[gentoo-commits] proj/musl:master commit in: sys-libs/pam/files/, sys-libs/pam/ - gentoo-commits

From:	Jory Pratt <anarchy@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/musl:master commit in: sys-libs/pam/files/, sys-libs/pam/
Date:	Wed, 10 Apr 2019 06:20:03
Message-Id:	`1554877172.0d8d83d97f4cd4167b00e6e6dba25010e3daf8cb.anarchy@gentoo`

1

commit:     0d8d83d97f4cd4167b00e6e6dba25010e3daf8cb

2

Author:     Jory Pratt <anarchy <AT> gentoo <DOT> org>

3

AuthorDate: Wed Apr 10 06:19:32 2019 +0000

4

Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>

5

CommitDate: Wed Apr 10 06:19:32 2019 +0000

6

URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=0d8d83d9

7

8

sys-libs/pam: add update to match current tree

9

10

Package-Manager: Portage-2.3.62, Repoman-2.3.12

11

Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>

12

13

 sys-libs/pam/Manifest                              |   1 +

14

 sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch    |  46 +++++++

15

 .../files/pam-1.3.1-include-sys_resource_h.patch   |  24 ++++

16

 .../pam/files/pam-1.3.1-portability-fixes.patch    |  61 ++++++++++

17

 sys-libs/pam/files/pam-remove-browsers.patch       |  34 ++++++

18

 sys-libs/pam/pam-1.3.1-r1.ebuild                   | 133 +++++++++++++++++++++

19

 6 files changed, 299 insertions(+)

20

21

diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest

22

index 46204f5..bfa0f21 100644

23

--- a/sys-libs/pam/Manifest

24

+++ b/sys-libs/pam/Manifest

25

@@ -2,3 +2,4 @@ DIST Linux-PAM-1.2.0-docs.tar.bz2 490586 SHA256 3bc9ae398f759e372dbf4065ceed2df8

26

 DIST Linux-PAM-1.2.1.tar.bz2 1279523 SHA256 342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 SHA512 4572aa1eaf5a1312410c74b5ed055b2592c5efe2bb82f59981da4e9e93555ad40aee3a89f446d9dc6c6af79efc04c33f739f66db9edc07e02479475a14e426da WHIRLPOOL 562917945b3b3a407955cc5bf5cd251ff7e257a94055d7cfbf06d5c2619b58d61624f16848de3512ddf61636ad8618315de3f7bd8e4e51b3b7d109adfa212c8a

27

 DIST Linux-PAM-1.3.0-docs.tar.bz2 492805 BLAKE2B 1dd48f65ae76e0d4d2c02664f9a2adac127604a7552ff70c378323a0de8141445332430205946823097170edf217122196ea03ae665284751fed3748d9f8ac3d SHA512 b6b8497e6a4307b3f9a2af1c74456a0577b848cbc5417fb88fabe305b67ca022a6bcf632d68faaaacc701cdcf6254ec196707551a1ea70985cdde6add68bbbfe

28

 DIST Linux-PAM-1.3.0.tar.bz2 1302820 BLAKE2B 0ed5553308e8bc4bef91746a1c79db41bf5f0a48a31796d5a13819387c0a04d553efa210435273ad8565d0a53f354817bc3e0f254e35a5e75b7b7b586cad5d16 SHA512 4a89ca4b6f4676107aca4018f7c11addf03495266b209cb11c913f8b5d191d9a1f72197715dcf2a69216b4036de88780bcbbb5a8652e386910d71ba1b6282e42

29

+DIST pam-1.3.1.tar.gz 749997 BLAKE2B 3b44c41daaa5810c53e3e2baeac1ab58463768fde433f874b9bd09c7c28cfd55e0f227c9a0c318e66444a3adb23c112a2db32d5c7211b07c84c2d4600a47ca5c SHA512 0c5019493b2ac42180ee9c4974a51329a2395a44f5f892c1ca567ec9b43cc3a9bce0212861d4dfb82eb236c5eaa682b27189ce672ed6cafa37d8801d059a944d

30

31

diff --git a/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch b/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch

32

new file mode 100644

33

index 0000000..f2205ca

34

--- /dev/null

35

+++ b/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch

36

@@ -0,0 +1,46 @@

37

+From a43725b6f6a9748e5fdb91384bce360eab36ebde Mon Sep 17 00:00:00 2001

38

+From: 

39

+Date: Wed, 10 Apr 2019 00:45:01 -0500

40

+Subject: [PATCH 1/3] Fix pam exec on musl

41

+

42

+---

43

+ modules/pam_exec/pam_exec.c | 9 +++++--

44

+ 1 file changed, 5 insertions(+), 2 deletions(-)

45

+

46

+diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c

47

+index 52dc681..3f70ea1 100644

48

+--- a/modules/pam_exec/pam_exec.c

49

++++ b/modules/pam_exec/pam_exec.c

50

+@@ -103,11 +103,14 @@ call_exec (const char *pam_type, pam_handle_t *pamh,

51

+   int optargc;

52

+   const char *logfile = NULL;

53

+   const char *authtok = NULL;

54

++  char authtok_buf[PAM_MAX_RESP_SIZE+1];

55

++

56

+   pid_t pid;

57

+   int fds[2];

58

+   int stdout_fds[2];

59

+   FILE *stdout_file = NULL;

60

+

61

++  memset(authtok_buf, 0, sizeof(authtok_buf));

62

+   if (argc < 1) {

63

+     pam_syslog (pamh, LOG_ERR,

64

+ 		"This module needs at least one argument");

65

+@@ -180,12 +183,12 @@ call_exec (const char *pam_type, pam_handle_t *pamh,

66

+ 	      if (resp)

67

+ 		{

68

+ 		  pam_set_item (pamh, PAM_AUTHTOK, resp);

69

+-		  authtok = strndupa (resp, PAM_MAX_RESP_SIZE);

70

++		  authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf));

71

+ 		  _pam_drop (resp);

72

+ 		}

73

+ 	    }

74

+ 	  else

75

+-	    authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);

76

++	    authtok = strncpy(authtok_buf, void_pass, sizeof(authtok_buf));

77

+

78

+ 	  if (pipe(fds) != 0)

79

+ 	    {

80

+--

81

+2.21.0

82

+

83

84

diff --git a/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch b/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch

85

new file mode 100644

86

index 0000000..6336988

87

--- /dev/null

88

+++ b/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch

89

@@ -0,0 +1,24 @@

90

+From 523562d2c1a485fc60fe4cb5c2c02c5654c47097 Mon Sep 17 00:00:00 2001

91

+From: 

92

+Date: Wed, 10 Apr 2019 00:45:56 -0500

93

+Subject: [PATCH 2/3] include sys/resource.h for RLIMIT_NOFILE

94

+

95

+---

96

+ modules/pam_unix/pam_unix_acct.c | 1 +

97

+ 1 file changed, 1 insertion(+)

98

+

99

+diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c

100

+index 8833114..eeab34e 100644

101

+--- a/modules/pam_unix/pam_unix_acct.c

102

++++ b/modules/pam_unix/pam_unix_acct.c

103

+@@ -48,6 +48,7 @@

104

+ #include <time.h>		/* for time() */

105

+ #include <errno.h>

106

+ #include <sys/wait.h>

107

++#include <sys/resource.h>	/* for RLIMIT_NOFILE */

108

+

109

+ #include <security/_pam_macros.h>

110

+

111

+--

112

+2.21.0

113

+

114

115

diff --git a/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch b/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch

116

new file mode 100644

117

index 0000000..d03e5e4

118

--- /dev/null

119

+++ b/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch

120

@@ -0,0 +1,61 @@

121

+From acee004471a6c65b3fdccd8e485ff7ab58da7df4 Mon Sep 17 00:00:00 2001

122

+From: 

123

+Date: Wed, 10 Apr 2019 00:48:19 -0500

124

+Subject: [PATCH 3/3] add portability for non glibc systems

125

+

126

+---

127

+ modules/pam_lastlog/pam_lastlog.c | 5 +++++

128

+ modules/pam_rhosts/pam_rhosts.c   | 4 +++-

129

+ 2 files changed, 8 insertions(+), 1 deletion(-)

130

+

131

+diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c

132

+index 1a796b9..bd609bb 100644

133

+--- a/modules/pam_lastlog/pam_lastlog.c

134

++++ b/modules/pam_lastlog/pam_lastlog.c

135

+@@ -26,6 +26,7 @@

136

+ #include <sys/types.h>

137

+ #include <syslog.h>

138

+ #include <unistd.h>

139

++#include <paths.h>

140

+

141

+ #if defined(hpux) || defined(sunos) || defined(solaris)

142

+ # ifndef _PATH_LASTLOG

143

+@@ -403,7 +404,9 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd,

144

+

145

+     if (announce & LASTLOG_WTMP) {

146

+ 	/* write wtmp entry for user */

147

++#ifdef HAVE_LOGWTMP

148

+ 	logwtmp(last_login.ll_line, user, remote_host);

149

++#endif

150

+     }

151

+

152

+     /* cleanup */

153

+@@ -714,7 +717,9 @@ pam_sm_close_session (pam_handle_t *pamh, int flags,

154

+     terminal_line = get_tty(pamh);

155

+

156

+     /* Wipe out utmp logout entry */

157

++#ifdef HAVE_LOGWTMP

158

+     logwtmp(terminal_line, "", "");

159

++#endif

160

+

161

+     return PAM_SUCCESS;

162

+ }

163

+diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c

164

+index ed98d63..b33f342 100644

165

+--- a/modules/pam_rhosts/pam_rhosts.c

166

++++ b/modules/pam_rhosts/pam_rhosts.c

167

+@@ -112,8 +112,10 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,

168

+

169

+ #ifdef HAVE_RUSEROK_AF

170

+     retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC);

171

+-#else

172

++#elif HAVE_RUSEROK

173

+     retval = ruserok (rhost, as_root, ruser, luser);

174

++#else

175

++    retval = 1;

176

+ #endif

177

+     if (retval != 0) {

178

+       if (!opt_silent || opt_debug)

179

+--

180

+2.21.0

181

+

182

183

diff --git a/sys-libs/pam/files/pam-remove-browsers.patch b/sys-libs/pam/files/pam-remove-browsers.patch

184

new file mode 100644

185

index 0000000..7e3ae99

186

--- /dev/null

187

+++ b/sys-libs/pam/files/pam-remove-browsers.patch

188

@@ -0,0 +1,34 @@

189

+From baadfdc644fcb88170c358c449a731520e1747a5 Mon Sep 17 00:00:00 2001

190

+From: Mikle Kolyada <zlogene@g.o>

191

+Date: Mon, 1 Oct 2018 23:12:08 +0300

192

+Subject: [PATCH] configure.ac remobe browser logic for DocBook

193

+

194

+---

195

+ configure.ac | 11 -----------

196

+ 1 file changed, 11 deletions(-)

197

+

198

+diff --git a/configure.ac b/configure.ac

199

+index 3012ceb..e7e7dac 100644

200

+--- a/configure.ac

201

++++ b/configure.ac

202

+@@ -554,17 +554,6 @@ JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.4//EN],

203

+ JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],

204

+                 [DocBook XSL Stylesheets], [], enable_docu=no)

205

+

206

+-AC_PATH_PROG([BROWSER], [w3m])

207

+-if test ! -z "$BROWSER"; then

208

+-     BROWSER="$BROWSER -T text/html -dump"

209

+-else

210

+-     AC_PATH_PROG([BROWSER], [elinks])

211

+-     if test ! -z "$BROWSER"; then

212

+-          BROWSER="$BROWSER -no-numbering -no-references -dump"

213

+-     else

214

+-          enable_docu=no

215

+-     fi

216

+-fi

217

+

218

+ AC_PATH_PROG([FO2PDF], [fop])

219

+

220

+--

221

+2.16.4

222

+

223

224

diff --git a/sys-libs/pam/pam-1.3.1-r1.ebuild b/sys-libs/pam/pam-1.3.1-r1.ebuild

225

new file mode 100644

226

index 0000000..7f43ea6

227

--- /dev/null

228

+++ b/sys-libs/pam/pam-1.3.1-r1.ebuild

229

@@ -0,0 +1,133 @@

230

+# Copyright 1999-2019 Gentoo Authors

231

+# Distributed under the terms of the GNU General Public License v2

232

+

233

+EAPI=7

234

+

235

+inherit autotools db-use fcaps multilib-minimal toolchain-funcs

236

+

237

+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"

238

+HOMEPAGE="https://github.com/linux-pam/linux-pam"

239

+SRC_URI="https://github.com/linux-pam/linux-pam/archive/v${PV}.tar.gz -> ${P}.tar.gz"

240

+

241

+LICENSE="|| ( BSD GPL-2 )"

242

+SLOT="0"

243

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"

244

+IUSE="audit berkdb +cracklib debug nis nls +pie selinux static-libs"

245

+

246

+BDEPEND="app-text/docbook-xml-dtd:4.1.2

247

+	app-text/docbook-xml-dtd:4.3

248

+	app-text/docbook-xml-dtd:4.4

249

+	app-text/docbook-xml-dtd:4.5

250

+	dev-libs/libxslt

251

+	sys-devel/flex

252

+	virtual/pkgconfig[${MULTILIB_USEDEP}]

253

+	nls? ( sys-devel/gettext )"

254

+DEPEND="

255

+	audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )

256

+	berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )

257

+	cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )

258

+	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )

259

+	nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )

260

+	nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )"

261

+RDEPEND="${DEPEND}

262

+	!sys-auth/openpam

263

+	!sys-auth/pam_userdb"

264

+

265

+PDEPEND="sys-auth/pambase"

266

+

267

+S="${WORKDIR}/linux-${P}"

268

+

269

+PATCHES=(

270

+	"${FILESDIR}/${PN}-remove-browsers.patch"

271

+	"${FILESDIR}/${PN}-1.3.1-fix-pam-exec.patch"

272

+	"${FILESDIR}/${PN}-1.3.1-include-sys_resource_h.patch"

273

+	"${FILESDIR}/${PN}-1.3.1-portability-fixes.patch"

274

+)

275

+

276

+src_prepare() {

277

+	default

278

+	touch ChangeLog || die

279

+	eautoreconf

280

+}

281

+

282

+multilib_src_configure() {

283

+	# Do not let user's BROWSER setting mess us up. #549684

284

+	unset BROWSER

285

+

286

+	# Disable automatic detection of libxcrypt; we _don't_ want the

287

+	# user to link libxcrypt in by default, since we won't track the

288

+	# dependency and allow to break PAM this way.

289

+

290

+	export ac_cv_header_xcrypt_h=no

291

+

292

+	local myconf=(

293

+		--with-db-uniquename=-$(db_findver sys-libs/db)

294

+		--enable-securedir="${EPREFIX}"/$(get_libdir)/security

295

+		--libdir=/usr/$(get_libdir)

296

+		--disable-prelude

297

+		$(use_enable audit)

298

+		$(use_enable berkdb db)

299

+		$(use_enable cracklib)

300

+		$(use_enable debug)

301

+		$(use_enable nis)

302

+		$(use_enable nls)

303

+		$(use_enable pie)

304

+		$(use_enable selinux)

305

+		$(use_enable static-libs static)

306

+		--enable-isadir='.' #464016

307

+		)

308

+	ECONF_SOURCE="${S}" econf ${myconf[@]}

309

+}

310

+

311

+multilib_src_compile() {

312

+	emake sepermitlockdir="${EPREFIX}/run/sepermit"

313

+}

314

+

315

+multilib_src_install() {

316

+	emake DESTDIR="${D}" install \

317

+		sepermitlockdir="${EPREFIX}/run/sepermit"

318

+

319

+	local prefix

320

+	if multilib_is_native_abi; then

321

+		prefix=

322

+		gen_usr_ldscript -a pam pamc pam_misc

323

+	else

324

+		prefix=/usr

325

+	fi

326

+

327

+	# create extra symlinks just in case something depends on them...

328

+	local lib

329

+	for lib in pam pamc pam_misc; do

330

+		if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then

331

+			dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)

332

+		fi

333

+	done

334

+}

335

+

336

+multilib_src_install_all() {

337

+	find "${ED}" -type f -name '*.la' -delete || die

338

+

339

+	if use selinux; then

340

+		dodir /usr/lib/tmpfiles.d

341

+		cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF

342

+d /run/sepermit 0755 root root

343

+EOF

344

+	fi

345

+}

346

+

347

+pkg_postinst() {

348

+	ewarn "Some software with pre-loaded PAM libraries might experience"

349

+	ewarn "warnings or failures related to missing symbols and/or versions"

350

+	ewarn "after any update. While unfortunate this is a limit of the"

351

+	ewarn "implementation of PAM and the software, and it requires you to"

352

+	ewarn "restart the software manually after the update."

353

+	ewarn ""

354

+	ewarn "You can get a list of such software running a command like"

355

+	ewarn "  lsof / | egrep -i 'del.*libpam\\.so'"

356

+	ewarn ""

357

+	ewarn "Alternatively, simply reboot your system."

358

+

359

+	# The pam_unix module needs to check the password of the user which requires

360

+	# read access to /etc/shadow only.

361

+	fcaps cap_dac_override sbin/unix_chkpwd

362

+}

1	commit: 0d8d83d97f4cd4167b00e6e6dba25010e3daf8cb
2	Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
3	AuthorDate: Wed Apr 10 06:19:32 2019 +0000
4	Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
5	CommitDate: Wed Apr 10 06:19:32 2019 +0000
6	URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=0d8d83d9
7
8	sys-libs/pam: add update to match current tree
9
10	Package-Manager: Portage-2.3.62, Repoman-2.3.12
11	Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
12
13	sys-libs/pam/Manifest \| 1 +
14	sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch \| 46 +++++++
15	.../files/pam-1.3.1-include-sys_resource_h.patch \| 24 ++++
16	.../pam/files/pam-1.3.1-portability-fixes.patch \| 61 ++++++++++
17	sys-libs/pam/files/pam-remove-browsers.patch \| 34 ++++++
18	sys-libs/pam/pam-1.3.1-r1.ebuild \| 133 +++++++++++++++++++++
19	6 files changed, 299 insertions(+)
20
21	diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
22	index 46204f5..bfa0f21 100644
23	--- a/sys-libs/pam/Manifest
24	+++ b/sys-libs/pam/Manifest
25	@@ -2,3 +2,4 @@ DIST Linux-PAM-1.2.0-docs.tar.bz2 490586 SHA256 3bc9ae398f759e372dbf4065ceed2df8
26	DIST Linux-PAM-1.2.1.tar.bz2 1279523 SHA256 342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 SHA512 4572aa1eaf5a1312410c74b5ed055b2592c5efe2bb82f59981da4e9e93555ad40aee3a89f446d9dc6c6af79efc04c33f739f66db9edc07e02479475a14e426da WHIRLPOOL 562917945b3b3a407955cc5bf5cd251ff7e257a94055d7cfbf06d5c2619b58d61624f16848de3512ddf61636ad8618315de3f7bd8e4e51b3b7d109adfa212c8a
27	DIST Linux-PAM-1.3.0-docs.tar.bz2 492805 BLAKE2B 1dd48f65ae76e0d4d2c02664f9a2adac127604a7552ff70c378323a0de8141445332430205946823097170edf217122196ea03ae665284751fed3748d9f8ac3d SHA512 b6b8497e6a4307b3f9a2af1c74456a0577b848cbc5417fb88fabe305b67ca022a6bcf632d68faaaacc701cdcf6254ec196707551a1ea70985cdde6add68bbbfe
28	DIST Linux-PAM-1.3.0.tar.bz2 1302820 BLAKE2B 0ed5553308e8bc4bef91746a1c79db41bf5f0a48a31796d5a13819387c0a04d553efa210435273ad8565d0a53f354817bc3e0f254e35a5e75b7b7b586cad5d16 SHA512 4a89ca4b6f4676107aca4018f7c11addf03495266b209cb11c913f8b5d191d9a1f72197715dcf2a69216b4036de88780bcbbb5a8652e386910d71ba1b6282e42
29	+DIST pam-1.3.1.tar.gz 749997 BLAKE2B 3b44c41daaa5810c53e3e2baeac1ab58463768fde433f874b9bd09c7c28cfd55e0f227c9a0c318e66444a3adb23c112a2db32d5c7211b07c84c2d4600a47ca5c SHA512 0c5019493b2ac42180ee9c4974a51329a2395a44f5f892c1ca567ec9b43cc3a9bce0212861d4dfb82eb236c5eaa682b27189ce672ed6cafa37d8801d059a944d
30
31	diff --git a/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch b/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch
32	new file mode 100644
33	index 0000000..f2205ca
34	--- /dev/null
35	+++ b/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch
36	@@ -0,0 +1,46 @@
37	+From a43725b6f6a9748e5fdb91384bce360eab36ebde Mon Sep 17 00:00:00 2001
38	+From:
39	+Date: Wed, 10 Apr 2019 00:45:01 -0500
40	+Subject: [PATCH 1/3] Fix pam exec on musl
41	+
42	+---
43	+ modules/pam_exec/pam_exec.c \| 9 +++++--
44	+ 1 file changed, 5 insertions(+), 2 deletions(-)
45	+
46	+diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
47	+index 52dc681..3f70ea1 100644
48	+--- a/modules/pam_exec/pam_exec.c
49	++++ b/modules/pam_exec/pam_exec.c
50	+@@ -103,11 +103,14 @@ call_exec (const char pam_type, pam_handle_t pamh,
51	+ int optargc;
52	+ const char *logfile = NULL;
53	+ const char *authtok = NULL;
54	++ char authtok_buf[PAM_MAX_RESP_SIZE+1];
55	++
56	+ pid_t pid;
57	+ int fds[2];
58	+ int stdout_fds[2];
59	+ FILE *stdout_file = NULL;
60	+
61	++ memset(authtok_buf, 0, sizeof(authtok_buf));
62	+ if (argc < 1) {
63	+ pam_syslog (pamh, LOG_ERR,
64	+ "This module needs at least one argument");
65	+@@ -180,12 +183,12 @@ call_exec (const char pam_type, pam_handle_t pamh,
66	+ if (resp)
67	+ {
68	+ pam_set_item (pamh, PAM_AUTHTOK, resp);
69	+- authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
70	++ authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf));
71	+ _pam_drop (resp);
72	+ }
73	+ }
74	+ else
75	+- authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
76	++ authtok = strncpy(authtok_buf, void_pass, sizeof(authtok_buf));
77	+
78	+ if (pipe(fds) != 0)
79	+ {
80	+--
81	+2.21.0
82	+
83
84	diff --git a/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch b/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch
85	new file mode 100644
86	index 0000000..6336988
87	--- /dev/null
88	+++ b/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch
89	@@ -0,0 +1,24 @@
90	+From 523562d2c1a485fc60fe4cb5c2c02c5654c47097 Mon Sep 17 00:00:00 2001
91	+From:
92	+Date: Wed, 10 Apr 2019 00:45:56 -0500
93	+Subject: [PATCH 2/3] include sys/resource.h for RLIMIT_NOFILE
94	+
95	+---
96	+ modules/pam_unix/pam_unix_acct.c \| 1 +
97	+ 1 file changed, 1 insertion(+)
98	+
99	+diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
100	+index 8833114..eeab34e 100644
101	+--- a/modules/pam_unix/pam_unix_acct.c
102	++++ b/modules/pam_unix/pam_unix_acct.c
103	+@@ -48,6 +48,7 @@
104	+ #include <time.h> /* for time() */
105	+ #include <errno.h>
106	+ #include <sys/wait.h>
107	++#include <sys/resource.h> /* for RLIMIT_NOFILE */
108	+
109	+ #include <security/_pam_macros.h>
110	+
111	+--
112	+2.21.0
113	+
114
115	diff --git a/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch b/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch
116	new file mode 100644
117	index 0000000..d03e5e4
118	--- /dev/null
119	+++ b/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch
120	@@ -0,0 +1,61 @@
121	+From acee004471a6c65b3fdccd8e485ff7ab58da7df4 Mon Sep 17 00:00:00 2001
122	+From:
123	+Date: Wed, 10 Apr 2019 00:48:19 -0500
124	+Subject: [PATCH 3/3] add portability for non glibc systems
125	+
126	+---
127	+ modules/pam_lastlog/pam_lastlog.c \| 5 +++++
128	+ modules/pam_rhosts/pam_rhosts.c \| 4 +++-
129	+ 2 files changed, 8 insertions(+), 1 deletion(-)
130	+
131	+diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
132	+index 1a796b9..bd609bb 100644
133	+--- a/modules/pam_lastlog/pam_lastlog.c
134	++++ b/modules/pam_lastlog/pam_lastlog.c
135	+@@ -26,6 +26,7 @@
136	+ #include <sys/types.h>
137	+ #include <syslog.h>
138	+ #include <unistd.h>
139	++#include <paths.h>
140	+
141	+ #if defined(hpux) \|\| defined(sunos) \|\| defined(solaris)
142	+ # ifndef _PATH_LASTLOG
143	+@@ -403,7 +404,9 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd,
144	+
145	+ if (announce & LASTLOG_WTMP) {
146	+ /* write wtmp entry for user */
147	++#ifdef HAVE_LOGWTMP
148	+ logwtmp(last_login.ll_line, user, remote_host);
149	++#endif
150	+ }
151	+
152	+ /* cleanup */
153	+@@ -714,7 +717,9 @@ pam_sm_close_session (pam_handle_t *pamh, int flags,
154	+ terminal_line = get_tty(pamh);
155	+
156	+ /* Wipe out utmp logout entry */
157	++#ifdef HAVE_LOGWTMP
158	+ logwtmp(terminal_line, "", "");
159	++#endif
160	+
161	+ return PAM_SUCCESS;
162	+ }
163	+diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c
164	+index ed98d63..b33f342 100644
165	+--- a/modules/pam_rhosts/pam_rhosts.c
166	++++ b/modules/pam_rhosts/pam_rhosts.c
167	+@@ -112,8 +112,10 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,
168	+
169	+ #ifdef HAVE_RUSEROK_AF
170	+ retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC);
171	+-#else
172	++#elif HAVE_RUSEROK
173	+ retval = ruserok (rhost, as_root, ruser, luser);
174	++#else
175	++ retval = 1;
176	+ #endif
177	+ if (retval != 0) {
178	+ if (!opt_silent \|\| opt_debug)
179	+--
180	+2.21.0
181	+
182
183	diff --git a/sys-libs/pam/files/pam-remove-browsers.patch b/sys-libs/pam/files/pam-remove-browsers.patch
184	new file mode 100644
185	index 0000000..7e3ae99
186	--- /dev/null
187	+++ b/sys-libs/pam/files/pam-remove-browsers.patch
188	@@ -0,0 +1,34 @@
189	+From baadfdc644fcb88170c358c449a731520e1747a5 Mon Sep 17 00:00:00 2001
190	+From: Mikle Kolyada <zlogene@g.o>
191	+Date: Mon, 1 Oct 2018 23:12:08 +0300
192	+Subject: [PATCH] configure.ac remobe browser logic for DocBook
193	+
194	+---
195	+ configure.ac \| 11 -----------
196	+ 1 file changed, 11 deletions(-)
197	+
198	+diff --git a/configure.ac b/configure.ac
199	+index 3012ceb..e7e7dac 100644
200	+--- a/configure.ac
201	++++ b/configure.ac
202	+@@ -554,17 +554,6 @@ JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.4//EN],
203	+ JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
204	+ [DocBook XSL Stylesheets], [], enable_docu=no)
205	+
206	+-AC_PATH_PROG([BROWSER], [w3m])
207	+-if test ! -z "$BROWSER"; then
208	+- BROWSER="$BROWSER -T text/html -dump"
209	+-else
210	+- AC_PATH_PROG([BROWSER], [elinks])
211	+- if test ! -z "$BROWSER"; then
212	+- BROWSER="$BROWSER -no-numbering -no-references -dump"
213	+- else
214	+- enable_docu=no
215	+- fi
216	+-fi
217	+
218	+ AC_PATH_PROG([FO2PDF], [fop])
219	+
220	+--
221	+2.16.4
222	+
223
224	diff --git a/sys-libs/pam/pam-1.3.1-r1.ebuild b/sys-libs/pam/pam-1.3.1-r1.ebuild
225	new file mode 100644
226	index 0000000..7f43ea6
227	--- /dev/null
228	+++ b/sys-libs/pam/pam-1.3.1-r1.ebuild
229	@@ -0,0 +1,133 @@
230	+# Copyright 1999-2019 Gentoo Authors
231	+# Distributed under the terms of the GNU General Public License v2
232	+
233	+EAPI=7
234	+
235	+inherit autotools db-use fcaps multilib-minimal toolchain-funcs
236	+
237	+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
238	+HOMEPAGE="https://github.com/linux-pam/linux-pam"
239	+SRC_URI="https://github.com/linux-pam/linux-pam/archive/v${PV}.tar.gz -> ${P}.tar.gz"
240	+
241	+LICENSE="\|\| ( BSD GPL-2 )"
242	+SLOT="0"
243	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
244	+IUSE="audit berkdb +cracklib debug nis nls +pie selinux static-libs"
245	+
246	+BDEPEND="app-text/docbook-xml-dtd:4.1.2
247	+ app-text/docbook-xml-dtd:4.3
248	+ app-text/docbook-xml-dtd:4.4
249	+ app-text/docbook-xml-dtd:4.5
250	+ dev-libs/libxslt
251	+ sys-devel/flex
252	+ virtual/pkgconfig[${MULTILIB_USEDEP}]
253	+ nls? ( sys-devel/gettext )"
254	+DEPEND="
255	+ audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
256	+ berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
257	+ cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
258	+ selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
259	+ nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )
260	+ nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )"
261	+RDEPEND="${DEPEND}
262	+ !sys-auth/openpam
263	+ !sys-auth/pam_userdb"
264	+
265	+PDEPEND="sys-auth/pambase"
266	+
267	+S="${WORKDIR}/linux-${P}"
268	+
269	+PATCHES=(
270	+ "${FILESDIR}/${PN}-remove-browsers.patch"
271	+ "${FILESDIR}/${PN}-1.3.1-fix-pam-exec.patch"
272	+ "${FILESDIR}/${PN}-1.3.1-include-sys_resource_h.patch"
273	+ "${FILESDIR}/${PN}-1.3.1-portability-fixes.patch"
274	+)
275	+
276	+src_prepare() {
277	+ default
278	+ touch ChangeLog \|\| die
279	+ eautoreconf
280	+}
281	+
282	+multilib_src_configure() {
283	+ # Do not let user's BROWSER setting mess us up. #549684
284	+ unset BROWSER
285	+
286	+ # Disable automatic detection of libxcrypt; we _don't_ want the
287	+ # user to link libxcrypt in by default, since we won't track the
288	+ # dependency and allow to break PAM this way.
289	+
290	+ export ac_cv_header_xcrypt_h=no
291	+
292	+ local myconf=(
293	+ --with-db-uniquename=-$(db_findver sys-libs/db)
294	+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security
295	+ --libdir=/usr/$(get_libdir)
296	+ --disable-prelude
297	+ $(use_enable audit)
298	+ $(use_enable berkdb db)
299	+ $(use_enable cracklib)
300	+ $(use_enable debug)
301	+ $(use_enable nis)
302	+ $(use_enable nls)
303	+ $(use_enable pie)
304	+ $(use_enable selinux)
305	+ $(use_enable static-libs static)
306	+ --enable-isadir='.' #464016
307	+ )
308	+ ECONF_SOURCE="${S}" econf ${myconf[@]}
309	+}
310	+
311	+multilib_src_compile() {
312	+ emake sepermitlockdir="${EPREFIX}/run/sepermit"
313	+}
314	+
315	+multilib_src_install() {
316	+ emake DESTDIR="${D}" install \
317	+ sepermitlockdir="${EPREFIX}/run/sepermit"
318	+
319	+ local prefix
320	+ if multilib_is_native_abi; then
321	+ prefix=
322	+ gen_usr_ldscript -a pam pamc pam_misc
323	+ else
324	+ prefix=/usr
325	+ fi
326	+
327	+ # create extra symlinks just in case something depends on them...
328	+ local lib
329	+ for lib in pam pamc pam_misc; do
330	+ if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
331	+ dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
332	+ fi
333	+ done
334	+}
335	+
336	+multilib_src_install_all() {
337	+ find "${ED}" -type f -name '*.la' -delete \|\| die
338	+
339	+ if use selinux; then
340	+ dodir /usr/lib/tmpfiles.d
341	+ cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
342	+d /run/sepermit 0755 root root
343	+EOF
344	+ fi
345	+}
346	+
347	+pkg_postinst() {
348	+ ewarn "Some software with pre-loaded PAM libraries might experience"
349	+ ewarn "warnings or failures related to missing symbols and/or versions"
350	+ ewarn "after any update. While unfortunate this is a limit of the"
351	+ ewarn "implementation of PAM and the software, and it requires you to"
352	+ ewarn "restart the software manually after the update."
353	+ ewarn ""
354	+ ewarn "You can get a list of such software running a command like"
355	+ ewarn " lsof / \| egrep -i 'del.*libpam\\.so'"
356	+ ewarn ""
357	+ ewarn "Alternatively, simply reboot your system."
358	+
359	+ # The pam_unix module needs to check the password of the user which requires
360	+ # read access to /etc/shadow only.
361	+ fcaps cap_dac_override sbin/unix_chkpwd
362	+}

Gentoo Archives: gentoo-commits