commit: 96c165c8e62c78ef9c7fa1814a79dddc98943be4 Author: Brett A C Sheffield <bacs <AT> librecast <DOT> net> AuthorDate: Tue Mar 10 18:57:23 2026 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Mar 11 13:14:07 2026 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96c165c8
sys-libs/pam: drop 1.7.0_p20241230-r3, 1.7.1-r1, 1.7.1-r3 Bug: https://bugs.gentoo.org/958320 Signed-off-by: Brett A C Sheffield <bacs <AT> librecast.net> Part-of: https://codeberg.org/gentoo/gentoo/pulls/284 Signed-off-by: Sam James <sam <AT> gentoo.org> sys-libs/pam/Manifest | 3 - sys-libs/pam/files/pam-1.7.1-32-bit-lastlog.patch | 37 ---- .../pam/files/pam-1.7.1-32-bit-timestamp.patch | 37 ---- sys-libs/pam/pam-1.7.0_p20241230-r3.ebuild | 192 -------------------- sys-libs/pam/pam-1.7.1-r1.ebuild | 191 ------------------- sys-libs/pam/pam-1.7.1-r3.ebuild | 202 --------------------- 6 files changed, 662 deletions(-) diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest index 1c528fb780dc..453c007b5f9e 100644 --- a/sys-libs/pam/Manifest +++ b/sys-libs/pam/Manifest @@ -1,5 +1,2 @@ -DIST Linux-PAM-1.7.1.tar.xz 510828 BLAKE2B 0a64d7dbf6bb7e3d2c36ea1f29c3217d3e43a1cc0ba8adf2ee8a117946a53bd26634ebd70ff3b99a72f7373df6694ee054dc7eddab04e43bbc8f5b0e9e56b3bc SHA512 0724c3636c10e2c7d98c9325bb9c20eb3e59b7cbc2f8fa7636b77af497524afe595b895386d7e6723fdb89247b94f6db6f179d552015ac78469beaa33e0413f0 -DIST Linux-PAM-1.7.1.tar.xz.asc 801 BLAKE2B 566123f49e26862ffc2261db38e35914dd91175c9f66a4756b9a473808dfeda2a4dad25337afa5121ca68a2411a26249b0d40556a22385f4494d355d6c3b4047 SHA512 7d559895e7988ea815955a4788925597073f1a66204dc9f437de306e1b7a77f2f2a9f1bdb2827aba03444500c790fa03e4bba2c94a2089b23bdd6505f9c3601f DIST Linux-PAM-1.7.2.tar.xz 511724 BLAKE2B d7ebfac4393af3f889fef973946f1e6d60f118f2e048448708c5fdf0ef7fa7780945cda3b0abf6e0e2e15bbc2dd23be52389efabd00647381b3bc971f1aadcd8 SHA512 b035c0abeb5afb6b3067341767ace6d68ded4c061870afff2ab9494713b1dc9d2ff0995a5d1f0852a49b6e8b2123a7cc2f40342e16c7863a58df3c102b9010c5 DIST Linux-PAM-1.7.2.tar.xz.asc 833 BLAKE2B 86c4eb129af7afe8348eddf78d764c0658dd9597b62ed0657ea23cca80dd29a052cdef8f588abe3615a2a40062c210fe0c04cca29309dfb3dcb70d13be4ab8db SHA512 01f6e770e8a0eb60f76d95581f66c4eece6436ec8f2e5766e57a4240014ab43e5ad991fa7f77cfc4c57809a0e0c47ccf60118cb49dee790413cf824ebd80b879 -DIST pam-1.7.0_p20241230.gh.tar.gz 719108 BLAKE2B c37daabae380ce75c630a0af1b9960676bc973c773025bc7f65ae87aebff4ca3b667e16ec9635c7677e8a00e6b26eb590f84b798529c3340cdc2c262e7e5649e SHA512 d9d53ddd420fe754c76303b99c37e5cc2eca3d4af9f64043f3f9e69c3abfc3c05d5a1efdbbdfb39ad46a301a0df7a18425d0e8c110c1d76bad3e62dfa97b61ef diff --git a/sys-libs/pam/files/pam-1.7.1-32-bit-lastlog.patch b/sys-libs/pam/files/pam-1.7.1-32-bit-lastlog.patch deleted file mode 100644 index c27f9a6459a1..000000000000 --- a/sys-libs/pam/files/pam-1.7.1-32-bit-lastlog.patch +++ /dev/null @@ -1,37 +0,0 @@ -https://github.com/linux-pam/linux-pam/commit/4176cf25a3ae8b5fd2956b41b068221b39932c3a - -From 4176cf25a3ae8b5fd2956b41b068221b39932c3a Mon Sep 17 00:00:00 2001 -From: "Dmitry V. Levin" <[email protected]> -Date: Tue, 17 Jun 2025 13:00:00 +0000 -Subject: [PATCH] pam_lastlog: fix compilation warning on some of 32-bit - architectures - -On those of 32-bit architectures where glibc defines -__WORDSIZE_TIME64_COMPAT32, struct utmp.ut_tv.tv_sec is unsigned, -while time_t is signed, causing the following compiler diagnostics: - - pam_lastlog.c: In function 'last_login_failed': - pam_lastlog.c:572:29: warning: comparison of integer expressions of different signedness: '__uint32_t' {aka 'unsigned int'} and 'time_t' {aka 'long int'} [-Wsign-compare] - 572 | if (ut.ut_tv.tv_sec >= lltime && strncmp(ut.ut_user, user, UT_NAMESIZE) == 0) { - -Given that by its nature these values are treated as unsigned, fix this -by zero-extending both values to unsigned long long before the comparison. ---- - modules/pam_lastlog/pam_lastlog.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c -index 01545a696..c68b5fb04 100644 ---- a/modules/pam_lastlog/pam_lastlog.c -+++ b/modules/pam_lastlog/pam_lastlog.c -@@ -569,7 +569,8 @@ last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t llt - - while ((retval=pam_modutil_read(fd, (void *)&ut, - sizeof(ut))) == sizeof(ut)) { -- if (ut.ut_tv.tv_sec >= lltime && strncmp(ut.ut_user, user, UT_NAMESIZE) == 0) { -+ if (zero_extend_signed_to_ull(ut.ut_tv.tv_sec) >= zero_extend_signed_to_ull(lltime) -+ && strncmp(ut.ut_user, user, UT_NAMESIZE) == 0) { - memcpy(&utuser, &ut, sizeof(utuser)); - failed++; - } - diff --git a/sys-libs/pam/files/pam-1.7.1-32-bit-timestamp.patch b/sys-libs/pam/files/pam-1.7.1-32-bit-timestamp.patch deleted file mode 100644 index e0e12cc313db..000000000000 --- a/sys-libs/pam/files/pam-1.7.1-32-bit-timestamp.patch +++ /dev/null @@ -1,37 +0,0 @@ -https://github.com/linux-pam/linux-pam/commit/e3b66a60e4209e019cf6a45f521858cec2dbefa1 - -From e3b66a60e4209e019cf6a45f521858cec2dbefa1 Mon Sep 17 00:00:00 2001 -From: "Dmitry V. Levin" <[email protected]> -Date: Tue, 17 Jun 2025 13:00:00 +0000 -Subject: [PATCH] pam_timestamp: fix compilation warning on some of 32-bit - architectures - -On those of 32-bit architectures where glibc defines -__WORDSIZE_TIME64_COMPAT32, struct utmp.ut_tv.tv_sec is unsigned, -while time_t is signed, causing the following compiler diagnostics: - - pam_timestamp.c: In function 'check_login_time': - pam_timestamp.c:247:55: warning: comparison of integer expressions of different signedness: 'time_t' {aka 'long int'} and '__uint32_t' {aka 'unsigned int'} [-Wsign-compare] - 247 | if (oldest_login == 0 || oldest_login > ut->ut_tv.tv_sec) { - -Given that by its nature these values are treated as unsigned, fix this -by zero-extending both values to unsigned long long before the comparison. ---- - modules/pam_timestamp/pam_timestamp.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c -index 0172d1ef9..030fa2b8f 100644 ---- a/modules/pam_timestamp/pam_timestamp.c -+++ b/modules/pam_timestamp/pam_timestamp.c -@@ -244,7 +244,9 @@ check_login_time( - if (strncmp(ruser, ut->ut_user, sizeof(ut->ut_user)) != 0) { - continue; - } -- if (oldest_login == 0 || oldest_login > ut->ut_tv.tv_sec) { -+ if (oldest_login == 0 || -+ zero_extend_signed_to_ull(oldest_login) -+ > zero_extend_signed_to_ull(ut->ut_tv.tv_sec)) { - oldest_login = ut->ut_tv.tv_sec; - } - } diff --git a/sys-libs/pam/pam-1.7.0_p20241230-r3.ebuild b/sys-libs/pam/pam-1.7.0_p20241230-r3.ebuild deleted file mode 100644 index 1478d04ec17f..000000000000 --- a/sys-libs/pam/pam-1.7.0_p20241230-r3.ebuild +++ /dev/null @@ -1,192 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -MY_P="Linux-${PN^^}-${PV}" - -# Avoid QA warnings -# Can reconsider w/ EAPI 8 and IDEPEND, bug #810979 -TMPFILES_OPTIONAL=1 - -inherit db-use fcaps flag-o-matic meson-multilib toolchain-funcs - -DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" -HOMEPAGE="https://github.com/linux-pam/linux-pam"; - -if [[ ${PV} == *_p* ]] ; then - PAM_COMMIT="e634a3a9be9484ada6e93970dfaf0f055ca17332" - SRC_URI=" - https://github.com/linux-pam/linux-pam/archive/${PAM_COMMIT}.tar.gz -> ${P}.gh.tar.gz - " - S="${WORKDIR}"/linux-${PN}-${PAM_COMMIT} -else - VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/pam.asc - inherit verify-sig - - SRC_URI=" - https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz - verify-sig? ( https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz.asc ) - " - S="${WORKDIR}/${MY_P}" - - BDEPEND="verify-sig? ( sec-keys/openpgp-keys-pam )" -fi - -LICENSE="|| ( BSD GPL-2 )" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" -IUSE="audit berkdb elogind examples debug nis nls selinux systemd" -REQUIRED_USE="?? ( elogind systemd )" - -# meson.build specifically checks for bison and then byacc -# also requires xsltproc -BDEPEND+=" - || ( sys-devel/bison dev-util/byacc ) - app-text/docbook-xsl-ns-stylesheets - dev-libs/libxslt - sys-devel/flex - virtual/pkgconfig - nls? ( sys-devel/gettext ) -" -DEPEND=" - virtual/libcrypt:=[${MULTILIB_USEDEP}] - >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] - audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) - berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) - !berkdb? ( sys-libs/gdbm:=[${MULTILIB_USEDEP}] ) - elogind? ( >=sys-auth/elogind-254 ) - selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) - systemd? ( >=sys-apps/systemd-254:= ) - nis? ( - net-libs/libnsl:=[${MULTILIB_USEDEP}] - >=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}] - ) -" -RDEPEND="${DEPEND}" -PDEPEND=">=sys-auth/pambase-20200616" - -src_configure() { - # meson.build sets -Wl,--fatal-warnings and with e.g. mold, we get: - # cannot assign version `global` to symbol `pam_sm_open_session`: symbol not found - append-ldflags $(test-flags-CCLD -Wl,--undefined-version) - - # Do not let user's BROWSER setting mess us up, bug #549684 - unset BROWSER - - meson-multilib_src_configure -} - -multilib_src_configure() { - local machine_file="${T}/meson.${CHOST}.${ABI}.ini.local" - # Workaround for docbook5 not being packaged (bug #913087#c4) - # It's only used for validation of output, so stub it out. - # Also, stub out elinks+w3m which are only used for an index. - cat >> "${machine_file}" <<-EOF || die - [binaries] - xmlcatalog='true' - xmllint='true' - elinks='true' - w3m='true' - EOF - - local emesonargs=() - - if tc-is-cross-compiler; then - emesonargs+=( --cross-file "${machine_file}" ) - else - emesonargs+=( --native-file "${machine_file}" ) - fi - - emesonargs+=( - $(meson_feature audit) - $(meson_native_use_bool examples) - $(meson_use debug pam-debug) - $(meson_feature nis) - $(meson_feature nls i18n) - $(meson_feature selinux) - - -Disadir='.' - -Dxml-catalog="${BROOT}"/etc/xml/catalog - -Dsbindir="${EPREFIX}"/sbin - -Dsecuredir="${EPREFIX}"/$(get_libdir)/security - -Ddocdir="${EPREFIX}"/usr/share/doc/${PF} - -Dhtmldir="${EPREFIX}"/usr/share/doc/${PF}/html - -Dpdfdir="${EPREFIX}"/usr/share/doc/${PF}/pdf - - $(meson_native_enabled docs) - - -Dpam_unix=enabled - - # TODO: wire this up now it's more useful as of 1.5.3 (bug #931117) - -Deconf=disabled - - # TODO: lastlog is enabled again for now by us as elogind support - # wasn't available at first. Even then, disabling lastlog will - # probably need a news item. - $(meson_native_use_feature systemd logind) - $(meson_native_use_feature elogind) - $(meson_feature !elibc_musl pam_lastlog) - ) - - if use berkdb; then - local dbver - dbver="$(db_findver sys-libs/db)" || die "could not find db version" - local -x CPPFLAGS="${CPPFLAGS} -I$(db_includedir "${dbver}")" - emesonargs+=( - -Ddb=db - -Ddb-uniquename="-${dbver}" - ) - else - emesonargs+=( - -Ddb=gdbm - ) - fi - - # This whole weird has_version libxcrypt block can go once - # musl systems have libxcrypt[system] if we ever make - # that mandatory. See bug #867991. - #if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then - # # Avoid picking up symbol-versioned compat symbol on musl systems - # export ac_cv_search_crypt_gensalt_rn=no - # - # # Need to avoid picking up the libxcrypt headers which define - # # CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY. - # cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die - # append-cppflags -I"${T}" - #fi - - meson_src_configure -} - -multilib_src_install_all() { - find "${ED}" -type f -name '*.la' -delete || die - - # tmpfiles.eclass is impossible to use because - # there is the pam -> tmpfiles -> systemd -> pam dependency loop - dodir /usr/lib/tmpfiles.d - - cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_ - d /run/faillock 0755 root root - _EOF_ - use selinux && cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_ - d /run/sepermit 0755 root root - _EOF_ -} - -pkg_postinst() { - ewarn "Some software with pre-loaded PAM libraries might experience" - ewarn "warnings or failures related to missing symbols and/or versions" - ewarn "after any update. While unfortunate this is a limit of the" - ewarn "implementation of PAM and the software, and it requires you to" - ewarn "restart the software manually after the update." - ewarn "" - ewarn "You can get a list of such software running a command like" - ewarn " lsof / | grep -E -i 'del.*libpam\\.so'" - ewarn "" - ewarn "Alternatively, simply reboot your system." - - # The pam_unix module needs to check the password of the user which requires - # read access to /etc/shadow only. - fcaps -m u+s cap_dac_override sbin/unix_chkpwd -} diff --git a/sys-libs/pam/pam-1.7.1-r1.ebuild b/sys-libs/pam/pam-1.7.1-r1.ebuild deleted file mode 100644 index ecd11e989f8a..000000000000 --- a/sys-libs/pam/pam-1.7.1-r1.ebuild +++ /dev/null @@ -1,191 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -MY_P="Linux-${PN^^}-${PV}" - -# Avoid QA warnings -# Can reconsider w/ EAPI 8 and IDEPEND, bug #810979 -TMPFILES_OPTIONAL=1 - -inherit db-use fcaps flag-o-matic meson-multilib - -DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" -HOMEPAGE="https://github.com/linux-pam/linux-pam"; - -if [[ ${PV} == *_p* ]] ; then - PAM_COMMIT="e634a3a9be9484ada6e93970dfaf0f055ca17332" - SRC_URI=" - https://github.com/linux-pam/linux-pam/archive/${PAM_COMMIT}.tar.gz -> ${P}.gh.tar.gz - " - S="${WORKDIR}"/linux-${PN}-${PAM_COMMIT} -else - VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/pam.asc - inherit verify-sig - - SRC_URI=" - https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz - verify-sig? ( https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz.asc ) - " - S="${WORKDIR}/${MY_P}" - - BDEPEND="verify-sig? ( sec-keys/openpgp-keys-pam )" -fi - -LICENSE="|| ( BSD GPL-2 )" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" -IUSE="audit berkdb elogind examples debug nis nls selinux systemd" -REQUIRED_USE="?? ( elogind systemd )" - -# meson.build specifically checks for bison and then byacc -# also requires xsltproc -BDEPEND+=" - || ( sys-devel/bison dev-util/byacc ) - app-text/docbook-xsl-ns-stylesheets - dev-libs/libxslt - sys-devel/flex - virtual/pkgconfig - nls? ( sys-devel/gettext ) -" -DEPEND=" - virtual/libcrypt:=[${MULTILIB_USEDEP}] - >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] - audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) - berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) - !berkdb? ( sys-libs/gdbm:=[${MULTILIB_USEDEP}] ) - elogind? ( >=sys-auth/elogind-254 ) - selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) - systemd? ( >=sys-apps/systemd-254:= ) - nis? ( - net-libs/libnsl:=[${MULTILIB_USEDEP}] - >=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}] - ) -" -RDEPEND="${DEPEND}" -PDEPEND=">=sys-auth/pambase-20200616" - -PATCHES=( - "${FILESDIR}"/${P}-32-bit-lastlog.patch - "${FILESDIR}"/${P}-32-bit-timestamp.patch -) - -src_configure() { - # meson.build sets -Wl,--fatal-warnings and with e.g. mold, we get: - # cannot assign version `global` to symbol `pam_sm_open_session`: symbol not found - append-ldflags $(test-flags-CCLD -Wl,--undefined-version) - - # Do not let user's BROWSER setting mess us up, bug #549684 - unset BROWSER - - meson-multilib_src_configure -} - -multilib_src_configure() { - local machine_file="${T}/meson.${CHOST}.${ABI}.ini.local" - # Workaround for docbook5 not being packaged (bug #913087#c4) - # It's only used for validation of output, so stub it out. - # Also, stub out elinks+w3m which are only used for an index. - cat >> "${machine_file}" <<-EOF || die - [binaries] - xmlcatalog='true' - xmllint='true' - elinks='true' - w3m='true' - EOF - - local emesonargs=( - --native-file "${machine_file}" - - $(meson_feature audit) - $(meson_native_use_bool examples) - $(meson_use debug pam-debug) - $(meson_feature nis) - $(meson_feature nls i18n) - $(meson_feature selinux) - - -Disadir='.' - -Dxml-catalog="${BROOT}"/etc/xml/catalog - -Dsbindir="${EPREFIX}"/sbin - -Dsecuredir="${EPREFIX}"/$(get_libdir)/security - -Ddocdir="${EPREFIX}"/usr/share/doc/${PF} - -Dhtmldir="${EPREFIX}"/usr/share/doc/${PF}/html - -Dpdfdir="${EPREFIX}"/usr/share/doc/${PF}/pdf - - $(meson_native_enabled docs) - - -Dpam_unix=enabled - - # TODO: wire this up now it's more useful as of 1.5.3 (bug #931117) - -Deconf=disabled - - # TODO: lastlog is enabled again for now by us as elogind support - # wasn't available at first. Even then, disabling lastlog will - # probably need a news item. - $(meson_native_use_feature systemd logind) - $(meson_native_use_feature elogind) - $(meson_feature !elibc_musl pam_lastlog) - ) - - if use berkdb; then - local dbver - dbver="$(db_findver sys-libs/db)" || die "could not find db version" - local -x CPPFLAGS="${CPPFLAGS} -I$(db_includedir "${dbver}")" - emesonargs+=( - -Ddb=db - -Ddb-uniquename="-${dbver}" - ) - else - emesonargs+=( - -Ddb=gdbm - ) - fi - - # This whole weird has_version libxcrypt block can go once - # musl systems have libxcrypt[system] if we ever make - # that mandatory. See bug #867991. - #if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then - # # Avoid picking up symbol-versioned compat symbol on musl systems - # export ac_cv_search_crypt_gensalt_rn=no - # - # # Need to avoid picking up the libxcrypt headers which define - # # CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY. - # cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die - # append-cppflags -I"${T}" - #fi - - meson_src_configure -} - -multilib_src_install_all() { - find "${ED}" -type f -name '*.la' -delete || die - - # tmpfiles.eclass is impossible to use because - # there is the pam -> tmpfiles -> systemd -> pam dependency loop - dodir /usr/lib/tmpfiles.d - - cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_ - d /run/faillock 0755 root root - _EOF_ - use selinux && cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_ - d /run/sepermit 0755 root root - _EOF_ -} - -pkg_postinst() { - ewarn "Some software with pre-loaded PAM libraries might experience" - ewarn "warnings or failures related to missing symbols and/or versions" - ewarn "after any update. While unfortunate this is a limit of the" - ewarn "implementation of PAM and the software, and it requires you to" - ewarn "restart the software manually after the update." - ewarn "" - ewarn "You can get a list of such software running a command like" - ewarn " lsof / | grep -E -i 'del.*libpam\\.so'" - ewarn "" - ewarn "Alternatively, simply reboot your system." - - # The pam_unix module needs to check the password of the user which requires - # read access to /etc/shadow only. - fcaps -m u+s cap_dac_read_search sbin/unix_chkpwd -} diff --git a/sys-libs/pam/pam-1.7.1-r3.ebuild b/sys-libs/pam/pam-1.7.1-r3.ebuild deleted file mode 100644 index 33791259ba14..000000000000 --- a/sys-libs/pam/pam-1.7.1-r3.ebuild +++ /dev/null @@ -1,202 +0,0 @@ -# Copyright 1999-2026 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -MY_P="Linux-${PN^^}-${PV}" - -# Avoid QA warnings -# Can reconsider w/ EAPI 8 and IDEPEND, bug #810979 -TMPFILES_OPTIONAL=1 - -inherit db-use flag-o-matic meson-multilib user-info - -DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" -HOMEPAGE="https://github.com/linux-pam/linux-pam"; - -if [[ ${PV} == *_p* ]] ; then - PAM_COMMIT="e634a3a9be9484ada6e93970dfaf0f055ca17332" - SRC_URI=" - https://github.com/linux-pam/linux-pam/archive/${PAM_COMMIT}.tar.gz -> ${P}.gh.tar.gz - " - S="${WORKDIR}"/linux-${PN}-${PAM_COMMIT} -else - VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/pam.asc - inherit verify-sig - - SRC_URI=" - https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz - verify-sig? ( https://github.com/linux-pam/linux-pam/releases/download/v${PV}/${MY_P}.tar.xz.asc ) - " - S="${WORKDIR}/${MY_P}" - - BDEPEND="verify-sig? ( ~sec-keys/openpgp-keys-pam-20230330 )" -fi - -LICENSE="|| ( BSD GPL-2 )" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" -IUSE="audit berkdb elogind examples debug nis nls selinux systemd" -REQUIRED_USE="?? ( elogind systemd )" - -# meson.build specifically checks for bison and then byacc -# also requires xsltproc -BDEPEND+=" - acct-group/shadow - || ( sys-devel/bison dev-util/byacc ) - app-text/docbook-xsl-ns-stylesheets - dev-libs/libxslt - sys-devel/flex - virtual/pkgconfig - nls? ( sys-devel/gettext ) -" -DEPEND=" - virtual/libcrypt:=[${MULTILIB_USEDEP}] - >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] - audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) - berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) - !berkdb? ( sys-libs/gdbm:=[${MULTILIB_USEDEP}] ) - elogind? ( >=sys-auth/elogind-254 ) - selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) - systemd? ( >=sys-apps/systemd-254:= ) - nis? ( - net-libs/libnsl:=[${MULTILIB_USEDEP}] - >=net-libs/libtirpc-0.2.4-r2:=[${MULTILIB_USEDEP}] - ) -" -RDEPEND="${DEPEND} - acct-group/shadow -" -PDEPEND=">=sys-auth/pambase-20200616" - -PATCHES=( - "${FILESDIR}"/${P}-32-bit-lastlog.patch - "${FILESDIR}"/${P}-32-bit-timestamp.patch -) - -src_configure() { - # meson.build sets -Wl,--fatal-warnings and with e.g. mold, we get: - # cannot assign version `global` to symbol `pam_sm_open_session`: symbol not found - append-ldflags $(test-flags-CCLD -Wl,--undefined-version) - - # Do not let user's BROWSER setting mess us up, bug #549684 - unset BROWSER - - meson-multilib_src_configure -} - -multilib_src_configure() { - local machine_file="${T}/meson.${CHOST}.${ABI}.ini.local" - # Workaround for docbook5 not being packaged (bug #913087#c4) - # It's only used for validation of output, so stub it out. - # Also, stub out elinks+w3m which are only used for an index. - cat >> "${machine_file}" <<-EOF || die - [binaries] - xmlcatalog='true' - xmllint='true' - elinks='true' - w3m='true' - EOF - - local emesonargs=( - --native-file "${machine_file}" - - $(meson_feature audit) - $(meson_native_use_bool examples) - $(meson_use debug pam-debug) - $(meson_feature nis) - $(meson_feature nls i18n) - $(meson_feature selinux) - - -Disadir='.' - -Dxml-catalog="${BROOT}"/etc/xml/catalog - -Dsbindir="${EPREFIX}"/sbin - -Dsecuredir="${EPREFIX}"/$(get_libdir)/security - -Ddocdir="${EPREFIX}"/usr/share/doc/${PF} - -Dhtmldir="${EPREFIX}"/usr/share/doc/${PF}/html - -Dpdfdir="${EPREFIX}"/usr/share/doc/${PF}/pdf - - $(meson_native_enabled docs) - - -Dpam_unix=enabled - - # TODO: wire this up now it's more useful as of 1.5.3 (bug #931117) - -Deconf=disabled - - # TODO: lastlog is enabled again for now by us as elogind support - # wasn't available at first. Even then, disabling lastlog will - # probably need a news item. - $(meson_native_use_feature systemd logind) - $(meson_native_use_feature elogind) - $(meson_feature !elibc_musl pam_lastlog) - ) - - if use berkdb; then - local dbver - dbver="$(db_findver sys-libs/db)" || die "could not find db version" - local -x CPPFLAGS="${CPPFLAGS} -I$(db_includedir "${dbver}")" - emesonargs+=( - -Ddb=db - -Ddb-uniquename="-${dbver}" - ) - else - emesonargs+=( - -Ddb=gdbm - ) - fi - - # This whole weird has_version libxcrypt block can go once - # musl systems have libxcrypt[system] if we ever make - # that mandatory. See bug #867991. - #if use elibc_musl && ! has_version sys-libs/libxcrypt[system] ; then - # # Avoid picking up symbol-versioned compat symbol on musl systems - # export ac_cv_search_crypt_gensalt_rn=no - # - # # Need to avoid picking up the libxcrypt headers which define - # # CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY. - # cp "${ESYSROOT}"/usr/include/crypt.h "${T}"/crypt.h || die - # append-cppflags -I"${T}" - #fi - - meson_src_configure -} - -multilib_src_install_all() { - find "${ED}" -type f -name '*.la' -delete || die - - fowners :shadow /sbin/unix_chkpwd - fperms g+s /sbin/unix_chkpwd - - # tmpfiles.eclass is impossible to use because - # there is the pam -> tmpfiles -> systemd -> pam dependency loop - dodir /usr/lib/tmpfiles.d - - cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_ - d /run/faillock 0755 root root - _EOF_ - use selinux && cat ->> "${ED}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_ - d /run/sepermit 0755 root root - _EOF_ -} - -pkg_postinst() { - if [[ -n ${ROOT} ]]; then - # Portage does not currently update the gid on installed files - # based on ${EROOT}/etc/group. - local gid=$(egetent group shadow | cut -d: -f3) - if [[ -n ${gid} ]]; then - chgrp "${gid}" "${EROOT}/sbin/unix_chkpwd" && - chmod g+s "${EROOT}/sbin/unix_chkpwd" - fi - fi - ewarn "Some software with pre-loaded PAM libraries might experience" - ewarn "warnings or failures related to missing symbols and/or versions" - ewarn "after any update. While unfortunate this is a limit of the" - ewarn "implementation of PAM and the software, and it requires you to" - ewarn "restart the software manually after the update." - ewarn "" - ewarn "You can get a list of such software running a command like" - ewarn " lsof / | grep -E -i 'del.*libpam\\.so'" - ewarn "" - ewarn "Alternatively, simply reboot your system." -}
