1 |
commit: 0d8d83d97f4cd4167b00e6e6dba25010e3daf8cb |
2 |
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Apr 10 06:19:32 2019 +0000 |
4 |
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Apr 10 06:19:32 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=0d8d83d9 |
7 |
|
8 |
sys-libs/pam: add update to match current tree |
9 |
|
10 |
Package-Manager: Portage-2.3.62, Repoman-2.3.12 |
11 |
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org> |
12 |
|
13 |
sys-libs/pam/Manifest | 1 + |
14 |
sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch | 46 +++++++ |
15 |
.../files/pam-1.3.1-include-sys_resource_h.patch | 24 ++++ |
16 |
.../pam/files/pam-1.3.1-portability-fixes.patch | 61 ++++++++++ |
17 |
sys-libs/pam/files/pam-remove-browsers.patch | 34 ++++++ |
18 |
sys-libs/pam/pam-1.3.1-r1.ebuild | 133 +++++++++++++++++++++ |
19 |
6 files changed, 299 insertions(+) |
20 |
|
21 |
diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest |
22 |
index 46204f5..bfa0f21 100644 |
23 |
--- a/sys-libs/pam/Manifest |
24 |
+++ b/sys-libs/pam/Manifest |
25 |
@@ -2,3 +2,4 @@ DIST Linux-PAM-1.2.0-docs.tar.bz2 490586 SHA256 3bc9ae398f759e372dbf4065ceed2df8 |
26 |
DIST Linux-PAM-1.2.1.tar.bz2 1279523 SHA256 342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 SHA512 4572aa1eaf5a1312410c74b5ed055b2592c5efe2bb82f59981da4e9e93555ad40aee3a89f446d9dc6c6af79efc04c33f739f66db9edc07e02479475a14e426da WHIRLPOOL 562917945b3b3a407955cc5bf5cd251ff7e257a94055d7cfbf06d5c2619b58d61624f16848de3512ddf61636ad8618315de3f7bd8e4e51b3b7d109adfa212c8a |
27 |
DIST Linux-PAM-1.3.0-docs.tar.bz2 492805 BLAKE2B 1dd48f65ae76e0d4d2c02664f9a2adac127604a7552ff70c378323a0de8141445332430205946823097170edf217122196ea03ae665284751fed3748d9f8ac3d SHA512 b6b8497e6a4307b3f9a2af1c74456a0577b848cbc5417fb88fabe305b67ca022a6bcf632d68faaaacc701cdcf6254ec196707551a1ea70985cdde6add68bbbfe |
28 |
DIST Linux-PAM-1.3.0.tar.bz2 1302820 BLAKE2B 0ed5553308e8bc4bef91746a1c79db41bf5f0a48a31796d5a13819387c0a04d553efa210435273ad8565d0a53f354817bc3e0f254e35a5e75b7b7b586cad5d16 SHA512 4a89ca4b6f4676107aca4018f7c11addf03495266b209cb11c913f8b5d191d9a1f72197715dcf2a69216b4036de88780bcbbb5a8652e386910d71ba1b6282e42 |
29 |
+DIST pam-1.3.1.tar.gz 749997 BLAKE2B 3b44c41daaa5810c53e3e2baeac1ab58463768fde433f874b9bd09c7c28cfd55e0f227c9a0c318e66444a3adb23c112a2db32d5c7211b07c84c2d4600a47ca5c SHA512 0c5019493b2ac42180ee9c4974a51329a2395a44f5f892c1ca567ec9b43cc3a9bce0212861d4dfb82eb236c5eaa682b27189ce672ed6cafa37d8801d059a944d |
30 |
|
31 |
diff --git a/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch b/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch |
32 |
new file mode 100644 |
33 |
index 0000000..f2205ca |
34 |
--- /dev/null |
35 |
+++ b/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch |
36 |
@@ -0,0 +1,46 @@ |
37 |
+From a43725b6f6a9748e5fdb91384bce360eab36ebde Mon Sep 17 00:00:00 2001 |
38 |
+From: |
39 |
+Date: Wed, 10 Apr 2019 00:45:01 -0500 |
40 |
+Subject: [PATCH 1/3] Fix pam exec on musl |
41 |
+ |
42 |
+--- |
43 |
+ modules/pam_exec/pam_exec.c | 9 +++++-- |
44 |
+ 1 file changed, 5 insertions(+), 2 deletions(-) |
45 |
+ |
46 |
+diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c |
47 |
+index 52dc681..3f70ea1 100644 |
48 |
+--- a/modules/pam_exec/pam_exec.c |
49 |
++++ b/modules/pam_exec/pam_exec.c |
50 |
+@@ -103,11 +103,14 @@ call_exec (const char *pam_type, pam_handle_t *pamh, |
51 |
+ int optargc; |
52 |
+ const char *logfile = NULL; |
53 |
+ const char *authtok = NULL; |
54 |
++ char authtok_buf[PAM_MAX_RESP_SIZE+1]; |
55 |
++ |
56 |
+ pid_t pid; |
57 |
+ int fds[2]; |
58 |
+ int stdout_fds[2]; |
59 |
+ FILE *stdout_file = NULL; |
60 |
+ |
61 |
++ memset(authtok_buf, 0, sizeof(authtok_buf)); |
62 |
+ if (argc < 1) { |
63 |
+ pam_syslog (pamh, LOG_ERR, |
64 |
+ "This module needs at least one argument"); |
65 |
+@@ -180,12 +183,12 @@ call_exec (const char *pam_type, pam_handle_t *pamh, |
66 |
+ if (resp) |
67 |
+ { |
68 |
+ pam_set_item (pamh, PAM_AUTHTOK, resp); |
69 |
+- authtok = strndupa (resp, PAM_MAX_RESP_SIZE); |
70 |
++ authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf)); |
71 |
+ _pam_drop (resp); |
72 |
+ } |
73 |
+ } |
74 |
+ else |
75 |
+- authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE); |
76 |
++ authtok = strncpy(authtok_buf, void_pass, sizeof(authtok_buf)); |
77 |
+ |
78 |
+ if (pipe(fds) != 0) |
79 |
+ { |
80 |
+-- |
81 |
+2.21.0 |
82 |
+ |
83 |
|
84 |
diff --git a/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch b/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch |
85 |
new file mode 100644 |
86 |
index 0000000..6336988 |
87 |
--- /dev/null |
88 |
+++ b/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch |
89 |
@@ -0,0 +1,24 @@ |
90 |
+From 523562d2c1a485fc60fe4cb5c2c02c5654c47097 Mon Sep 17 00:00:00 2001 |
91 |
+From: |
92 |
+Date: Wed, 10 Apr 2019 00:45:56 -0500 |
93 |
+Subject: [PATCH 2/3] include sys/resource.h for RLIMIT_NOFILE |
94 |
+ |
95 |
+--- |
96 |
+ modules/pam_unix/pam_unix_acct.c | 1 + |
97 |
+ 1 file changed, 1 insertion(+) |
98 |
+ |
99 |
+diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c |
100 |
+index 8833114..eeab34e 100644 |
101 |
+--- a/modules/pam_unix/pam_unix_acct.c |
102 |
++++ b/modules/pam_unix/pam_unix_acct.c |
103 |
+@@ -48,6 +48,7 @@ |
104 |
+ #include <time.h> /* for time() */ |
105 |
+ #include <errno.h> |
106 |
+ #include <sys/wait.h> |
107 |
++#include <sys/resource.h> /* for RLIMIT_NOFILE */ |
108 |
+ |
109 |
+ #include <security/_pam_macros.h> |
110 |
+ |
111 |
+-- |
112 |
+2.21.0 |
113 |
+ |
114 |
|
115 |
diff --git a/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch b/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch |
116 |
new file mode 100644 |
117 |
index 0000000..d03e5e4 |
118 |
--- /dev/null |
119 |
+++ b/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch |
120 |
@@ -0,0 +1,61 @@ |
121 |
+From acee004471a6c65b3fdccd8e485ff7ab58da7df4 Mon Sep 17 00:00:00 2001 |
122 |
+From: |
123 |
+Date: Wed, 10 Apr 2019 00:48:19 -0500 |
124 |
+Subject: [PATCH 3/3] add portability for non glibc systems |
125 |
+ |
126 |
+--- |
127 |
+ modules/pam_lastlog/pam_lastlog.c | 5 +++++ |
128 |
+ modules/pam_rhosts/pam_rhosts.c | 4 +++- |
129 |
+ 2 files changed, 8 insertions(+), 1 deletion(-) |
130 |
+ |
131 |
+diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c |
132 |
+index 1a796b9..bd609bb 100644 |
133 |
+--- a/modules/pam_lastlog/pam_lastlog.c |
134 |
++++ b/modules/pam_lastlog/pam_lastlog.c |
135 |
+@@ -26,6 +26,7 @@ |
136 |
+ #include <sys/types.h> |
137 |
+ #include <syslog.h> |
138 |
+ #include <unistd.h> |
139 |
++#include <paths.h> |
140 |
+ |
141 |
+ #if defined(hpux) || defined(sunos) || defined(solaris) |
142 |
+ # ifndef _PATH_LASTLOG |
143 |
+@@ -403,7 +404,9 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd, |
144 |
+ |
145 |
+ if (announce & LASTLOG_WTMP) { |
146 |
+ /* write wtmp entry for user */ |
147 |
++#ifdef HAVE_LOGWTMP |
148 |
+ logwtmp(last_login.ll_line, user, remote_host); |
149 |
++#endif |
150 |
+ } |
151 |
+ |
152 |
+ /* cleanup */ |
153 |
+@@ -714,7 +717,9 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, |
154 |
+ terminal_line = get_tty(pamh); |
155 |
+ |
156 |
+ /* Wipe out utmp logout entry */ |
157 |
++#ifdef HAVE_LOGWTMP |
158 |
+ logwtmp(terminal_line, "", ""); |
159 |
++#endif |
160 |
+ |
161 |
+ return PAM_SUCCESS; |
162 |
+ } |
163 |
+diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c |
164 |
+index ed98d63..b33f342 100644 |
165 |
+--- a/modules/pam_rhosts/pam_rhosts.c |
166 |
++++ b/modules/pam_rhosts/pam_rhosts.c |
167 |
+@@ -112,8 +112,10 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, |
168 |
+ |
169 |
+ #ifdef HAVE_RUSEROK_AF |
170 |
+ retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC); |
171 |
+-#else |
172 |
++#elif HAVE_RUSEROK |
173 |
+ retval = ruserok (rhost, as_root, ruser, luser); |
174 |
++#else |
175 |
++ retval = 1; |
176 |
+ #endif |
177 |
+ if (retval != 0) { |
178 |
+ if (!opt_silent || opt_debug) |
179 |
+-- |
180 |
+2.21.0 |
181 |
+ |
182 |
|
183 |
diff --git a/sys-libs/pam/files/pam-remove-browsers.patch b/sys-libs/pam/files/pam-remove-browsers.patch |
184 |
new file mode 100644 |
185 |
index 0000000..7e3ae99 |
186 |
--- /dev/null |
187 |
+++ b/sys-libs/pam/files/pam-remove-browsers.patch |
188 |
@@ -0,0 +1,34 @@ |
189 |
+From baadfdc644fcb88170c358c449a731520e1747a5 Mon Sep 17 00:00:00 2001 |
190 |
+From: Mikle Kolyada <zlogene@g.o> |
191 |
+Date: Mon, 1 Oct 2018 23:12:08 +0300 |
192 |
+Subject: [PATCH] configure.ac remobe browser logic for DocBook |
193 |
+ |
194 |
+--- |
195 |
+ configure.ac | 11 ----------- |
196 |
+ 1 file changed, 11 deletions(-) |
197 |
+ |
198 |
+diff --git a/configure.ac b/configure.ac |
199 |
+index 3012ceb..e7e7dac 100644 |
200 |
+--- a/configure.ac |
201 |
++++ b/configure.ac |
202 |
+@@ -554,17 +554,6 @@ JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.4//EN], |
203 |
+ JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl], |
204 |
+ [DocBook XSL Stylesheets], [], enable_docu=no) |
205 |
+ |
206 |
+-AC_PATH_PROG([BROWSER], [w3m]) |
207 |
+-if test ! -z "$BROWSER"; then |
208 |
+- BROWSER="$BROWSER -T text/html -dump" |
209 |
+-else |
210 |
+- AC_PATH_PROG([BROWSER], [elinks]) |
211 |
+- if test ! -z "$BROWSER"; then |
212 |
+- BROWSER="$BROWSER -no-numbering -no-references -dump" |
213 |
+- else |
214 |
+- enable_docu=no |
215 |
+- fi |
216 |
+-fi |
217 |
+ |
218 |
+ AC_PATH_PROG([FO2PDF], [fop]) |
219 |
+ |
220 |
+-- |
221 |
+2.16.4 |
222 |
+ |
223 |
|
224 |
diff --git a/sys-libs/pam/pam-1.3.1-r1.ebuild b/sys-libs/pam/pam-1.3.1-r1.ebuild |
225 |
new file mode 100644 |
226 |
index 0000000..7f43ea6 |
227 |
--- /dev/null |
228 |
+++ b/sys-libs/pam/pam-1.3.1-r1.ebuild |
229 |
@@ -0,0 +1,133 @@ |
230 |
+# Copyright 1999-2019 Gentoo Authors |
231 |
+# Distributed under the terms of the GNU General Public License v2 |
232 |
+ |
233 |
+EAPI=7 |
234 |
+ |
235 |
+inherit autotools db-use fcaps multilib-minimal toolchain-funcs |
236 |
+ |
237 |
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" |
238 |
+HOMEPAGE="https://github.com/linux-pam/linux-pam" |
239 |
+SRC_URI="https://github.com/linux-pam/linux-pam/archive/v${PV}.tar.gz -> ${P}.tar.gz" |
240 |
+ |
241 |
+LICENSE="|| ( BSD GPL-2 )" |
242 |
+SLOT="0" |
243 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux" |
244 |
+IUSE="audit berkdb +cracklib debug nis nls +pie selinux static-libs" |
245 |
+ |
246 |
+BDEPEND="app-text/docbook-xml-dtd:4.1.2 |
247 |
+ app-text/docbook-xml-dtd:4.3 |
248 |
+ app-text/docbook-xml-dtd:4.4 |
249 |
+ app-text/docbook-xml-dtd:4.5 |
250 |
+ dev-libs/libxslt |
251 |
+ sys-devel/flex |
252 |
+ virtual/pkgconfig[${MULTILIB_USEDEP}] |
253 |
+ nls? ( sys-devel/gettext )" |
254 |
+DEPEND=" |
255 |
+ audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) |
256 |
+ berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) |
257 |
+ cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] ) |
258 |
+ selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) |
259 |
+ nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] ) |
260 |
+ nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )" |
261 |
+RDEPEND="${DEPEND} |
262 |
+ !sys-auth/openpam |
263 |
+ !sys-auth/pam_userdb" |
264 |
+ |
265 |
+PDEPEND="sys-auth/pambase" |
266 |
+ |
267 |
+S="${WORKDIR}/linux-${P}" |
268 |
+ |
269 |
+PATCHES=( |
270 |
+ "${FILESDIR}/${PN}-remove-browsers.patch" |
271 |
+ "${FILESDIR}/${PN}-1.3.1-fix-pam-exec.patch" |
272 |
+ "${FILESDIR}/${PN}-1.3.1-include-sys_resource_h.patch" |
273 |
+ "${FILESDIR}/${PN}-1.3.1-portability-fixes.patch" |
274 |
+) |
275 |
+ |
276 |
+src_prepare() { |
277 |
+ default |
278 |
+ touch ChangeLog || die |
279 |
+ eautoreconf |
280 |
+} |
281 |
+ |
282 |
+multilib_src_configure() { |
283 |
+ # Do not let user's BROWSER setting mess us up. #549684 |
284 |
+ unset BROWSER |
285 |
+ |
286 |
+ # Disable automatic detection of libxcrypt; we _don't_ want the |
287 |
+ # user to link libxcrypt in by default, since we won't track the |
288 |
+ # dependency and allow to break PAM this way. |
289 |
+ |
290 |
+ export ac_cv_header_xcrypt_h=no |
291 |
+ |
292 |
+ local myconf=( |
293 |
+ --with-db-uniquename=-$(db_findver sys-libs/db) |
294 |
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security |
295 |
+ --libdir=/usr/$(get_libdir) |
296 |
+ --disable-prelude |
297 |
+ $(use_enable audit) |
298 |
+ $(use_enable berkdb db) |
299 |
+ $(use_enable cracklib) |
300 |
+ $(use_enable debug) |
301 |
+ $(use_enable nis) |
302 |
+ $(use_enable nls) |
303 |
+ $(use_enable pie) |
304 |
+ $(use_enable selinux) |
305 |
+ $(use_enable static-libs static) |
306 |
+ --enable-isadir='.' #464016 |
307 |
+ ) |
308 |
+ ECONF_SOURCE="${S}" econf ${myconf[@]} |
309 |
+} |
310 |
+ |
311 |
+multilib_src_compile() { |
312 |
+ emake sepermitlockdir="${EPREFIX}/run/sepermit" |
313 |
+} |
314 |
+ |
315 |
+multilib_src_install() { |
316 |
+ emake DESTDIR="${D}" install \ |
317 |
+ sepermitlockdir="${EPREFIX}/run/sepermit" |
318 |
+ |
319 |
+ local prefix |
320 |
+ if multilib_is_native_abi; then |
321 |
+ prefix= |
322 |
+ gen_usr_ldscript -a pam pamc pam_misc |
323 |
+ else |
324 |
+ prefix=/usr |
325 |
+ fi |
326 |
+ |
327 |
+ # create extra symlinks just in case something depends on them... |
328 |
+ local lib |
329 |
+ for lib in pam pamc pam_misc; do |
330 |
+ if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then |
331 |
+ dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname) |
332 |
+ fi |
333 |
+ done |
334 |
+} |
335 |
+ |
336 |
+multilib_src_install_all() { |
337 |
+ find "${ED}" -type f -name '*.la' -delete || die |
338 |
+ |
339 |
+ if use selinux; then |
340 |
+ dodir /usr/lib/tmpfiles.d |
341 |
+ cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF |
342 |
+d /run/sepermit 0755 root root |
343 |
+EOF |
344 |
+ fi |
345 |
+} |
346 |
+ |
347 |
+pkg_postinst() { |
348 |
+ ewarn "Some software with pre-loaded PAM libraries might experience" |
349 |
+ ewarn "warnings or failures related to missing symbols and/or versions" |
350 |
+ ewarn "after any update. While unfortunate this is a limit of the" |
351 |
+ ewarn "implementation of PAM and the software, and it requires you to" |
352 |
+ ewarn "restart the software manually after the update." |
353 |
+ ewarn "" |
354 |
+ ewarn "You can get a list of such software running a command like" |
355 |
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'" |
356 |
+ ewarn "" |
357 |
+ ewarn "Alternatively, simply reboot your system." |
358 |
+ |
359 |
+ # The pam_unix module needs to check the password of the user which requires |
360 |
+ # read access to /etc/shadow only. |
361 |
+ fcaps cap_dac_override sbin/unix_chkpwd |
362 |
+} |