commit: b880a39368148d7f7e2906a6d07d73fe606f7c8a
Author: Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 5 01:49:35 2016 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Tue Jan 5 01:49:55 2016 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=b880a393
Add pam-1.2.1 support
sys-libs/pam/Manifest | 8 +-
sys-libs/pam/files/pam-1.2.1-fix-compat.patch | 21 +++
sys-libs/pam/files/pam-1.2.1-innetgr.patch | 54 +++++++
sys-libs/pam/files/pam-1.2.1-no-strndupa.patch | 46 ++++++
sys-libs/pam/metadata.xml | 2 -
sys-libs/pam/pam-1.2.1-r99.ebuild | 213 +++++++++++++++++++++++++
6 files changed, 341 insertions(+), 3 deletions(-)
diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
index db75f3a..f5f232f 100644
--- a/sys-libs/pam/Manifest
+++ b/sys-libs/pam/Manifest
@@ -1,7 +1,13 @@
AUX pam-1.1.8-doc-install.patch 6592 SHA256
83edb1f57e3fa579bde4cd9ba05966063106f0dc8e57458eea9857250b1a0fb5 SHA512
335220790207c3cb9c84420f13e5e1ea8e42e2b5402def0d0f9425ae89b37c8aef66eb9906c58eeb249bd1ca27af711015c363421d4096206ea44c4c4beea302
WHIRLPOOL
ae6df174b9457bcfd85f41b72ec22054898c0c86f9bb0b170ec3e6c747140d1ac3fba3e684e2c4c9c12bb4a1429996a5bb999c9dc2c7693d5109e52f383d1fcf
AUX pam-1.1.8-fix-compat.patch 402 SHA256
c783156888287b44816b4a32c946af657c0a43d8926fe7bd9f54d9768ee8f699 SHA512
1178ead83fdc872a626576c620876d013cbeb6199edb704c8d91cb906b9aabc1dd02e11a27a792cb87179554dcaf3080d04478317e03cf34cea23bf42b65fe2f
WHIRLPOOL
692d3df998b7c29f1a7ea4c75cbeabdb6a907d7a8ca0b9e22f9c02df883db6af6b2052f67f4778cf97667456d54abed7f89fb43ed1bcb01c9fdef42f63d2762f
AUX pam-1.1.8-innetgr.patch 1662 SHA256
fb609212837c67da7da033a0daa01d1c2e34166867530e6924102b655e00ebde SHA512
ca32ecdacfc5b8f1482031203b616932b646a008b02080315ea2589af5962180d4ff4339c27fe9f6a878a89f47fb69429f4ac75d67b0e70ad7765a4db1dc74d9
WHIRLPOOL
3034a8cd10f26c303546a99c0ae7de38d016d537deae81e52cc510c515d7e8b7d703bf257fac8d737588add225e125d7a90f6f35cc811eb1330cb3cc88d67048
+AUX pam-1.2.1-fix-compat.patch 402 SHA256
c783156888287b44816b4a32c946af657c0a43d8926fe7bd9f54d9768ee8f699 SHA512
1178ead83fdc872a626576c620876d013cbeb6199edb704c8d91cb906b9aabc1dd02e11a27a792cb87179554dcaf3080d04478317e03cf34cea23bf42b65fe2f
WHIRLPOOL
692d3df998b7c29f1a7ea4c75cbeabdb6a907d7a8ca0b9e22f9c02df883db6af6b2052f67f4778cf97667456d54abed7f89fb43ed1bcb01c9fdef42f63d2762f
+AUX pam-1.2.1-innetgr.patch 1662 SHA256
fb609212837c67da7da033a0daa01d1c2e34166867530e6924102b655e00ebde SHA512
ca32ecdacfc5b8f1482031203b616932b646a008b02080315ea2589af5962180d4ff4339c27fe9f6a878a89f47fb69429f4ac75d67b0e70ad7765a4db1dc74d9
WHIRLPOOL
3034a8cd10f26c303546a99c0ae7de38d016d537deae81e52cc510c515d7e8b7d703bf257fac8d737588add225e125d7a90f6f35cc811eb1330cb3cc88d67048
+AUX pam-1.2.1-no-strndupa.patch 1452 SHA256
49bae3a1ee81d94527c15aab766e2bb5523cdc6e9ce00126d0d7b81c5b9b47a2 SHA512
967eb6d636fc5421ceea1ddd79de61d367cdd17b260ad3ad75da2e1af4ca87305f57776344ab53b23d1ec81d4d8b74874a0a05f68b70c54ba62f7ec23ad40a99
WHIRLPOOL
0cf25b0a11739493ef1b00e3d440b391ae14f88462f60a0c8d7b4d58aa7fd2ec41ed4d05a436265bbac5ab0a6529809ce2839af65b6560c4bda0b46a81cd0a92
DIST Linux-PAM-1.1.8-docs.tar.bz2 147887 SHA256
c4bb6a0e8307d2ab5611457fecf20fcbd6cdfff51dea524f0f06c74e4f3b4ff8 SHA512
36aa99996f8cc0640686d2af40845e18ad4b48183f18de9e1495427550ad5b61e2f59e25f6d5e8df1277cd3f171fd69bf6c49fe7c5b31f0b290e3641b65521e8
WHIRLPOOL
c4b373e59fac30a29c2b16f01419492c72fae2ceb15b157418bba4899b75cf4b97bac4559b688ef8d5a231cc972f72654c4e10d63a0b72a0d6573388f7125f87
DIST Linux-PAM-1.1.8.tar.bz2 1148944 SHA256
c4b1f23a236d169e2496fea20721578d864ba00f7242d2b41d81050ac87a1e55 SHA512
245785ab4e187ceaab6393967352c8d2a2319c64e1e83285d0251cc02995dc2edab8e3001301b6d9f6774c441b7557d9caf4dfdf94c7cd5d44aa53ae759d9e5d
WHIRLPOOL
b4ec7baeb57b9d987086fe3e007e08e8b9c92b2ff86a94f8003a87c8448925835808661cd719d2445570aa8dd1c20fcbbe8bd465d73f4af8cd7edde0f650a734
+DIST Linux-PAM-1.2.0-docs.tar.bz2 490586 SHA256
3bc9ae398f759e372dbf4065ceed2df8b1ac5ab62c6688cb5f7849ce773df2c3 SHA512
028b7f9d6b0a5cf38f063e0f82ac3d0955e1e41d77c9f3fc803363d9ea710d71366e0a91f31b418cac397bb6639442de908fa00f02cd94cf612496d1b43c7e4c
WHIRLPOOL
9a329b610d840c904050b2261e5ce34ac54232b0c7d51c12ee45c9e758ab6659ea8562e032fa9815c2beab0cfa1ea455dbfbf3cdef39d30d299a8bc5286f7a14
+DIST Linux-PAM-1.2.1.tar.bz2 1279523 SHA256
342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 SHA512
4572aa1eaf5a1312410c74b5ed055b2592c5efe2bb82f59981da4e9e93555ad40aee3a89f446d9dc6c6af79efc04c33f739f66db9edc07e02479475a14e426da
WHIRLPOOL
562917945b3b3a407955cc5bf5cd251ff7e257a94055d7cfbf06d5c2619b58d61624f16848de3512ddf61636ad8618315de3f7bd8e4e51b3b7d109adfa212c8a
EBUILD pam-1.1.8-r99.ebuild 6289 SHA256
d9fac218f4e3a095a1d7bbe62d65db2c73a5183681b28006972c2575a1473221 SHA512
f341057c9234e57e102c38d46bdb2670bc6e2c50e53a3175cf3e65a35bd37e633712608f458b2e59fb7ec61a41169279efdbeeb4be468d5ba9287239ca5033e1
WHIRLPOOL
074506f012d3d820951d003b1350f62f9745d841b26ad7c89a345c819734c6cfd26d69a89f4f08dfb4c3ac67bf68e9b938d630fa3887cea33dcc0a7dcde18e7c
-MISC metadata.xml 1218 SHA256
9ea95e669c343b7e7184d3fb3b1bbad013493bfdca0e8f184ddf4728e6b5e884 SHA512
60ae70d605f654867e4c444c7489ecd76083c286039febd71ffd18a9e120b151a47488df925ec97e6768c62e5e48068abb864a6b978abd67623fb0b6c414f248
WHIRLPOOL
a96d70fd81604dd265f15672183b793d0c3f48508b317f973481c460d56ea05d917a446fd60998536f7a3d811407ca3573554f9dcdc8f45ab88dbbf7875985ab
+EBUILD pam-1.2.1-r99.ebuild 6733 SHA256
c897194ead8ee56e68efa98c98ed32ea13e1ac994d5bd452129bd255d24fcade SHA512
85a800b89e3859a3deba2bec8e51bf4374c44978ecb48bfee853c45f732bbba26e6a824bbc43f17aa8023b494aec0437839f1758a5afe89d49a683f387caf1d9
WHIRLPOOL
7fed197982bc3483d413b5404c76e45f48c1c2d142dc9c5f1ae66f640e35d196f0c3342d2460c0f442415a01691dfd54d857496a49e80001f90ebce3fceffcca
+MISC metadata.xml 1139 SHA256
bd152404f476ae44a7e577f9d823725215d2fb6220f48005a7814358e2d2d6b6 SHA512
80c06a813fbcbe5fd85b73ee03b8f7bc4aba18a6005bdb1f80de523a6f221e139f7c73e29db9c1b599e90a6eb769240b9e302d4c1e24aca32f06479712b2d5fa
WHIRLPOOL
3ad745a45d828eecf45e3221aa012c6a6d99cc332dc60022dc9da0220af36737f47b4952cf84ff10cc196cda5535cadb360f4db9b56c9f7c55dd62777b26c760
diff --git a/sys-libs/pam/files/pam-1.2.1-fix-compat.patch
b/sys-libs/pam/files/pam-1.2.1-fix-compat.patch
new file mode 100644
index 0000000..332f609
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.2.1-fix-compat.patch
@@ -0,0 +1,21 @@
+--- a/modules/pam_lastlog/pam_lastlog.c
++++ b/modules/pam_lastlog/pam_lastlog.c
+@@ -10,6 +10,7 @@
+
+ #include "config.h"
+
++#include <paths.h>
+ #include <fcntl.h>
+ #include <time.h>
+ #include <errno.h>
+@@ -48,6 +49,10 @@
+
+ #ifndef _PATH_BTMP
+ # define _PATH_BTMP "/var/log/btmp"
++#endif
++
++#ifndef __GLIBC__
++#define logwtmp(args...)
+ #endif
+
+ /* XXX - time before ignoring lock. Is 1 sec enough? */
diff --git a/sys-libs/pam/files/pam-1.2.1-innetgr.patch
b/sys-libs/pam/files/pam-1.2.1-innetgr.patch
new file mode 100644
index 0000000..a94fa3d
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.2.1-innetgr.patch
@@ -0,0 +1,54 @@
+--- Linux-PAM-1.1.3.orig/modules/pam_group/pam_group.c
++++ Linux-PAM-1.1.3/modules/pam_group/pam_group.c
+@@ -658,10 +658,13 @@
+ continue;
+ }
+ /* If buffer starts with @, we are using netgroups */
++#ifdef HAVE_INNETGR
+ if (buffer[0] == '@')
+ good &= innetgr (&buffer[1], NULL, user, NULL);
+ /* otherwise, if the buffer starts with %, it's a UNIX group */
+- else if (buffer[0] == '%')
++ else
++#endif
++ if (buffer[0] == '%')
+ good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
+ else
+ good &= logic_field(pamh,user, buffer, count, is_same);
+--- Linux-PAM-1.1.3.orig/modules/pam_succeed_if/pam_succeed_if.c
++++ Linux-PAM-1.1.3/modules/pam_succeed_if/pam_succeed_if.c
+@@ -233,16 +233,20 @@
+ static int
+ evaluate_innetgr(const char *host, const char *user, const char *group)
+ {
++#ifdef HAVE_INNETGR
+ if (innetgr(group, host, user, NULL) == 1)
+ return PAM_SUCCESS;
++#endif
+ return PAM_AUTH_ERR;
+ }
+ /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
+ static int
+ evaluate_notinnetgr(const char *host, const char *user, const char *group)
+ {
++#ifdef HAVE_INNETGR
+ if (innetgr(group, host, user, NULL) == 0)
+ return PAM_SUCCESS;
++#endif
+ return PAM_AUTH_ERR;
+ }
+
+--- Linux-PAM-1.1.3.orig/modules/pam_time/pam_time.c
++++ Linux-PAM-1.1.3/modules/pam_time/pam_time.c
+@@ -554,9 +554,11 @@
+ continue;
+ }
+ /* If buffer starts with @, we are using netgroups */
++#ifdef HAVE_INNETGR
+ if (buffer[0] == '@')
+ good &= innetgr (&buffer[1], NULL, user, NULL);
+ else
++#endif
+ good &= logic_field(pamh, user, buffer, count, is_same);
+ D(("with user: %s", good ? "passes":"fails" ));
+
diff --git a/sys-libs/pam/files/pam-1.2.1-no-strndupa.patch
b/sys-libs/pam/files/pam-1.2.1-no-strndupa.patch
new file mode 100644
index 0000000..71b233a
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.2.1-no-strndupa.patch
@@ -0,0 +1,46 @@
+From fa534c4a66f5fab7a9c5f9de76c81625e0b64068 Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4t...@gmail.com>
+Date: Thu, 23 Jul 2015 20:47:29 +0800
+Subject: [PATCH 9/9] pam_exec: fix build when strndupa() is not available.
+
+ * /modules/pam_exec/pam_exec.c: use strncpy() and local array instead
+ of strndupa()
+
+Signed-off-by: Yousong Zhou <yszhou4t...@gmail.com>
+---
+ modules/pam_exec/pam_exec.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
+index 17ba6ca..d5ccfeb 100644
+--- a/modules/pam_exec/pam_exec.c
++++ b/modules/pam_exec/pam_exec.c
+@@ -102,6 +102,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
+ int use_stdout = 0;
+ int optargc;
+ const char *logfile = NULL;
++ char *_authtok[PAM_MAX_RESP_SIZE];
+ const char *authtok = NULL;
+ pid_t pid;
+ int fds[2];
+@@ -178,11 +179,15 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
+ }
+
+ pam_set_item (pamh, PAM_AUTHTOK, resp);
+- authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
++ _authtok[PAM_MAX_RESP_SIZE-1] = '\0';
++ authtok = strncpy(_authtok, resp, PAM_MAX_RESP_SIZE-1);
+ _pam_drop (resp);
+ }
+ else
+- authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
++ {
++ _authtok[PAM_MAX_RESP_SIZE-1] = '\0';
++ authtok = strncpy(_authtok, void_pass, PAM_MAX_RESP_SIZE-1);
++ }
+
+ if (pipe(fds) != 0)
+ {
+--
+1.7.10.4
+
diff --git a/sys-libs/pam/metadata.xml b/sys-libs/pam/metadata.xml
index 4ee5aec..f69d9e3 100644
--- a/sys-libs/pam/metadata.xml
+++ b/sys-libs/pam/metadata.xml
@@ -6,8 +6,6 @@
<email>pam-b...@gentoo.org</email>
</maintainer>
<use>
- <flag name='audit'>Enable support for <pkg>sys-process/audit</pkg></flag>
-
<flag name="berkdb">
Build the pam_userdb module, that allows to authenticate users
against a Berkeley DB file. Please note that enabling this USE
diff --git a/sys-libs/pam/pam-1.2.1-r99.ebuild
b/sys-libs/pam/pam-1.2.1-r99.ebuild
new file mode 100644
index 0000000..21f2456
--- /dev/null
+++ b/sys-libs/pam/pam-1.2.1-r99.ebuild
@@ -0,0 +1,213 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib multilib-minimal eutils pam toolchain-funcs
flag-o-matic db-use fcaps
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+HOMEPAGE="http://www.linux-pam.org/ https://fedorahosted.org/linux-pam/";
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+ http://www.linux-pam.org/documentation/${MY_PN}-1.2.0-docs.tar.bz2";
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="audit berkdb cracklib debug nis nls +pie selinux test vim-syntax"
+
+RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
+ audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+ selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+ berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] )
+ nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+ >=sys-devel/libtool-2
+ >=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}]
+ nls? ( sys-devel/gettext )
+ nis? ( >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] )"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+ !<sys-apps/openrc-0.11.8
+ !sys-auth/openpam
+ !sys-auth/pam_userdb
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q
pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and
since version"
+ eerror "0.99 is no longer installed, nor provided by any other
package."
+ eerror "The package will be built (to allow binary package
builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include
directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror "
https://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml";
+ eerror ""
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q
'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the
following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please
contact the maintainers"
+ eerror "of PAM through https://bugs.gentoo.org/ providing
information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at
the following URL:"
+ eerror "
https://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml";
+ eerror ""
+
+ retval=1
+ fi
+
+ return ${retval}
+}
+
+pkg_pretend() {
+ # do not error out, this is just a warning, one could build a binpkg
+ # with old modules enabled.
+ check_old_modules
+}
+
+src_unpack() {
+ # Upstream didn't release a new doc tarball (since nothing changed?).
+ unpack ${MY_PN}-1.2.0-docs.tar.bz2
+ # Update timestamps to avoid regenerating at build time. #569338
+ find -type f -exec touch -r "${T}" {} + || die
+ mv Linux-PAM-1.2.{0,1} || die
+ unpack ${MY_P}.tar.bz2
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-1.2.1-fix-compat.patch
+ epatch "${FILESDIR}"/${PN}-1.2.1-innetgr.patch
+ epatch "${FILESDIR}"/${PN}-1.2.1-no-strndupa.patch
+
+ # disable insecure modules (musl-libc doesn't implement the functions
anyway)
+ use elibc_musl && sed -e 's/pam_rhosts//g' -i modules/Makefile.am
modules/Makefile.in
+ elibtoolize
+}
+
+multilib_src_configure() {
+ # Do not let user's BROWSER setting mess us up. #549684
+ unset BROWSER
+
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+ export ac_cv_header_xcrypt_h=no
+
+ # Disable automatic detection of libcrypt
+ use elibc_musl && export ac_cv_search_crypt=no
+
+ local myconf=(
+ --docdir='$(datarootdir)'/doc/${PF}
+ --htmldir='$(docdir)/html'
+ --libdir='$(prefix)'/$(get_libdir)
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security
+ --enable-isadir='.' #464016
+ $(use_enable nls)
+ $(use_enable selinux)
+ $(use_enable cracklib)
+ $(use_enable audit)
+ $(use_enable debug)
+ $(use_enable berkdb db)
+ $(use_enable nis)
+ $(use_enable pie)
+ --with-db-uniquename=-$(db_findver sys-libs/db)
+ --disable-prelude
+ )
+
+ ECONF_SOURCE=${S} \
+ econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="${EPREFIX}/run/sepermit"
+
+ local prefix
+ if multilib_is_native_abi; then
+ prefix=
+ gen_usr_ldscript -a pam pamc pam_misc
+ else
+ prefix=/usr
+ fi
+
+ # create extra symlinks just in case something depends on them...
+ local lib
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f
"${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0)
${prefix}/$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ docinto modules
+ local dir
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ if use selinux; then
+ dodir /usr/lib/tmpfiles.d
+ cat - >
"${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+ fi
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+ if [[ -x "${EROOT}"/var/log/tallylog ]] ; then
+ elog ""
+ elog "Because of a bug present up to version 1.1.1-r2, you have"
+ elog "an executable /var/log/tallylog file. You can safely"
+ elog "correct it by running the command"
+ elog " chmod -x /var/log/tallylog"
+ elog ""
+ fi
+
+ # The pam_unix module needs to check the password of the user which
requires
+ # read access to /etc/shadow only.
+ fcaps cap_dac_override sbin/unix_chkpwd
+}
