs/libselinux-1.28 )"
-DEPEND="${RDEPEND}
- sys-devel/flex
- test? ( elibc_glibc? ( >=sys-libs/glibc-2.4 ) )
- nls? ( sys-devel/gettext )"
-PDEPEND="sys-auth/pambase
- vim-syntax? ( app-vim/pam-syntax )"
-
-S="${WORKDIR}/${MY_P}"
-
-PROVIDE="virtual/pam"
-
-check_old_modules() {
- local retval="0"
-
- if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
- eerror ""
- eerror "Your current setup is using the pam_stack module."
- eerror "This module is deprecated and no longer supported, and since version"
- eerror "0.99 is no longer installed, nor provided by any other package."
- eerror "The package will be built (to allow binary package builds), but will"
- eerror "not be installed."
- eerror "Please replace pam_stack usage with proper include directive usage,"
- eerror "following the PAM Upgrade guide at the following URL"
- eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
- eerror ""
- ebeep 15
-
- retval=1
- fi
-
- if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|timestamp|console)'; then
- eerror ""
- eerror "Your current setup is using one or more of the following modules,"
- eerror "that are not built or supported anymore:"
- eerror "pam_pwdb, pam_timestamp, pam_console"
- eerror "If you are in real need for these modules, please contact the maintainers"
- eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
- eerror "use cases."
- eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
- eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
- eerror ""
- ebeep 10
-
- retval=1
- fi
-
- # Produce the warnings only during upgrade, for the following two
- has_version '<sys-libs/pam-0.99' || return $retval
-
- # This works only for those modules that are moved to sys-auth/$module, or the
- # message will be wrong.
- for module in pam_chroot pam_userdb pam_radius; do
- if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q ${module}.so; then
- ewarn ""
- ewarn "Your current setup is using the ${module} module."
- ewarn "Since version 0.99, ${CATEGORY}/${PN} does not provide this module"
- ewarn "anymore; if you want to continue using this module, you should install"
- ewarn "sys-auth/${module}."
- ewarn ""
- ebeep 5
- fi
- done
-
- return $retval
-}
-
-pkg_setup() {
- check_old_modules
-}
-
-src_unpack() {
- unpack ${A}
- cd "${S}"
-
- mkdir -p doc/txts
- for readme in modules/pam_*/README; do
- cp -f "${readme}" doc/txts/README.$(dirname "${readme}" | \
- sed -e 's|^modules/||')
- done
-
- epatch "${FILESDIR}/${MY_PN}-0.99.7.0-disable-regenerate-man.patch"
- epatch "${FILESDIR}/${MY_PN}-0.99.8.1-xtests.patch"
-
- # Remove NIS dependencies, see bug #235431
- epatch "${FILESDIR}/${MY_PN}-1.0.2-noyp.patch"
-
- # Fix building of doc/specs
- epatch "${FILESDIR}/${MY_PN}-1.0.4-cross-compile.patch"
-
- # Fix tests on systems where sizeof(void*) != 8
- epatch "${FILESDIR}/${MY_PN}-1.0.4-fix-tests.patch"
-
- # Remove libtool-2 libtool macros, see bug 261167
- rm m4/libtool.m4 m4/lt*.m4 || die "rm libtool macros failed."
-
- AT_M4DIR="m4" eautoreconf
-
- elibtoolize
-}
-
-src_compile() {
- local myconf
-
- if use hppa || use elibc_FreeBSD; then
- myconf="${myconf} --disable-pie"
- fi
-
- # KEEP COMMENTED OUT! It seems like it fails to build with USE=debug!
- # Do _not_ move this to $(use_enable) without checking if the
- # configure.in has been fixed. As of 2009/03/03 it's still broken
- # on upstream's CVS, and --disable-debug means --enable-debug too.
- # if use debug; then
- # myconf="${myconf} --enable-debug"
- # fi
-
- econf \
- --libdir=/usr/$(get_libdir) \
- --docdir=/usr/share/doc/${PF} \
- --htmldir=/usr/share/doc/${PF}/html \
- --enable-securedir=/$(get_libdir)/security \
- --enable-isadir=/$(get_libdir)/security \
- $(use_enable nls) \
- $(use_enable selinux) \
- $(use_enable cracklib) \
- $(use_enable audit) \
- --disable-db \
- --disable-dependency-tracking \
- --disable-prelude \
- --disable-regenerate-man \
- ${myconf} || die "econf failed"
- emake sepermitlockdir="/var/run/sepermit" || die "emake failed"
-}
-
-src_install() {
- emake DESTDIR="${D}" install \
- sepermitlockdir="/var/run/sepermit" || die "make install failed"
-
- # Need to be suid
- fperms u+s /sbin/unix_chkpwd
-
- dodir /$(get_libdir)
- mv "${D}/usr/$(get_libdir)/libpam.so"* "${D}/$(get_libdir)/"
- mv "${D}/usr/$(get_libdir)/libpamc.so"* "${D}/$(get_libdir)/"
- mv "${D}/usr/$(get_libdir)/libpam_misc.so"* "${D}/$(get_libdir)/"
- gen_usr_ldscript libpam.so libpamc.so libpam_misc.so
-
- dodoc CHANGELOG ChangeLog README AUTHORS Copyright
- docinto modules ; dodoc doc/txts/README.*
-
- # Remove the wrongly installed manpages
- rm "${D}"/usr/share/man/man8/pam_userdb.8*
- use cracklib || rm "${D}"/usr/share/man/man8/pam_cracklib.8*
-
- # Get rid of the .la files. We certainly don't need them for PAM
- # modules, and libpam is installed as a shared object only, so we
- # don't ned them for static linking either.
- find "${D}" -name '*.la' -delete
-}
-
-pkg_preinst() {
- check_old_modules || die "deprecated PAM modules still used"
-}
diff --git a/sys-libs/pam/pam-1.1.0.ebuild b/sys-libs/pam/pam-1.1.0.ebuild
deleted file mode 100644
index 8b1a1d2..0000000
--- a/sys-libs/pam/pam-1.1.0.ebuild
+++ /dev/null
@@ -1,164 +0,0 @@
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.1.0.ebuild,v 1.5 2009/06/21 16:50:28 flameeyes Exp $
-
-inherit libtool multilib eutils autotools pam toolchain-funcs flag-o-matic
-
-MY_PN="Linux-PAM"
-MY_P="${MY_PN}-${PV}"
-
-HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
-DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
-
-SRC_URI="mirror://kernel/linux/libs/pam/library/${MY_P}.tar.bz2
- mirror://kernel/linux/libs/pam/documentation/${MY_P}-docs.tar.bz2"
-
-LICENSE="|| ( BSD GPL-2 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug"
-
-RDEPEND="nls? ( virtual/libintl )
- cracklib? ( >=sys-libs/cracklib-2.8.3 )
- audit? ( sys-process/audit )
- selinux? ( >=sys-libs/libselinux-1.28 )
- elibc_glibc? ( >=sys-libs/glibc-2.7 )"
-DEPEND="${RDEPEND}
- sys-devel/flex
- nls? ( sys-devel/gettext )"
-PDEPEND="sys-auth/pambase
- vim-syntax? ( app-vim/pam-syntax )"
-
-S="${WORKDIR}/${MY_P}"
-
-PROVIDE="virtual/pam"
-
-check_old_modules() {
- local retval="0"
-
- if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
- eerror ""
- eerror "Your current setup is using the pam_stack module."
- eerror "This module is deprecated and no longer supported, and since version"
- eerror "0.99 is no longer installed, nor provided by any other package."
- eerror "The package will be built (to allow binary package builds), but will"
- eerror "not be installed."
- eerror "Please replace pam_stack usage with proper include directive usage,"
- eerror "following the PAM Upgrade guide at the following URL"
- eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
- eerror ""
- ebeep 15
-
- retval=1
- fi
-
- if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
- eerror ""
- eerror "Your current setup is using one or more of the following modules,"
- eerror "that are not built or supported anymore:"
- eerror "pam_pwdb, pam_console"
- eerror "If you are in real need for these modules, please contact the maintainers"
- eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
- eerror "use cases."
- eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
- eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
- eerror ""
- ebeep 10
-
- retval=1
- fi
-
- return $retval
-}
-
-pkg_setup() {
- check_old_modules
-}
-
-src_unpack() {
- unpack ${A}
- cd "${S}"
-
- # Avoid building xtests during "make all"; note that for what
- # we're concerned xtests are not even executed, so we should
- # probably use EXTRA_PROGRAMS.
- epatch "${FILESDIR}/${MY_PN}-0.99.8.1-xtests.patch"
-
- # Remove NIS dependencies, see bug #235431
- epatch "${FILESDIR}/${MY_PN}-1.0.2-noyp.patch"
-
- # Fix building with debug USE flag enabled
- epatch "${FILESDIR}/${MY_PN}-1.1.0-debug.patch"
-
- # Fix building with nls USE flag disabled
- epatch "${FILESDIR}/${MY_PN}-1.1.0-nonls.patch"
-
- # Fix building of doc/specs
- epatch "${FILESDIR}/${MY_PN}-1.0.4-cross-compile.patch"
-
- # Remove libtool-2 libtool macros, see bug 261167
- rm m4/libtool.m4 m4/lt*.m4 || die "rm libtool macros failed."
-
- AT_M4DIR="m4" eautoreconf
-
- elibtoolize
-}
-
-src_compile() {
- local myconf
-
- if use hppa || use elibc_FreeBSD; then
- myconf="${myconf} --disable-pie"
- fi
-
- econf \
- --libdir=/usr/$(get_libdir) \
- --docdir=/usr/share/doc/${PF} \
- --htmldir=/usr/share/doc/${PF}/html \
- --enable-securedir=/$(get_libdir)/security \
- --enable-isadir=/$(get_libdir)/security \
- $(use_enable nls) \
- $(use_enable selinux) \
- $(use_enable cracklib) \
- $(use_enable audit) \
- $(use_enable debug) \
- --disable-db \
- --disable-dependency-tracking \
- --disable-prelude \
- ${myconf} || die "econf failed"
- emake sepermitlockdir="/var/run/sepermit" || die "emake failed"
-}
-
-src_install() {
- emake DESTDIR="${D}" install \
- sepermitlockdir="/var/run/sepermit" || die "make install failed"
-
- # Need to be suid
- fperms u+s /sbin/unix_chkpwd
-
- dodir /$(get_libdir)
- mv "${D}/usr/$(get_libdir)/libpam.so"* "${D}/$(get_libdir)/"
- mv "${D}/usr/$(get_libdir)/libpamc.so"* "${D}/$(get_libdir)/"
- mv "${D}/usr/$(get_libdir)/libpam_misc.so"* "${D}/$(get_libdir)/"
- gen_usr_ldscript libpam.so libpamc.so libpam_misc.so
-
- dodoc CHANGELOG ChangeLog README AUTHORS Copyright NEWS || die
-
- docinto modules
- for dir in modules/pam_*; do
- newdoc "${dir}"/README README."$(basename "${dir}")"
- done
-
- # Remove the wrongly installed manpages
- rm "${D}"/usr/share/man/man8/pam_userdb.8*
- use cracklib || rm "${D}"/usr/share/man/man8/pam_cracklib.8*
-
- # Get rid of the .la files. We certainly don't need them for PAM
- # modules, and libpam is installed as a shared object only, so we
- # don't ned them for static linking either.
- find "${D}" -name '*.la' -delete
-}
-
-pkg_preinst() {
- check_old_modules || die "deprecated PAM modules still used"
-}
diff --git a/sys-libs/pam/pam-1.1.1-r2.ebuild b/sys-libs/pam/pam-1.1.1-r2.ebuild
deleted file mode 100644
index d5f433e..0000000
--- a/sys-libs/pam/pam-1.1.1-r2.ebuild
+++ /dev/null
@@ -1,186 +0,0 @@
-# Copyright 1999-2010 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.1.1-r2.ebuild,v 1.4 2010/05/22 09:09:08 jlec Exp $
-
-EAPI="3"
-
-inherit libtool multilib eutils autotools pam toolchain-funcs flag-o-matic db-use
-
-MY_PN="Linux-PAM"
-MY_P="${MY_PN}-${PV}"
-
-HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
-DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
-
-SRC_URI="mirror://kernel/linux/libs/pam/library/${MY_P}.tar.bz2
- mirror://kernel/linux/libs/pam/documentation/${MY_P}-docs.tar.bz2"
-
-LICENSE="|| ( BSD GPL-2 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
-IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb"
-
-RDEPEND="nls? ( virtual/libintl )
- cracklib? ( >=sys-libs/cracklib-2.8.3 )
- audit? ( sys-process/audit )
- selinux? ( >=sys-libs/libselinux-1.28 )
- berkdb? ( sys-libs/db )
- elibc_glibc? ( >=sys-libs/glibc-2.7 )"
-DEPEND="${RDEPEND}
- sys-devel/flex
- nls? ( sys-devel/gettext )"
-PDEPEND="sys-auth/pambase
- vim-syntax? ( app-vim/pam-syntax )"
-RDEPEND="${RDEPEND}
- !sys-auth/pam_userdb"
-
-S="${WORKDIR}/${MY_P}"
-
-PROVIDE="virtual/pam"
-
-check_old_modules() {
- local retval="0"
-
- if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
- eerror ""
- eerror "Your current setup is using the pam_stack module."
- eerror "This module is deprecated and no longer supported, and since version"
- eerror "0.99 is no longer installed, nor provided by any other package."
- eerror "The package will be built (to allow binary package builds), but will"
- eerror "not be installed."
- eerror "Please replace pam_stack usage with proper include directive usage,"
- eerror "following the PAM Upgrade guide at the following URL"
- eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
- eerror ""
-
- retval=1
- fi
-
- if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
- eerror ""
- eerror "Your current setup is using one or more of the following modules,"
- eerror "that are not built or supported anymore:"
- eerror "pam_pwdb, pam_console"
- eerror "If you are in real need for these modules, please contact the maintainers"
- eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
- eerror "use cases."
- eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
- eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
- eerror ""
-
- retval=1
- fi
-
- return $retval
-}
-
-pkg_setup() {
- check_old_modules
-}
-
-src_prepare() {
- # Avoid building xtests during "make all"; note that for what
- # we're concerned xtests are not even executed, so we should
- # probably use EXTRA_PROGRAMS.
- epatch "${FILESDIR}/${MY_PN}-0.99.8.1-xtests.patch"
-
- # Fix building on uClibc; it is added since 1.1.1 but applies to
- # 1.1.0 as well.
- epatch "${FILESDIR}/${MY_PN}-1.1.0-uclibc.patch"
-
- # Fix tests to find Berkeley DB as installed by Gentoo (with a
- # library suffix but no suffix on the ELF symbols).
- epatch "${FILESDIR}/${MY_PN}-1.1.1-gentoodb.patch"
-
- # make it possible to skip libxcrypt detection if header is not
- # found
- epatch "${FILESDIR}/${MY_PN}-1.1.1-xcrypt.patch"
-
- # fix building with Berkeley DB 5.0 and later; now defining
- # DB_DBM_HSEARCH is not enough; bug #319831
- epatch "${FILESDIR}/${MY_PN}-1.1.1+berkdb-5.patch"
-
- # Fix building of doc/specs
- epatch "${FILESDIR}/${MY_PN}-1.0.4-cross-compile.patch"
-
- # Remove libtool-2 libtool macros, see bug 261167
- rm m4/libtool.m4 m4/lt*.m4 || die "rm libtool macros failed."
-
- eautoreconf
-
- elibtoolize
-}
-
-src_configure() {
- local myconf
-
- if use hppa || use elibc_FreeBSD; then
- myconf="${myconf} --disable-pie"
- fi
-
- # Disable automatic detection of libxcrypt; we _don't_ want the
- # user to link libxcrypt in by default, since we won't track the
- # dependency and allow to break PAM this way.
- export ac_cv_header_xcrypt_h=no
-
- econf \
- --libdir="${EPREFIX}"/usr/$(get_libdir) \
- --docdir="${EPREFIX}"/usr/share/doc/${PF} \
- --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \
- --enable-securedir="${EPREFIX}"/$(get_libdir)/security \
- --enable-isadir="${EPREFIX}"/$(get_libdir)/security \
- $(use_enable nls) \
- $(use_enable selinux) \
- $(use_enable cracklib) \
- $(use_enable audit) \
- $(use_enable debug) \
- $(use_enable berkdb db) \
- --with-db-uniquename=-$(db_findver sys-libs/db) \
- --disable-dependency-tracking \
- --disable-prelude \
- ${myconf}
-}
-
-src_compile() {
- emake sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "emake failed"
-}
-
-src_test() {
- # explicitly allow parallel-build during testing
- emake sepermitlockdir="${EPREFIX}/var/run/sepermit" check || die "emake check failed"
-}
-
-src_install() {
- local lib
-
- emake DESTDIR="${D}" install \
- sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "make install failed"
-
- # Need to be suid
- fperms u+s /sbin/unix_chkpwd
-
- gen_usr_ldscript -a pam pamc pam_misc
-
- # create extra symlinks just in case something depends on them...
- for lib in pam pamc pam_misc; do
- if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
- dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
- fi
- done
-
- dodoc CHANGELOG ChangeLog README AUTHORS Copyright NEWS || die
-
- docinto modules
- for dir in modules/pam_*; do
- newdoc "${dir}"/README README."$(basename "${dir}")"
- done
-
- # Get rid of the .la files. We certainly don't need them for PAM
- # modules, and libpam is installed as a shared object only, so we
- # don't ned them for static linking either.
- find "${D}" -name '*.la' -delete
-}
-
-pkg_preinst() {
- check_old_modules || die "deprecated PAM modules still used"
-}
diff --git a/sys-libs/pam/pam-1.1.2.ebuild b/sys-libs/pam/pam-1.1.2.ebuild
index 90b6c6b..93f1653 100644
--- a/sys-libs/pam/pam-1.1.2.ebuild
+++ b/sys-libs/pam/pam-1.1.2.ebuild
@@ -12,32 +12,25 @@ MY_P="${MY_PN}-${PV}"
HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
-SRC_URI="mirror://kernel/linux/libs/pam/library/${MY_P}.tar.bz2
- mirror://kernel/linux/libs/pam/documentation/${MY_P}-docs.tar.bz2"
+SRC_URI="http://mirror.anl.gov/pub/linux/libs/pam/library/${MY_P}.tar.bz2"
LICENSE="|| ( BSD GPL-2 )"
SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
-IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb"
+KEYWORDS="~amd64 ~x86"
+IUSE="cracklib nls vim-syntax audit test debug berkdb"
RDEPEND="nls? ( virtual/libintl )
cracklib? ( >=sys-libs/cracklib-2.8.3 )
audit? ( sys-process/audit )
- selinux? ( >=sys-libs/libselinux-1.28 )
- berkdb? ( sys-libs/db )
- elibc_glibc? ( >=sys-libs/glibc-2.7 )"
+ berkdb? ( sys-libs/db )"
DEPEND="${RDEPEND}
sys-devel/flex
nls? ( sys-devel/gettext )"
PDEPEND="sys-auth/pambase
vim-syntax? ( app-vim/pam-syntax )"
-RDEPEND="${RDEPEND}
- !sys-auth/pam_userdb"
S="${WORKDIR}/${MY_P}"
-PROVIDE="virtual/pam"
-
check_old_modules() {
local retval="0"
@@ -88,27 +81,13 @@ src_prepare() {
# library suffix but no suffix on the ELF symbols).
epatch "${FILESDIR}/${MY_PN}-1.1.1-gentoodb.patch"
- # Fix building of doc/specs, see bug 339174
- epatch "${FILESDIR}/${MY_PN}-1.0.4-cross-compile.patch"
-
- # Remove libtool-2 libtool macros, see bug 261167
- rm m4/libtool.m4 m4/lt*.m4 || die "rm libtool macros failed."
-
eautoreconf
-
elibtoolize
}
src_configure() {
local myconf
- if use hppa || use elibc_FreeBSD; then
- myconf="${myconf} --disable-pie"
- fi
-
- # Disable automatic detection of libxcrypt; we _don't_ want the
- # user to link libxcrypt in by default, since we won't track the
- # dependency and allow to break PAM this way.
export ac_cv_header_xcrypt_h=no
econf \
@@ -120,7 +99,6 @@ src_configure() {
--enable-securedir="${EPREFIX}"/$(get_libdir)/security \
--enable-isadir="${EPREFIX}"/$(get_libdir)/security \
$(use_enable nls) \
- $(use_enable selinux) \
$(use_enable cracklib) \
$(use_enable audit) \
$(use_enable debug) \
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] proj/hardened-dev:uclibc commit in: sys-libs/pam/, sys-libs/pam/files/
@ 2012-06-30 19:31 Anthony G. Basile
0 siblings, 0 replies; 3+ messages in thread
From: Anthony G. Basile @ 2012-06-30 19:31 UTC (permalink / raw
To: gentoo-commits
commit: 76e4e1ba44589fadd589353b4a06a26245492f7f
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 30 19:31:32 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Jun 30 19:31:32 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=76e4e1ba
sys-libs/pam: moving towards pam-less systems
---
sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch | 18 --
sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch | 20 ---
sys-libs/pam/metadata.xml | 29 ----
sys-libs/pam/pam-1.1.2.ebuild | 170 --------------------
4 files changed, 0 insertions(+), 237 deletions(-)
diff --git a/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch b/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch
deleted file mode 100644
index 2cd3e95..0000000
--- a/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-This patch makes sure that the xtests programs don't get build when running
-'make all', as they might fail to build (for instance if GLIBC 2.3 is used).
-
-Note that the tests are not executed by default at make check because they
-are anyway broken.
-Index: Linux-PAM-0.99.9.0/xtests/Makefile.am
-===================================================================
---- Linux-PAM-0.99.9.0.orig/xtests/Makefile.am
-+++ Linux-PAM-0.99.9.0/xtests/Makefile.am
-@@ -29,7 +29,7 @@ XTESTS = tst-pam_dispatch1 tst-pam_dispa
- tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \
- tst-pam_group1
-
--noinst_PROGRAMS = $(XTESTS)
-+check_PROGRAMS = $(XTESTS)
-
- xtests: $(XTESTS) run-xtests.sh
- "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS}
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch b/sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch
deleted file mode 100644
index 0334496..0000000
--- a/sys-libs/pam/files/Linux-PAM-1.1.1-gentoodb.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Index: Linux-PAM-1.1.1/configure.in
-===================================================================
---- Linux-PAM-1.1.1.orig/configure.in
-+++ Linux-PAM-1.1.1/configure.in
-@@ -389,10 +389,11 @@ AC_ARG_WITH([db-uniquename],
- AS_HELP_STRING([--with-db-uniquename=extension],[Unique name for db libraries and functions.]))
- if test x"$WITH_DB" != xno ; then
- if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then
-- AC_CHECK_LIB([db$with_db_uniquename], [db_create$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="")
-- if test -z "$LIBDB" ; then
-- AC_CHECK_LIB([db$with_db_uniquename], [dbm_store$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="")
-- fi
-+ old_libs=$LIBS
-+ LIBS="$LIBS -ldb$with_db_uniquename"
-+ AC_CHECK_FUNCS([db_create$with_db_uniquename db_create dbm_store$with_db_uniquename dbm_store],
-+ [LIBDB="-ldb$with_db_uniquename"; break])
-+ LIBS=$old_libs
- fi
- if test -z "$LIBDB" ; then
- AC_CHECK_LIB([ndbm],[dbm_store], LIBDB="-lndbm", LIBDB="")
diff --git a/sys-libs/pam/metadata.xml b/sys-libs/pam/metadata.xml
deleted file mode 100644
index e5b58f5..0000000
--- a/sys-libs/pam/metadata.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <herd>pam</herd>
- <maintainer>
- <email>pam-bugs@gentoo.org</email>
- </maintainer>
- <use>
- <flag name='audit'>Enable support for <pkg>sys-process/audit</pkg></flag>
-
- <flag name="berkdb">
- Build the pam_userdb module, that allows to authenticate users
- against a Berkeley DB file. Please note that enabling this USE
- flag will create a PAM module that links to the Berkeley DB (as
- provided by <pkg>sys-libs/db</pkg>) installed in /usr/lib and
- will thus not work for boot-critical services authentication.
- </flag>
-
- <flag name="cracklib">
- Build the pam_cracklib module, that allows to verify the chosen
- passwords' strength through the use of
- <pkg>sys-libs/cracklib</pkg>. Please note that simply enabling
- the USE flag on this package will not make use of pam_cracklib
- by default, you should also enable it in
- <pkg>sys-auth/pambase</pkg> as well as update your configuration
- files.
- </flag>
- </use>
-</pkgmetadata>
diff --git a/sys-libs/pam/pam-1.1.2.ebuild b/sys-libs/pam/pam-1.1.2.ebuild
deleted file mode 100644
index 80f41dc..0000000
--- a/sys-libs/pam/pam-1.1.2.ebuild
+++ /dev/null
@@ -1,170 +0,0 @@
-# Copyright 1999-2010 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.1.2.ebuild,v 1.1 2010/08/31 12:32:45 flameeyes Exp $
-
-EAPI="3"
-
-inherit libtool multilib eutils autotools pam toolchain-funcs flag-o-matic db-use
-
-MY_PN="Linux-PAM"
-MY_P="${MY_PN}-${PV}"
-
-HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
-DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
-
-SRC_URI="http://mirror.anl.gov/pub/linux/libs/pam/library/${MY_P}.tar.bz2"
-
-LICENSE="|| ( BSD GPL-2 )"
-SLOT="0"
-KEYWORDS="amd64 mips x86"
-IUSE="cracklib nls vim-syntax audit test debug berkdb"
-
-RDEPEND="nls? ( virtual/libintl )
- cracklib? ( >=sys-libs/cracklib-2.8.3 )
- audit? ( sys-process/audit )
- berkdb? ( sys-libs/db )"
-DEPEND="${RDEPEND}
- sys-devel/flex
- nls? ( sys-devel/gettext )"
-PDEPEND="sys-auth/pambase
- vim-syntax? ( app-vim/pam-syntax )"
-
-S="${WORKDIR}/${MY_P}"
-
-check_old_modules() {
- local retval="0"
-
- if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
- eerror ""
- eerror "Your current setup is using the pam_stack module."
- eerror "This module is deprecated and no longer supported, and since version"
- eerror "0.99 is no longer installed, nor provided by any other package."
- eerror "The package will be built (to allow binary package builds), but will"
- eerror "not be installed."
- eerror "Please replace pam_stack usage with proper include directive usage,"
- eerror "following the PAM Upgrade guide at the following URL"
- eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
- eerror ""
-
- retval=1
- fi
-
- if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
- eerror ""
- eerror "Your current setup is using one or more of the following modules,"
- eerror "that are not built or supported anymore:"
- eerror "pam_pwdb, pam_console"
- eerror "If you are in real need for these modules, please contact the maintainers"
- eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
- eerror "use cases."
- eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
- eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
- eerror ""
-
- retval=1
- fi
-
- return $retval
-}
-
-pkg_setup() {
- check_old_modules
-}
-
-src_prepare() {
- # Avoid building xtests during "make all"; note that for what
- # we're concerned xtests are not even executed, so we should
- # probably use EXTRA_PROGRAMS.
- epatch "${FILESDIR}/${MY_PN}-0.99.8.1-xtests.patch"
-
- # Fix tests to find Berkeley DB as installed by Gentoo (with a
- # library suffix but no suffix on the ELF symbols).
- epatch "${FILESDIR}/${MY_PN}-1.1.1-gentoodb.patch"
-
- eautoreconf
- elibtoolize
-}
-
-src_configure() {
- local myconf
-
- export ac_cv_header_xcrypt_h=no
-
- econf \
- --disable-dependency-tracking \
- --enable-fast-install \
- --libdir="${EPREFIX}"/usr/$(get_libdir) \
- --docdir="${EPREFIX}"/usr/share/doc/${PF} \
- --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \
- --enable-securedir="${EPREFIX}"/$(get_libdir)/security \
- --enable-isadir="${EPREFIX}"/$(get_libdir)/security \
- $(use_enable nls) \
- $(use_enable cracklib) \
- $(use_enable audit) \
- $(use_enable debug) \
- $(use_enable berkdb db) \
- --with-db-uniquename=-$(db_findver sys-libs/db) \
- --disable-prelude \
- ${myconf}
-}
-
-src_compile() {
- emake sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "emake failed"
-}
-
-src_test() {
- # explicitly allow parallel-build during testing
- emake sepermitlockdir="${EPREFIX}/var/run/sepermit" check || die "emake check failed"
-}
-
-src_install() {
- local lib
-
- emake DESTDIR="${D}" install \
- sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "make install failed"
-
- # Need to be suid
- fperms u+s /sbin/unix_chkpwd
-
- gen_usr_ldscript -a pam pamc pam_misc
-
- # create extra symlinks just in case something depends on them...
- for lib in pam pamc pam_misc; do
- if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
- dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
- fi
- done
-
- dodoc CHANGELOG ChangeLog README AUTHORS Copyright NEWS || die
-
- docinto modules
- for dir in modules/pam_*; do
- newdoc "${dir}"/README README."$(basename "${dir}")"
- done
-
- # Get rid of the .la files. We certainly don't need them for PAM
- # modules, and libpam is installed as a shared object only, so we
- # don't ned them for static linking either.
- find "${D}" -name '*.la' -delete
-}
-
-pkg_preinst() {
- check_old_modules || die "deprecated PAM modules still used"
-}
-
-pkg_postinst() {
- ewarn "Some software with pre-loaded PAM libraries might experience"
- ewarn "warnings or failures related to missing symbols and/or versions"
- ewarn "after any update. While unfortunate this is a limit of the"
- ewarn "implementation of PAM and the software, and it requires you to"
- ewarn "restart the software manually after the update."
- ewarn ""
- ewarn "You can get a list of such software running a command like"
- ewarn " lsof / | egrep 'DEL.*libpam\\.so'"
- elog ""
- elog "Because of a bug present up to version 1.1.1-r2, you might have"
- elog "an executable /var/log/tallylog file. If it is so, you can safely"
- elog "correct it by running the command"
- elog " chmod -x /var/log/tallylog"
- elog ""
-}
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-06-30 19:31 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-06-30 19:31 [gentoo-commits] proj/hardened-dev:uclibc commit in: sys-libs/pam/, sys-libs/pam/files/ Anthony G. Basile
-- strict thread matches above, loose matches on Subject: below --
2012-01-03 21:28 Anthony G. Basile
2012-01-03 20:54 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox