[gentoo-commits] repo/gentoo:master commit in: sys-libs/pam/

Sam James Fri, 03 May 2024 01:22:01 -0700

commit:     d95186284e3334576810a06047ffc4922c98e838
Author:     Christopher Fore <csfore <AT> posteo <DOT> net>
AuthorDate: Mon Apr 22 21:27:03 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri May  3 08:12:52 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9518628


sys-libs/pam: add 1.6.1, security bump

- Remove patch that is now included in 1.6.1
- Tests pass

[sam: Add USE=examples.]

Bug: https://bugs.gentoo.org/922397
Signed-off-by: Christopher Fore <csfore <AT> posteo.net>
Closes: https://github.com/gentoo/gentoo/pull/36365
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-libs/pam/Manifest         |   2 +
 sys-libs/pam/pam-1.6.1.ebuild | 150 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 152 insertions(+)

diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
index 8ff63cd068f0..626b3811412f 100644
--- a/sys-libs/pam/Manifest
+++ b/sys-libs/pam/Manifest
@@ -1,2 +1,4 @@
 DIST Linux-PAM-1.5.3-docs.tar.xz 466340 BLAKE2B 
6bade3c63ebe6b6ca7a86d7385850bb87bf1d6526add3ac5aad140533516c1d27b594a17d09c4127ff985c42e6c571618785d6b2a2913e6575678c4dcf947dc0
 SHA512 
a9082823da88e0054d74e13aef872519ced5fbef25c8cc1a7e3a99160f835aa09c9ef701b6ec507acd3b540da0019288424bb4c8ebd828181ea90450db1494a9
 DIST Linux-PAM-1.5.3.tar.xz 1020076 BLAKE2B 
362c939f3afc343e6f4e78e7f6ba6f7a9c6ee0a9948bb5a4fc34cecfd29e9fa974082534d4ceedd04d8d3e34c7b3ef43d2a07ba5f41d26da04ec8330fc3790fb
 SHA512 
af88e8c1b6a9b737ffaffff7dd9ed8eec996d1fbb5804fb76f590bed66d8a1c2c6024a534d7a7b6d18496b300f3d6571a08874cf406cd2e8cea1d5eff49c136a
+DIST Linux-PAM-1.6.1-docs.tar.xz 465516 BLAKE2B 
c39dfba2e327120edc1f30be6ea7f8e6cf20d1f4dd17752cc34e0ae1c0bd22b3d19b94ab665bf3df5bd6ecc7fc358dbbedd8a3069df95ff6189580e538aa3547
 SHA512 
c6054ec6832f604c0654cf074e4e241c44037fd41cd37cca7da94abe008ff72adc4466d31bd254517eda083c7ec3f6aefd37785b3ee3d0d4553250bd29963855
+DIST Linux-PAM-1.6.1.tar.xz 1054152 BLAKE2B 
649b4ff892fbd3eb90adcbd9ccc5b3f5df51bf1c79b9084c7a1613c432587b13b81761d1eb4f31ef12d58843d16af24a3c441d0b6f5d2f2a1db9c8da15a61e2f
 SHA512 
ddb5a5f296f564b76925324550d29f15d342841a97815336789c7bb922a8663e831edeb54f3dcd1eaf297e3325c9e2e6c14b8740def5c43cf3f160a8a14fa2ea

diff --git a/sys-libs/pam/pam-1.6.1.ebuild b/sys-libs/pam/pam-1.6.1.ebuild
new file mode 100644
index 000000000000..846b63350901
--- /dev/null
+++ b/sys-libs/pam/pam-1.6.1.ebuild
@@ -0,0 +1,150 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+MY_P="Linux-${PN^^}-${PV}"
+
+# Avoid QA warnings
+# Can reconsider w/ EAPI 8 and IDEPEND, bug #810979
+TMPFILES_OPTIONAL=1
+
+inherit db-use fcaps flag-o-matic toolchain-funcs multilib-minimal
+
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+HOMEPAGE="https://github.com/linux-pam/linux-pam";
+SRC_URI="
+       
https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz
+       
https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}-docs.tar.xz
+"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 
~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="audit berkdb examples debug nis selinux"
+
+BDEPEND="
+       app-alternatives/yacc
+       dev-libs/libxslt
+       app-alternatives/lex
+       sys-devel/gettext
+       virtual/pkgconfig
+"
+DEPEND="
+       virtual/libcrypt:=[${MULTILIB_USEDEP}]
+       >=virtual/libintl-0-r1[${MULTILIB_USEDEP}]
+       audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+       berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
+       selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+       nis? (
+               net-libs/libnsl:=[${MULTILIB_USEDEP}]
+               >=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}]
+       )
+"
+RDEPEND="${DEPEND}"
+PDEPEND=">=sys-auth/pambase-20200616"
+
+src_prepare() {
+       default
+       touch ChangeLog || die
+}
+
+multilib_src_configure() {
+       # Do not let user's BROWSER setting mess us up, bug #549684
+       unset BROWSER
+
+       # This whole weird has_version libxcrypt block can go once
+       # musl systems have libxcrypt[system] if we ever make
+       # that mandatory. See bug #867991.
+       if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then
+               # Avoid picking up symbol-versioned compat symbol on musl 
systems
+               export ac_cv_search_crypt_gensalt_rn=no
+
+               # Need to avoid picking up the libxcrypt headers which define
+               # CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY.
+               cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die
+               append-cppflags -I"${T}"
+       fi
+
+       local myconf=(
+               CC_FOR_BUILD="$(tc-getBUILD_CC)"
+               --with-db-uniquename=-$(db_findver sys-libs/db)
+               --with-xml-catalog="${EPREFIX}"/etc/xml/catalog
+               --enable-securedir="${EPREFIX}"/$(get_libdir)/security
+               --includedir="${EPREFIX}"/usr/include/security
+               --libdir="${EPREFIX}"/usr/$(get_libdir)
+               --enable-pie
+               --enable-unix
+               --disable-prelude
+               --disable-doc
+               --disable-regenerate-docu
+               --disable-static
+               --disable-Werror
+               # TODO: wire this up now it's more useful as of 1.5.3
+               --disable-econf
+
+               # TODO: add elogind support
+               # lastlog is enabled again for now by us until logind support
+               # is handled. Even then, disabling lastlog will probably need
+               # a news item.
+               --disable-logind
+               --enable-lastlog
+
+               $(use_enable audit)
+               $(multilib_native_use_enable examples)
+               $(use_enable berkdb db)
+               $(use_enable debug)
+               $(use_enable nis)
+               $(use_enable selinux)
+               --enable-isadir='.' # bug #464016
+       )
+       ECONF_SOURCE="${S}" econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+       emake sepermitlockdir="/run/sepermit"
+}
+
+multilib_src_install() {
+       emake DESTDIR="${D}" install \
+               sepermitlockdir="/run/sepermit"
+}
+
+multilib_src_install_all() {
+       find "${ED}" -type f -name '*.la' -delete || die
+
+       # tmpfiles.eclass is impossible to use because
+       # there is the pam -> tmpfiles -> systemd -> pam dependency loop
+       dodir /usr/lib/tmpfiles.d
+
+       cat ->>  "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_
+               d /run/faillock 0755 root root
+       _EOF_
+       use selinux && cat ->>  
"${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_
+               d /run/sepermit 0755 root root
+       _EOF_
+
+       local page
+
+       for page in doc/man/*.{3,5,8} modules/*/*.{5,8} ; do
+               doman ${page}
+       done
+}
+
+pkg_postinst() {
+       ewarn "Some software with pre-loaded PAM libraries might experience"
+       ewarn "warnings or failures related to missing symbols and/or versions"
+       ewarn "after any update. While unfortunate this is a limit of the"
+       ewarn "implementation of PAM and the software, and it requires you to"
+       ewarn "restart the software manually after the update."
+       ewarn ""
+       ewarn "You can get a list of such software running a command like"
+       ewarn "  lsof / | grep -E -i 'del.*libpam\\.so'"
+       ewarn ""
+       ewarn "Alternatively, simply reboot your system."
+
+       # The pam_unix module needs to check the password of the user which 
requires
+       # read access to /etc/shadow only.
+       fcaps cap_dac_override sbin/unix_chkpwd
+}

[gentoo-commits] repo/gentoo:master commit in: sys-libs/pam/

Reply via email to