* [gentoo-commits] proj/musl:master commit in: sys-libs/pam/files/, sys-libs/pam/
@ 2016-01-05 1:50 Jory Pratt
0 siblings, 0 replies; 3+ messages in thread
From: Jory Pratt @ 2016-01-05 1:50 UTC (permalink / raw
To: gentoo-commits
commit: b880a39368148d7f7e2906a6d07d73fe606f7c8a
Author: Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 5 01:49:35 2016 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Tue Jan 5 01:49:55 2016 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=b880a393
Add pam-1.2.1 support
sys-libs/pam/Manifest | 8 +-
sys-libs/pam/files/pam-1.2.1-fix-compat.patch | 21 +++
sys-libs/pam/files/pam-1.2.1-innetgr.patch | 54 +++++++
sys-libs/pam/files/pam-1.2.1-no-strndupa.patch | 46 ++++++
sys-libs/pam/metadata.xml | 2 -
sys-libs/pam/pam-1.2.1-r99.ebuild | 213 +++++++++++++++++++++++++
6 files changed, 341 insertions(+), 3 deletions(-)
diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
index db75f3a..f5f232f 100644
--- a/sys-libs/pam/Manifest
+++ b/sys-libs/pam/Manifest
@@ -1,7 +1,13 @@
AUX pam-1.1.8-doc-install.patch 6592 SHA256 83edb1f57e3fa579bde4cd9ba05966063106f0dc8e57458eea9857250b1a0fb5 SHA512 335220790207c3cb9c84420f13e5e1ea8e42e2b5402def0d0f9425ae89b37c8aef66eb9906c58eeb249bd1ca27af711015c363421d4096206ea44c4c4beea302 WHIRLPOOL ae6df174b9457bcfd85f41b72ec22054898c0c86f9bb0b170ec3e6c747140d1ac3fba3e684e2c4c9c12bb4a1429996a5bb999c9dc2c7693d5109e52f383d1fcf
AUX pam-1.1.8-fix-compat.patch 402 SHA256 c783156888287b44816b4a32c946af657c0a43d8926fe7bd9f54d9768ee8f699 SHA512 1178ead83fdc872a626576c620876d013cbeb6199edb704c8d91cb906b9aabc1dd02e11a27a792cb87179554dcaf3080d04478317e03cf34cea23bf42b65fe2f WHIRLPOOL 692d3df998b7c29f1a7ea4c75cbeabdb6a907d7a8ca0b9e22f9c02df883db6af6b2052f67f4778cf97667456d54abed7f89fb43ed1bcb01c9fdef42f63d2762f
AUX pam-1.1.8-innetgr.patch 1662 SHA256 fb609212837c67da7da033a0daa01d1c2e34166867530e6924102b655e00ebde SHA512 ca32ecdacfc5b8f1482031203b616932b646a008b02080315ea2589af5962180d4ff4339c27fe9f6a878a89f47fb69429f4ac75d67b0e70ad7765a4db1dc74d9 WHIRLPOOL 3034a8cd10f26c303546a99c0ae7de38d016d537deae81e52cc510c515d7e8b7d703bf257fac8d737588add225e125d7a90f6f35cc811eb1330cb3cc88d67048
+AUX pam-1.2.1-fix-compat.patch 402 SHA256 c783156888287b44816b4a32c946af657c0a43d8926fe7bd9f54d9768ee8f699 SHA512 1178ead83fdc872a626576c620876d013cbeb6199edb704c8d91cb906b9aabc1dd02e11a27a792cb87179554dcaf3080d04478317e03cf34cea23bf42b65fe2f WHIRLPOOL 692d3df998b7c29f1a7ea4c75cbeabdb6a907d7a8ca0b9e22f9c02df883db6af6b2052f67f4778cf97667456d54abed7f89fb43ed1bcb01c9fdef42f63d2762f
+AUX pam-1.2.1-innetgr.patch 1662 SHA256 fb609212837c67da7da033a0daa01d1c2e34166867530e6924102b655e00ebde SHA512 ca32ecdacfc5b8f1482031203b616932b646a008b02080315ea2589af5962180d4ff4339c27fe9f6a878a89f47fb69429f4ac75d67b0e70ad7765a4db1dc74d9 WHIRLPOOL 3034a8cd10f26c303546a99c0ae7de38d016d537deae81e52cc510c515d7e8b7d703bf257fac8d737588add225e125d7a90f6f35cc811eb1330cb3cc88d67048
+AUX pam-1.2.1-no-strndupa.patch 1452 SHA256 49bae3a1ee81d94527c15aab766e2bb5523cdc6e9ce00126d0d7b81c5b9b47a2 SHA512 967eb6d636fc5421ceea1ddd79de61d367cdd17b260ad3ad75da2e1af4ca87305f57776344ab53b23d1ec81d4d8b74874a0a05f68b70c54ba62f7ec23ad40a99 WHIRLPOOL 0cf25b0a11739493ef1b00e3d440b391ae14f88462f60a0c8d7b4d58aa7fd2ec41ed4d05a436265bbac5ab0a6529809ce2839af65b6560c4bda0b46a81cd0a92
DIST Linux-PAM-1.1.8-docs.tar.bz2 147887 SHA256 c4bb6a0e8307d2ab5611457fecf20fcbd6cdfff51dea524f0f06c74e4f3b4ff8 SHA512 36aa99996f8cc0640686d2af40845e18ad4b48183f18de9e1495427550ad5b61e2f59e25f6d5e8df1277cd3f171fd69bf6c49fe7c5b31f0b290e3641b65521e8 WHIRLPOOL c4b373e59fac30a29c2b16f01419492c72fae2ceb15b157418bba4899b75cf4b97bac4559b688ef8d5a231cc972f72654c4e10d63a0b72a0d6573388f7125f87
DIST Linux-PAM-1.1.8.tar.bz2 1148944 SHA256 c4b1f23a236d169e2496fea20721578d864ba00f7242d2b41d81050ac87a1e55 SHA512 245785ab4e187ceaab6393967352c8d2a2319c64e1e83285d0251cc02995dc2edab8e3001301b6d9f6774c441b7557d9caf4dfdf94c7cd5d44aa53ae759d9e5d WHIRLPOOL b4ec7baeb57b9d987086fe3e007e08e8b9c92b2ff86a94f8003a87c8448925835808661cd719d2445570aa8dd1c20fcbbe8bd465d73f4af8cd7edde0f650a734
+DIST Linux-PAM-1.2.0-docs.tar.bz2 490586 SHA256 3bc9ae398f759e372dbf4065ceed2df8b1ac5ab62c6688cb5f7849ce773df2c3 SHA512 028b7f9d6b0a5cf38f063e0f82ac3d0955e1e41d77c9f3fc803363d9ea710d71366e0a91f31b418cac397bb6639442de908fa00f02cd94cf612496d1b43c7e4c WHIRLPOOL 9a329b610d840c904050b2261e5ce34ac54232b0c7d51c12ee45c9e758ab6659ea8562e032fa9815c2beab0cfa1ea455dbfbf3cdef39d30d299a8bc5286f7a14
+DIST Linux-PAM-1.2.1.tar.bz2 1279523 SHA256 342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 SHA512 4572aa1eaf5a1312410c74b5ed055b2592c5efe2bb82f59981da4e9e93555ad40aee3a89f446d9dc6c6af79efc04c33f739f66db9edc07e02479475a14e426da WHIRLPOOL 562917945b3b3a407955cc5bf5cd251ff7e257a94055d7cfbf06d5c2619b58d61624f16848de3512ddf61636ad8618315de3f7bd8e4e51b3b7d109adfa212c8a
EBUILD pam-1.1.8-r99.ebuild 6289 SHA256 d9fac218f4e3a095a1d7bbe62d65db2c73a5183681b28006972c2575a1473221 SHA512 f341057c9234e57e102c38d46bdb2670bc6e2c50e53a3175cf3e65a35bd37e633712608f458b2e59fb7ec61a41169279efdbeeb4be468d5ba9287239ca5033e1 WHIRLPOOL 074506f012d3d820951d003b1350f62f9745d841b26ad7c89a345c819734c6cfd26d69a89f4f08dfb4c3ac67bf68e9b938d630fa3887cea33dcc0a7dcde18e7c
-MISC metadata.xml 1218 SHA256 9ea95e669c343b7e7184d3fb3b1bbad013493bfdca0e8f184ddf4728e6b5e884 SHA512 60ae70d605f654867e4c444c7489ecd76083c286039febd71ffd18a9e120b151a47488df925ec97e6768c62e5e48068abb864a6b978abd67623fb0b6c414f248 WHIRLPOOL a96d70fd81604dd265f15672183b793d0c3f48508b317f973481c460d56ea05d917a446fd60998536f7a3d811407ca3573554f9dcdc8f45ab88dbbf7875985ab
+EBUILD pam-1.2.1-r99.ebuild 6733 SHA256 c897194ead8ee56e68efa98c98ed32ea13e1ac994d5bd452129bd255d24fcade SHA512 85a800b89e3859a3deba2bec8e51bf4374c44978ecb48bfee853c45f732bbba26e6a824bbc43f17aa8023b494aec0437839f1758a5afe89d49a683f387caf1d9 WHIRLPOOL 7fed197982bc3483d413b5404c76e45f48c1c2d142dc9c5f1ae66f640e35d196f0c3342d2460c0f442415a01691dfd54d857496a49e80001f90ebce3fceffcca
+MISC metadata.xml 1139 SHA256 bd152404f476ae44a7e577f9d823725215d2fb6220f48005a7814358e2d2d6b6 SHA512 80c06a813fbcbe5fd85b73ee03b8f7bc4aba18a6005bdb1f80de523a6f221e139f7c73e29db9c1b599e90a6eb769240b9e302d4c1e24aca32f06479712b2d5fa WHIRLPOOL 3ad745a45d828eecf45e3221aa012c6a6d99cc332dc60022dc9da0220af36737f47b4952cf84ff10cc196cda5535cadb360f4db9b56c9f7c55dd62777b26c760
diff --git a/sys-libs/pam/files/pam-1.2.1-fix-compat.patch b/sys-libs/pam/files/pam-1.2.1-fix-compat.patch
new file mode 100644
index 0000000..332f609
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.2.1-fix-compat.patch
@@ -0,0 +1,21 @@
+--- a/modules/pam_lastlog/pam_lastlog.c
++++ b/modules/pam_lastlog/pam_lastlog.c
+@@ -10,6 +10,7 @@
+
+ #include "config.h"
+
++#include <paths.h>
+ #include <fcntl.h>
+ #include <time.h>
+ #include <errno.h>
+@@ -48,6 +49,10 @@
+
+ #ifndef _PATH_BTMP
+ # define _PATH_BTMP "/var/log/btmp"
++#endif
++
++#ifndef __GLIBC__
++#define logwtmp(args...)
+ #endif
+
+ /* XXX - time before ignoring lock. Is 1 sec enough? */
diff --git a/sys-libs/pam/files/pam-1.2.1-innetgr.patch b/sys-libs/pam/files/pam-1.2.1-innetgr.patch
new file mode 100644
index 0000000..a94fa3d
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.2.1-innetgr.patch
@@ -0,0 +1,54 @@
+--- Linux-PAM-1.1.3.orig/modules/pam_group/pam_group.c
++++ Linux-PAM-1.1.3/modules/pam_group/pam_group.c
+@@ -658,10 +658,13 @@
+ continue;
+ }
+ /* If buffer starts with @, we are using netgroups */
++#ifdef HAVE_INNETGR
+ if (buffer[0] == '@')
+ good &= innetgr (&buffer[1], NULL, user, NULL);
+ /* otherwise, if the buffer starts with %, it's a UNIX group */
+- else if (buffer[0] == '%')
++ else
++#endif
++ if (buffer[0] == '%')
+ good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
+ else
+ good &= logic_field(pamh,user, buffer, count, is_same);
+--- Linux-PAM-1.1.3.orig/modules/pam_succeed_if/pam_succeed_if.c
++++ Linux-PAM-1.1.3/modules/pam_succeed_if/pam_succeed_if.c
+@@ -233,16 +233,20 @@
+ static int
+ evaluate_innetgr(const char *host, const char *user, const char *group)
+ {
++#ifdef HAVE_INNETGR
+ if (innetgr(group, host, user, NULL) == 1)
+ return PAM_SUCCESS;
++#endif
+ return PAM_AUTH_ERR;
+ }
+ /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
+ static int
+ evaluate_notinnetgr(const char *host, const char *user, const char *group)
+ {
++#ifdef HAVE_INNETGR
+ if (innetgr(group, host, user, NULL) == 0)
+ return PAM_SUCCESS;
++#endif
+ return PAM_AUTH_ERR;
+ }
+
+--- Linux-PAM-1.1.3.orig/modules/pam_time/pam_time.c
++++ Linux-PAM-1.1.3/modules/pam_time/pam_time.c
+@@ -554,9 +554,11 @@
+ continue;
+ }
+ /* If buffer starts with @, we are using netgroups */
++#ifdef HAVE_INNETGR
+ if (buffer[0] == '@')
+ good &= innetgr (&buffer[1], NULL, user, NULL);
+ else
++#endif
+ good &= logic_field(pamh, user, buffer, count, is_same);
+ D(("with user: %s", good ? "passes":"fails" ));
+
diff --git a/sys-libs/pam/files/pam-1.2.1-no-strndupa.patch b/sys-libs/pam/files/pam-1.2.1-no-strndupa.patch
new file mode 100644
index 0000000..71b233a
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.2.1-no-strndupa.patch
@@ -0,0 +1,46 @@
+From fa534c4a66f5fab7a9c5f9de76c81625e0b64068 Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4tech@gmail.com>
+Date: Thu, 23 Jul 2015 20:47:29 +0800
+Subject: [PATCH 9/9] pam_exec: fix build when strndupa() is not available.
+
+ * /modules/pam_exec/pam_exec.c: use strncpy() and local array instead
+ of strndupa()
+
+Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
+---
+ modules/pam_exec/pam_exec.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
+index 17ba6ca..d5ccfeb 100644
+--- a/modules/pam_exec/pam_exec.c
++++ b/modules/pam_exec/pam_exec.c
+@@ -102,6 +102,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
+ int use_stdout = 0;
+ int optargc;
+ const char *logfile = NULL;
++ char *_authtok[PAM_MAX_RESP_SIZE];
+ const char *authtok = NULL;
+ pid_t pid;
+ int fds[2];
+@@ -178,11 +179,15 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
+ }
+
+ pam_set_item (pamh, PAM_AUTHTOK, resp);
+- authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
++ _authtok[PAM_MAX_RESP_SIZE-1] = '\0';
++ authtok = strncpy(_authtok, resp, PAM_MAX_RESP_SIZE-1);
+ _pam_drop (resp);
+ }
+ else
+- authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
++ {
++ _authtok[PAM_MAX_RESP_SIZE-1] = '\0';
++ authtok = strncpy(_authtok, void_pass, PAM_MAX_RESP_SIZE-1);
++ }
+
+ if (pipe(fds) != 0)
+ {
+--
+1.7.10.4
+
diff --git a/sys-libs/pam/metadata.xml b/sys-libs/pam/metadata.xml
index 4ee5aec..f69d9e3 100644
--- a/sys-libs/pam/metadata.xml
+++ b/sys-libs/pam/metadata.xml
@@ -6,8 +6,6 @@
<email>pam-bugs@gentoo.org</email>
</maintainer>
<use>
- <flag name='audit'>Enable support for <pkg>sys-process/audit</pkg></flag>
-
<flag name="berkdb">
Build the pam_userdb module, that allows to authenticate users
against a Berkeley DB file. Please note that enabling this USE
diff --git a/sys-libs/pam/pam-1.2.1-r99.ebuild b/sys-libs/pam/pam-1.2.1-r99.ebuild
new file mode 100644
index 0000000..21f2456
--- /dev/null
+++ b/sys-libs/pam/pam-1.2.1-r99.ebuild
@@ -0,0 +1,213 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use fcaps
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+HOMEPAGE="http://www.linux-pam.org/ https://fedorahosted.org/linux-pam/"
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+ http://www.linux-pam.org/documentation/${MY_PN}-1.2.0-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="audit berkdb cracklib debug nis nls +pie selinux test vim-syntax"
+
+RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
+ audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+ selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+ berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] )
+ nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+ >=sys-devel/libtool-2
+ >=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}]
+ nls? ( sys-devel/gettext )
+ nis? ( >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] )"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+ !<sys-apps/openrc-0.11.8
+ !sys-auth/openpam
+ !sys-auth/pam_userdb
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " https://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through https://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " https://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ return ${retval}
+}
+
+pkg_pretend() {
+ # do not error out, this is just a warning, one could build a binpkg
+ # with old modules enabled.
+ check_old_modules
+}
+
+src_unpack() {
+ # Upstream didn't release a new doc tarball (since nothing changed?).
+ unpack ${MY_PN}-1.2.0-docs.tar.bz2
+ # Update timestamps to avoid regenerating at build time. #569338
+ find -type f -exec touch -r "${T}" {} + || die
+ mv Linux-PAM-1.2.{0,1} || die
+ unpack ${MY_P}.tar.bz2
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-1.2.1-fix-compat.patch
+ epatch "${FILESDIR}"/${PN}-1.2.1-innetgr.patch
+ epatch "${FILESDIR}"/${PN}-1.2.1-no-strndupa.patch
+
+ # disable insecure modules (musl-libc doesn't implement the functions anyway)
+ use elibc_musl && sed -e 's/pam_rhosts//g' -i modules/Makefile.am modules/Makefile.in
+ elibtoolize
+}
+
+multilib_src_configure() {
+ # Do not let user's BROWSER setting mess us up. #549684
+ unset BROWSER
+
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+ export ac_cv_header_xcrypt_h=no
+
+ # Disable automatic detection of libcrypt
+ use elibc_musl && export ac_cv_search_crypt=no
+
+ local myconf=(
+ --docdir='$(datarootdir)'/doc/${PF}
+ --htmldir='$(docdir)/html'
+ --libdir='$(prefix)'/$(get_libdir)
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security
+ --enable-isadir='.' #464016
+ $(use_enable nls)
+ $(use_enable selinux)
+ $(use_enable cracklib)
+ $(use_enable audit)
+ $(use_enable debug)
+ $(use_enable berkdb db)
+ $(use_enable nis)
+ $(use_enable pie)
+ --with-db-uniquename=-$(db_findver sys-libs/db)
+ --disable-prelude
+ )
+
+ ECONF_SOURCE=${S} \
+ econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="${EPREFIX}/run/sepermit"
+
+ local prefix
+ if multilib_is_native_abi; then
+ prefix=
+ gen_usr_ldscript -a pam pamc pam_misc
+ else
+ prefix=/usr
+ fi
+
+ # create extra symlinks just in case something depends on them...
+ local lib
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ docinto modules
+ local dir
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ if use selinux; then
+ dodir /usr/lib/tmpfiles.d
+ cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+ fi
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+ if [[ -x "${EROOT}"/var/log/tallylog ]] ; then
+ elog ""
+ elog "Because of a bug present up to version 1.1.1-r2, you have"
+ elog "an executable /var/log/tallylog file. You can safely"
+ elog "correct it by running the command"
+ elog " chmod -x /var/log/tallylog"
+ elog ""
+ fi
+
+ # The pam_unix module needs to check the password of the user which requires
+ # read access to /etc/shadow only.
+ fcaps cap_dac_override sbin/unix_chkpwd
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] proj/musl:master commit in: sys-libs/pam/files/, sys-libs/pam/
@ 2016-07-15 5:35 Anthony G. Basile
0 siblings, 0 replies; 3+ messages in thread
From: Anthony G. Basile @ 2016-07-15 5:35 UTC (permalink / raw
To: gentoo-commits
commit: 229987ac804f7f86db7075faa2bc217088ee5899
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 15 05:39:14 2016 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Jul 15 05:39:14 2016 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=229987ac
sys-libs/pam: drop older version
sys-libs/pam/files/pam-1.1.8-doc-install.patch | 142 -----------------
sys-libs/pam/files/pam-1.1.8-fix-compat.patch | 21 ---
sys-libs/pam/files/pam-1.1.8-innetgr.patch | 54 -------
sys-libs/pam/pam-1.1.8-r99.ebuild | 205 -------------------------
4 files changed, 422 deletions(-)
diff --git a/sys-libs/pam/files/pam-1.1.8-doc-install.patch b/sys-libs/pam/files/pam-1.1.8-doc-install.patch
deleted file mode 100644
index bdd5b9d..0000000
--- a/sys-libs/pam/files/pam-1.1.8-doc-install.patch
+++ /dev/null
@@ -1,142 +0,0 @@
-https://bugs.gentoo.org/473650
-https://fedorahosted.org/linux-pam/ticket/31
-
-fix doc installs when doing out of tree builds
-
---- a/doc/adg/Makefile.in
-+++ b/doc/adg/Makefile.in
-@@ -463,17 +463,17 @@ install-data-local:
- $(mkinstalldirs) $(DESTDIR)$(docdir)
- $(mkinstalldirs) $(DESTDIR)$(pdfdir)
- $(mkinstalldirs) $(DESTDIR)$(htmldir)
-- test -f html/Linux-PAM_ADG.html || exit 0; \
-+ test -f html/Linux-PAM_ADG.html -o -f $(srcdir)/html/Linux-PAM_ADG.html || exit 0; \
- $(install_sh_DATA) html/Linux-PAM_ADG.html html/adg-*.html \
- $(DESTDIR)$(htmldir)/ || \
- $(install_sh_DATA) $(srcdir)/html/Linux-PAM_ADG.html \
-- $(srcdir)/html/sag-*.html \
-+ $(srcdir)/html/adg-*.html \
- $(DESTDIR)$(htmldir)/
-- test -f Linux-PAM_ADG.txt || exit 0; \
-+ test -f Linux-PAM_ADG.txt -o -f $(srcdir)/Linux-PAM_ADG.txt || exit 0; \
- $(install_sh_DATA) Linux-PAM_ADG.txt $(DESTDIR)$(docdir)/ || \
- $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.txt \
- $(DESTDIR)$(docdir)/
-- test -f Linux-PAM_ADG.pdf || exit 0; \
-+ test -f Linux-PAM_ADG.pdf -o -f $(srcdir)/Linux-PAM_ADG.pdf || exit 0; \
- $(install_sh_DATA) Linux-PAM_ADG.pdf $(DESTDIR)$(pdfdir)/ || \
- $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.pdf \
- $(DESTDIR)$(pdfdir)/
-@@ -486,18 +486,18 @@ uninstall-local:
-
- releasedocs: all
- $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html
-- test -f html/Linux-PAM_ADG.html || exit 0; \
-+ test -f html/Linux-PAM_ADG.html -o -f $(srcdir)/html/Linux-PAM_ADG.html || exit 0; \
- cp -ap html/Linux-PAM_ADG.html html/adg-*.html \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/ || \
- cp -ap $(srcdir)/html/Linux-PAM_ADG.html \
- $(srcdir)/html/adg-*.html \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/
-- test -f Linux-PAM_ADG.txt || exit 0; \
-+ test -f Linux-PAM_ADG.txt -o -f $(srcdir)/Linux-PAM_ADG.txt || exit 0; \
- cp -p Linux-PAM_ADG.txt \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \
- cp -p $(srcdir)/Linux-PAM_ADG.txt \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/
-- test -f Linux-PAM_ADG.pdf || exit 0; \
-+ test -f Linux-PAM_ADG.pdf -o -f $(srcdir)/Linux-PAM_ADG.pdf || exit 0; \
- cp -p Linux-PAM_ADG.pdf \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \
- cp -p $(srcdir)/Linux-PAM_ADG.pdf \
---- a/doc/mwg/Makefile.in
-+++ b/doc/mwg/Makefile.in
-@@ -463,17 +463,17 @@ install-data-local:
- $(mkinstalldirs) $(DESTDIR)$(docdir)
- $(mkinstalldirs) $(DESTDIR)$(pdfdir)
- $(mkinstalldirs) $(DESTDIR)$(htmldir)
-- test -f html/Linux-PAM_MWG.html || exit 0; \
-+ test -f html/Linux-PAM_MWG.html -o -f $(srcdir)/html/Linux-PAM_MWG.html || exit 0; \
- $(install_sh_DATA) html/Linux-PAM_MWG.html html/mwg-*.html \
- $(DESTDIR)$(htmldir)/ || \
- $(install_sh_DATA) $(srcdir)/html/Linux-PAM_MWG.html \
-- $(srcdir)/html/sag-*.html \
-+ $(srcdir)/html/mwg-*.html \
- $(DESTDIR)$(htmldir)/
-- test -f Linux-PAM_MWG.txt || exit 0; \
-+ test -f Linux-PAM_MWG.txt -o -f $(srcdir)/Linux-PAM_MWG.txt || exit 0; \
- $(install_sh_DATA) Linux-PAM_MWG.txt $(DESTDIR)$(docdir)/ || \
- $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.txt \
- $(DESTDIR)$(docdir)/
-- test -f Linux-PAM_MWG.pdf || exit 0; \
-+ test -f Linux-PAM_MWG.pdf -o -f $(srcdir)/Linux-PAM_MWG.pdf || exit 0; \
- $(install_sh_DATA) Linux-PAM_MWG.pdf $(DESTDIR)$(pdfdir)/ || \
- $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.pdf \
- $(DESTDIR)$(pdfdir)/
-@@ -486,18 +486,18 @@ uninstall-local:
-
- releasedocs: all
- $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html
-- test -f html/Linux-PAM_MWG.html || exit 0; \
-+ test -f html/Linux-PAM_MWG.html -o -f $(srcdir)/html/Linux-PAM_MWG.html || exit 0; \
- cp -ap html/Linux-PAM_MWG.html html/mwg-*.html \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/ || \
- cp -ap $(srcdir)/html/Linux-PAM_MWG.html \
- $(srcdir)/html/mwg-*.html \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/
-- test -f Linux-PAM_MWG.txt || exit 0; \
-+ test -f Linux-PAM_MWG.txt -o -f $(srcdir)/Linux-PAM_MWG.txt || exit 0; \
- cp -p Linux-PAM_MWG.txt \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \
- cp -p $(srcdir)/Linux-PAM_MWG.txt \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/
-- test -f Linux-PAM_MWG.pdf || exit 0; \
-+ test -f Linux-PAM_MWG.pdf -o -f $(srcdir)/Linux-PAM_MWG.pdf || exit 0; \
- cp -p Linux-PAM_MWG.pdf \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \
- cp -p $(srcdir)/Linux-PAM_MWG.pdf \
---- a/doc/sag/Makefile.in
-+++ b/doc/sag/Makefile.in
-@@ -463,17 +463,17 @@ install-data-local:
- $(mkinstalldirs) $(DESTDIR)$(docdir)
- $(mkinstalldirs) $(DESTDIR)$(pdfdir)
- $(mkinstalldirs) $(DESTDIR)$(htmldir)
-- test -f html/Linux-PAM_SAG.html || exit 0; \
-+ test -f html/Linux-PAM_SAG.html -o -f $(srcdir)/html/Linux-PAM_SAG.html || exit 0; \
- $(install_sh_DATA) html/Linux-PAM_SAG.html html/sag-*.html \
- $(DESTDIR)$(htmldir)/ || \
- $(install_sh_DATA) $(srcdir)/html/Linux-PAM_SAG.html \
- $(srcdir)/html/sag-*.html \
- $(DESTDIR)$(htmldir)/
-- test -f Linux-PAM_SAG.txt || exit 0; \
-+ test -f Linux-PAM_SAG.txt -o -f $(srcdir)/Linux-PAM_SAG.txt || exit 0; \
- $(install_sh_DATA) Linux-PAM_SAG.txt $(DESTDIR)$(docdir)/ || \
- $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.txt \
- $(DESTDIR)$(docdir)/
-- test -f Linux-PAM_SAG.pdf || exit 0; \
-+ test -f Linux-PAM_SAG.pdf -o -f $(srcdir)/Linux-PAM_SAG.pdf || exit 0; \
- $(install_sh_DATA) Linux-PAM_SAG.pdf $(DESTDIR)$(pdfdir)/ || \
- $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.pdf \
- $(DESTDIR)$(pdfdir)/
-@@ -486,18 +486,18 @@ uninstall-local:
-
- releasedocs: all
- $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html
-- test -f html/Linux-PAM_SAG.html || exit 0; \
-+ test -f html/Linux-PAM_SAG.html -o -f $(srcdir)/html/Linux-PAM_SAG.html || exit 0; \
- cp -ap html/Linux-PAM_SAG.html html/sag-*.html \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/ || \
- cp -ap $(srcdir)/html/Linux-PAM_SAG.html \
- $(srcdir)/html/sag-*.html \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/
-- test -f Linux-PAM_SAG.txt || exit 0; \
-+ test -f Linux-PAM_SAG.txt -o -f $(srcdir)/Linux-PAM_SAG.txt || exit 0; \
- cp -p Linux-PAM_SAG.txt \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \
- cp -p $(srcdir)/Linux-PAM_SAG.txt \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/
-- test -f Linux-PAM_SAG.pdf || exit 0; \
-+ test -f Linux-PAM_SAG.pdf -o -f $(srcdir)/Linux-PAM_SAG.pdf || exit 0; \
- cp -p Linux-PAM_SAG.pdf \
- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \
- cp -p $(srcdir)/Linux-PAM_SAG.pdf \
diff --git a/sys-libs/pam/files/pam-1.1.8-fix-compat.patch b/sys-libs/pam/files/pam-1.1.8-fix-compat.patch
deleted file mode 100644
index 332f609..0000000
--- a/sys-libs/pam/files/pam-1.1.8-fix-compat.patch
+++ /dev/null
@@ -1,21 +0,0 @@
---- a/modules/pam_lastlog/pam_lastlog.c
-+++ b/modules/pam_lastlog/pam_lastlog.c
-@@ -10,6 +10,7 @@
-
- #include "config.h"
-
-+#include <paths.h>
- #include <fcntl.h>
- #include <time.h>
- #include <errno.h>
-@@ -48,6 +49,10 @@
-
- #ifndef _PATH_BTMP
- # define _PATH_BTMP "/var/log/btmp"
-+#endif
-+
-+#ifndef __GLIBC__
-+#define logwtmp(args...)
- #endif
-
- /* XXX - time before ignoring lock. Is 1 sec enough? */
diff --git a/sys-libs/pam/files/pam-1.1.8-innetgr.patch b/sys-libs/pam/files/pam-1.1.8-innetgr.patch
deleted file mode 100644
index a94fa3d..0000000
--- a/sys-libs/pam/files/pam-1.1.8-innetgr.patch
+++ /dev/null
@@ -1,54 +0,0 @@
---- Linux-PAM-1.1.3.orig/modules/pam_group/pam_group.c
-+++ Linux-PAM-1.1.3/modules/pam_group/pam_group.c
-@@ -658,10 +658,13 @@
- continue;
- }
- /* If buffer starts with @, we are using netgroups */
-+#ifdef HAVE_INNETGR
- if (buffer[0] == '@')
- good &= innetgr (&buffer[1], NULL, user, NULL);
- /* otherwise, if the buffer starts with %, it's a UNIX group */
-- else if (buffer[0] == '%')
-+ else
-+#endif
-+ if (buffer[0] == '%')
- good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
- else
- good &= logic_field(pamh,user, buffer, count, is_same);
---- Linux-PAM-1.1.3.orig/modules/pam_succeed_if/pam_succeed_if.c
-+++ Linux-PAM-1.1.3/modules/pam_succeed_if/pam_succeed_if.c
-@@ -233,16 +233,20 @@
- static int
- evaluate_innetgr(const char *host, const char *user, const char *group)
- {
-+#ifdef HAVE_INNETGR
- if (innetgr(group, host, user, NULL) == 1)
- return PAM_SUCCESS;
-+#endif
- return PAM_AUTH_ERR;
- }
- /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
- static int
- evaluate_notinnetgr(const char *host, const char *user, const char *group)
- {
-+#ifdef HAVE_INNETGR
- if (innetgr(group, host, user, NULL) == 0)
- return PAM_SUCCESS;
-+#endif
- return PAM_AUTH_ERR;
- }
-
---- Linux-PAM-1.1.3.orig/modules/pam_time/pam_time.c
-+++ Linux-PAM-1.1.3/modules/pam_time/pam_time.c
-@@ -554,9 +554,11 @@
- continue;
- }
- /* If buffer starts with @, we are using netgroups */
-+#ifdef HAVE_INNETGR
- if (buffer[0] == '@')
- good &= innetgr (&buffer[1], NULL, user, NULL);
- else
-+#endif
- good &= logic_field(pamh, user, buffer, count, is_same);
- D(("with user: %s", good ? "passes":"fails" ));
-
diff --git a/sys-libs/pam/pam-1.1.8-r99.ebuild b/sys-libs/pam/pam-1.1.8-r99.ebuild
deleted file mode 100644
index 83deafe..0000000
--- a/sys-libs/pam/pam-1.1.8-r99.ebuild
+++ /dev/null
@@ -1,205 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use
-
-MY_PN="Linux-PAM"
-MY_P="${MY_PN}-${PV}"
-
-HOMEPAGE="https://fedorahosted.org/linux-pam/"
-DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
-
-SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
- http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
-
-LICENSE="|| ( BSD GPL-2 )"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86"
-IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_musl elibc_glibc debug berkdb nis"
-
-RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
- cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
- audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
- selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
- berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] )
- elibc_glibc? (
- >=sys-libs/glibc-2.7
- nis? ( || ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] <sys-libs/glibc-2.14 ) )
- )"
-DEPEND="${RDEPEND}
- >=sys-devel/libtool-2
- >=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}]
- nls? ( sys-devel/gettext )
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
-PDEPEND="sys-auth/pambase
- vim-syntax? ( app-vim/pam-syntax )"
-RDEPEND="${RDEPEND}
- !<sys-apps/openrc-0.11.8
- !sys-auth/openpam
- !sys-auth/pam_userdb
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r7
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-
-S="${WORKDIR}/${MY_P}"
-
-check_old_modules() {
- local retval="0"
-
- if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
- eerror ""
- eerror "Your current setup is using the pam_stack module."
- eerror "This module is deprecated and no longer supported, and since version"
- eerror "0.99 is no longer installed, nor provided by any other package."
- eerror "The package will be built (to allow binary package builds), but will"
- eerror "not be installed."
- eerror "Please replace pam_stack usage with proper include directive usage,"
- eerror "following the PAM Upgrade guide at the following URL"
- eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
- eerror ""
-
- retval=1
- fi
-
- if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
- eerror ""
- eerror "Your current setup is using one or more of the following modules,"
- eerror "that are not built or supported anymore:"
- eerror "pam_pwdb, pam_console"
- eerror "If you are in real need for these modules, please contact the maintainers"
- eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
- eerror "use cases."
- eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
- eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
- eerror ""
-
- retval=1
- fi
-
- return $retval
-}
-
-pkg_pretend() {
- # do not error out, this is just a warning, one could build a binpkg
- # with old modules enabled.
- check_old_modules
-}
-
-src_prepare() {
- epatch "${FILESDIR}"/${PN}-1.1.8-doc-install.patch #473650
- epatch "${FILESDIR}"/${PN}-1.1.8-fix-compat.patch
- epatch "${FILESDIR}"/${PN}-1.1.8-innetgr.patch
-
- # disable insecure modules (musl-libc doesn't implement the functions anyway)
- use elibc_musl && sed -e 's/pam_rhosts//g' -i modules/Makefile.am modules/Makefile.in
- elibtoolize
-}
-
-multilib_src_configure() {
- # Disable automatic detection of libxcrypt; we _don't_ want the
- # user to link libxcrypt in by default, since we won't track the
- # dependency and allow to break PAM this way.
- export ac_cv_header_xcrypt_h=no
-
- # Disable automatic detection of libcrypt
- use elibc_musl && export ac_cv_search_crypt=no
-
- local myconf=(
- --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html
- --libdir="${EPREFIX}"/usr/$(get_libdir) \
- --enable-securedir="${EPREFIX}"/$(get_libdir)/security
- --enable-isadir="${EPREFIX}"/$(get_libdir)/security
- $(use_enable nls)
- $(use_enable selinux)
- $(use_enable cracklib)
- $(use_enable audit)
- $(use_enable debug)
- $(use_enable berkdb db)
- $(use_enable nis)
- --with-db-uniquename=-$(db_findver sys-libs/db)
- --disable-prelude
- )
-
- if use hppa || use elibc_FreeBSD; then
- myconf+=( --disable-pie )
- fi
-
- ECONF_SOURCE=${S} \
- econf "${myconf[@]}"
-}
-
-multilib_src_compile() {
- emake sepermitlockdir="${EPREFIX}/run/sepermit"
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install \
- sepermitlockdir="${EPREFIX}/run/sepermit"
-
- local prefix
- if multilib_is_native_abi; then
- prefix=
- gen_usr_ldscript -a pam pamc pam_misc
- else
- prefix=/usr
- fi
-
- # create extra symlinks just in case something depends on them...
- local lib
- for lib in pam pamc pam_misc; do
- if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
- dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
- fi
- done
-}
-
-DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
-
-multilib_src_install_all() {
- einstalldocs
- prune_libtool_files --all
-
- # Need to be suid
- fperms u+s /sbin/unix_chkpwd
-
- docinto modules
- for dir in modules/pam_*; do
- newdoc "${dir}"/README README."$(basename "${dir}")"
- done
-
- if use selinux; then
- dodir /usr/lib/tmpfiles.d
- cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
-d /run/sepermit 0755 root root
-EOF
- fi
-}
-
-pkg_preinst() {
- check_old_modules || die "deprecated PAM modules still used"
-}
-
-pkg_postinst() {
- ewarn "Some software with pre-loaded PAM libraries might experience"
- ewarn "warnings or failures related to missing symbols and/or versions"
- ewarn "after any update. While unfortunate this is a limit of the"
- ewarn "implementation of PAM and the software, and it requires you to"
- ewarn "restart the software manually after the update."
- ewarn ""
- ewarn "You can get a list of such software running a command like"
- ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
- ewarn ""
- ewarn "Alternatively, simply reboot your system."
- if [[ -x "${EROOT}"/var/log/tallylog ]] ; then
- elog ""
- elog "Because of a bug present up to version 1.1.1-r2, you have"
- elog "an executable /var/log/tallylog file. You can safely"
- elog "correct it by running the command"
- elog " chmod -x /var/log/tallylog"
- elog ""
- fi
-}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] proj/musl:master commit in: sys-libs/pam/files/, sys-libs/pam/
@ 2019-04-10 6:19 Jory Pratt
0 siblings, 0 replies; 3+ messages in thread
From: Jory Pratt @ 2019-04-10 6:19 UTC (permalink / raw
To: gentoo-commits
commit: 0d8d83d97f4cd4167b00e6e6dba25010e3daf8cb
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 10 06:19:32 2019 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Wed Apr 10 06:19:32 2019 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=0d8d83d9
sys-libs/pam: add update to match current tree
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
sys-libs/pam/Manifest | 1 +
sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch | 46 +++++++
.../files/pam-1.3.1-include-sys_resource_h.patch | 24 ++++
.../pam/files/pam-1.3.1-portability-fixes.patch | 61 ++++++++++
sys-libs/pam/files/pam-remove-browsers.patch | 34 ++++++
sys-libs/pam/pam-1.3.1-r1.ebuild | 133 +++++++++++++++++++++
6 files changed, 299 insertions(+)
diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
index 46204f5..bfa0f21 100644
--- a/sys-libs/pam/Manifest
+++ b/sys-libs/pam/Manifest
@@ -2,3 +2,4 @@ DIST Linux-PAM-1.2.0-docs.tar.bz2 490586 SHA256 3bc9ae398f759e372dbf4065ceed2df8
DIST Linux-PAM-1.2.1.tar.bz2 1279523 SHA256 342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 SHA512 4572aa1eaf5a1312410c74b5ed055b2592c5efe2bb82f59981da4e9e93555ad40aee3a89f446d9dc6c6af79efc04c33f739f66db9edc07e02479475a14e426da WHIRLPOOL 562917945b3b3a407955cc5bf5cd251ff7e257a94055d7cfbf06d5c2619b58d61624f16848de3512ddf61636ad8618315de3f7bd8e4e51b3b7d109adfa212c8a
DIST Linux-PAM-1.3.0-docs.tar.bz2 492805 BLAKE2B 1dd48f65ae76e0d4d2c02664f9a2adac127604a7552ff70c378323a0de8141445332430205946823097170edf217122196ea03ae665284751fed3748d9f8ac3d SHA512 b6b8497e6a4307b3f9a2af1c74456a0577b848cbc5417fb88fabe305b67ca022a6bcf632d68faaaacc701cdcf6254ec196707551a1ea70985cdde6add68bbbfe
DIST Linux-PAM-1.3.0.tar.bz2 1302820 BLAKE2B 0ed5553308e8bc4bef91746a1c79db41bf5f0a48a31796d5a13819387c0a04d553efa210435273ad8565d0a53f354817bc3e0f254e35a5e75b7b7b586cad5d16 SHA512 4a89ca4b6f4676107aca4018f7c11addf03495266b209cb11c913f8b5d191d9a1f72197715dcf2a69216b4036de88780bcbbb5a8652e386910d71ba1b6282e42
+DIST pam-1.3.1.tar.gz 749997 BLAKE2B 3b44c41daaa5810c53e3e2baeac1ab58463768fde433f874b9bd09c7c28cfd55e0f227c9a0c318e66444a3adb23c112a2db32d5c7211b07c84c2d4600a47ca5c SHA512 0c5019493b2ac42180ee9c4974a51329a2395a44f5f892c1ca567ec9b43cc3a9bce0212861d4dfb82eb236c5eaa682b27189ce672ed6cafa37d8801d059a944d
diff --git a/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch b/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch
new file mode 100644
index 0000000..f2205ca
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch
@@ -0,0 +1,46 @@
+From a43725b6f6a9748e5fdb91384bce360eab36ebde Mon Sep 17 00:00:00 2001
+From:
+Date: Wed, 10 Apr 2019 00:45:01 -0500
+Subject: [PATCH 1/3] Fix pam exec on musl
+
+---
+ modules/pam_exec/pam_exec.c | 9 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
+index 52dc681..3f70ea1 100644
+--- a/modules/pam_exec/pam_exec.c
++++ b/modules/pam_exec/pam_exec.c
+@@ -103,11 +103,14 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
+ int optargc;
+ const char *logfile = NULL;
+ const char *authtok = NULL;
++ char authtok_buf[PAM_MAX_RESP_SIZE+1];
++
+ pid_t pid;
+ int fds[2];
+ int stdout_fds[2];
+ FILE *stdout_file = NULL;
+
++ memset(authtok_buf, 0, sizeof(authtok_buf));
+ if (argc < 1) {
+ pam_syslog (pamh, LOG_ERR,
+ "This module needs at least one argument");
+@@ -180,12 +183,12 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
+ if (resp)
+ {
+ pam_set_item (pamh, PAM_AUTHTOK, resp);
+- authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
++ authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf));
+ _pam_drop (resp);
+ }
+ }
+ else
+- authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
++ authtok = strncpy(authtok_buf, void_pass, sizeof(authtok_buf));
+
+ if (pipe(fds) != 0)
+ {
+--
+2.21.0
+
diff --git a/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch b/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch
new file mode 100644
index 0000000..6336988
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch
@@ -0,0 +1,24 @@
+From 523562d2c1a485fc60fe4cb5c2c02c5654c47097 Mon Sep 17 00:00:00 2001
+From:
+Date: Wed, 10 Apr 2019 00:45:56 -0500
+Subject: [PATCH 2/3] include sys/resource.h for RLIMIT_NOFILE
+
+---
+ modules/pam_unix/pam_unix_acct.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
+index 8833114..eeab34e 100644
+--- a/modules/pam_unix/pam_unix_acct.c
++++ b/modules/pam_unix/pam_unix_acct.c
+@@ -48,6 +48,7 @@
+ #include <time.h> /* for time() */
+ #include <errno.h>
+ #include <sys/wait.h>
++#include <sys/resource.h> /* for RLIMIT_NOFILE */
+
+ #include <security/_pam_macros.h>
+
+--
+2.21.0
+
diff --git a/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch b/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch
new file mode 100644
index 0000000..d03e5e4
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch
@@ -0,0 +1,61 @@
+From acee004471a6c65b3fdccd8e485ff7ab58da7df4 Mon Sep 17 00:00:00 2001
+From:
+Date: Wed, 10 Apr 2019 00:48:19 -0500
+Subject: [PATCH 3/3] add portability for non glibc systems
+
+---
+ modules/pam_lastlog/pam_lastlog.c | 5 +++++
+ modules/pam_rhosts/pam_rhosts.c | 4 +++-
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
+index 1a796b9..bd609bb 100644
+--- a/modules/pam_lastlog/pam_lastlog.c
++++ b/modules/pam_lastlog/pam_lastlog.c
+@@ -26,6 +26,7 @@
+ #include <sys/types.h>
+ #include <syslog.h>
+ #include <unistd.h>
++#include <paths.h>
+
+ #if defined(hpux) || defined(sunos) || defined(solaris)
+ # ifndef _PATH_LASTLOG
+@@ -403,7 +404,9 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd,
+
+ if (announce & LASTLOG_WTMP) {
+ /* write wtmp entry for user */
++#ifdef HAVE_LOGWTMP
+ logwtmp(last_login.ll_line, user, remote_host);
++#endif
+ }
+
+ /* cleanup */
+@@ -714,7 +717,9 @@ pam_sm_close_session (pam_handle_t *pamh, int flags,
+ terminal_line = get_tty(pamh);
+
+ /* Wipe out utmp logout entry */
++#ifdef HAVE_LOGWTMP
+ logwtmp(terminal_line, "", "");
++#endif
+
+ return PAM_SUCCESS;
+ }
+diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c
+index ed98d63..b33f342 100644
+--- a/modules/pam_rhosts/pam_rhosts.c
++++ b/modules/pam_rhosts/pam_rhosts.c
+@@ -112,8 +112,10 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,
+
+ #ifdef HAVE_RUSEROK_AF
+ retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC);
+-#else
++#elif HAVE_RUSEROK
+ retval = ruserok (rhost, as_root, ruser, luser);
++#else
++ retval = 1;
+ #endif
+ if (retval != 0) {
+ if (!opt_silent || opt_debug)
+--
+2.21.0
+
diff --git a/sys-libs/pam/files/pam-remove-browsers.patch b/sys-libs/pam/files/pam-remove-browsers.patch
new file mode 100644
index 0000000..7e3ae99
--- /dev/null
+++ b/sys-libs/pam/files/pam-remove-browsers.patch
@@ -0,0 +1,34 @@
+From baadfdc644fcb88170c358c449a731520e1747a5 Mon Sep 17 00:00:00 2001
+From: Mikle Kolyada <zlogene@gentoo.org>
+Date: Mon, 1 Oct 2018 23:12:08 +0300
+Subject: [PATCH] configure.ac remobe browser logic for DocBook
+
+---
+ configure.ac | 11 -----------
+ 1 file changed, 11 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 3012ceb..e7e7dac 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -554,17 +554,6 @@ JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.4//EN],
+ JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
+ [DocBook XSL Stylesheets], [], enable_docu=no)
+
+-AC_PATH_PROG([BROWSER], [w3m])
+-if test ! -z "$BROWSER"; then
+- BROWSER="$BROWSER -T text/html -dump"
+-else
+- AC_PATH_PROG([BROWSER], [elinks])
+- if test ! -z "$BROWSER"; then
+- BROWSER="$BROWSER -no-numbering -no-references -dump"
+- else
+- enable_docu=no
+- fi
+-fi
+
+ AC_PATH_PROG([FO2PDF], [fop])
+
+--
+2.16.4
+
diff --git a/sys-libs/pam/pam-1.3.1-r1.ebuild b/sys-libs/pam/pam-1.3.1-r1.ebuild
new file mode 100644
index 0000000..7f43ea6
--- /dev/null
+++ b/sys-libs/pam/pam-1.3.1-r1.ebuild
@@ -0,0 +1,133 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools db-use fcaps multilib-minimal toolchain-funcs
+
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+HOMEPAGE="https://github.com/linux-pam/linux-pam"
+SRC_URI="https://github.com/linux-pam/linux-pam/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="audit berkdb +cracklib debug nis nls +pie selinux static-libs"
+
+BDEPEND="app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xml-dtd:4.3
+ app-text/docbook-xml-dtd:4.4
+ app-text/docbook-xml-dtd:4.5
+ dev-libs/libxslt
+ sys-devel/flex
+ virtual/pkgconfig[${MULTILIB_USEDEP}]
+ nls? ( sys-devel/gettext )"
+DEPEND="
+ audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+ berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
+ cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
+ selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+ nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )
+ nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )"
+RDEPEND="${DEPEND}
+ !sys-auth/openpam
+ !sys-auth/pam_userdb"
+
+PDEPEND="sys-auth/pambase"
+
+S="${WORKDIR}/linux-${P}"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-remove-browsers.patch"
+ "${FILESDIR}/${PN}-1.3.1-fix-pam-exec.patch"
+ "${FILESDIR}/${PN}-1.3.1-include-sys_resource_h.patch"
+ "${FILESDIR}/${PN}-1.3.1-portability-fixes.patch"
+)
+
+src_prepare() {
+ default
+ touch ChangeLog || die
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # Do not let user's BROWSER setting mess us up. #549684
+ unset BROWSER
+
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+
+ export ac_cv_header_xcrypt_h=no
+
+ local myconf=(
+ --with-db-uniquename=-$(db_findver sys-libs/db)
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security
+ --libdir=/usr/$(get_libdir)
+ --disable-prelude
+ $(use_enable audit)
+ $(use_enable berkdb db)
+ $(use_enable cracklib)
+ $(use_enable debug)
+ $(use_enable nis)
+ $(use_enable nls)
+ $(use_enable pie)
+ $(use_enable selinux)
+ $(use_enable static-libs static)
+ --enable-isadir='.' #464016
+ )
+ ECONF_SOURCE="${S}" econf ${myconf[@]}
+}
+
+multilib_src_compile() {
+ emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="${EPREFIX}/run/sepermit"
+
+ local prefix
+ if multilib_is_native_abi; then
+ prefix=
+ gen_usr_ldscript -a pam pamc pam_misc
+ else
+ prefix=/usr
+ fi
+
+ # create extra symlinks just in case something depends on them...
+ local lib
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+}
+
+multilib_src_install_all() {
+ find "${ED}" -type f -name '*.la' -delete || die
+
+ if use selinux; then
+ dodir /usr/lib/tmpfiles.d
+ cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+ fi
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+
+ # The pam_unix module needs to check the password of the user which requires
+ # read access to /etc/shadow only.
+ fcaps cap_dac_override sbin/unix_chkpwd
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-04-10 6:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-04-10 6:19 [gentoo-commits] proj/musl:master commit in: sys-libs/pam/files/, sys-libs/pam/ Jory Pratt
-- strict thread matches above, loose matches on Subject: below --
2016-07-15 5:35 Anthony G. Basile
2016-01-05 1:50 Jory Pratt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox