commit: b880a39368148d7f7e2906a6d07d73fe606f7c8a Author: Jory A. Pratt <anarchy <AT> gentoo <DOT> org> AuthorDate: Tue Jan 5 01:49:35 2016 +0000 Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org> CommitDate: Tue Jan 5 01:49:55 2016 +0000 URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=b880a393
Add pam-1.2.1 support sys-libs/pam/Manifest | 8 +- sys-libs/pam/files/pam-1.2.1-fix-compat.patch | 21 +++ sys-libs/pam/files/pam-1.2.1-innetgr.patch | 54 +++++++ sys-libs/pam/files/pam-1.2.1-no-strndupa.patch | 46 ++++++ sys-libs/pam/metadata.xml | 2 - sys-libs/pam/pam-1.2.1-r99.ebuild | 213 +++++++++++++++++++++++++ 6 files changed, 341 insertions(+), 3 deletions(-) diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest index db75f3a..f5f232f 100644 --- a/sys-libs/pam/Manifest +++ b/sys-libs/pam/Manifest @@ -1,7 +1,13 @@ AUX pam-1.1.8-doc-install.patch 6592 SHA256 83edb1f57e3fa579bde4cd9ba05966063106f0dc8e57458eea9857250b1a0fb5 SHA512 335220790207c3cb9c84420f13e5e1ea8e42e2b5402def0d0f9425ae89b37c8aef66eb9906c58eeb249bd1ca27af711015c363421d4096206ea44c4c4beea302 WHIRLPOOL ae6df174b9457bcfd85f41b72ec22054898c0c86f9bb0b170ec3e6c747140d1ac3fba3e684e2c4c9c12bb4a1429996a5bb999c9dc2c7693d5109e52f383d1fcf AUX pam-1.1.8-fix-compat.patch 402 SHA256 c783156888287b44816b4a32c946af657c0a43d8926fe7bd9f54d9768ee8f699 SHA512 1178ead83fdc872a626576c620876d013cbeb6199edb704c8d91cb906b9aabc1dd02e11a27a792cb87179554dcaf3080d04478317e03cf34cea23bf42b65fe2f WHIRLPOOL 692d3df998b7c29f1a7ea4c75cbeabdb6a907d7a8ca0b9e22f9c02df883db6af6b2052f67f4778cf97667456d54abed7f89fb43ed1bcb01c9fdef42f63d2762f AUX pam-1.1.8-innetgr.patch 1662 SHA256 fb609212837c67da7da033a0daa01d1c2e34166867530e6924102b655e00ebde SHA512 ca32ecdacfc5b8f1482031203b616932b646a008b02080315ea2589af5962180d4ff4339c27fe9f6a878a89f47fb69429f4ac75d67b0e70ad7765a4db1dc74d9 WHIRLPOOL 3034a8cd10f26c303546a99c0ae7de38d016d537deae81e52cc510c515d7e8b7d703bf257fac8d737588add225e125d7a90f6f35cc811eb1330cb3cc88d67048 +AUX pam-1.2.1-fix-compat.patch 402 SHA256 c783156888287b44816b4a32c946af657c0a43d8926fe7bd9f54d9768ee8f699 SHA512 1178ead83fdc872a626576c620876d013cbeb6199edb704c8d91cb906b9aabc1dd02e11a27a792cb87179554dcaf3080d04478317e03cf34cea23bf42b65fe2f WHIRLPOOL 692d3df998b7c29f1a7ea4c75cbeabdb6a907d7a8ca0b9e22f9c02df883db6af6b2052f67f4778cf97667456d54abed7f89fb43ed1bcb01c9fdef42f63d2762f +AUX pam-1.2.1-innetgr.patch 1662 SHA256 fb609212837c67da7da033a0daa01d1c2e34166867530e6924102b655e00ebde SHA512 ca32ecdacfc5b8f1482031203b616932b646a008b02080315ea2589af5962180d4ff4339c27fe9f6a878a89f47fb69429f4ac75d67b0e70ad7765a4db1dc74d9 WHIRLPOOL 3034a8cd10f26c303546a99c0ae7de38d016d537deae81e52cc510c515d7e8b7d703bf257fac8d737588add225e125d7a90f6f35cc811eb1330cb3cc88d67048 +AUX pam-1.2.1-no-strndupa.patch 1452 SHA256 49bae3a1ee81d94527c15aab766e2bb5523cdc6e9ce00126d0d7b81c5b9b47a2 SHA512 967eb6d636fc5421ceea1ddd79de61d367cdd17b260ad3ad75da2e1af4ca87305f57776344ab53b23d1ec81d4d8b74874a0a05f68b70c54ba62f7ec23ad40a99 WHIRLPOOL 0cf25b0a11739493ef1b00e3d440b391ae14f88462f60a0c8d7b4d58aa7fd2ec41ed4d05a436265bbac5ab0a6529809ce2839af65b6560c4bda0b46a81cd0a92 DIST Linux-PAM-1.1.8-docs.tar.bz2 147887 SHA256 c4bb6a0e8307d2ab5611457fecf20fcbd6cdfff51dea524f0f06c74e4f3b4ff8 SHA512 36aa99996f8cc0640686d2af40845e18ad4b48183f18de9e1495427550ad5b61e2f59e25f6d5e8df1277cd3f171fd69bf6c49fe7c5b31f0b290e3641b65521e8 WHIRLPOOL c4b373e59fac30a29c2b16f01419492c72fae2ceb15b157418bba4899b75cf4b97bac4559b688ef8d5a231cc972f72654c4e10d63a0b72a0d6573388f7125f87 DIST Linux-PAM-1.1.8.tar.bz2 1148944 SHA256 c4b1f23a236d169e2496fea20721578d864ba00f7242d2b41d81050ac87a1e55 SHA512 245785ab4e187ceaab6393967352c8d2a2319c64e1e83285d0251cc02995dc2edab8e3001301b6d9f6774c441b7557d9caf4dfdf94c7cd5d44aa53ae759d9e5d WHIRLPOOL b4ec7baeb57b9d987086fe3e007e08e8b9c92b2ff86a94f8003a87c8448925835808661cd719d2445570aa8dd1c20fcbbe8bd465d73f4af8cd7edde0f650a734 +DIST Linux-PAM-1.2.0-docs.tar.bz2 490586 SHA256 3bc9ae398f759e372dbf4065ceed2df8b1ac5ab62c6688cb5f7849ce773df2c3 SHA512 028b7f9d6b0a5cf38f063e0f82ac3d0955e1e41d77c9f3fc803363d9ea710d71366e0a91f31b418cac397bb6639442de908fa00f02cd94cf612496d1b43c7e4c WHIRLPOOL 9a329b610d840c904050b2261e5ce34ac54232b0c7d51c12ee45c9e758ab6659ea8562e032fa9815c2beab0cfa1ea455dbfbf3cdef39d30d299a8bc5286f7a14 +DIST Linux-PAM-1.2.1.tar.bz2 1279523 SHA256 342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 SHA512 4572aa1eaf5a1312410c74b5ed055b2592c5efe2bb82f59981da4e9e93555ad40aee3a89f446d9dc6c6af79efc04c33f739f66db9edc07e02479475a14e426da WHIRLPOOL 562917945b3b3a407955cc5bf5cd251ff7e257a94055d7cfbf06d5c2619b58d61624f16848de3512ddf61636ad8618315de3f7bd8e4e51b3b7d109adfa212c8a EBUILD pam-1.1.8-r99.ebuild 6289 SHA256 d9fac218f4e3a095a1d7bbe62d65db2c73a5183681b28006972c2575a1473221 SHA512 f341057c9234e57e102c38d46bdb2670bc6e2c50e53a3175cf3e65a35bd37e633712608f458b2e59fb7ec61a41169279efdbeeb4be468d5ba9287239ca5033e1 WHIRLPOOL 074506f012d3d820951d003b1350f62f9745d841b26ad7c89a345c819734c6cfd26d69a89f4f08dfb4c3ac67bf68e9b938d630fa3887cea33dcc0a7dcde18e7c -MISC metadata.xml 1218 SHA256 9ea95e669c343b7e7184d3fb3b1bbad013493bfdca0e8f184ddf4728e6b5e884 SHA512 60ae70d605f654867e4c444c7489ecd76083c286039febd71ffd18a9e120b151a47488df925ec97e6768c62e5e48068abb864a6b978abd67623fb0b6c414f248 WHIRLPOOL a96d70fd81604dd265f15672183b793d0c3f48508b317f973481c460d56ea05d917a446fd60998536f7a3d811407ca3573554f9dcdc8f45ab88dbbf7875985ab +EBUILD pam-1.2.1-r99.ebuild 6733 SHA256 c897194ead8ee56e68efa98c98ed32ea13e1ac994d5bd452129bd255d24fcade SHA512 85a800b89e3859a3deba2bec8e51bf4374c44978ecb48bfee853c45f732bbba26e6a824bbc43f17aa8023b494aec0437839f1758a5afe89d49a683f387caf1d9 WHIRLPOOL 7fed197982bc3483d413b5404c76e45f48c1c2d142dc9c5f1ae66f640e35d196f0c3342d2460c0f442415a01691dfd54d857496a49e80001f90ebce3fceffcca +MISC metadata.xml 1139 SHA256 bd152404f476ae44a7e577f9d823725215d2fb6220f48005a7814358e2d2d6b6 SHA512 80c06a813fbcbe5fd85b73ee03b8f7bc4aba18a6005bdb1f80de523a6f221e139f7c73e29db9c1b599e90a6eb769240b9e302d4c1e24aca32f06479712b2d5fa WHIRLPOOL 3ad745a45d828eecf45e3221aa012c6a6d99cc332dc60022dc9da0220af36737f47b4952cf84ff10cc196cda5535cadb360f4db9b56c9f7c55dd62777b26c760 diff --git a/sys-libs/pam/files/pam-1.2.1-fix-compat.patch b/sys-libs/pam/files/pam-1.2.1-fix-compat.patch new file mode 100644 index 0000000..332f609 --- /dev/null +++ b/sys-libs/pam/files/pam-1.2.1-fix-compat.patch @@ -0,0 +1,21 @@ +--- a/modules/pam_lastlog/pam_lastlog.c ++++ b/modules/pam_lastlog/pam_lastlog.c +@@ -10,6 +10,7 @@ + + #include "config.h" + ++#include <paths.h> + #include <fcntl.h> + #include <time.h> + #include <errno.h> +@@ -48,6 +49,10 @@ + + #ifndef _PATH_BTMP + # define _PATH_BTMP "/var/log/btmp" ++#endif ++ ++#ifndef __GLIBC__ ++#define logwtmp(args...) + #endif + + /* XXX - time before ignoring lock. Is 1 sec enough? */ diff --git a/sys-libs/pam/files/pam-1.2.1-innetgr.patch b/sys-libs/pam/files/pam-1.2.1-innetgr.patch new file mode 100644 index 0000000..a94fa3d --- /dev/null +++ b/sys-libs/pam/files/pam-1.2.1-innetgr.patch @@ -0,0 +1,54 @@ +--- Linux-PAM-1.1.3.orig/modules/pam_group/pam_group.c ++++ Linux-PAM-1.1.3/modules/pam_group/pam_group.c +@@ -658,10 +658,13 @@ + continue; + } + /* If buffer starts with @, we are using netgroups */ ++#ifdef HAVE_INNETGR + if (buffer[0] == '@') + good &= innetgr (&buffer[1], NULL, user, NULL); + /* otherwise, if the buffer starts with %, it's a UNIX group */ +- else if (buffer[0] == '%') ++ else ++#endif ++ if (buffer[0] == '%') + good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]); + else + good &= logic_field(pamh,user, buffer, count, is_same); +--- Linux-PAM-1.1.3.orig/modules/pam_succeed_if/pam_succeed_if.c ++++ Linux-PAM-1.1.3/modules/pam_succeed_if/pam_succeed_if.c +@@ -233,16 +233,20 @@ + static int + evaluate_innetgr(const char *host, const char *user, const char *group) + { ++#ifdef HAVE_INNETGR + if (innetgr(group, host, user, NULL) == 1) + return PAM_SUCCESS; ++#endif + return PAM_AUTH_ERR; + } + /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */ + static int + evaluate_notinnetgr(const char *host, const char *user, const char *group) + { ++#ifdef HAVE_INNETGR + if (innetgr(group, host, user, NULL) == 0) + return PAM_SUCCESS; ++#endif + return PAM_AUTH_ERR; + } + +--- Linux-PAM-1.1.3.orig/modules/pam_time/pam_time.c ++++ Linux-PAM-1.1.3/modules/pam_time/pam_time.c +@@ -554,9 +554,11 @@ + continue; + } + /* If buffer starts with @, we are using netgroups */ ++#ifdef HAVE_INNETGR + if (buffer[0] == '@') + good &= innetgr (&buffer[1], NULL, user, NULL); + else ++#endif + good &= logic_field(pamh, user, buffer, count, is_same); + D(("with user: %s", good ? "passes":"fails" )); + diff --git a/sys-libs/pam/files/pam-1.2.1-no-strndupa.patch b/sys-libs/pam/files/pam-1.2.1-no-strndupa.patch new file mode 100644 index 0000000..71b233a --- /dev/null +++ b/sys-libs/pam/files/pam-1.2.1-no-strndupa.patch @@ -0,0 +1,46 @@ +From fa534c4a66f5fab7a9c5f9de76c81625e0b64068 Mon Sep 17 00:00:00 2001 +From: Yousong Zhou <yszhou4t...@gmail.com> +Date: Thu, 23 Jul 2015 20:47:29 +0800 +Subject: [PATCH 9/9] pam_exec: fix build when strndupa() is not available. + + * /modules/pam_exec/pam_exec.c: use strncpy() and local array instead + of strndupa() + +Signed-off-by: Yousong Zhou <yszhou4t...@gmail.com> +--- + modules/pam_exec/pam_exec.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c +index 17ba6ca..d5ccfeb 100644 +--- a/modules/pam_exec/pam_exec.c ++++ b/modules/pam_exec/pam_exec.c +@@ -102,6 +102,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, + int use_stdout = 0; + int optargc; + const char *logfile = NULL; ++ char *_authtok[PAM_MAX_RESP_SIZE]; + const char *authtok = NULL; + pid_t pid; + int fds[2]; +@@ -178,11 +179,15 @@ call_exec (const char *pam_type, pam_handle_t *pamh, + } + + pam_set_item (pamh, PAM_AUTHTOK, resp); +- authtok = strndupa (resp, PAM_MAX_RESP_SIZE); ++ _authtok[PAM_MAX_RESP_SIZE-1] = '\0'; ++ authtok = strncpy(_authtok, resp, PAM_MAX_RESP_SIZE-1); + _pam_drop (resp); + } + else +- authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE); ++ { ++ _authtok[PAM_MAX_RESP_SIZE-1] = '\0'; ++ authtok = strncpy(_authtok, void_pass, PAM_MAX_RESP_SIZE-1); ++ } + + if (pipe(fds) != 0) + { +-- +1.7.10.4 + diff --git a/sys-libs/pam/metadata.xml b/sys-libs/pam/metadata.xml index 4ee5aec..f69d9e3 100644 --- a/sys-libs/pam/metadata.xml +++ b/sys-libs/pam/metadata.xml @@ -6,8 +6,6 @@ <email>pam-b...@gentoo.org</email> </maintainer> <use> - <flag name='audit'>Enable support for <pkg>sys-process/audit</pkg></flag> - <flag name="berkdb"> Build the pam_userdb module, that allows to authenticate users against a Berkeley DB file. Please note that enabling this USE diff --git a/sys-libs/pam/pam-1.2.1-r99.ebuild b/sys-libs/pam/pam-1.2.1-r99.ebuild new file mode 100644 index 0000000..21f2456 --- /dev/null +++ b/sys-libs/pam/pam-1.2.1-r99.ebuild @@ -0,0 +1,213 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use fcaps + +MY_PN="Linux-PAM" +MY_P="${MY_PN}-${PV}" + +DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" +HOMEPAGE="http://www.linux-pam.org/ https://fedorahosted.org/linux-pam/" +SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2 + http://www.linux-pam.org/documentation/${MY_PN}-1.2.0-docs.tar.bz2" + +LICENSE="|| ( BSD GPL-2 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux" +IUSE="audit berkdb cracklib debug nis nls +pie selinux test vim-syntax" + +RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] ) + cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] ) + audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) + selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) + berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] ) + nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND} + >=sys-devel/libtool-2 + >=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}] + nls? ( sys-devel/gettext ) + nis? ( >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] )" +PDEPEND="sys-auth/pambase + vim-syntax? ( app-vim/pam-syntax )" +RDEPEND="${RDEPEND} + !<sys-apps/openrc-0.11.8 + !sys-auth/openpam + !sys-auth/pam_userdb + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508-r7 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" + +S="${WORKDIR}/${MY_P}" + +check_old_modules() { + local retval="0" + + if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then + eerror "" + eerror "Your current setup is using the pam_stack module." + eerror "This module is deprecated and no longer supported, and since version" + eerror "0.99 is no longer installed, nor provided by any other package." + eerror "The package will be built (to allow binary package builds), but will" + eerror "not be installed." + eerror "Please replace pam_stack usage with proper include directive usage," + eerror "following the PAM Upgrade guide at the following URL" + eerror " https://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml" + eerror "" + + retval=1 + fi + + if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then + eerror "" + eerror "Your current setup is using one or more of the following modules," + eerror "that are not built or supported anymore:" + eerror "pam_pwdb, pam_console" + eerror "If you are in real need for these modules, please contact the maintainers" + eerror "of PAM through https://bugs.gentoo.org/ providing information about its" + eerror "use cases." + eerror "Please also make sure to read the PAM Upgrade guide at the following URL:" + eerror " https://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml" + eerror "" + + retval=1 + fi + + return ${retval} +} + +pkg_pretend() { + # do not error out, this is just a warning, one could build a binpkg + # with old modules enabled. + check_old_modules +} + +src_unpack() { + # Upstream didn't release a new doc tarball (since nothing changed?). + unpack ${MY_PN}-1.2.0-docs.tar.bz2 + # Update timestamps to avoid regenerating at build time. #569338 + find -type f -exec touch -r "${T}" {} + || die + mv Linux-PAM-1.2.{0,1} || die + unpack ${MY_P}.tar.bz2 +} + +src_prepare() { + epatch "${FILESDIR}"/${PN}-1.2.1-fix-compat.patch + epatch "${FILESDIR}"/${PN}-1.2.1-innetgr.patch + epatch "${FILESDIR}"/${PN}-1.2.1-no-strndupa.patch + + # disable insecure modules (musl-libc doesn't implement the functions anyway) + use elibc_musl && sed -e 's/pam_rhosts//g' -i modules/Makefile.am modules/Makefile.in + elibtoolize +} + +multilib_src_configure() { + # Do not let user's BROWSER setting mess us up. #549684 + unset BROWSER + + # Disable automatic detection of libxcrypt; we _don't_ want the + # user to link libxcrypt in by default, since we won't track the + # dependency and allow to break PAM this way. + export ac_cv_header_xcrypt_h=no + + # Disable automatic detection of libcrypt + use elibc_musl && export ac_cv_search_crypt=no + + local myconf=( + --docdir='$(datarootdir)'/doc/${PF} + --htmldir='$(docdir)/html' + --libdir='$(prefix)'/$(get_libdir) + --enable-securedir="${EPREFIX}"/$(get_libdir)/security + --enable-isadir='.' #464016 + $(use_enable nls) + $(use_enable selinux) + $(use_enable cracklib) + $(use_enable audit) + $(use_enable debug) + $(use_enable berkdb db) + $(use_enable nis) + $(use_enable pie) + --with-db-uniquename=-$(db_findver sys-libs/db) + --disable-prelude + ) + + ECONF_SOURCE=${S} \ + econf "${myconf[@]}" +} + +multilib_src_compile() { + emake sepermitlockdir="${EPREFIX}/run/sepermit" +} + +multilib_src_install() { + emake DESTDIR="${D}" install \ + sepermitlockdir="${EPREFIX}/run/sepermit" + + local prefix + if multilib_is_native_abi; then + prefix= + gen_usr_ldscript -a pam pamc pam_misc + else + prefix=/usr + fi + + # create extra symlinks just in case something depends on them... + local lib + for lib in pam pamc pam_misc; do + if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then + dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname) + fi + done +} + +DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS ) + +multilib_src_install_all() { + einstalldocs + prune_libtool_files --all + + docinto modules + local dir + for dir in modules/pam_*; do + newdoc "${dir}"/README README."$(basename "${dir}")" + done + + if use selinux; then + dodir /usr/lib/tmpfiles.d + cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF +d /run/sepermit 0755 root root +EOF + fi +} + +pkg_preinst() { + check_old_modules || die "deprecated PAM modules still used" +} + +pkg_postinst() { + ewarn "Some software with pre-loaded PAM libraries might experience" + ewarn "warnings or failures related to missing symbols and/or versions" + ewarn "after any update. While unfortunate this is a limit of the" + ewarn "implementation of PAM and the software, and it requires you to" + ewarn "restart the software manually after the update." + ewarn "" + ewarn "You can get a list of such software running a command like" + ewarn " lsof / | egrep -i 'del.*libpam\\.so'" + ewarn "" + ewarn "Alternatively, simply reboot your system." + if [[ -x "${EROOT}"/var/log/tallylog ]] ; then + elog "" + elog "Because of a bug present up to version 1.1.1-r2, you have" + elog "an executable /var/log/tallylog file. You can safely" + elog "correct it by running the command" + elog " chmod -x /var/log/tallylog" + elog "" + fi + + # The pam_unix module needs to check the password of the user which requires + # read access to /etc/shadow only. + fcaps cap_dac_override sbin/unix_chkpwd +}