commit: 0d8d83d97f4cd4167b00e6e6dba25010e3daf8cb
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 10 06:19:32 2019 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Wed Apr 10 06:19:32 2019 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=0d8d83d9
sys-libs/pam: add update to match current tree
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
sys-libs/pam/Manifest | 1 +
sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch | 46 +++++++
.../files/pam-1.3.1-include-sys_resource_h.patch | 24 ++++
.../pam/files/pam-1.3.1-portability-fixes.patch | 61 ++++++++++
sys-libs/pam/files/pam-remove-browsers.patch | 34 ++++++
sys-libs/pam/pam-1.3.1-r1.ebuild | 133 +++++++++++++++++++++
6 files changed, 299 insertions(+)
diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
index 46204f5..bfa0f21 100644
--- a/sys-libs/pam/Manifest
+++ b/sys-libs/pam/Manifest
@@ -2,3 +2,4 @@ DIST Linux-PAM-1.2.0-docs.tar.bz2 490586 SHA256
3bc9ae398f759e372dbf4065ceed2df8
DIST Linux-PAM-1.2.1.tar.bz2 1279523 SHA256
342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 SHA512
4572aa1eaf5a1312410c74b5ed055b2592c5efe2bb82f59981da4e9e93555ad40aee3a89f446d9dc6c6af79efc04c33f739f66db9edc07e02479475a14e426da
WHIRLPOOL
562917945b3b3a407955cc5bf5cd251ff7e257a94055d7cfbf06d5c2619b58d61624f16848de3512ddf61636ad8618315de3f7bd8e4e51b3b7d109adfa212c8a
DIST Linux-PAM-1.3.0-docs.tar.bz2 492805 BLAKE2B
1dd48f65ae76e0d4d2c02664f9a2adac127604a7552ff70c378323a0de8141445332430205946823097170edf217122196ea03ae665284751fed3748d9f8ac3d
SHA512
b6b8497e6a4307b3f9a2af1c74456a0577b848cbc5417fb88fabe305b67ca022a6bcf632d68faaaacc701cdcf6254ec196707551a1ea70985cdde6add68bbbfe
DIST Linux-PAM-1.3.0.tar.bz2 1302820 BLAKE2B
0ed5553308e8bc4bef91746a1c79db41bf5f0a48a31796d5a13819387c0a04d553efa210435273ad8565d0a53f354817bc3e0f254e35a5e75b7b7b586cad5d16
SHA512
4a89ca4b6f4676107aca4018f7c11addf03495266b209cb11c913f8b5d191d9a1f72197715dcf2a69216b4036de88780bcbbb5a8652e386910d71ba1b6282e42
+DIST pam-1.3.1.tar.gz 749997 BLAKE2B
3b44c41daaa5810c53e3e2baeac1ab58463768fde433f874b9bd09c7c28cfd55e0f227c9a0c318e66444a3adb23c112a2db32d5c7211b07c84c2d4600a47ca5c
SHA512
0c5019493b2ac42180ee9c4974a51329a2395a44f5f892c1ca567ec9b43cc3a9bce0212861d4dfb82eb236c5eaa682b27189ce672ed6cafa37d8801d059a944d
diff --git a/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch
b/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch
new file mode 100644
index 0000000..f2205ca
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.3.1-fix-pam-exec.patch
@@ -0,0 +1,46 @@
+From a43725b6f6a9748e5fdb91384bce360eab36ebde Mon Sep 17 00:00:00 2001
+From:
+Date: Wed, 10 Apr 2019 00:45:01 -0500
+Subject: [PATCH 1/3] Fix pam exec on musl
+
+---
+ modules/pam_exec/pam_exec.c | 9 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
+index 52dc681..3f70ea1 100644
+--- a/modules/pam_exec/pam_exec.c
++++ b/modules/pam_exec/pam_exec.c
+@@ -103,11 +103,14 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
+ int optargc;
+ const char *logfile = NULL;
+ const char *authtok = NULL;
++ char authtok_buf[PAM_MAX_RESP_SIZE+1];
++
+ pid_t pid;
+ int fds[2];
+ int stdout_fds[2];
+ FILE *stdout_file = NULL;
+
++ memset(authtok_buf, 0, sizeof(authtok_buf));
+ if (argc < 1) {
+ pam_syslog (pamh, LOG_ERR,
+ "This module needs at least one argument");
+@@ -180,12 +183,12 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
+ if (resp)
+ {
+ pam_set_item (pamh, PAM_AUTHTOK, resp);
+- authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
++ authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf));
+ _pam_drop (resp);
+ }
+ }
+ else
+- authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
++ authtok = strncpy(authtok_buf, void_pass, sizeof(authtok_buf));
+
+ if (pipe(fds) != 0)
+ {
+--
+2.21.0
+
diff --git a/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch
b/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch
new file mode 100644
index 0000000..6336988
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.3.1-include-sys_resource_h.patch
@@ -0,0 +1,24 @@
+From 523562d2c1a485fc60fe4cb5c2c02c5654c47097 Mon Sep 17 00:00:00 2001
+From:
+Date: Wed, 10 Apr 2019 00:45:56 -0500
+Subject: [PATCH 2/3] include sys/resource.h for RLIMIT_NOFILE
+
+---
+ modules/pam_unix/pam_unix_acct.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/pam_unix/pam_unix_acct.c
b/modules/pam_unix/pam_unix_acct.c
+index 8833114..eeab34e 100644
+--- a/modules/pam_unix/pam_unix_acct.c
++++ b/modules/pam_unix/pam_unix_acct.c
+@@ -48,6 +48,7 @@
+ #include <time.h> /* for time() */
+ #include <errno.h>
+ #include <sys/wait.h>
++#include <sys/resource.h> /* for RLIMIT_NOFILE */
+
+ #include <security/_pam_macros.h>
+
+--
+2.21.0
+
diff --git a/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch
b/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch
new file mode 100644
index 0000000..d03e5e4
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.3.1-portability-fixes.patch
@@ -0,0 +1,61 @@
+From acee004471a6c65b3fdccd8e485ff7ab58da7df4 Mon Sep 17 00:00:00 2001
+From:
+Date: Wed, 10 Apr 2019 00:48:19 -0500
+Subject: [PATCH 3/3] add portability for non glibc systems
+
+---
+ modules/pam_lastlog/pam_lastlog.c | 5 +++++
+ modules/pam_rhosts/pam_rhosts.c | 4 +++-
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/modules/pam_lastlog/pam_lastlog.c
b/modules/pam_lastlog/pam_lastlog.c
+index 1a796b9..bd609bb 100644
+--- a/modules/pam_lastlog/pam_lastlog.c
++++ b/modules/pam_lastlog/pam_lastlog.c
+@@ -26,6 +26,7 @@
+ #include <sys/types.h>
+ #include <syslog.h>
+ #include <unistd.h>
++#include <paths.h>
+
+ #if defined(hpux) || defined(sunos) || defined(solaris)
+ # ifndef _PATH_LASTLOG
+@@ -403,7 +404,9 @@ last_login_write(pam_handle_t *pamh, int announce, int
last_fd,
+
+ if (announce & LASTLOG_WTMP) {
+ /* write wtmp entry for user */
++#ifdef HAVE_LOGWTMP
+ logwtmp(last_login.ll_line, user, remote_host);
++#endif
+ }
+
+ /* cleanup */
+@@ -714,7 +717,9 @@ pam_sm_close_session (pam_handle_t *pamh, int flags,
+ terminal_line = get_tty(pamh);
+
+ /* Wipe out utmp logout entry */
++#ifdef HAVE_LOGWTMP
+ logwtmp(terminal_line, "", "");
++#endif
+
+ return PAM_SUCCESS;
+ }
+diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c
+index ed98d63..b33f342 100644
+--- a/modules/pam_rhosts/pam_rhosts.c
++++ b/modules/pam_rhosts/pam_rhosts.c
+@@ -112,8 +112,10 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags,
int argc,
+
+ #ifdef HAVE_RUSEROK_AF
+ retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC);
+-#else
++#elif HAVE_RUSEROK
+ retval = ruserok (rhost, as_root, ruser, luser);
++#else
++ retval = 1;
+ #endif
+ if (retval != 0) {
+ if (!opt_silent || opt_debug)
+--
+2.21.0
+
diff --git a/sys-libs/pam/files/pam-remove-browsers.patch
b/sys-libs/pam/files/pam-remove-browsers.patch
new file mode 100644
index 0000000..7e3ae99
--- /dev/null
+++ b/sys-libs/pam/files/pam-remove-browsers.patch
@@ -0,0 +1,34 @@
+From baadfdc644fcb88170c358c449a731520e1747a5 Mon Sep 17 00:00:00 2001
+From: Mikle Kolyada <[email protected]>
+Date: Mon, 1 Oct 2018 23:12:08 +0300
+Subject: [PATCH] configure.ac remobe browser logic for DocBook
+
+---
+ configure.ac | 11 -----------
+ 1 file changed, 11 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 3012ceb..e7e7dac 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -554,17 +554,6 @@ JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.4//EN],
+
JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
+ [DocBook XSL Stylesheets], [], enable_docu=no)
+
+-AC_PATH_PROG([BROWSER], [w3m])
+-if test ! -z "$BROWSER"; then
+- BROWSER="$BROWSER -T text/html -dump"
+-else
+- AC_PATH_PROG([BROWSER], [elinks])
+- if test ! -z "$BROWSER"; then
+- BROWSER="$BROWSER -no-numbering -no-references -dump"
+- else
+- enable_docu=no
+- fi
+-fi
+
+ AC_PATH_PROG([FO2PDF], [fop])
+
+--
+2.16.4
+
diff --git a/sys-libs/pam/pam-1.3.1-r1.ebuild b/sys-libs/pam/pam-1.3.1-r1.ebuild
new file mode 100644
index 0000000..7f43ea6
--- /dev/null
+++ b/sys-libs/pam/pam-1.3.1-r1.ebuild
@@ -0,0 +1,133 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools db-use fcaps multilib-minimal toolchain-funcs
+
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+HOMEPAGE="https://github.com/linux-pam/linux-pam";
+SRC_URI="https://github.com/linux-pam/linux-pam/archive/v${PV}.tar.gz ->
${P}.tar.gz"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="audit berkdb +cracklib debug nis nls +pie selinux static-libs"
+
+BDEPEND="app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xml-dtd:4.3
+ app-text/docbook-xml-dtd:4.4
+ app-text/docbook-xml-dtd:4.5
+ dev-libs/libxslt
+ sys-devel/flex
+ virtual/pkgconfig[${MULTILIB_USEDEP}]
+ nls? ( sys-devel/gettext )"
+DEPEND="
+ audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+ berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
+ cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
+ selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+ nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )
+ nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )"
+RDEPEND="${DEPEND}
+ !sys-auth/openpam
+ !sys-auth/pam_userdb"
+
+PDEPEND="sys-auth/pambase"
+
+S="${WORKDIR}/linux-${P}"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-remove-browsers.patch"
+ "${FILESDIR}/${PN}-1.3.1-fix-pam-exec.patch"
+ "${FILESDIR}/${PN}-1.3.1-include-sys_resource_h.patch"
+ "${FILESDIR}/${PN}-1.3.1-portability-fixes.patch"
+)
+
+src_prepare() {
+ default
+ touch ChangeLog || die
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # Do not let user's BROWSER setting mess us up. #549684
+ unset BROWSER
+
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+
+ export ac_cv_header_xcrypt_h=no
+
+ local myconf=(
+ --with-db-uniquename=-$(db_findver sys-libs/db)
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security
+ --libdir=/usr/$(get_libdir)
+ --disable-prelude
+ $(use_enable audit)
+ $(use_enable berkdb db)
+ $(use_enable cracklib)
+ $(use_enable debug)
+ $(use_enable nis)
+ $(use_enable nls)
+ $(use_enable pie)
+ $(use_enable selinux)
+ $(use_enable static-libs static)
+ --enable-isadir='.' #464016
+ )
+ ECONF_SOURCE="${S}" econf ${myconf[@]}
+}
+
+multilib_src_compile() {
+ emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="${EPREFIX}/run/sepermit"
+
+ local prefix
+ if multilib_is_native_abi; then
+ prefix=
+ gen_usr_ldscript -a pam pamc pam_misc
+ else
+ prefix=/usr
+ fi
+
+ # create extra symlinks just in case something depends on them...
+ local lib
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f
"${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0)
${prefix}/$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+}
+
+multilib_src_install_all() {
+ find "${ED}" -type f -name '*.la' -delete || die
+
+ if use selinux; then
+ dodir /usr/lib/tmpfiles.d
+ cat - >
"${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+ fi
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+
+ # The pam_unix module needs to check the password of the user which
requires
+ # read access to /etc/shadow only.
+ fcaps cap_dac_override sbin/unix_chkpwd
+}
