vapier 15/05/17 03:17:27 Modified: ChangeLog Added: pam-1.1.8-r3.ebuild Log: Respect USE=pie #459784 by Agostino Sarubbo. Change ISA dir to "." #464016 by Michał Górny. Fix from upstream for password case checks #493432 by Agostino Sarubbo. Fix from upstream for timestamp handling #505604 by Agostino Sarubbo. Install docs to the right path #533332 by Chris Mayo. (Portage version: 2.2.19/cvs/Linux x86_64, signed Manifest commit with key D2E96200)
Revision Changes Path 1.349 sys-libs/pam/ChangeLog file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-libs/pam/ChangeLog?rev=1.349&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-libs/pam/ChangeLog?rev=1.349&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-libs/pam/ChangeLog?r1=1.348&r2=1.349 Index: ChangeLog =================================================================== RCS file: /var/cvsroot/gentoo-x86/sys-libs/pam/ChangeLog,v retrieving revision 1.348 retrieving revision 1.349 diff -u -r1.348 -r1.349 --- ChangeLog 27 Oct 2014 01:43:30 -0000 1.348 +++ ChangeLog 17 May 2015 03:17:27 -0000 1.349 @@ -1,6 +1,16 @@ # ChangeLog for sys-libs/pam -# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/ChangeLog,v 1.348 2014/10/27 01:43:30 vapier Exp $ +# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/ChangeLog,v 1.349 2015/05/17 03:17:27 vapier Exp $ + +*pam-1.1.8-r3 (17 May 2015) + + 17 May 2015; Mike Frysinger <[email protected]> + +files/pam-1.1.8-CVE-2013-7041.patch, +files/pam-1.1.8-CVE-2014-2583.patch, + +pam-1.1.8-r3.ebuild: + Respect USE=pie #459784 by Agostino Sarubbo. Change ISA dir to "." #464016 by + Michał Górny. Fix from upstream for password case checks #493432 by Agostino + Sarubbo. Fix from upstream for timestamp handling #505604 by Agostino + Sarubbo. Install docs to the right path #533332 by Chris Mayo. 27 Oct 2014; Mike Frysinger <[email protected]> pam-1.1.8-r2.ebuild: Mark arm64/m68k/s390/sh stable. 1.1 sys-libs/pam/pam-1.1.8-r3.ebuild file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-libs/pam/pam-1.1.8-r3.ebuild?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-libs/pam/pam-1.1.8-r3.ebuild?rev=1.1&content-type=text/plain Index: pam-1.1.8-r3.ebuild =================================================================== # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.1.8-r3.ebuild,v 1.1 2015/05/17 03:17:27 vapier Exp $ EAPI=5 inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use MY_PN="Linux-PAM" MY_P="${MY_PN}-${PV}" HOMEPAGE="https://fedorahosted.org/linux-pam/"; DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2 http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"; LICENSE="|| ( BSD GPL-2 )" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux" IUSE="audit berkdb cracklib debug nis nls +pie selinux test vim-syntax" RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] ) cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] ) audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] ) nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )" DEPEND="${RDEPEND} >=sys-devel/libtool-2 >=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}] nls? ( sys-devel/gettext ) >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]" PDEPEND="sys-auth/pambase vim-syntax? ( app-vim/pam-syntax )" RDEPEND="${RDEPEND} !<sys-apps/openrc-0.11.8 !sys-auth/openpam !sys-auth/pam_userdb abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508-r7 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )" S="${WORKDIR}/${MY_P}" check_old_modules() { local retval="0" if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then eerror "" eerror "Your current setup is using the pam_stack module." eerror "This module is deprecated and no longer supported, and since version" eerror "0.99 is no longer installed, nor provided by any other package." eerror "The package will be built (to allow binary package builds), but will" eerror "not be installed." eerror "Please replace pam_stack usage with proper include directive usage," eerror "following the PAM Upgrade guide at the following URL" eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"; eerror "" retval=1 fi if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then eerror "" eerror "Your current setup is using one or more of the following modules," eerror "that are not built or supported anymore:" eerror "pam_pwdb, pam_console" eerror "If you are in real need for these modules, please contact the maintainers" eerror "of PAM through http://bugs.gentoo.org/ providing information about its" eerror "use cases." eerror "Please also make sure to read the PAM Upgrade guide at the following URL:" eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"; eerror "" retval=1 fi return ${retval} } pkg_pretend() { # do not error out, this is just a warning, one could build a binpkg # with old modules enabled. check_old_modules } src_prepare() { epatch "${FILESDIR}"/${PN}-1.1.8-doc-install.patch #473650 epatch "${FILESDIR}"/${PN}-1.1.8-CVE-2013-7041.patch #493432 epatch "${FILESDIR}"/${PN}-1.1.8-CVE-2014-2583.patch #505604 elibtoolize } multilib_src_configure() { # Disable automatic detection of libxcrypt; we _don't_ want the # user to link libxcrypt in by default, since we won't track the # dependency and allow to break PAM this way. export ac_cv_header_xcrypt_h=no local myconf=( --docdir='$(datarootdir)'/doc/${PF} --htmldir='$(docdir)/html' --libdir='$(prefix)'/$(get_libdir) --enable-securedir="${EPREFIX}"/$(get_libdir)/security --enable-isadir='.' #464016 $(use_enable nls) $(use_enable selinux) $(use_enable cracklib) $(use_enable audit) $(use_enable debug) $(use_enable berkdb db) $(use_enable nis) $(use_enable pie) --with-db-uniquename=-$(db_findver sys-libs/db) --disable-prelude ) ECONF_SOURCE=${S} \ econf "${myconf[@]}" } multilib_src_compile() { emake sepermitlockdir="${EPREFIX}/run/sepermit" } multilib_src_install() { emake DESTDIR="${D}" install \ sepermitlockdir="${EPREFIX}/run/sepermit" local prefix if multilib_is_native_abi; then prefix= gen_usr_ldscript -a pam pamc pam_misc else prefix=/usr fi # create extra symlinks just in case something depends on them... local lib for lib in pam pamc pam_misc; do if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname) fi done } DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS ) multilib_src_install_all() { einstalldocs prune_libtool_files --all # Need to be suid fperms 4711 /sbin/unix_chkpwd docinto modules local dir for dir in modules/pam_*; do newdoc "${dir}"/README README."$(basename "${dir}")" done if use selinux; then dodir /usr/lib/tmpfiles.d cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF d /run/sepermit 0755 root root EOF fi } pkg_preinst() { check_old_modules || die "deprecated PAM modules still used" } pkg_postinst() { ewarn "Some software with pre-loaded PAM libraries might experience" ewarn "warnings or failures related to missing symbols and/or versions" ewarn "after any update. While unfortunate this is a limit of the" ewarn "implementation of PAM and the software, and it requires you to" ewarn "restart the software manually after the update." ewarn "" ewarn "You can get a list of such software running a command like" ewarn " lsof / | egrep -i 'del.*libpam\\.so'" ewarn "" ewarn "Alternatively, simply reboot your system." if [[ -x "${EROOT}"/var/log/tallylog ]] ; then elog "" elog "Because of a bug present up to version 1.1.1-r2, you have" elog "an executable /var/log/tallylog file. You can safely" elog "correct it by running the command" elog " chmod -x /var/log/tallylog" elog "" fi }
