From 8a585bd57a8d741e36da9ca6355e8416c73a11a7 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Tue, 18 Aug 2020 20:23:24 +0200 Subject: [PATCH 01/14] sys-libs/pam: Import pam 1.5.1 from gentoo Import sys-libs/pam 1.5.1 from upstream Gentoo, mainly to address CVE-2020-27780, a flaw in the way it handles empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate. https://github.com/linux-pam/linux-pam/issues/284 https://github.com/linux-pam/linux-pam/pull/300 --- .../coreos-overlay/sys-libs/pam/ChangeLog | 126 -- .../sys-libs/pam/ChangeLog-2015 | 1487 ----------------- .../coreos-overlay/sys-libs/pam/Manifest | 9 +- .../pam/files/pam-1.2.1-locked-accounts.patch | 13 - .../sys-libs/pam/files/tmpfiles.d/pam.conf | 11 - .../coreos-overlay/sys-libs/pam/metadata.xml | 49 +- .../sys-libs/pam/pam-1.2.1-r1.ebuild | 188 --- .../sys-libs/pam/pam-1.5.1.ebuild | 133 ++ 8 files changed, 160 insertions(+), 1856 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/pam/ChangeLog delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/pam/ChangeLog-2015 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.2.1-locked-accounts.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/tmpfiles.d/pam.conf delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.2.1-r1.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/ChangeLog b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/ChangeLog deleted file mode 100644 index bd3c0ef6d5..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/ChangeLog +++ /dev/null @@ -1,126 +0,0 @@ -# ChangeLog for sys-libs/pam -# Copyright 1999-2016 Gentoo Foundation; Distributed under the GPL v2 -# (auto-generated from git log) - -*pam-1.2.1-r1 (09 Aug 2015) -*pam-1.2.1 (09 Aug 2015) -*pam-1.2.0 (09 Aug 2015) -*pam-1.1.8-r3 (09 Aug 2015) -*pam-1.1.8-r2 (09 Aug 2015) -*pam-1.1.8-r1 (09 Aug 2015) -*pam-1.1.8 (09 Aug 2015) -*pam-1.1.6-r2 (09 Aug 2015) -*pam-1.1.5 (09 Aug 2015) - - 09 Aug 2015; Robin H. Johnson - +files/Linux-PAM-1.1.5+glibc-2.16.patch, - +files/Linux-PAM-1.1.6+glibc-2.16.patch, - +files/Linux-PAM-1.1.6-destdir.patch, +files/pam-1.1.8-CVE-2013-7041.patch, - +files/pam-1.1.8-CVE-2014-2583.patch, +files/pam-1.1.8-doc-install.patch, - +metadata.xml, +pam-1.1.5.ebuild, +pam-1.1.6-r2.ebuild, +pam-1.1.8.ebuild, - +pam-1.1.8-r1.ebuild, +pam-1.1.8-r2.ebuild, +pam-1.1.8-r3.ebuild, - +pam-1.2.0.ebuild, +pam-1.2.1.ebuild, +pam-1.2.1-r1.ebuild: - proj/gentoo: Initial commit - - This commit represents a new era for Gentoo: - Storing the gentoo-x86 tree in Git, as converted from CVS. - - This commit is the start of the NEW history. - Any historical data is intended to be grafted onto this point. - - Creation process: - 1. Take final CVS checkout snapshot - 2. Remove ALL ChangeLog* files - 3. Transform all Manifests to thin - 4. Remove empty Manifests - 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ - 5.1. Do not touch files with -kb/-ko keyword flags. - - Signed-off-by: Robin H. Johnson - X-Thanks: Alec Warner - did the GSoC 2006 migration - tests - X-Thanks: Robin H. Johnson - infra guy, herding this - project - X-Thanks: Nguyen Thai Ngoc Duy - Former Gentoo - developer, wrote Git features for the migration - X-Thanks: Brian Harring - wrote much python to improve - cvs2svn - X-Thanks: Rich Freeman - validation scripts - X-Thanks: Patrick Lauer - Gentoo dev, running new 2014 - work in migration - X-Thanks: Michał Górny - scripts, QA, nagging - X-Thanks: All of other Gentoo developers - many ideas and lots of paint on - the bikeshed - - 19 Aug 2015; Mike Frysinger pam-1.2.1.ebuild: - mark 1.2.1 stable for arm64/m68k/s390/sh - - 19 Aug 2015; Mike Frysinger pam-1.2.1.ebuild, - pam-1.2.1-r1.ebuild: - require pkgconfig only when USE=nis - - The only library pam uses pkg-config to look up is libtirpc, and we - use that only when USE=nis. Depend on pkg-config only when that is - enabled to avoid circular dependencies (especially when bootstrapping). - - 24 Aug 2015; Justin Lecher metadata.xml, pam-1.1.5.ebuild, - pam-1.1.6-r2.ebuild, pam-1.1.8.ebuild, pam-1.1.8-r1.ebuild, - pam-1.1.8-r2.ebuild, pam-1.1.8-r3.ebuild, pam-1.2.0.ebuild, - pam-1.2.1.ebuild, pam-1.2.1-r1.ebuild: - Use https by default - - Convert all URLs for sites supporting encrypted connections from http to - https - - Signed-off-by: Justin Lecher - - 24 Aug 2015; Justin Lecher pam-1.1.5.ebuild, - pam-1.1.6-r2.ebuild, pam-1.1.8.ebuild, pam-1.1.8-r1.ebuild, - pam-1.1.8-r2.ebuild, pam-1.1.8-r3.ebuild, pam-1.2.0.ebuild, - pam-1.2.1.ebuild, pam-1.2.1-r1.ebuild: - Use https by default - - Convert all URLs for sites supporting encrypted connections from http to - https - - Signed-off-by: Justin Lecher - - 24 Aug 2015; Mike Gilbert metadata.xml: - Revert DOCTYPE SYSTEM https changes in metadata.xml - - repoman does not yet accept the https version. - This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450. - - Bug: https://bugs.gentoo.org/552720 - - 08 Oct 2015; Markos Chandras metadata.xml: - audit: Switch to global 'audit' use flag where appropriate - - Link: https://archives.gentoo.org/gentoo- - dev/message/32b1e333faa627491baa3c7492d64956 - - 23 Dec 2015; Mike Frysinger pam-1.2.1-r1.ebuild: - avoid regenerating docs #569338 - - Since we're using the old doc tarball, the timestamps are older than - the new source tarball, so the code tries to rebuild everything. - - 24 Jan 2016; Michał Górny metadata.xml: - Replace all herds with appropriate projects (GLEP 67) - - Replace all uses of herd with appropriate project maintainers, or no - maintainers in case of herds requested to be disbanded. - - 24 Jan 2016; Michał Górny metadata.xml: - Set appropriate maintainer types in metadata.xml (GLEP 67) - - 30 Mar 2016; Mike Frysinger - -files/Linux-PAM-1.1.5+glibc-2.16.patch, - -files/Linux-PAM-1.1.6+glibc-2.16.patch, - -files/Linux-PAM-1.1.6-destdir.patch, -files/pam-1.1.8-CVE-2013-7041.patch, - -files/pam-1.1.8-CVE-2014-2583.patch, -files/pam-1.1.8-doc-install.patch, - -pam-1.1.5.ebuild, -pam-1.1.6-r2.ebuild, -pam-1.1.8.ebuild, - -pam-1.1.8-r1.ebuild, -pam-1.1.8-r2.ebuild, -pam-1.1.8-r3.ebuild, - -pam-1.2.0.ebuild: - drop old <1.2.1 versions - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/ChangeLog-2015 b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/ChangeLog-2015 deleted file mode 100644 index f6a415d0a5..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/ChangeLog-2015 +++ /dev/null @@ -1,1487 +0,0 @@ -# ChangeLog for sys-libs/pam -# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/ChangeLog,v 1.363 2015/07/23 09:34:56 ago Exp $ - - 23 Jul 2015; Agostino Sarubbo pam-1.2.1.ebuild: - Stable for sparc, wrt bug #553302 - - 23 Jul 2015; Agostino Sarubbo pam-1.2.1.ebuild: - Stable for ppc, wrt bug #553302 - - 17 Jul 2015; Markus Meier pam-1.2.1.ebuild: - arm stable, bug #553302 - - 17 Jul 2015; Mikle Kolyada pam-1.2.1.ebuild: - ia64 stable wrt bug #553302 - - 15 Jul 2015; Mikle Kolyada pam-1.2.1.ebuild: - x86 stable wrt bug #553302 - - 15 Jul 2015; Jeroen Roovers pam-1.2.1.ebuild: - Stable for HPPA (bug #553302). - - 14 Jul 2015; Tobias Klausmann pam-1.2.1.ebuild: - Stable on alpha, bug 553302 - - 14 Jul 2015; Jeroen Roovers pam-1.2.1.ebuild: - Stable for PPC64 (bug #553302). - - 13 Jul 2015; Mikle Kolyada pam-1.2.1.ebuild: - amd64 stable wrt bug #553302 - -*pam-1.2.1-r1 (13 Jul 2015) - - 13 Jul 2015; Mike Frysinger +pam-1.2.1-r1.ebuild: - Add support for using filesystem caps instead of setuid w/unix_chkpwd; fix by - Samuel Tan via Chromium OS. - -*pam-1.2.1 (07 Jul 2015) - - 07 Jul 2015; Mike Frysinger +pam-1.2.1.ebuild: - Version bump #553302 by Agostino Sarubbo. - - 21 May 2015; Mike Frysinger pam-1.2.0.ebuild: - Unset $BROWSER to avoid random xml build failures #549684 by Juergen Rose. - -*pam-1.2.0 (17 May 2015) - - 17 May 2015; Mike Frysinger +pam-1.2.0.ebuild: - Version bump #549120 by teidakankan. - - 17 May 2015; Mike Frysinger - files/pam-1.1.8-CVE-2013-7041.patch, files/pam-1.1.8-CVE-2014-2583.patch: - add urls to gentoo reports - -*pam-1.1.8-r3 (17 May 2015) - - 17 May 2015; Mike Frysinger - +files/pam-1.1.8-CVE-2013-7041.patch, +files/pam-1.1.8-CVE-2014-2583.patch, - +pam-1.1.8-r3.ebuild: - Respect USE=pie #459784 by Agostino Sarubbo. Change ISA dir to "." #464016 by - Michał Górny. Fix from upstream for password case checks #493432 by Agostino - Sarubbo. Fix from upstream for timestamp handling #505604 by Agostino - Sarubbo. Install docs to the right path #533332 by Chris Mayo. - - 27 Oct 2014; Mike Frysinger pam-1.1.8-r2.ebuild: - Mark arm64/m68k/s390/sh stable. - - 15 Sep 2014; Agostino Sarubbo pam-1.1.8-r2.ebuild: - Stable for sparc, wrt bug #512012 - - 13 Sep 2014; Markus Meier pam-1.1.8-r2.ebuild: - arm stable, bug #512012 - - 25 Aug 2014; Agostino Sarubbo pam-1.1.8-r2.ebuild: - Stable for alpha, wrt bug #512012 - - 23 Aug 2014; Agostino Sarubbo pam-1.1.8-r2.ebuild: - Stable for ia64, wrt bug #512012 - - 21 Aug 2014; Agostino Sarubbo pam-1.1.8-r2.ebuild: - Stable for ppc64, wrt bug #512012 - - 07 Aug 2014; Jeroen Roovers pam-1.1.8-r2.ebuild: - Stable for HPPA (bug #512012). - - 28 Jul 2014; Agostino Sarubbo pam-1.1.8-r2.ebuild: - Stable for ppc, wrt bug #512012 - - 23 Jul 2014; Agostino Sarubbo pam-1.1.8-r2.ebuild: - Stable for x86, wrt bug #512012 - - 22 Jul 2014; Agostino Sarubbo pam-1.1.8-r2.ebuild: - Stable for amd64, wrt bug #512912 - - 19 Jun 2014; Michał Górny pam-1.1.8-r2.ebuild: - Update dependencies to require guaranteed EAPI=5 or multilib ebuilds, bug - #513718. - - 03 Jun 2014; Michał Górny pam-1.1.8-r2.ebuild: - Add missing MULTILIB_USEDEP on flex. - -*pam-1.1.8-r2 (30 May 2014) - - 30 May 2014; Michał Górny +pam-1.1.8-r2.ebuild: - Enable multilib support. - -*pam-1.1.8-r1 (08 May 2014) - - 08 May 2014; Mike Frysinger - +files/pam-1.1.8-doc-install.patch, +pam-1.1.8-r1.ebuild: - Fix docs install #473650 by Martin von Gagern. - - 18 Jan 2014; Mike Frysinger pam-1.1.6-r2.ebuild, - pam-1.1.8.ebuild: - Add arm64 love. - - 21 Dec 2013; Diego E. Pettenò -pam-1.1.7.ebuild: - Remove old. - -*pam-1.1.8 (20 Dec 2013) - - 20 Dec 2013; Diego E. Pettenò +pam-1.1.8.ebuild: - Version bump, sorry for the delay. - -*pam-1.1.7 (12 Sep 2013) - - 12 Sep 2013; Diego E. Pettenò +pam-1.1.7.ebuild, - -pam-1.1.6-r4.ebuild: - Version bump. - - 05 Jun 2013; Mike Frysinger metadata.xml: - Add upstream CPE tag (security info) from ChromiumOS. - - 01 Mar 2013; Agostino Sarubbo pam-1.1.6-r2.ebuild: - Stable for sh, wrt bug #454664 - -*pam-1.1.6-r4 (28 Feb 2013) - - 28 Feb 2013; Diego E. Pettenò +pam-1.1.6-r4.ebuild, - -pam-1.1.6-r3.ebuild: - Fix build on non-multilib systems, should close bug #459536. - -*pam-1.1.6-r3 (27 Feb 2013) - - 27 Feb 2013; Diego E. Pettenò +pam-1.1.6-r3.ebuild: - Add new ebuild using autotools-utils to muse moving to multilib. - - 20 Feb 2013; Agostino Sarubbo pam-1.1.6-r2.ebuild: - Stable for s390, wrt bug #454664 - - 06 Feb 2013; Agostino Sarubbo pam-1.1.6-r2.ebuild: - Stable for sparc, wrt bug #454664 - - 06 Feb 2013; Jeroen Roovers pam-1.1.6-r2.ebuild: - Stable for HPPA (bug #454664). - - 04 Feb 2013; Agostino Sarubbo pam-1.1.6-r2.ebuild: - Stable for alpha, wrt bug #454664 - - 03 Feb 2013; Agostino Sarubbo pam-1.1.6-r2.ebuild: - Stable for ia64, wrt bug #454664 - - 03 Feb 2013; Agostino Sarubbo pam-1.1.6-r2.ebuild: - Stable for arm, wrt bug #454664 - - 31 Jan 2013; Agostino Sarubbo pam-1.1.6-r2.ebuild: - Stable for ppc, wrt bug #454664 - - 31 Jan 2013; Agostino Sarubbo pam-1.1.6-r2.ebuild: - Stable for ppc64, wrt bug #454664 - -*pam-1.1.6-r2 (31 Jan 2013) - - 31 Jan 2013; Diego E. Pettenò +pam-1.1.6-r2.ebuild, - -pam-1.1.6-r1.ebuild: - Revbump (to stable as well) to make sure that the sepermit path is correct at - install time. Thanks Agostino for catching the brainfreeze there. Also only - install the tmpfiles.d file if selinux USE flag is enabled. Remove redundant - disable-dependency-tracking. - - 30 Jan 2013; Agostino Sarubbo pam-1.1.6-r1.ebuild: - Stable for x86, wrt bug #454664 - - 30 Jan 2013; Agostino Sarubbo pam-1.1.6-r1.ebuild: - Stable for amd64, wrt bug #454664 - -*pam-1.1.6-r1 (30 Jan 2013) - - 30 Jan 2013; Diego E. Pettenò +pam-1.1.6-r1.ebuild, - -pam-1.1.6.ebuild: - Finally close bug #451068 by using /run/sepermit directly, and installing a - tmpfiles.d file for it to be re-created at boot time. - - 07 Oct 2012; Diego E. Pettenò - +files/Linux-PAM-1.1.6+glibc-2.16.patch, pam-1.1.6.ebuild: - Add a patch to fix building with USE=selinux and glibc 2.16. Thanks to Anarchy - for report and patch. - - 17 Aug 2012; Diego E. Pettenò - +files/Linux-PAM-1.1.6-destdir.patch, pam-1.1.6.ebuild: - Restore documentation install and fix installation of pam_namespace. - -*pam-1.1.6 (17 Aug 2012) - - 17 Aug 2012; Diego E. Pettenò +pam-1.1.6.ebuild: - Version bump. Documentation is not installed right now. - - 16 Jul 2012; Jory A. Pratt - files/Linux-PAM-1.1.5+glibc-2.16.patch: - Additional fixup for glibc-2.16 - - 05 Jul 2012; Diego E. Pettenò - +files/Linux-PAM-1.1.5+glibc-2.16.patch, -pam-1.1.3.ebuild, pam-1.1.5.ebuild: - Add patch to build with glibc 2.16. Thanks to Stevan Bajić in bug #424920 for - the patch. Also remove old version. - - 04 May 2012; Jeff Horelick pam-1.1.5.ebuild: - dev-util/pkgconfig -> virtual/pkgconfig - - 25 Nov 2011; Kacper Kowalik pam-1.1.5.ebuild: - ppc64 stable wrt #388431 - - 06 Nov 2011; Brent Baude pam-1.1.5.ebuild: - Marking pam-1.1.5 ppc for bug 388431 - - 31 Oct 2011; Diego E. Pettenò -pam-1.1.4.ebuild, - pam-1.1.5.ebuild: - Remove 1.1.4 version; change HOMEPAGE for 1.1.5. - - 29 Oct 2011; Raúl Porcel pam-1.1.5.ebuild: - alpha/arm/ia64/m68k/s390/sh/sparc/x86 stable wrt #388431 - - 28 Oct 2011; Jeroen Roovers pam-1.1.5.ebuild: - Stable for HPPA (bug #388431). - - 27 Oct 2011; Markos Chandras pam-1.1.5.ebuild: - Stable on amd64 wrt bug #388431 - -*pam-1.1.5 (25 Oct 2011) - - 25 Oct 2011; Diego E. Pettenò +pam-1.1.5.ebuild: - Version bump. - - 23 Oct 2011; Raúl Porcel pam-1.1.4.ebuild: - alpha/ia64/m68k/s390/sh/sparc stable wrt #386325 - - 17 Oct 2011; Markus Meier pam-1.1.4.ebuild: - arm stable, bug #386325 - - 13 Oct 2011; Pawel Hajdan jr pam-1.1.4.ebuild: - x86 stable wrt bug #386325 - - 11 Oct 2011; Jeroen Roovers pam-1.1.4.ebuild: - Stable for HPPA (bug #386325). - - 09 Oct 2011; Markos Chandras pam-1.1.4.ebuild: - Stable on amd64 wrt bug #386325 - -*pam-1.1.4 (02 Sep 2011) - - 02 Sep 2011; Diego E. Pettenò -pam-1.1.3-r1.ebuild, - -files/Linux-PAM-1.1.3-nis.patch, +pam-1.1.4.ebuild: - Version bump; remove 1.1.3-r1 since the patch is integrated with .4 and that - is going to be the stable candidate. Closes bug #381485. - - 14 Jun 2011; Diego E. Pettenò pam-1.1.3-r1.ebuild: - Drop REQUIRED_USE as selinux support is still built fine without nis. - - 14 Jun 2011; Diego E. Pettenò - files/Linux-PAM-1.1.3-nis.patch: - Improve patch to avoid warnings and build failures with USE=nis; thanks to - Justin in bug #371555. - - 13 Jun 2011; Diego E. Pettenò pam-1.1.3.ebuild: - Remove autotools inherit from old ebuild. - -*pam-1.1.3-r1 (13 Jun 2011) - - 13 Jun 2011; Diego E. Pettenò +pam-1.1.3-r1.ebuild, - +files/Linux-PAM-1.1.3-nis.patch: - Patch Linux-PAM to implement --disable-nis; wire it to the nis USE flag - (disabled by default), and make sure that if using glibc, either libtirpc - (preferred) or an older glibc is used with that USE flag; note that selinux - support seems to require rpc support as well (needs to be tested, forcing the - requirement to avoid breaking setup for now). - - 07 Apr 2011; Ulrich Mueller pam-1.1.3.ebuild: - Don't PROVIDE virtual/pam and add blocker against openpam, bug 358903. - - 30 Dec 2010; Diego E. Pettenò pam-1.1.3.ebuild: - Remove the libtool workarounds as it can from time to time cause rpath - issues. Bug #350138 by Dan Wallis. - - 12 Dec 2010; Diego E. Pettenò pam-1.1.3.ebuild, - -files/Linux-PAM-1.1.3-intralinking.patch: - Move the intralinking patch on the mirrors, I shouldn't have been able to - commit this in the first place. - - 12 Dec 2010; Diego E. Pettenò pam-1.1.3.ebuild, - +files/Linux-PAM-1.1.3-intralinking.patch: - Hack pam ebuild so that it can properly build when using ROOT (as experienced - with ChromiumOS build systems). - - 20 Nov 2010; Diego E. Pettenò - -files/Linux-PAM-0.99.8.1-xtests.patch, -files/Linux-PAM-1.1.0-uclibc.patch, - -pam-1.1.1-r2.ebuild, -files/Linux-PAM-1.1.1+berkdb-5.patch, - -files/Linux-PAM-1.1.1-gentoodb.patch, - -files/Linux-PAM-1.1.1-pam_tally2-mode.patch, - -files/Linux-PAM-1.1.1-xcrypt.patch: - Cleanup old version and required patches. - - 20 Nov 2010; Raúl Porcel pam-1.1.3.ebuild: - ia64/m68k/s390/sh/sparc stable wrt #343399 - - 11 Nov 2010; Diego E. Pettenò -pam-1.1.2.ebuild, - pam-1.1.3.ebuild: - Remove old version no longer needed, fix up the lsof syntax to check for - services that need to be restarted. - - 07 Nov 2010; Constanze Hausner pam-1.1.3.ebuild: - Added condition for tallylog elog-output, see bug #344499 - - 03 Nov 2010; Markus Meier pam-1.1.3.ebuild: - arm stable, bug #343399 - - 01 Nov 2010; Jeroen Roovers pam-1.1.3.ebuild: - Stable for HPPA PPC (bug #343399). - - 01 Nov 2010; Mark Loeser pam-1.1.3.ebuild: - Stable for ppc64; bug #343399 - - 01 Nov 2010; Tobias Klausmann pam-1.1.3.ebuild: - Stable on alpha, bug #343399 - - 01 Nov 2010; Pawel Hajdan jr pam-1.1.3.ebuild: - x86 stable wrt security bug #343399 - - 31 Oct 2010; Markos Chandras pam-1.1.3.ebuild: - Stable on amd64 wrt bug #343399 - -*pam-1.1.3 (30 Oct 2010) - - 30 Oct 2010; Diego E. Pettenò - -files/Linux-PAM-1.0.2-noyp.patch, -pam-1.1.0.ebuild, - -files/Linux-PAM-1.1.0-debug.patch, -files/Linux-PAM-1.1.0-nonls.patch, - -files/Linux-PAM-1.1.0-xcrypt.patch, +pam-1.1.3.ebuild: - Cleanup old version no longer relevant (and remove four patches); version - bump with security fixes (bug #343399), also don't require autotools - rebuild any longer since all our patches are merged. - - 25 Oct 2010; Jeroen Roovers pam-1.1.2.ebuild: - Stable for HPPA (bug #341121). - - 24 Oct 2010; Markus Meier pam-1.1.2.ebuild: - arm stable, bug #341121 - - 24 Oct 2010; Brent Baude pam-1.1.2.ebuild: - stable ppc, bug 341121 - - 22 Oct 2010; Christian Faulhammer pam-1.1.2.ebuild: - stable x86, bug 341121 - - 22 Oct 2010; Diego E. Pettenò pam-1.1.1-r2.ebuild, - pam-1.1.2.ebuild: - Fix spelling error, thanks to Brant Gurganus in bug #342099. - - 16 Oct 2010; Markos Chandras pam-1.1.2.ebuild: - Stable on amd64 wrt bug #341121 - - 13 Sep 2010; Joseph Jezak pam-1.1.1-r2.ebuild: - Marked ppc stable for bug #329931. - - 06 Sep 2010; Brent Baude pam-1.1.1-r2.ebuild: - Marking pam-1.1.1-r2 ppc64 for bug 329931 - - 05 Sep 2010; Raúl Porcel pam-1.1.1-r2.ebuild: - alpha/ia64/m68k/s390/sh/sparc stable wrt #329931 - -*pam-1.1.2 (31 Aug 2010) - - 31 Aug 2010; Diego E. Pettenò +pam-1.1.2.ebuild: - Version bump; back to two patches rather than six as upstream merged them. - - 21 Aug 2010; Markus Meier pam-1.1.1-r2.ebuild: - arm stable, bug #329931 - - 01 Aug 2010; Diego E. Pettenò pam-1.1.1-r2.ebuild: - Add a 'few' more messages at postinst, one warning against common problems - with long-running software, and and the other about the bugged pam_tally2. - - 31 Jul 2010; Markos Chandras pam-1.1.1-r2.ebuild: - Stable on amd64 wrt bug #329931 - - 27 Jul 2010; Christian Faulhammer pam-1.1.1-r2.ebuild: - stable x86, bug 329931 - - 26 Jul 2010; Diego E. Pettenò pam-1.1.1-r2.ebuild, - +files/Linux-PAM-1.1.1-pam_tally2-mode.patch: - Add patch per bug #329885 Thanks to Hugo Mildenberger. - - 22 May 2010; Justin Lecher pam-1.1.1-r2.ebuild: - Removed ebeep in EAPI=3 ebuilds - - 18 May 2010; Diego E. Pettenò pam-1.1.1-r2.ebuild, - +files/Linux-PAM-1.1.1+berkdb-5.patch: - Add patch to fix building with Berkeley DB 5.0, closes bug #319831. Thanks - to Lars Wendler for reporting. - - 26 Apr 2010; Diego E. Pettenò - -files/Linux-PAM-0.99.7.0-disable-regenerate-man.patch, -pam-1.0.4.ebuild, - -files/Linux-PAM-1.0.4-fix-tests.patch, pam-1.1.0.ebuild, - +files/Linux-PAM-1.1.0-xcrypt.patch, -pam-1.1.1.ebuild, - -pam-1.1.1-r1.ebuild, pam-1.1.1-r2.ebuild, - +files/Linux-PAM-1.1.1-xcrypt.patch: - Cleanup old ebuilds and files; add patches to disable libxcrypt automagic - dependency (bug #317195). - -*pam-1.1.1-r2 (06 Apr 2010) - - 06 Apr 2010; Jonathan Callen +pam-1.1.1-r2.ebuild: - Bump to EAPI=3, add prefix keywords in revbump - -*pam-1.1.1-r1 (10 Mar 2010) - - 10 Mar 2010; Diego E. Pettenò - +pam-1.1.1-r1.ebuild, +files/Linux-PAM-1.1.1-gentoodb.patch, metadata.xml: - Merge back pam_userdb support into the main PAM ebuild. This time link - against the shared, installed libraries of Berkeley DB, even though they - might not be available at boot. Describe berkdb and cracklib USE flags in - the metadata file. - - 24 Jan 2010; Raúl Porcel pam-1.1.0.ebuild: - ia64/s390/sh/sparc stable wrt #284087 - - 06 Jan 2010; Ulrich Mueller pam-1.0.4.ebuild, - pam-1.1.0.ebuild, pam-1.1.1.ebuild: - Fix LICENSE, "PAM" is the same as "|| ( BSD GPL-2 )". - - 27 Dec 2009; Tobias Klausmann pam-1.1.0.ebuild: - Stable on alpha, bug #284087 - - 17 Dec 2009; Diego E. Pettenò - +files/Linux-PAM-1.1.0-uclibc.patch, pam-1.1.1.ebuild: - Add patch to restore building on uClibc. - -*pam-1.1.1 (16 Dec 2009) - - 16 Dec 2009; Diego E. Pettenò +pam-1.1.1.ebuild: - Version bump, some patches were merged in. Caution to uClibc users since - the NIS/YP patch doesn't apply, as upstream changed that code quite a bit, - it should be fixed but be wary anyway. - - 26 Nov 2009; Markus Meier pam-1.1.0.ebuild: - amd64 stable, bug #284087 - - 20 Oct 2009; Markus Meier pam-1.1.0.ebuild: - arm stable, bug #284087 - - 27 Sep 2009; nixnut pam-1.1.0.ebuild: - ppc stable #284087 - - 22 Sep 2009; Jeroen Roovers pam-1.1.0.ebuild: - Stable for HPPA (bug #284087). - - 16 Sep 2009; Christian Faulhammer pam-1.1.0.ebuild: - stable x86, bug 284087 - - 14 Sep 2009; Tom Gall pam-1.1.0.ebuild: - stable on ppc64, bug #284087 - - 21 Jun 2009; Diego E. Pettenò pam-1.1.0.ebuild: - Use a different alternative to avoid applying the disable-regenerate-man - for now: download the doc tarball and merge it in. This increses the - downloaded data by 500k and also installs quite a bit more documentation, - but also solves bug #206166 in a nice way, provide the full documentation - set and so on. If upstream will provide a --disable-regenerate-doc in the - future, then I'll add the doc USE flag to disable the extra download, for - now this will work out, I think. - - 21 Jun 2009; Diego E. Pettenò pam-1.1.0.ebuild: - Restore the patch to disable man regeneration, comment it so that there is - a bug reference too; also comment the xtests patch. Fix the warning for - broken setups, removing pam_timestamp (which is present again). - - 21 Jun 2009; Diego E. Pettenò pam-1.1.0.ebuild, - +files/Linux-PAM-1.1.0-nonls.patch: - Add a patch to fix building with nls USE flag disabled, see bug #274856. - - 20 Jun 2009; Diego E. Pettenò pam-1.0.4.ebuild, - pam-1.1.0.ebuild: - Shut up a few QA warnings. - -*pam-1.1.0 (20 Jun 2009) - - 20 Jun 2009; Diego E. Pettenò +pam-1.1.0.ebuild, - +files/Linux-PAM-1.1.0-debug.patch: - Version bump to new release. Some of the interesting changes: the debug - USE flag is properly set up this time, we don't patch man regeneration any - longer (should be fixed upsteram), don't touch the modules' README files - until install phase, don't error out on pam_timestamp usage, this PAM - version fixes it. Also drop the update warnings on the split PAM modules. - - 20 Jun 2009; Diego E. Pettenò -pam-1.0.1.ebuild: - Remove old version. - - 27 Mar 2009; Raúl Porcel pam-1.0.4.ebuild: - m68k stable, thanks to kolla for testing - - 18 Mar 2009; Brent Baude pam-1.0.4.ebuild: - Marking pam-1.0.4 ppc for bug 261108 - - 08 Mar 2009; Diego E. Pettenò pam-1.0.4.ebuild: - Remove epam, closes bug #212323. - - 07 Mar 2009; Markus Meier pam-1.0.4.ebuild: - amd64 stable, bug #261108 - - 06 Mar 2009; Raúl Porcel pam-1.0.4.ebuild: - alpha/arm/ia64/s390/sh/x86 stable wrt #261108 - - 05 Mar 2009; Jeroen Roovers pam-1.0.4.ebuild: - Stable for HPPA (bug #261108). - - 05 Mar 2009; Ferris McCormick pam-1.0.4.ebuild: - Sparc stable --- Bug #261108 --- tests now fixed and pass. - - 05 Mar 2009; Diego E. Pettenò - +files/Linux-PAM-1.0.4-fix-tests.patch, -files/other.pamd, - -files/system-auth.pamd.epam, -pam-0.99.8.1-r1.ebuild, pam-1.0.4.ebuild: - Fix tests on architectures where pointers have a size different from 8. - Remove old version. - - 04 Mar 2009; Brent Baude pam-1.0.4.ebuild: - Marking pam-1.0.4 ppc64 for bug 261108 - - 04 Mar 2009; Peter Alfredsen pam-1.0.4.ebuild: - Fix for libtool-1.5*, bug 261167. - - 03 Mar 2009; Diego E. Pettenò - pam-0.99.8.1-r1.ebuild: - De-keyword all arches but mips. - -*pam-1.0.4 (03 Mar 2009) - - 03 Mar 2009; Diego E. Pettenò - -pam-0.99.9.0.ebuild, -pam-1.0.2.ebuild, -pam-1.0.3.ebuild, - +pam-1.0.4.ebuild: - Version bump, cleanup old versions. pam-1.0.4 is stable candidate. - -*pam-1.0.3 (10 Dec 2008) - - 10 Dec 2008; Diego E. Pettenò +pam-1.0.3.ebuild: - Version bump. - - 31 Aug 2008; Diego Pettenò - +files/Linux-PAM-1.0.2-noyp.patch, pam-1.0.2.ebuild: - Add a patch that checks if the system includes support for NIS. This way - Linux-PAM 1.0.x can build on uClibc systems. Closes bug #235431. - -*pam-1.0.2 (30 Aug 2008) - - 30 Aug 2008; Diego Pettenò +pam-1.0.2.ebuild: - Version bump, minor fixes. - - 23 Aug 2008; Doug Goldstein metadata.xml: - add GLEP 56 USE flag desc from use.local.desc - - 31 Jul 2008; Diego Pettenò pam-1.0.1.ebuild: - Some very basic fixes to the econf call: set all the directories at the - top, provide htmldir as well as docdir (bug #2333360) - - 23 Jul 2008; Diego Pettenò pam-1.0.1.ebuild: - Remove --enable-docdir option and use --docdir instead so that - documentation is installed properly as we want it to be. Thanks to Afrever - Frehtes Taifersar Arahesis in bug #230774. - - 04 Jul 2008; pam-1.0.1.ebuild: - Add ~mips, bug #230743 - - 02 Jul 2008; Diego Pettenò pam-1.0.1.ebuild: - Don't stop on pam_radius usage, but suggest to install the package - instead, as it's now available. - - 21 Jun 2008; Thomas Anderson pam-1.0.1.ebuild: - amd64 stable, bug #225901 - - 14 Jun 2008; Tobias Klausmann pam-1.0.1.ebuild: - Stable on alpha, bug #225901 - - 14 Jun 2008; nixnut pam-1.0.1.ebuild: - Stable on ppc wrt bug 225901 - - 13 Jun 2008; Raúl Porcel pam-1.0.1.ebuild: - ia64/sparc stable wrt #225901 - - 13 Jun 2008; Jeroen Roovers pam-1.0.1.ebuild: - Stable for HPPA (bug #225901). - - 12 Jun 2008; Brent Baude pam-1.0.1.ebuild: - stable ppc64, bug 225905 - - 11 Jun 2008; Christian Faulhammer pam-1.0.1.ebuild: - stable x86, bug 225901 - -*pam-1.0.1 (18 Apr 2008) - - 18 Apr 2008; Diego Pettenò - -files/Linux-PAM-1.0.0-set-item.patch, -pam-0.99.9.0-r1.ebuild, - -pam-0.99.10.0.ebuild, -pam-1.0.0-r1.ebuild, -pam-1.0.0-r2.ebuild, - +pam-1.0.1.ebuild: - Version bump, no functional changes but I can do some spring cleaning, and - it has sr locale support. - - 14 Apr 2008; Diego Pettenò pam-1.0.0-r2.ebuild: - Re-add ~ppc, that was added after I copied the ebuild to -r2. - -*pam-1.0.0-r2 (14 Apr 2008) - - 14 Apr 2008; Diego Pettenò +pam-1.0.0-r2.ebuild: - Revision bump to remove .la files, we don't support static libpam so it's - unneeded. - - 14 Apr 2008; Diego Pettenò pam-1.0.0-r1.ebuild: - Override default sepermitlockdir definition so that it doesn't end in - /var/lib/run. See bug #217590. - - 12 Apr 2008; Tobias Scherbaum pam-1.0.0-r1.ebuild: - Added ~ppc, bug #212437 - -*pam-1.0.0-r1 (10 Apr 2008) - - 10 Apr 2008; Diego Pettenò - +files/Linux-PAM-1.0.0-set-item.patch, -pam-1.0.0.ebuild, - +pam-1.0.0-r1.ebuild: - Revision bump to fix bug #216702 and workaround autoconf bug in #217154. - -*pam-1.0.0 (05 Apr 2008) - - 05 Apr 2008; Diego Pettenò +pam-1.0.0.ebuild: - Version bump to latest release, first 1.x version. Hopefully a stable - candidate. - - 17 Mar 2008; Santiago M. Mola pam-0.99.10.0.ebuild: - Re-keyworded ~amd64 wrt bug #210770 - - 06 Mar 2008; Raúl Porcel pam-0.99.10.0.ebuild: - Add ~alpha/~ia64 wrt #210770 - - 05 Mar 2008; Ferris McCormick pam-0.99.10.0.ebuild: - Add ~sparc for testing --- Bug #210770 (correct version this time). - - 05 Mar 2008; Ferris McCormick pam-0.99.9.0-r1.ebuild: - ~sparc for testing --- Bug #210770 --- pam still works for me. - - 04 Mar 2008; Brent Baude pam-0.99.10.0.ebuild: - keyworded ~arch for ppc64, bug 210770 - - 04 Mar 2008; Christian Faulhammer pam-0.99.10.0.ebuild: - keyword ~x86 for bug 210770 - - 03 Mar 2008; Jeroen Roovers pam-0.99.10.0.ebuild: - Marked ~hppa (bug #210770 again). - - 03 Mar 2008; Jeroen Roovers pam-0.99.9.0-r1.ebuild: - Marked ~hppa (bug #210770). - -*pam-0.99.10.0 (01 Mar 2008) - - 01 Mar 2008; Diego Pettenò +pam-0.99.10.0.ebuild: - Version bump. - -*pam-0.99.9.0-r1 (19 Feb 2008) - - 19 Feb 2008; Diego Pettenò - +pam-0.99.9.0-r1.ebuild: - New revision that works with the new sys-auth/pambase (and requires it). - - 10 Feb 2008; Diego Pettenò pam-0.99.8.1-r1.ebuild, - pam-0.99.9.0.ebuild: - Remove dependency over pwdb, pam_pwdb is no more present in PAM 0.99, so the - dependency was bogus. - - 01 Feb 2008; Robin H. Johnson pam-0.99.8.1-r1.ebuild, - pam-0.99.9.0.ebuild: - Bug #208389, cosmetic fix for empty /etc/pam.d during early install. - - 15 Jan 2008; Diego Pettenò - -files/system-auth.pamd.0.78, -pam-0.78-r5.ebuild: - Remove pam 0.78. - - 13 Jan 2008; Joshua Kinard pam-0.99.9.0.ebuild: - Marked unstable on mips. - - 13 Jan 2008; Joshua Kinard pam-0.99.8.1-r1.ebuild: - Stable on mips. - - 01 Jan 2008; Diego Pettenò pam-0.99.9.0.ebuild: - Check for /etc/pam.d files in $ROOT, add missing flex build-time dependency. - Fixes bug #203929. - - 20 Dec 2007; Diego Pettenò pam-0.78-r5.ebuild: - Remove pam_console USE flag so that it's always disabled. - - 24 Nov 2007; Diego Pettenò pam-0.99.9.0.ebuild: - Don't suggest using sys-auth/pam_console anymore, also link the upgrade - guide when a module is used that has been removed. - - 23 Nov 2007; Markus Rothe pam-0.99.9.0.ebuild: - Stable on ppc64; bug #199693 - - 21 Nov 2007; nixnut pam-0.99.9.0.ebuild: - Stable on ppc wrt bug 199693 - - 21 Nov 2007; Jeroen Roovers pam-0.99.9.0.ebuild: - Stable for HPPA (bug #199693). - - 20 Nov 2007; Raúl Porcel pam-0.99.9.0.ebuild: - alpha/ia64/sparc stable wrt #199693 - - 20 Nov 2007; Wulf C. Krueger pam-0.99.9.0.ebuild: - Marked stable on amd64 as per bug 199693. - - 19 Nov 2007; Dawid Węgliński pam-0.99.9.0.ebuild: - Stable on x86 (bug #199693) - - 15 Nov 2007; Diego Pettenò pam-0.78-r5.ebuild: - Drop keywords for all arches but mips, see bug 199193. - - 11 Nov 2007; Diego Pettenò - +files/Linux-PAM-0.99.8.1-xtests.patch, pam-0.99.8.1-r1.ebuild, - pam-0.99.9.0.ebuild: - Build xtests directory only during make check, finally should fix bug #194275. - - 10 Nov 2007; Diego Pettenò pam-0.99.8.1-r1.ebuild, - pam-0.99.9.0.ebuild: - Depend on glibc 2.4 when tests are enabled, or the tests fail to build. The - test flag is masked on all the architectures where glibc 2.4 is masked. - - 06 Nov 2007; Raúl Porcel pam-0.99.8.1-r1.ebuild: - alpha stable wrt #196409, thanks to Tobias Klausmann - - 01 Nov 2007; Diego Pettenò pam-0.99.8.1-r1.ebuild, - pam-0.99.9.0.ebuild: - Fix grammar, thanks Mike. - - 28 Oct 2007; Olivier Crête pam-0.99.8.1-r1.ebuild: - Stable on amd64 for bug #196409 - - 28 Oct 2007; nixnut pam-0.99.8.1-r1.ebuild: - Stable on ppc wrt bug 196409 - - 24 Oct 2007; Dawid Węgliński pam-0.99.8.1-r1.ebuild: - Stable on x86 for bug #196409 - - 24 Oct 2007; Raúl Porcel pam-0.99.8.1-r1.ebuild: - ia64/sparc stable wrt #196409 - - 23 Oct 2007; Markus Rothe pam-0.99.8.1-r1.ebuild: - Stable on ppc64; bug #196409 - - 20 Oct 2007; Jeroen Roovers pam-0.99.8.1-r1.ebuild: - Stable for HPPA (bug #196409). - -*pam-0.99.9.0 (19 Oct 2007) - - 19 Oct 2007; Diego Pettenò -pam-0.99.8.1.ebuild, - +pam-0.99.9.0.ebuild: - Version bump, and remove old version non-stable-target. - -*pam-0.99.8.1-r1 (18 Sep 2007) - - 18 Sep 2007; Robin H. Johnson - +pam-0.99.8.1-r1.ebuild: - Bug #189669, fix non-deterministic inclusion of libaudit. USE=audit is - masked on alpha, arm, hppa, ppc64, s390, sh until they have keyworded it per - bug #184563. - -*pam-0.99.8.1 (26 Jul 2007) - - 26 Jul 2007; Diego Pettenò - -files/Linux-PAM-0.99.8.0-setlocale.patch, -pam-0.99.8.0-r2.ebuild, - +pam-0.99.8.1.ebuild: - Version bump, remove old version and merged patches. - - 12 Jul 2007; Diego Pettenò - files/system-auth.pamd.epam: - Fix typo. - -*pam-0.99.8.0-r2 (12 Jul 2007) - - 12 Jul 2007; Diego Pettenò - files/system-auth.pamd.epam, -pam-0.99.8.0-r1.ebuild, - +pam-0.99.8.0-r2.ebuild: - use_authtok does not have a fallback, so disable that pam_unix call and - replace with a clean one when not using pam_cracklib. - - 12 Jul 2007; Diego Pettenò pam-0.78-r5.ebuild: - Block the split modules to avoid collisions. - - 12 Jul 2007; Diego Pettenò - -files/Linux-PAM-0.99.6.3-berkdb.patch, -files/system-auth.pamd.0.99, - -pam-0.99.7.1.ebuild, -pam-0.99.8.0.ebuild, pam-0.99.8.0-r1.ebuild: - Don't report pam_chroot as deprecated, as it's now in portage (thanks Ali - Polatel, hawking). Remove previous 0.99 series, before stabling Linux-PAM we - need to give time to pam_chroot to settle down a bit at least. - - 10 Jul 2007; Diego Pettenò - -files/pam-0.78-inttypes.patch, -files/pam-0.78-xauth-path.patch, - -files/README.pam_console, -files/pam_env.conf, pam-0.78-r5.ebuild: - Bump patchlevel, and use patches and extra files from the patchset. - - 10 Jul 2007; Diego Pettenò -pam-0.78-r3.ebuild: - Remove old version. - - 10 Jul 2007; Diego Pettenò - -files/pam.d-0.99/other, -files/pam.d-0.99/system-auth, +files/other.pamd, - -files/pam.d/other, -files/pam.d/system-auth, - +files/system-auth.pamd.0.78, +files/system-auth.pamd.0.99, - pam-0.78-r3.ebuild, pam-0.78-r5.ebuild, pam-0.99.7.1.ebuild, - pam-0.99.8.0.ebuild, pam-0.99.8.0-r1.ebuild: - Reduce the pamd installation code, remove two directories too. - -*pam-0.99.8.0-r1 (10 Jul 2007) - - 10 Jul 2007; Diego Pettenò - +files/system-auth.pamd.epam, +pam-0.99.8.0-r1.ebuild: - Add a cracklib USE flag to enable/disable pam_cracklib module building. - Thanks to the EPAM "syntax", the configuration file installed is updated as - needed for etc-update. - - 08 Jul 2007; Diego Pettenò pam-0.99.7.1.ebuild, - pam-0.99.8.0.ebuild: - Fix logic of the upgrade path. - - 08 Jul 2007; Diego Pettenò - +files/Linux-PAM-0.99.8.0-setlocale.patch, pam-0.99.8.0.ebuild: - Fix missing locale.h include when nls USE flag is turned off. Thanks - Christian Heim (phreak) for reporting in bug #184618. - -*pam-0.99.8.0 (08 Jul 2007) - - 08 Jul 2007; Diego Pettenò +pam-0.99.8.0.ebuild: - Version bump, a similar patch to mine to disable pam_userdb has been merged, - which makes it easier to split pam_userdb. - - 05 Jul 2007; Diego Pettenò pam-0.99.7.1.ebuild: - Fix typo, thanks Jakub. - - 04 Jul 2007; Diego Pettenò pam-0.99.7.1.ebuild: - Add some more explicit warnings and errors when using deprecated modules, - and die if the system is configured to use pam_stack or other modules that - are no more built and installed, to avoid breaking login on the box. - - 02 Jul 2007; Piotr Jaroszyński pam-0.99.7.1.ebuild: - (QA) RESTRICT clean up. - - 13 Jun 2007; Raúl Porcel pam-0.99.7.1.ebuild: - Add ~alpha #152713 - - 12 May 2007; Joshua Kinard pam-0.78-r5.ebuild: - Stable on mips. - - 26 Mar 2007; Raúl Porcel pam-0.78-r5.ebuild: - ia64 stable wrt bug 150859 - - 14 Feb 2007; Chris Gianelloni pam-0.78-r5.ebuild: - Stable on alpha wrt bug #150859. - - 31 Jan 2007; Markus Rothe pam-0.78-r5.ebuild: - Stable on ppc64; bug #150859 - - 28 Jan 2007; Joseph Jezak pam-0.78-r5.ebuild: - Marked ppc stable for bug #150859. - - 27 Jan 2007; Jeroen Roovers pam-0.78-r5.ebuild: - Stable for HPPA (bug #150859). - - 26 Jan 2007; Jeroen Roovers pam-0.99.7.1.ebuild: - Marked ~hppa (bug #152713). - -*pam-0.99.7.1 (24 Jan 2007) - - 24 Jan 2007; Diego Pettenò -pam-0.99.7.0.ebuild, - +pam-0.99.7.1.ebuild: - Version bump, closes security breach, see bug #163631. - - 23 Jan 2007; Steve Dibb pam-0.78-r5.ebuild: - amd64 stable, bug 150859 - - 23 Jan 2007; Gustavo Zacarias pam-0.99.7.0.ebuild: - Keyworded ~sparc wrt #152713 - - 23 Jan 2007; Gustavo Zacarias pam-0.78-r5.ebuild: - Stable on sparc wrt #150859 - - 23 Jan 2007; Christian Faulhammer pam-0.78-r5.ebuild: - stable x86, bug #150859 - - 23 Jan 2007; Diego Pettenò pam-0.78-r3.ebuild, - pam-0.78-r5.ebuild: - Use toolchain-funcs's gen_usr_ldscript. See bug #144529. - -*pam-0.99.7.0 (23 Jan 2007) - - 23 Jan 2007; Diego Pettenò - -files/Linux-PAM-0.99.6.3-linking.patch, - -files/Linux-PAM-0.99.6.3-selinux.patch, - +files/Linux-PAM-0.99.7.0-disable-regenerate-man.patch, - pam-0.78-r3.ebuild, pam-0.78-r5.ebuild, -pam-0.99.6.3-r2.ebuild, - +pam-0.99.7.0.ebuild: - Version bump, fix linking for all modules (huge patch), disable manpage - regeneration, cuts down the dependencies over docbook stuff, use - mirror://kernel. - - 05 Jan 2007; Diego Pettenò pam-0.78-r3.ebuild, - pam-0.78-r5.ebuild: - Convert to use elog. - - 04 Jan 2007; Diego Pettenò pam-0.78-r3.ebuild, - -pam-0.99.6.3-r1.ebuild: - Cleanup. - - 24 Nov 2006; Markus Rothe pam-0.99.6.3-r1.ebuild, - pam-0.99.6.3-r2.ebuild: - Added ~ppc64; bug #152713 - -*pam-0.99.6.3-r2 (24 Nov 2006) - - 24 Nov 2006; Diego Pettenò - +files/Linux-PAM-0.99.6.3-selinux.patch, +pam-0.99.6.3-r2.ebuild: - Add patch to fix linking on selinux systems. Thanks to Stephen Bennett for - reporting in bug #156124. - - 30 Oct 2006; Diego Pettenò pam-0.99.6.3-r1.ebuild: - Use /usr/lib directory even on non-multilib systems. - - 29 Oct 2006; Mike Kelly pam-0.99.6.3-r1.ebuild: - Add support for the vim-syntax USE flag. Bug #152275. - - 29 Oct 2006; Diego Pettenò pam-0.99.6.3-r1.ebuild: - Finally remove the pam_userdb manpage, and rewrite the warning at the end of - the ebuild as the ebuild is going to be unmasked relatively soon. - - 26 Oct 2006; Diego Pettenò pam-0.99.6.3-r1.ebuild: - Remove pam_userdb manpage. - - 26 Oct 2006; Diego Pettenò ChangeLog: - Regenerate digest (bug #152838). - - 24 Oct 2006; Luca Barbato pam-0.99.6.3-r1.ebuild: - Marked ~ppc - - 18 Oct 2006; Diego Pettenò - +files/Linux-PAM-0.99.6.3-linking.patch, pam-0.99.6.3-r1.ebuild: - Add patch to fix correct linking to libraries. - - 04 Oct 2006; Diego Pettenò -pam-0.99.5.0.ebuild, - -pam-0.99.5.0-r1.ebuild, -pam-0.99.6.3.ebuild: - Remove previous versions. - - 04 Oct 2006; Diego Pettenò pam-0.99.6.3-r1.ebuild: - Forwardport also README for single modules. - - 04 Oct 2006; Diego Pettenò pam-0.99.6.3-r1.ebuild: - Re-add selinux useflag, forwardporting from 0.99.5.0-r1. - - 04 Oct 2006; Diego Pettenò pam-0.99.6.3-r1.ebuild: - Add elibc_FreeBSD to IUSE, and add missing dependencies on some other - docbook-xml-dtd packages. - -*pam-0.99.6.3-r1 (04 Oct 2006) - - 04 Oct 2006; Diego Pettenò - +pam-0.99.6.3-r1.ebuild: - New revision that always disable berkdb. - - 03 Oct 2006; Diego Pettenò - +files/Linux-PAM-0.99.6.3-berkdb.patch, pam-0.99.6.3.ebuild: - Add a patch to disable berkdb support on request, and add berkdb useflag. - -*pam-0.99.6.3 (03 Oct 2006) - - 03 Oct 2006; Diego Pettenò +pam-0.99.6.3.ebuild: - Update to a recent version, by reverting the change in 0.99.5.0-r1 (fedora - patches, selinux useflag, berkdb, dependencies check). Berkeley DB support - should be moved out of this ebuild, and disabled here; selinux useflag has - to be added back by selinux team; the dependencies check should be outside - the scope of this single ebuild. - - 06 Sep 2006; Chris PeBenito pam-0.78-r5.ebuild: - Fix gcc 4.1 compile issue with SELinux patch. - - 07 Jul 2006; Diego Pettenò pam-0.99.5.0-r1.ebuild: - Fix dependecies, use econf and emake for berkdb copy, don't use the - deprecated gnuconfig eclass. - - 07 Jul 2006; Martin Schlemmer pam-0.99.5.0-r1.ebuild: - Move removing unneeded modules before dependency check. - - 04 Jul 2006; Martin Schlemmer pam-0.99.5.0-r1.ebuild: - Fix ghostscript depend. - - 01 Jul 2006; Martin Schlemmer pam-0.99.5.0.ebuild, - pam-0.99.5.0-r1.ebuild: - Set /sbin/unix_chkpwd suid, else user programs cannot auth. - - 01 Jul 2006; Martin Schlemmer +files/pam.d-0.99/other, - +files/pam.d-0.99/system-auth, pam-0.99.5.0.ebuild, - pam-0.99.5.0-r1.ebuild: - Use try_first_pass instead of likeauth, as it seems missing from pam-0.99's - pam_unix module. - - 01 Jul 2006; Martin Schlemmer Manifest: - Repoman booboo on Manifest. - -*pam-0.99.5.0-r1 (01 Jul 2006) - - 01 Jul 2006; Martin Schlemmer +pam-0.99.5.0-r1.ebuild: - Build pam_userdb against internal db again. Add module checks that no - dependencies are in /usr lib back. Enable building of documentation. Varios - patches from Fedora. - -*pam-0.99.5.0 (28 Jun 2006) - - 28 Jun 2006; Diego Pettenò - -files/Linux-PAM-0.99.3.0-prelude.patch, -pam-0.99.4.0.ebuild, - +pam-0.99.5.0.ebuild: - Bump to latest version, prelude is now fixed upstream. - - 20 Jun 2006; Stefan Schweizer pam-0.99.4.0.ebuild: - Add ~x86 - - 19 Jun 2006; Diego Pettenò - -files/pam-0.99.3.0-parallel-make.patch, -pam-0.99.3.0.ebuild, - pam-0.99.4.0.ebuild: - Remove 0.99.3.0, mark ~amd64 (under package.mask) the new version. - -*pam-0.99.4.0 (09 Jun 2006) - - 09 Jun 2006; Diego Pettenò +pam-0.99.4.0.ebuild: - Bump to latest version, still masked. - - 23 May 2006; Diego Pettenò - +files/pam-0.99.3.0-parallel-make.patch, pam-0.99.3.0.ebuild: - Add patch from Martin Schlemmer (azarah) to fix bug #134100 (parallel make - issues). - - 21 Apr 2006; Diego Pettenò files/pam_env.conf: - Remove extra spurious \. Thanks to Allan Gottlieb in bug #70670. - - 21 Apr 2006; Diego Pettenò - files/README.pam_console: - Fix path for pam_console_apply. Thanks to Thomas Petersen in bug #107970. - - 21 Apr 2006; Diego Pettenò pam-0.78-r3.ebuild, - pam-0.78-r5.ebuild: - Move DESCRIPTION after inherit line. Thanks to Alexandru Toma in bug #114010. - - 21 Apr 2006; Diego Pettenò - -files/pam-0.77-console-reset.patch, -pam-0.77-r6.ebuild, - -pam-0.77-r8.ebuild, -pam-0.78-r2.ebuild, -pam-0.78-r4.ebuild: - Drop old versions. - - 21 Apr 2006; Diego Pettenò pam-0.99.3.0.ebuild: - Tweak dependencies a bit. - -*pam-0.99.3.0 (21 Apr 2006) - - 21 Apr 2006; Diego Pettenò - +files/Linux-PAM-0.99.3.0-prelude.patch, +pam-0.99.3.0.ebuild: - Add first try to get a newer version of Linux-PAM in the tree, version - 0.99.3.0. Notable regression: no RedHat patches, thus no pam_stack.so. This - might change in future revision. Not for production systems. - -*pam-0.78-r5 (05 Mar 2006) - - 05 Mar 2006; Chris PeBenito +pam-0.78-r5.ebuild: - Bump to add SELinux seuser support. - -*pam-0.78-r4 (25 Jan 2006) - - 25 Jan 2006; Diego Pettenò - +files/pam-0.78-xauth-path.patch, +pam-0.78-r4.ebuild: - Add patch to fix xauth path (bug #111307). - - 12 Jan 2006; Diego Pettenò - +files/pam-0.78-inttypes.patch, pam-0.78-r3.ebuild: - Add patch to fix building on ppc64 with GCC4, by replacing __u8 and __u32 - with standard types uint8_t and uint32_t. Closes bug #107430. - -*pam-0.78-r3 (26 Oct 2005) - - 26 Oct 2005; Chris PeBenito +pam-0.78-r3.ebuild: - Add fix for CAN-2005-2977. This is specific to the SELinux users. See bug - #109485. - - 09 Oct 2005; Diego Pettenò metadata.xml: - Add pam-bugs email address as maintainer. - - 23 Aug 2005; Diego Pettenò pam-0.78-r2.ebuild: - Don't use cp -a. - - 09 Aug 2005; Aaron Walker pam-0.78-r2.ebuild: - Stable on mips. - - 01 Aug 2005; Martin Schlemmer files/pam.d/system-auth: - Add some password sanity checking to system-auth. - - 28 Jul 2005; Seemant Kulleen -pam-0.77.ebuild, - -pam-0.77-r1.ebuild, -pam-0.77-r2.ebuild, -pam-0.77-r3.ebuild, - -pam-0.77-r4.ebuild, -pam-0.77-r7.ebuild, -pam-0.78.ebuild, - -pam-0.78-r1.ebuild: - clean out cruft ebuilds - - 19 Jul 2005; Bryan Østergaard pam-0.78-r2.ebuild: - Stable on alpha. - - 09 Jul 2005; Joseph Jezak pam-0.78-r2.ebuild: - Marked ppc stable. - - 08 Jul 2005; Rene Nussbaumer pam-0.78-r2.ebuild: - Stable on hppa. - - 08 Jul 2005; Gustavo Zacarias pam-0.78-r2.ebuild: - Stable on sparc - - 08 Jul 2005; Gregorio Guidi files/README.pam_console, - pam-0.78-r2.ebuild: - Tweak documentation for pam_console (#31877). - - 07 Jul 2005; Markus Rothe pam-0.78-r2.ebuild: - Stable on ppc64 - - 07 Jul 2005; Diego Pettenò pam-0.78-r2.ebuild: - Make glib stuff dependant on pam_console useflag. See bug #98190. - - 06 Jul 2005; Danny van Dyk pam-0.78-r2.ebuild: - Marked stable on amd64. - - 04 Jul 2005; Martin Schlemmer pam-0.78-r2.ebuild: - Add --host to glib/db's configure lines, bug #88439. - - 30 Jun 2005; Diego Pettenò pam-0.77.ebuild, - pam-0.77-r1.ebuild, pam-0.77-r2.ebuild, pam-0.77-r3.ebuild, - pam-0.77-r4.ebuild, pam-0.77-r6.ebuild, pam-0.77-r7.ebuild, - pam-0.77-r8.ebuild, pam-0.78.ebuild, pam-0.78-r1.ebuild, - pam-0.78-r2.ebuild: - Doesn't count on ${P} for patches as the package is going to be renamed. - - 27 Jun 2005; Martin Schlemmer pam-0.78-r2.ebuild: - Add /usr/lib specifically again, as at least here ldd does not return lib64 - in output. - - 27 Jun 2005; Martin Schlemmer pam-0.78-r2.ebuild: - Update cracklib dependencies, bug #85679. - - 21 Jun 2005; Danny van Dyk pam-0.77-r6.ebuild: - Fixed BUG #96385 by changing hardcoded libdir in pam_cracklib's Makefile to - $(get_libdir). - - 24 May 2005; Diego Pettenò files/pam.d/other, - files/pam.d/system-auth: - Removed full path from pam.d files, to fix AMD64 issues. - - 22 May 2005; Diego Pettenò -files/pam.d/rexec, - -files/pam.d/rlogin, -files/pam.d/rsh: - Removed pam.d files for rexec, rlogin and rsh, as they are installed by - netkit-rsh. - - 20 May 2005; Diego Pettenò pam-0.78.ebuild, - pam-0.78-r1.ebuild, pam-0.78-r2.ebuild: - Use new pam eclass for new dopamd/newpamd functions. Fixes #86823. - - 16 May 2005; Diego Pettenò pam-0.77.ebuild, - pam-0.77-r1.ebuild, pam-0.77-r2.ebuild, pam-0.77-r3.ebuild, - pam-0.77-r4.ebuild, pam-0.77-r6.ebuild, pam-0.77-r7.ebuild, - pam-0.77-r8.ebuild, pam-0.78.ebuild, pam-0.78-r1.ebuild: - Converted to use toolchain-funcs instead of gcc eclass. - - 28 Apr 2005; Martin Schlemmer pam-0.77.ebuild, - pam-0.77-r1.ebuild, pam-0.77-r2.ebuild, pam-0.77-r3.ebuild, - pam-0.77-r4.ebuild, pam-0.77-r6.ebuild, pam-0.77-r7.ebuild, - pam-0.77-r8.ebuild: - Only add the virtual to the >=0.78 series, as we want to use it for the - 'include' directive to have bsd support. - - 28 Apr 2005; Martin Schlemmer pam-0.77.ebuild, - pam-0.77-r1.ebuild, pam-0.77-r2.ebuild, pam-0.77-r3.ebuild, - pam-0.77-r4.ebuild, pam-0.77-r6.ebuild, pam-0.77-r7.ebuild, - pam-0.77-r8.ebuild, pam-0.78.ebuild, pam-0.78-r1.ebuild, - pam-0.78-r2.ebuild: - Add virtual. - - 25 Mar 2005; Jeremy Huddleston pam-0.78-r2.ebuild: - Use proper toolchain compiler. - - 23 Mar 2005; Martin Schlemmer pam-0.78-r2.ebuild: - Do not care about sandbox in /usr check for module dependencies. Add message - to warn about restarting sshd. - - 13 Mar 2005; Martin Schlemmer pam-0.78-r2.ebuild: - Tweak dependency test to hopefully fix bug #84836 - - 09 Mar 2005; Martin Schlemmer pam-0.78-r2.ebuild: - Do not check for gcc dir when we check if modules are link to libs in /usr. - -*pam-0.78-r2 (09 Mar 2005) - - 09 Mar 2005; Martin Schlemmer +pam-0.78-r2.ebuild: - Compile glib internal to fix the -fPIC issues. - -*pam-0.78-r1 (07 Mar 2005) - - 07 Mar 2005; Martin Schlemmer +pam-0.78-r1.ebuild: - Do not link cracklib and pwdb static, bug #83899. Add /dev/dri/\* to - console.perms, bug #55833. Add NIS patche from Peter S. Mazinger - . - - 26 Feb 2005; Martin Schlemmer pam-0.78.ebuild: - Use econf and some tweaking to fix some man pages installing into /man, bug - #83389. - -*pam-0.78 (25 Feb 2005) - - 25 Feb 2005; Martin Schlemmer - files/README.pam_console, +files/pam.d/other, +files/pam.d/system-auth, - +pam-0.78.ebuild: - Add patch from bug #80566 (by Mark Loeser ). Added - workaround from bug #80604 (by Roland Bar ). Force - locales to default, bug #70471 (by Alessandro Guido ). Fix - sound perms on pam_console_reset, bug #55305. Add patch for bug #62059 (by - Jason Fritcher ). Add pam_chroot, pam_console and - pam_timestamp USE flags for these optional modules - -*pam-0.77-r7 (04 Feb 2005) - - 04 Feb 2005; Martin Schlemmer +pam-0.77-r7.ebuild: - Update static patches to not reference /usr/lib, etc directly. - -*pam-0.77-r6 (03 Feb 2005) - - 03 Feb 2005; Martin Schlemmer +pam-0.77-r6.ebuild: - Fix missing '|| die' at the patch section. Fix patch not applying. - -*pam-0.77-r5 (02 Feb 2005) - - 02 Feb 2005; Martin Schlemmer +pam-0.77-r5.ebuild: - Fix permission borkage, bug #74040 (added to stable for all, as its a - serious bug), thanks to Ulrich Mueller . - -*pam-0.77-r4 (13 Dec 2004) - - 13 Dec 2004; Martin Schlemmer files/pam_env.conf, - +pam-0.77-r4.ebuild: - Fix DISPLAY not set for ssh -X. - -*pam-0.77-r3 (08 Nov 2004) - - 08 Nov 2004; Martin Schlemmer +files/pam_env.conf, - +pam-0.77-r1.ebuild, +pam-0.77-r3.ebuild: - Install again pam.d files for rexec, rlogin and rsh. Update - /etc/security/pam_env.conf to allow su to export DISPLAY and XAUTHORITY if - needed, bug #69925. - -*pam-0.77-r2 (31 Oct 2004) - - 31 Oct 2004; Martin Schlemmer - +files/pam-0.77-console-reset.patch, +pam-0.77-r2.ebuild, pam-0.77.ebuild: - Fix pam_console_apply -r segfaulting if a group used in - /etc/security/console.perms are missing, bug #50315 - - 01 Sep 2004; Travis Tilley pam-0.77-r1.ebuild: - made pam use $(get_libdir) for installing to lib64/lib32 - - 13 Aug 2004; Robin H. Johnson pam-0.77-r1.ebuild: - fix bug #58626, need a newer autoconf. - - 30 Jun 2004; Aron Griffis pam-0.77-r1.ebuild: - stable on alpha and ia64 - - 27 Jun 2004; Aron Griffis pam-0.75-r10.ebuild, - pam-0.75-r11.ebuild, pam-0.75-r7.ebuild, pam-0.75-r8.ebuild, - pam-0.75-r9.ebuild, pam-0.77-r1.ebuild, pam-0.77.ebuild: - QA - fix use invocation - - 02 Jun 2004; Travis Tilley pam-0.77-r1.ebuild: - stable on amd64 - - 12 May 2004; Alexander Gabert pam-0.75-r11.ebuild: - changed hardened-gcc logic to use flag logic - - 26 Apr 2004; Michael McCabe pam-0.77-r1.ebuild: - Marked stable on s390 - - 16 Apr 2004; Michael Sterrett pam-0.75-r11.ebuild: - move inherit to the right place - -*pam-0.77-r1 (26 Mar 2004) - - 26 Mar 2004; Paul de Vrieze pam-0.77-r1.ebuild: - Fix pam_userdb building - - 09 Mar 2004; pam-0.77.ebuild: - stable on alpha and ia64 - - 07 Mar 2004; Joshua Kinard pam-0.77.ebuild: - Marked stable on mips. - - 09 Feb 2004; pam-0.77.ebuild: - stable on sparc - - 09 Feb 2004; Guy Martin pam-0.75-r11.ebuild, - pam-0.77.ebuild: - Marked stable on hppa. Removed arm keywords to commit. - - 06 Feb 2004; Martin Schlemmer pam-0.77.ebuild: - Bump to stable for x86. - - 03 Feb 2004; Bartosch Pixa pam-0.77.ebuild: - set ppc in keywords - - 18 Jan 2004; Chris PeBenito pam-0.77.ebuild: - Fix SELinux patch so that it compiles correctly on a system that does not have - a prexisting PAM install. - - 22 Dec 2003; Joshua Kinard pam-0.77.ebuild: - Added a small gnuconfig block to the berkdb build bit, because pam-0.77 pulls in - db-4.1.x in most cases, and 4.1.x can't detect a mips64 system properly. - - 21 Dec 2003; Brad House pam-0.77.ebuild: - mark stable on amd64 - - 15 Dec 2003; Martin Schlemmer pam-0.77.ebuild: - Mark unstable for all. - - 09 Dec 2003; Chris PeBenito pam-0.77.ebuild: - Update SELinux patch in patch tarball. - - 10 Nov 2003; Martin Schlemmer pam-0.77.ebuild: - Add a 'return 0' to pkg_setup() to make sure it returns the correct value. - -*pam-0.77 (10 Nov 2003) - - 10 Nov 2003; Martin Schlemmer pam-0.77.ebuild: - New version. The bulk of the work was done by Donny Davies - . I just added all the gentoo patches, as well - as made the db stuff link to our own version of db, and not ndbm. I - also (in gentoo patches) made pam_pwdb, pam_radius and pam_crack link - to static versions of libraries, and split new pwdb as an new version - of our existing sys-libs/pwdb. Other cleanups. - - 28 Oct 2003; Chris PeBenito pam-0.75-r11.ebuild, - files/pam-0.75-selinux.diff.bz2: - Add new API SELinux patch - - 08 Oct 2003; Alexander Gabert pam-0.75-r11.ebuild: - added hardened-gcc lcrypt dependency again - - 11 Aug 2003; Luke-Jr pam-0.75-r10.ebuild, - pam-0.75-r11.ebuild, pam-0.75-r7.ebuild, pam-0.75-r8.ebuild, - pam-0.75-r9.ebuild: - Changed LICENSE to "BSD | GPL-2" - - 01 Jul 2003; Olivier Crete pam-0.75-r11.ebuild: - Configure finds db4 - - 18 May 2003; Tavis Ormandy pam-0.75-r11.ebuild: - If glib was compiled with ccc, we need -lots. - - 20 Feb 2003; Zach Welch pam-0.75-r11.ebuild : - Added arm to keywords. - - 09 Feb 2003; Guy Martin pam-0.75-r11.ebuild : - Added hppa to keywords. - - 08 Jan 2003; Martin Schlemmer pam-0.75-r11.ebuild : - Mark stable. - -*pam-0.75-r11 (25 Dec 2002) - - 15 Mar 2003; Jan Seidel : - Added mips to KEYWORDS - - 07 Jan 2003; Martin Holzer pam-0.75-r11.ebuild : - Corrected Homepage. - - 25 Dec 2002; Martin Schlemmer pam-0.75-r11.ebuild : - - Add pam-0.75-pam_console_apply-use-correct-device.patch.bz2 to fix a - problem where pam_console_apply and co did not use the correct device - if devfsd was not used, closing bug #12207. The patch was created by - Sam Yates . - - 16 Dec 2002; Martin Schlemmer pam-0.75-r10.ebuild : - - Change DEPEND to only depend on db3 or greater, per request from Donny ... - this is for db4 support in future ... - - 06 Dec 2002; Rodney Rees : changed sparc ~sparc keywords - - 05 Dec 2002; Martin Schlemmer pam-0.75-r10.ebuild : - - Fix bison syntax for bison-1.50 or later, thanks to Redhat. Added - pam-0.75-pam_console-bison.fixes.patch for this. - - 26 Oct 2002; Martin Schlemmer pam-0.75-r10.ebuild : - - Add pam-0.75-pam_userdb-use-db3.patch to get pam_userdb to link to - db3 or db4 if present, rather than libndbm, as that causes unresolved - symbols. - -*pam-0.75-r10 (26 Oct 2002) - - 26 Oct 2002; Martin Schlemmer pam-0.75-r10.ebuild : - - Generate the linker scripts in /usr/lib to fix bug #4411. - -*pam-0.75-r9 (24 Oct 2002) - - 18 Jan 2003; Jan Seidel : - Added mips to keywords - - 24 Oct 2002; Martin Schlemmer pam-0.75-r9.ebuild : - - Another snag in the problem with gcc3 linking static libs in /usr/lib - before dynamic ones in /lib (bug #4411). Seems like c++ stuff do not - link properly with libpam.so, but rather with libpam.a, and as pam - must be dynamic to load its modules, it breaks auth for a few critical - things (like gdm and kdm). This is not tested, but the urgency demands - a solution. This release just do not install static libs for pam until - the gcc/binutils issue can be resolved. - -*pam-0.75-r8 (13 Oct 2002) - - 13 Oct 2002; Martin Schlemmer pam-0.75-r8.ebuild : - - Add pam-0.75-pam_console-fix-fullpath-in-file-classes.patch to fix a small - compat problem between pam-login and pam_console.so. pam_console.so expects - PAM_TTY to be set by login without prefixing "/dev/" it seems, which - pam-login did. This should close bug #6612. - - Synced with Mandrake and Redhat for latest patches. - - 05 Aug 2002; M.Schlemmer ${P}-pam_group-confile.patch : - Fixes the config file location of pam_group.so. This resolves bug #6010. - - 31 Jul 2002; M.Schlemmer ${P}-pam_wheel-segfault.patch : - Fix a segfault in pam_wheel.so if "use_uid" was not given as parameter. - This resolves bug #5686. - -*pam-0.75-r7 (31 Jul 2002) - - 31 Jul 2002; M.Schlemmer pam-0.75-r7.ebuild : - Update some patches. Ebuild cleanups, as well as some compiler - fixes. - - - 15 Jul 2002; Mark Guertin - Added ppc to keywords - - 11 Apr 2002; Spider - Update all glib dependencies to use glib-1.2* in preparation of unmasking the glib-2.0.1 packages - - - 04 Apr 2002; M.Schlemmer pam-0.75-r6.ebuild : - - Add module build checking back as we do not want some module to - silently fail and lock the user out of his system. - -*pam-0.75-r6 (04 Apr 2002) - - 04 Apr 2002; Jared H. Hudson pam-0.75-r6.ebuild : - - Made changes to make it compile without berkdb being defined as a use - item. - -*pam-0.75-r5 (03 Apr 2002) - - 03 Apr 2002; Geert Bevin pam-0.75-r5.ebuild : - - Made changes to make it compile the pwdb module successfully with gcc3. - -*pam-0.75-r2 (17 Feb 2002) - - 17 Feb 2002; Bruce A. Locke pam-0.75-r2.ebuild : - - Part 1 of PAM revamp. Ebuild is masked out... FOR DEVELOPER TESTING ONLY diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/Manifest index 5e9f0be83e..72cc79c6af 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/Manifest @@ -1,7 +1,2 @@ -DIST Linux-PAM-1.2.0-docs.tar.bz2 490586 SHA256 3bc9ae398f759e372dbf4065ceed2df8b1ac5ab62c6688cb5f7849ce773df2c3 SHA512 028b7f9d6b0a5cf38f063e0f82ac3d0955e1e41d77c9f3fc803363d9ea710d71366e0a91f31b418cac397bb6639442de908fa00f02cd94cf612496d1b43c7e4c WHIRLPOOL 9a329b610d840c904050b2261e5ce34ac54232b0c7d51c12ee45c9e758ab6659ea8562e032fa9815c2beab0cfa1ea455dbfbf3cdef39d30d299a8bc5286f7a14 -DIST Linux-PAM-1.2.1.tar.bz2 1279523 SHA256 342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 SHA512 4572aa1eaf5a1312410c74b5ed055b2592c5efe2bb82f59981da4e9e93555ad40aee3a89f446d9dc6c6af79efc04c33f739f66db9edc07e02479475a14e426da WHIRLPOOL 562917945b3b3a407955cc5bf5cd251ff7e257a94055d7cfbf06d5c2619b58d61624f16848de3512ddf61636ad8618315de3f7bd8e4e51b3b7d109adfa212c8a -EBUILD pam-1.2.1-r1.ebuild 6323 SHA256 65bba979d3e102c5ca299c5aa5fff77a4a3f6a2cef282672f0cd82a8e7d3da6f SHA512 aa78e3401a56c4441034e4126ac5499fb49453db8eaa95c4ad34b10f10f22ba524379490e2b3a78cc3b04295d423badb39049f7bdfc3d6d8f6f5b0ea7d24ecda WHIRLPOOL 71cfc86112ea6edc53486ceebd951122f6b3b9e0312c7aa671e48500e1dbf21bf9a4618ee75ed6f3b50281b76adee7bf7837130a0e183800a0be77a9764bf4c0 -EBUILD pam-1.2.1.ebuild 6085 SHA256 cc149ab1519f76c03ada1b5dd183b6dfc1391ac1da3e3c07274e7f8c80371c0a SHA512 e9014ef4a54949c8fa1d744e4385fefd55a15bae24a6fa470fc8da830733068e681982adc779da55e39cef78bff34660834c228ac9cde51ceddae7bd7ecc3177 WHIRLPOOL 93b1096e752eb8687afd5b236d4c03d4de9d65f3f4aab5657ea126d18845ac13f128ab39074118ab1a3a70b96394e025f909831d15a66a77d02ba679a65f599e -MISC ChangeLog 5004 SHA256 775004eeff9257c2a4e3a01f73b5ba6234b9cbcde581dc4857c55fe32274a7fd SHA512 d277eba55a22629e7a6d678c0a32cf77d1ab266477f156685c8c9dbd1a40a8863038cd5c814b45bb145e84a95c3d6c9521c66b1ab2c12369d2959fb3e091cf2a WHIRLPOOL 77c44285398cda118dbcbbbe9b97ee12e262423141dd22a36ab9acbf6c0dafb54aa810c748d0adfea22d70f6712b3cb2fee392804d32b8be271c1c0f206f70e2 -MISC ChangeLog-2015 56879 SHA256 1d6672e1e44f22c74a18b024729d90402209f412b7f24e5e87511bd720cb4073 SHA512 01b442a6401e1992ef563b52745ba90724a1d291e3572497d3b5dbf8fa756dc6d220ad61e55c9fe6139e7e4e64ee3b380e457153725fa9d0516113b3ee3914d7 WHIRLPOOL 88ef69921a8811210393f045f61742b7cf3c3fec051d83d28d9dcc0eb60373c488a31c44d9d216e06b5c890cdf357c83cb17df0ed395f5372c5a8e3904ad7bdb -MISC metadata.xml 1135 SHA256 19e87cb2aa29dcd1b12d3fd5a001a7fe08fcb9153cc80045d0b95a88c4cad3d7 SHA512 de2a617918085c4e6a7a1976447ed2c0bcdb8eb257d28351e095b29ea219382ce8964206ba0fcdefe9b69db9ab17a52556371cfbee3ed4d5c5293c8d21738d55 WHIRLPOOL abf1d986d9fb8a6654db2ecb982ef50a4aea376c5386f3b68baec1faa19811a6b58f1a08e617711737879f173db729e34d92c8be29ee4acb47f2a0deec5241fc +DIST Linux-PAM-1.5.1-docs.tar.xz 441632 BLAKE2B 1b3ad1b5167936b8c38977b5328ee11c7d280eb905a0f444e555d24f9d5332583f7e0ce0a758242292ff1244bc082b73d661935647e583e2ebcd8d5058df413e SHA512 95f0b0225e96386f06f5f869203163a201af3ac5c1a4fa8bd30779b9f55290e1a5b63fa49e2efafa1a51476bad1acf258b1f37f56a4bdc3935f9fe5928cbc1f7 +DIST Linux-PAM-1.5.1.tar.xz 972964 BLAKE2B a1714569587a383fa8211b23765c66b08b18dc2808c1521a904171dc2886cced56e9afa27408e8a9d5eec6226b31390dc8f14434071370f4e1147c77ce8b36ac SHA512 1db091fc43b934dde220f1b85f35937fbaa0a3feec699b2e597e2cdf0c3ce11c17d36d2286d479c9eed24e8ca3ca6233214e4dff256db47249e358c01d424837 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.2.1-locked-accounts.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.2.1-locked-accounts.patch deleted file mode 100644 index 455b7bfb85..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.2.1-locked-accounts.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -ur Linux-PAM-1.2.1.orig/modules/pam_unix/pam_unix_acct.c Linux-PAM-1.2.1/modules/pam_unix/pam_unix_acct.c ---- Linux-PAM-1.2.1.orig/modules/pam_unix/pam_unix_acct.c 2015-03-24 05:02:32.000000000 -0700 -+++ Linux-PAM-1.2.1/modules/pam_unix/pam_unix_acct.c 2016-04-05 12:48:08.344913637 -0700 -@@ -219,6 +219,9 @@ - return retval; - } - -+ if (pwent->pw_passwd != NULL && pwent->pw_passwd[0] == '!') -+ return PAM_PERM_DENIED; -+ - if (retval == PAM_SUCCESS && spent == NULL) - return PAM_SUCCESS; - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/tmpfiles.d/pam.conf b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/tmpfiles.d/pam.conf deleted file mode 100644 index d37448107c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/tmpfiles.d/pam.conf +++ /dev/null @@ -1,11 +0,0 @@ -d /etc/pam.d 0755 root root - - -d /etc/security 0755 root root - - -d /etc/security/limits.d 0755 root root - - -d /etc/security/namespace.d 0755 root root - - -f /etc/environment 0755 root root - - -L /etc/security/access.conf - - - - ../../usr/lib/pam/access.conf -L /etc/security/group.conf - - - - ../../usr/lib/pam/group.conf -L /etc/security/limits.conf - - - - ../../usr/lib/pam/limits.conf -L /etc/security/namespace.conf - - - - ../../usr/lib/pam/namespace.conf -L /etc/security/pam_env.conf - - - - ../../usr/lib/pam/pam_env.conf -L /etc/security/time.conf - - - - ../../usr/lib/pam/time.conf diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/metadata.xml index 2933b7ddf8..c172b5d303 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/metadata.xml @@ -1,29 +1,30 @@ - - pam-bugs@gentoo.org - - - - Build the pam_userdb module, that allows to authenticate users - against a Berkeley DB file. Please note that enabling this USE - flag will create a PAM module that links to the Berkeley DB (as - provided by sys-libs/db) installed in /usr/lib and - will thus not work for boot-critical services authentication. - + + zlogene@gentoo.org + Mikle Kolyada + + + + Build the pam_userdb module, that allows to authenticate users + against a Berkeley DB file. Please note that enabling this USE + flag will create a PAM module that links to the Berkeley DB (as + provided by sys-libs/db) installed in /usr/lib and + will thus not work for boot-critical services authentication. + - - Build the pam_cracklib module, that allows to verify the chosen - passwords' strength through the use of - sys-libs/cracklib. Please note that simply enabling - the USE flag on this package will not make use of pam_cracklib - by default, you should also enable it in - sys-auth/pambase as well as update your configuration - files. - - - - cpe:/a:kernel:linux-pam - + + Build the pam_cracklib module, that allows to verify the chosen + passwords' strength through the use of + sys-libs/cracklib. Please note that simply enabling + the USE flag on this package will not make use of pam_cracklib + by default, you should also enable it in + sys-auth/pambase as well as update your configuration + files. + + + + cpe:/a:kernel:linux-pam + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.2.1-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.2.1-r1.ebuild deleted file mode 100644 index dfc9a84d29..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.2.1-r1.ebuild +++ /dev/null @@ -1,188 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 - -inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use systemd - -MY_PN="Linux-PAM" -MY_P="${MY_PN}-${PV}" - -DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" -HOMEPAGE="http://www.linux-pam.org/ https://fedorahosted.org/linux-pam/" -SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2 - http://www.linux-pam.org/documentation/${MY_PN}-1.2.0-docs.tar.bz2" - -LICENSE="|| ( BSD GPL-2 )" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~ia64-linux ~x86-linux" -IUSE="audit berkdb cracklib debug nis nls +pie selinux test vim-syntax" - -RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] ) - cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] ) - audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) - selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) - berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] ) - nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND} - >=sys-devel/libtool-2 - >=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}] - nls? ( sys-devel/gettext ) - nis? ( >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] )" -PDEPEND="sys-auth/pambase - vim-syntax? ( app-vim/pam-syntax )" -RDEPEND="${RDEPEND} - !/dev/null | fgrep -q pam_stack.so; then - eerror "" - eerror "Your current setup is using the pam_stack module." - eerror "This module is deprecated and no longer supported, and since version" - eerror "0.99 is no longer installed, nor provided by any other package." - eerror "The package will be built (to allow binary package builds), but will" - eerror "not be installed." - eerror "Please replace pam_stack usage with proper include directive usage," - eerror "following the PAM Upgrade guide at the following URL" - eerror " https://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml" - eerror "" - - retval=1 - fi - - if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then - eerror "" - eerror "Your current setup is using one or more of the following modules," - eerror "that are not built or supported anymore:" - eerror "pam_pwdb, pam_console" - eerror "If you are in real need for these modules, please contact the maintainers" - eerror "of PAM through https://bugs.gentoo.org/ providing information about its" - eerror "use cases." - eerror "Please also make sure to read the PAM Upgrade guide at the following URL:" - eerror " https://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml" - eerror "" - - retval=1 - fi - - return ${retval} -} - -pkg_pretend() { - # do not error out, this is just a warning, one could build a binpkg - # with old modules enabled. - check_old_modules -} - -src_unpack() { - # Upstream didn't release a new doc tarball (since nothing changed?). - unpack ${MY_PN}-1.2.0-docs.tar.bz2 - mv Linux-PAM-1.2.{0,1} || die - unpack ${MY_P}.tar.bz2 -} - -src_prepare() { - epatch "${FILESDIR}"/pam-1.2.1-locked-accounts.patch - elibtoolize -} - -multilib_src_configure() { - # Do not let user's BROWSER setting mess us up. #549684 - unset BROWSER - - # Disable automatic detection of libxcrypt; we _don't_ want the - # user to link libxcrypt in by default, since we won't track the - # dependency and allow to break PAM this way. - export ac_cv_header_xcrypt_h=no - - local myconf=( - --docdir='$(datarootdir)'/doc/${PF} - --htmldir='$(docdir)/html' - --libdir='$(prefix)'/$(get_libdir) - --enable-securedir="${EPREFIX}"/$(get_libdir)/security - --enable-isadir='.' #464016 - $(use_enable nls) - $(use_enable selinux) - $(use_enable cracklib) - $(use_enable audit) - $(use_enable debug) - $(use_enable berkdb db) - $(use_enable nis) - $(use_enable pie) - --with-db-uniquename=-$(db_findver sys-libs/db) - --disable-prelude - ) - - ECONF_SOURCE=${S} \ - econf "${myconf[@]}" -} - -multilib_src_compile() { - emake sepermitlockdir="${EPREFIX}/run/sepermit" -} - -multilib_src_install() { - emake SCONFIGDIR="/usr/lib/pam/" DESTDIR="${D}" install \ - sepermitlockdir="${EPREFIX}/run/sepermit" - rm "${D}/etc/environment" - systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/pam.conf" -} - -DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS ) - -multilib_src_install_all() { - einstalldocs - prune_libtool_files --all - - # Need to be suid - fperms 4711 /sbin/unix_chkpwd - - docinto modules - local dir - for dir in modules/pam_*; do - newdoc "${dir}"/README README."$(basename "${dir}")" - done - - if use selinux; then - dodir /usr/lib/tmpfiles.d - cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf < tmpfiles -> systemd -> pam dependency loop + + dodir /usr/lib/tmpfiles.d + + cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_ + d /run/faillock 0755 root root + _EOF_ + use selinux && cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-selinux.conf <<-_EOF_ + d /run/sepermit 0755 root root + _EOF_ + + local page + + for page in doc/man/*.{3,5,8} modules/*/*.{5,8} ; do + doman ${page} + done +} + +pkg_postinst() { + ewarn "Some software with pre-loaded PAM libraries might experience" + ewarn "warnings or failures related to missing symbols and/or versions" + ewarn "after any update. While unfortunate this is a limit of the" + ewarn "implementation of PAM and the software, and it requires you to" + ewarn "restart the software manually after the update." + ewarn "" + ewarn "You can get a list of such software running a command like" + ewarn " lsof / | egrep -i 'del.*libpam\\.so'" + ewarn "" + ewarn "Alternatively, simply reboot your system." + + # The pam_unix module needs to check the password of the user which requires + # read access to /etc/shadow only. + fcaps cap_dac_override sbin/unix_chkpwd +} From e13fd9d00b7f10ca869f0ec23d3cf187bfaa2ad4 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Sat, 22 Aug 2020 13:05:10 +0200 Subject: [PATCH 02/14] sys-libs/pam: Add a comment about a base version of the recipe --- .../third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild index f9d428c8af..43f14c3d0e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild @@ -1,6 +1,10 @@ # Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 +# Flatcar: Based on pam-1.5.1.ebuild from commit +# 6acd106320ca6adf73a4a6607e4daa2b5cea8e30 in gentoo repo (see +# https://gitweb.gentoo.org/repo/gentoo.git/plain/sys-libs/pam/pam-1.5.1.ebuild?id=6acd106320ca6adf73a4a6607e4daa2b5cea8e30). + EAPI=7 MY_P="Linux-${PN^^}-${PV}" From 77d03afebfc583782f04cd0fa89b7cab2094a48f Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Tue, 18 Aug 2020 21:25:19 +0200 Subject: [PATCH 03/14] sys-libs/pam: Locked accounts functionality --- .../pam/files/pam-1.5.0-locked-accounts.patch | 13 +++++++++++++ .../coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild | 1 + 2 files changed, 14 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.5.0-locked-accounts.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.5.0-locked-accounts.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.5.0-locked-accounts.patch new file mode 100644 index 0000000000..a58d3eb28c --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.5.0-locked-accounts.patch @@ -0,0 +1,13 @@ +diff -ur linux-pam-d5cb4409ab6b04a6ed7c00245e2c9a430f352b16.orig/modules/pam_unix/support.c linux-pam-d5cb4409ab6b04a6ed7c00245e2c9a430f352b16/modules/pam_unix/support.c +--- linux-pam-d5cb4409ab6b04a6ed7c00245e2c9a430f352b16.orig/modules/pam_unix/support.c 2020-08-18 20:50:27.226355628 +0200 ++++ linux-pam-d5cb4409ab6b04a6ed7c00245e2c9a430f352b16/modules/pam_unix/support.c 2020-08-18 20:51:20.456212931 +0200 +@@ -847,6 +847,9 @@ + return retval; + } + ++ if (pwent->pw_passwd != NULL && pwent->pw_passwd[0] == '!') ++ return PAM_PERM_DENIED; ++ + if (retval == PAM_SUCCESS && spent == NULL) + return PAM_SUCCESS; + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild index 43f14c3d0e..61ef08deb3 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild @@ -48,6 +48,7 @@ S="${WORKDIR}/${MY_P}" src_prepare() { default touch ChangeLog || die + epatch "${FILESDIR}"/pam-1.5.0-locked-accounts.patch eautoreconf } From 660d0f310b42d7eb41cd9fe451cb729a822222c7 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Tue, 18 Aug 2020 21:26:20 +0200 Subject: [PATCH 04/14] sys-libs/pam: Install configuration into /usr Also provide a tmpfiles fragment to bring it back. --- .../sys-libs/pam/files/tmpfiles.d/pam.conf | 11 +++++++++++ .../coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild | 7 ++++--- 2 files changed, 15 insertions(+), 3 deletions(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/tmpfiles.d/pam.conf diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/tmpfiles.d/pam.conf b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/tmpfiles.d/pam.conf new file mode 100644 index 0000000000..d37448107c --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/tmpfiles.d/pam.conf @@ -0,0 +1,11 @@ +d /etc/pam.d 0755 root root - - +d /etc/security 0755 root root - - +d /etc/security/limits.d 0755 root root - - +d /etc/security/namespace.d 0755 root root - - +f /etc/environment 0755 root root - - +L /etc/security/access.conf - - - - ../../usr/lib/pam/access.conf +L /etc/security/group.conf - - - - ../../usr/lib/pam/group.conf +L /etc/security/limits.conf - - - - ../../usr/lib/pam/limits.conf +L /etc/security/namespace.conf - - - - ../../usr/lib/pam/namespace.conf +L /etc/security/pam_env.conf - - - - ../../usr/lib/pam/pam_env.conf +L /etc/security/time.conf - - - - ../../usr/lib/pam/time.conf diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild index 61ef08deb3..1ffa235a55 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild @@ -9,7 +9,7 @@ EAPI=7 MY_P="Linux-${PN^^}-${PV}" -inherit autotools db-use fcaps toolchain-funcs usr-ldscript multilib-minimal +inherit autotools db-use fcaps toolchain-funcs multilib-minimal DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" HOMEPAGE="https://github.com/linux-pam/linux-pam" @@ -83,6 +83,7 @@ multilib_src_configure() { $(use_enable pie) $(use_enable selinux) --enable-isadir='.' #464016 + --enable-sconfigdir="/usr/lib/pam/" ) ECONF_SOURCE="${S}" econf "${myconf[@]}" } @@ -94,8 +95,6 @@ multilib_src_compile() { multilib_src_install() { emake DESTDIR="${D}" install \ sepermitlockdir="${EPREFIX}/run/sepermit" - - gen_usr_ldscript -a pam pam_misc pamc } multilib_src_install_all() { @@ -106,6 +105,8 @@ multilib_src_install_all() { dodir /usr/lib/tmpfiles.d + rm "${D}/etc/environment" + cp "${FILESDIR}/tmpfiles.d/pam.conf" "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}-config.conf cat ->> "${D}"/usr/lib/tmpfiles.d/${CATEGORY}-${PN}.conf <<-_EOF_ d /run/faillock 0755 root root _EOF_ From a0156ce75657c02894df76269fe06819ee3af0c8 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Sat, 22 Aug 2020 17:07:26 +0200 Subject: [PATCH 05/14] sys-libs/pam: Make /sbin/unix_chkpwd suid This is to avoid importing fcaps eclass which adds a dependency on sys-libs/libcap, which in turn depends on sys-libs/pam. To get out of this conundrum, we could specify a "-filecaps" use flag for sys-libs/pam. Problem with this solution would be no capability override for the binary making it unable to read /etc/shadow. Thus we make the binary suid. This is strictly less secure than overriding its capabilities, but I have no idea how to solve it in a less hacky way. --- .../coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild index 1ffa235a55..09f245e23f 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild @@ -9,7 +9,7 @@ EAPI=7 MY_P="Linux-${PN^^}-${PV}" -inherit autotools db-use fcaps toolchain-funcs multilib-minimal +inherit autotools db-use toolchain-funcs multilib-minimal DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" HOMEPAGE="https://github.com/linux-pam/linux-pam" @@ -100,6 +100,12 @@ multilib_src_install() { multilib_src_install_all() { find "${ED}" -type f -name '*.la' -delete || die + # Flatcar: The pam_unix module needs to check the password of + # the user which requires read access to /etc/shadow + # only. Make it suid instead of using CAP_DAC_OVERRIDE to + # avoid a pam -> libcap -> pam dependency loop. + fperms 4711 /sbin/unix_chkpwd + # tmpfiles.eclass is impossible to use because # there is the pam -> tmpfiles -> systemd -> pam dependency loop @@ -132,8 +138,4 @@ pkg_postinst() { ewarn " lsof / | egrep -i 'del.*libpam\\.so'" ewarn "" ewarn "Alternatively, simply reboot your system." - - # The pam_unix module needs to check the password of the user which requires - # read access to /etc/shadow only. - fcaps cap_dac_override sbin/unix_chkpwd } From 035c9ad5ce9f4a794afbdfe9da148a72a5fcf1fe Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Tue, 18 Aug 2020 21:46:49 +0200 Subject: [PATCH 06/14] sys-libs/pam: Add README.md --- .../coreos-overlay/sys-libs/pam/README.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/pam/README.md diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/README.md b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/README.md new file mode 100644 index 0000000000..9500945b40 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/README.md @@ -0,0 +1,21 @@ +This is a fork of gentoo's sys-libs/pam package. The main reasons +for having our fork seem to be: + +1. We add a locked account functionality. If the account in + `/etc/shadow` has an exclamation mark (`!`) as a first character in + the password field, then the account is blocked. + +2. We install configuration in `/usr/lib/pam`, so the configuration in + `/etc` provided by administration can override the config we + install. + +3. For an unknown reason we drop `gen_usr_ldscript -a pam pam_misc + pamc` from the recipe. + +4. We make the `/sbin/unix_chkpwd` binary a suid one instead of + overriding giving it a CAP_DAC_OVERRIDE to avoid a dependency loop + between pam and libcap. The binary needs to be able to read + /etc/shadow, so either suid or CAP_DAC_OVERRIDE capability should + work. A suid binary is strictly less secure than capability + override, so in long-term we would prefer to avoid having this + hack. On the other hand - this is what we had so far. From aec4bfa44fea381efdfd51248ae643afb0456968 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 19 Aug 2020 15:10:38 +0200 Subject: [PATCH 07/14] sys-auth/pambase: Update stub version The version now matches what is in Gentoo, despite being almost, but not quite, entirely unlike upstream recipe. The rename is needed, because some packages may depend on a newer pambase after they are updated. --- .../pambase/{pambase-20150213.ebuild => pambase-20200817.ebuild} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/{pambase-20150213.ebuild => pambase-20200817.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/pambase-20150213.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/pambase-20200817.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/pambase-20150213.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/pambase-20200817.ebuild From be676d7d132f8587514dac03948a2c0590686e9c Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 19 Aug 2020 15:19:33 +0200 Subject: [PATCH 08/14] sys-auth/pambase: Bump dep versions --- .../coreos-overlay/sys-auth/pambase/pambase-20200817.ebuild | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/pambase-20200817.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/pambase-20200817.ebuild index 3e868f2503..3969f662e0 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/pambase-20200817.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/pambase-20200817.ebuild @@ -12,6 +12,6 @@ SLOT="0" KEYWORDS="amd64 arm arm64 x86" IUSE="" -RDEPEND=">=sys-apps/baselayout-3.1 - >=sys-libs/pam-1.2" +RDEPEND=">=sys-apps/baselayout-3.6 + >=sys-libs/pam-1.4" DEPEND="" From 34d4663480251477849a60236ed193ea720b4481 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 19 Aug 2020 15:19:48 +0200 Subject: [PATCH 09/14] sys-auth/pambase: Add README.md --- .../coreos-overlay/sys-auth/pambase/README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/README.md diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/README.md b/sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/README.md new file mode 100644 index 0000000000..4b3cb979e1 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/README.md @@ -0,0 +1,10 @@ +This is a not-really-a-fork of gentoo's `sys-auth/pambase` +package. The main reasons for having it in `coreos-overlay` are: + +1. The `sys-apps/baselayout` package replaced it, so this package + became a stub. + +2. The stub is needed for compatibility with gentoo packages that + depend on pambase. When updating some package that depends on a + greater version of pambase than this stub provides, simply bump the + version of the the stub, so the dependency can be satisfied. From dcb37a9320f13c543bdb73d6795a50f3192b10ae Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 21 Aug 2020 18:13:52 +0200 Subject: [PATCH 10/14] app-emulation/open-vm-tools: Update a comment about pam We are getting rid of the virtual/pam package. The package provided a dependency on one of pam or openpam. It looks like Gentoo dropped openpam, making virtual/pam unnecessary. Also, existence of virtual/pam causes some circular dependencies to manifest during emerging. This package does not depend on virtual/pam outright, but let's avoid having an out-of-date comment. --- .../app-emulation/open-vm-tools/open-vm-tools-11.2.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/open-vm-tools/open-vm-tools-11.2.0.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/open-vm-tools/open-vm-tools-11.2.0.ebuild index b9263723bf..bc04e60b8f 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/open-vm-tools/open-vm-tools-11.2.0.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/open-vm-tools/open-vm-tools-11.2.0.ebuild @@ -23,7 +23,7 @@ DEPEND="dev-libs/glib:2 # Runtime dependencies provided by CoreOS, not the OEM: # dev-libs/glib:2 # sys-apps/ethtool -# pam? ( virtual/pam ) +# pam? ( sys-libs/pam ) RDEPEND="dnet? ( dev-libs/libdnet ) deploypkg? ( dev-libs/libmspack )" From f8db3e5f921db3f0468c5903e599da96655cd73d Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 21 Aug 2020 18:23:17 +0200 Subject: [PATCH 11/14] sys-auth/google-oslogin: Replace virtual/pam with sys-libs/pam We are getting rid of the virtual/pam package. The package provided a dependency on one of pam or openpam. It looks like Gentoo dropped openpam, making virtual/pam unnecessary. Also, existence of virtual/pam causes some circular dependencies to manifest during emerging. --- .../sys-auth/google-oslogin/google-oslogin-20200910.00.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20200910.00.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20200910.00.ebuild index 101ca35363..2bd73aa310 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20200910.00.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20200910.00.ebuild @@ -17,7 +17,7 @@ inherit pam toolchain-funcs DEPEND=" net-misc/curl[ssl] dev-libs/json-c - virtual/pam + sys-libs/pam " RDEPEND="${DEPEND}" From 5515bbfefb374b4de73b914810cd7472e94cd69e Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 21 Aug 2020 18:24:03 +0200 Subject: [PATCH 12/14] sys-auth/polkit: Replace virtual/pam with sys-libs/pam We are getting rid of the virtual/pam package. The package provided a dependency on one of pam or openpam. It looks like Gentoo dropped openpam, making virtual/pam unnecessary. Also, existence of virtual/pam causes some circular dependencies to manifest during emerging. --- .../coreos-overlay/sys-auth/polkit/polkit-0.113-r5.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.113-r5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.113-r5.ebuild index 4740f5f6a9..dee08f002b 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.113-r5.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.113-r5.ebuild @@ -20,7 +20,7 @@ CDEPEND=" >=dev-libs/expat-2:= pam? ( sys-auth/pambase - virtual/pam + sys-libs/pam ) systemd? ( sys-apps/systemd:0= ) " From 57e725117f228330a5b821a84c231f00cfa8dd09 Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Mon, 7 Dec 2020 17:08:09 +0100 Subject: [PATCH 13/14] sys-libs/pam: use PATCHES for third-party patches We should use PATCHES for the list of third-party patches, especially for EAPI=7. --- .../third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild index 09f245e23f..94e79afec1 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild @@ -43,12 +43,15 @@ RDEPEND="${DEPEND}" PDEPEND=">=sys-auth/pambase-20200616" +PATCHES=( + "${FILESDIR}"/pam-1.5.0-locked-accounts.patch +) + S="${WORKDIR}/${MY_P}" src_prepare() { default touch ChangeLog || die - epatch "${FILESDIR}"/pam-1.5.0-locked-accounts.patch eautoreconf } From 018f7dc11e1d0ca67e89cabe12b052109030e2cf Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Mon, 7 Dec 2020 15:55:52 +0100 Subject: [PATCH 14/14] sys-apps/baselayout: fix auth issue with pam 1.4 Without the fix, no ssh login works, no console login works. --- .../{baselayout-3.6.8.ebuild => baselayout-3.6.8-r1.ebuild} | 0 .../coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/{baselayout-3.6.8.ebuild => baselayout-3.6.8-r1.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.6.8.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.6.8-r1.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.6.8.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.6.8-r1.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild index b0ee3e1634..388f8e870d 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild @@ -9,7 +9,7 @@ CROS_WORKON_REPO="git://github.com" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm ~arm64 ~x86" else - CROS_WORKON_COMMIT="caa00726cc26b75ff6056df56d497a036c52a91e" # flatcar-master + CROS_WORKON_COMMIT="b989f2c9619919495a1e9c0e40f3134a7fe0394c" # flatcar-master KEYWORDS="amd64 arm arm64 x86" fi