summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-08-08 13:49:04 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2015-08-08 17:38:18 -0700
commit56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree3f91093cdb475e565ae857f1c5a7fd339e2d781e /sys-libs/pam
downloadgentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'sys-libs/pam')
-rw-r--r--sys-libs/pam/Manifest9
-rw-r--r--sys-libs/pam/files/Linux-PAM-1.1.5+glibc-2.16.patch20
-rw-r--r--sys-libs/pam/files/Linux-PAM-1.1.6+glibc-2.16.patch29
-rw-r--r--sys-libs/pam/files/Linux-PAM-1.1.6-destdir.patch48
-rw-r--r--sys-libs/pam/files/pam-1.1.8-CVE-2013-7041.patch54
-rw-r--r--sys-libs/pam/files/pam-1.1.8-CVE-2014-2583.patch58
-rw-r--r--sys-libs/pam/files/pam-1.1.8-doc-install.patch142
-rw-r--r--sys-libs/pam/metadata.xml32
-rw-r--r--sys-libs/pam/pam-1.1.5.ebuild186
-rw-r--r--sys-libs/pam/pam-1.1.6-r2.ebuild197
-rw-r--r--sys-libs/pam/pam-1.1.8-r1.ebuild183
-rw-r--r--sys-libs/pam/pam-1.1.8-r2.ebuild198
-rw-r--r--sys-libs/pam/pam-1.1.8-r3.ebuild195
-rw-r--r--sys-libs/pam/pam-1.1.8.ebuild181
-rw-r--r--sys-libs/pam/pam-1.2.0.ebuild194
-rw-r--r--sys-libs/pam/pam-1.2.1-r1.ebuild202
-rw-r--r--sys-libs/pam/pam-1.2.1.ebuild201
17 files changed, 2129 insertions, 0 deletions
diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
new file mode 100644
index 00000000000..8cc152f7dfd
--- /dev/null
+++ b/sys-libs/pam/Manifest
@@ -0,0 +1,9 @@
+DIST Linux-PAM-1.1.5-docs.tar.bz2 498228 SHA256 e4b10ffebe2e5cc355bd37c4e17a2288eb90d1396b06961738a7e7ef848c754c SHA512 6209b3d1936e0c0aef3a7bf24d497b867995261ad227f7d0c4b28796c0b1f9262c99e3e12d7e1d37e286af39367f6e2d79e06915dff77c65b547d62ee8772c5b WHIRLPOOL a26c778be99b21c6701260871ffd7348f7a302c5e4358b8419e9436131b83650bdf0f5bc1d845dba419bab6c50c89733bea4518f619b7b75d66b2f02408c3df1
+DIST Linux-PAM-1.1.5.tar.bz2 1123524 SHA256 65def4df04254dc4c5156859d36c34ad6d7afbcf3adbf2780530ebc4dbf2a116 SHA512 c898c3db3da1856b1b16c2bfe19963c30696345982253888c2edf85317cf82ab4daaf9d105a162975d4cfd818b7bbca3d0e63ea7267af435e8f88b8fdc83ddd0 WHIRLPOOL 29ad881f6b1d908fb84e8d5802cceff70838bd0e29f6c700ad64d3c5d43c189f0c122fdddfa4333f008a8ef2828bb0e2fd68cdd479b43efac9456b6d6a5bb25a
+DIST Linux-PAM-1.1.6-docs.tar.bz2 147359 SHA256 0244321b1c4b8a71064d984880566890cc809b1c77bdd0550f121fa7d8450497 SHA512 f158116c2a3d604a9195d96263f094a1c9c0e2ba78b54e0f8a92bfa73955d8cec36d68b985eb70f1bf0958fc54be5590b61669b3b777ba6bd2138bc156cec782 WHIRLPOOL 73b42d795b3ca06c3a22ea8a91258da9bd4662e72de8a72751eec3824524a44e13dbc13a7c0e79256429f583d21c2764512363921d5709e61752e391f8227577
+DIST Linux-PAM-1.1.6.tar.bz2 1147538 SHA256 bab887d6280f47fc3963df3b95735a27a16f0f663636163ddf3acab5f1149fc2 SHA512 f68e3a0d648441eef7589efe0fad65c621d030a9425635f461f2882a5129240830a55d5a5b81d02b439c633870a96f61b4c4dea22d0eacfdd583f4fac353928a WHIRLPOOL 619214ecf859e1fc4e6f59e37045e370b98bae57ceeaed3f6a5e0732fc0caba41c040bea926830b678f6e5c243d73a607daea438f55cf28d339ce458eded7db5
+DIST Linux-PAM-1.1.8-docs.tar.bz2 147887 SHA256 c4bb6a0e8307d2ab5611457fecf20fcbd6cdfff51dea524f0f06c74e4f3b4ff8 SHA512 36aa99996f8cc0640686d2af40845e18ad4b48183f18de9e1495427550ad5b61e2f59e25f6d5e8df1277cd3f171fd69bf6c49fe7c5b31f0b290e3641b65521e8 WHIRLPOOL c4b373e59fac30a29c2b16f01419492c72fae2ceb15b157418bba4899b75cf4b97bac4559b688ef8d5a231cc972f72654c4e10d63a0b72a0d6573388f7125f87
+DIST Linux-PAM-1.1.8.tar.bz2 1148944 SHA256 c4b1f23a236d169e2496fea20721578d864ba00f7242d2b41d81050ac87a1e55 SHA512 245785ab4e187ceaab6393967352c8d2a2319c64e1e83285d0251cc02995dc2edab8e3001301b6d9f6774c441b7557d9caf4dfdf94c7cd5d44aa53ae759d9e5d WHIRLPOOL b4ec7baeb57b9d987086fe3e007e08e8b9c92b2ff86a94f8003a87c8448925835808661cd719d2445570aa8dd1c20fcbbe8bd465d73f4af8cd7edde0f650a734
+DIST Linux-PAM-1.2.0-docs.tar.bz2 490586 SHA256 3bc9ae398f759e372dbf4065ceed2df8b1ac5ab62c6688cb5f7849ce773df2c3 SHA512 028b7f9d6b0a5cf38f063e0f82ac3d0955e1e41d77c9f3fc803363d9ea710d71366e0a91f31b418cac397bb6639442de908fa00f02cd94cf612496d1b43c7e4c WHIRLPOOL 9a329b610d840c904050b2261e5ce34ac54232b0c7d51c12ee45c9e758ab6659ea8562e032fa9815c2beab0cfa1ea455dbfbf3cdef39d30d299a8bc5286f7a14
+DIST Linux-PAM-1.2.0.tar.bz2 1278831 SHA256 cd8beac5961e942e9c73b32a3cd1a3457755f8fb35d07c9ec64511e19e135ea4 SHA512 26b9ec0f8c7fcc00a04696a2208fc00dabb070593f1a420c81e2855cd2eb26ebcc993f80ccbb6a2aac88dd402b670e7800e1722c56451dfc71521c76a2f0bf9a WHIRLPOOL b3327394bb99ff02d9efba43655a2f5bfd4acbf0c75630fde19634ff575cce3fef614c188d538529673526fd88488a5493b19af30c6f69064824cbc1aad3d766
+DIST Linux-PAM-1.2.1.tar.bz2 1279523 SHA256 342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 SHA512 4572aa1eaf5a1312410c74b5ed055b2592c5efe2bb82f59981da4e9e93555ad40aee3a89f446d9dc6c6af79efc04c33f739f66db9edc07e02479475a14e426da WHIRLPOOL 562917945b3b3a407955cc5bf5cd251ff7e257a94055d7cfbf06d5c2619b58d61624f16848de3512ddf61636ad8618315de3f7bd8e4e51b3b7d109adfa212c8a
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.5+glibc-2.16.patch b/sys-libs/pam/files/Linux-PAM-1.1.5+glibc-2.16.patch
new file mode 100644
index 00000000000..114d3e47008
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.1.5+glibc-2.16.patch
@@ -0,0 +1,20 @@
+--- a/modules/pam_unix/pam_unix_acct.c 2011-06-21 11:04:56.000000000 +0200
++++ b/modules/pam_unix/pam_unix_acct.c 2012-07-05 16:04:35.643727485 +0200
+@@ -41,6 +41,7 @@
+ #include <string.h>
+ #include <unistd.h>
+ #include <sys/types.h>
++#include <sys/resource.h>
+ #include <syslog.h>
+ #include <pwd.h>
+ #include <shadow.h>
+--- a/modules/pam_unix/pam_unix_passwd.c 2012-07-16 11:49:25.954638105 -0500
++++ b/modules/pam_unix/pam_unix_passwd.c 2012-07-16 11:50:04.408635441 -0500
+@@ -46,6 +46,7 @@
+ #include <unistd.h>
+ #include <errno.h>
+ #include <sys/types.h>
++#include <sys/resource.h>
+ #include <pwd.h>
+ #include <syslog.h>
+ #include <shadow.h>
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.6+glibc-2.16.patch b/sys-libs/pam/files/Linux-PAM-1.1.6+glibc-2.16.patch
new file mode 100644
index 00000000000..cddda35fbeb
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.1.6+glibc-2.16.patch
@@ -0,0 +1,29 @@
+From 18da0c4763f5e079f8b2df45fa462b0b70b6fd3a Mon Sep 17 00:00:00 2001
+From: "Jory A. Pratt" <anarchy@gentoo.org>
+Date: Sun, 7 Oct 2012 11:44:17 -0700
+Subject: [PATCH] Fix building with GLIBC 2.16 and SELinux.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+
+Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
+---
+ modules/pam_unix/pam_unix_passwd.c | 1 +
+ 1 file modificato, 1 inserzione(+)
+
+diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
+index 9e1302d..b5f5ae9 100644
+--- a/modules/pam_unix/pam_unix_passwd.c
++++ b/modules/pam_unix/pam_unix_passwd.c
+@@ -46,6 +46,7 @@
+ #include <unistd.h>
+ #include <errno.h>
+ #include <sys/types.h>
++#include <sys/resource.h>
+ #include <pwd.h>
+ #include <syslog.h>
+ #include <shadow.h>
+--
+1.7.12
+
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.6-destdir.patch b/sys-libs/pam/files/Linux-PAM-1.1.6-destdir.patch
new file mode 100644
index 00000000000..6859ccb60d3
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.1.6-destdir.patch
@@ -0,0 +1,48 @@
+From d7e6b921cd34f7ad8fc4d05065c75d13ba330896 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Fri, 17 Aug 2012 14:46:40 +0200
+Subject: [PATCH] Add missing $(DESTDIR) when making directories on install.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+modules/pam_namespace/Makefile.am: Add missing $(DESTDIR) when making
+$(namespaceddir) on install.
+modules/pam_sepermit/Makefile.am: Add missing $(DESTDIR) when making
+$(sepermitlockdir) on install.
+
+Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
+---
+ modules/pam_namespace/Makefile.am | 2 +-
+ modules/pam_sepermit/Makefile.am | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am
+index a28f196..ebb00f3 100644
+--- a/modules/pam_namespace/Makefile.am
++++ b/modules/pam_namespace/Makefile.am
+@@ -40,7 +40,7 @@ if HAVE_UNSHARE
+ secureconf_SCRIPTS = namespace.init
+
+ install-data-local:
+- mkdir -p $(namespaceddir)
++ mkdir -p $(DESTDIR)$(namespaceddir)
+ endif
+
+
+diff --git a/modules/pam_sepermit/Makefile.am b/modules/pam_sepermit/Makefile.am
+index cfc5594..bc82275 100644
+--- a/modules/pam_sepermit/Makefile.am
++++ b/modules/pam_sepermit/Makefile.am
+@@ -35,7 +35,7 @@ if HAVE_LIBSELINUX
+ securelib_LTLIBRARIES = pam_sepermit.la
+
+ install-data-local:
+- mkdir -p $(sepermitlockdir)
++ mkdir -p $(DESTDIR)$(sepermitlockdir)
+ endif
+ if ENABLE_REGENERATE_MAN
+ noinst_DATA = README pam_sepermit.8 sepermit.conf.5
+--
+1.7.8.6
+
diff --git a/sys-libs/pam/files/pam-1.1.8-CVE-2013-7041.patch b/sys-libs/pam/files/pam-1.1.8-CVE-2013-7041.patch
new file mode 100644
index 00000000000..338aa9695ae
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.1.8-CVE-2013-7041.patch
@@ -0,0 +1,54 @@
+https://bugs.gentoo.org/493432
+
+From 57a1e2b274d0a6376d92ada9926e5c5741e7da20 Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Fri, 24 Jan 2014 22:18:32 +0000
+Subject: [PATCH] pam_userdb: fix password hash comparison
+
+Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed
+passwords support in pam_userdb, hashes are compared case-insensitively.
+This bug leads to accepting hashes for completely different passwords in
+addition to those that should be accepted.
+
+Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for
+modern password hashes with different lengths and settings, did not
+update the hash comparison accordingly, which leads to accepting
+computed hashes longer than stored hashes when the latter is a prefix
+of the former.
+
+* modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed
+hash whose length differs from the stored hash length.
+Compare computed and stored hashes case-sensitively.
+Fixes CVE-2013-7041.
+
+Bug-Debian: http://bugs.debian.org/731368
+---
+ modules/pam_userdb/pam_userdb.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
+index de8b5b1..ff040e6 100644
+--- a/modules/pam_userdb/pam_userdb.c
++++ b/modules/pam_userdb/pam_userdb.c
+@@ -222,12 +222,15 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
+ } else {
+ cryptpw = crypt (pass, data.dptr);
+
+- if (cryptpw) {
+- compare = strncasecmp (data.dptr, cryptpw, data.dsize);
++ if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
++ compare = memcmp(data.dptr, cryptpw, data.dsize);
+ } else {
+ compare = -2;
+ if (ctrl & PAM_DEBUG_ARG) {
+- pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
++ if (cryptpw)
++ pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ");
++ else
++ pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
+ }
+ };
+
+--
+2.4.0
+
diff --git a/sys-libs/pam/files/pam-1.1.8-CVE-2014-2583.patch b/sys-libs/pam/files/pam-1.1.8-CVE-2014-2583.patch
new file mode 100644
index 00000000000..7965b77b048
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.1.8-CVE-2014-2583.patch
@@ -0,0 +1,58 @@
+https://bugs.gentoo.org/505604
+
+From 9dcead87e6d7f66d34e7a56d11a30daca367dffb Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Wed, 26 Mar 2014 22:17:23 +0000
+Subject: [PATCH] pam_timestamp: fix potential directory traversal issue
+ (ticket #27)
+
+pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of
+the timestamp pathname it creates, so extra care should be taken to
+avoid potential directory traversal issues.
+
+* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat
+"." and ".." tty values as invalid.
+(get_ruser): Treat "." and ".." ruser values, as well as any ruser
+value containing '/', as invalid.
+
+Fixes CVE-2014-2583.
+
+Reported-by: Sebastian Krahmer <krahmer@suse.de>
+---
+ modules/pam_timestamp/pam_timestamp.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
+index 5193733..b3f08b1 100644
+--- a/modules/pam_timestamp/pam_timestamp.c
++++ b/modules/pam_timestamp/pam_timestamp.c
+@@ -158,7 +158,7 @@ check_tty(const char *tty)
+ tty = strrchr(tty, '/') + 1;
+ }
+ /* Make sure the tty wasn't actually a directory (no basename). */
+- if (strlen(tty) == 0) {
++ if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) {
+ return NULL;
+ }
+ return tty;
+@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen)
+ if (pwd != NULL) {
+ ruser = pwd->pw_name;
+ }
++ } else {
++ /*
++ * This ruser is used by format_timestamp_name as a component
++ * of constructed timestamp pathname, so ".", "..", and '/'
++ * are disallowed to avoid potential path traversal issues.
++ */
++ if (!strcmp(ruser, ".") ||
++ !strcmp(ruser, "..") ||
++ strchr(ruser, '/')) {
++ ruser = NULL;
++ }
+ }
+ if (ruser == NULL || strlen(ruser) >= ruserbuflen) {
+ *ruserbuf = '\0';
+--
+2.4.0
+
diff --git a/sys-libs/pam/files/pam-1.1.8-doc-install.patch b/sys-libs/pam/files/pam-1.1.8-doc-install.patch
new file mode 100644
index 00000000000..bdd5b9d4816
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.1.8-doc-install.patch
@@ -0,0 +1,142 @@
+https://bugs.gentoo.org/473650
+https://fedorahosted.org/linux-pam/ticket/31
+
+fix doc installs when doing out of tree builds
+
+--- a/doc/adg/Makefile.in
++++ b/doc/adg/Makefile.in
+@@ -463,17 +463,17 @@ install-data-local:
+ $(mkinstalldirs) $(DESTDIR)$(docdir)
+ $(mkinstalldirs) $(DESTDIR)$(pdfdir)
+ $(mkinstalldirs) $(DESTDIR)$(htmldir)
+- test -f html/Linux-PAM_ADG.html || exit 0; \
++ test -f html/Linux-PAM_ADG.html -o -f $(srcdir)/html/Linux-PAM_ADG.html || exit 0; \
+ $(install_sh_DATA) html/Linux-PAM_ADG.html html/adg-*.html \
+ $(DESTDIR)$(htmldir)/ || \
+ $(install_sh_DATA) $(srcdir)/html/Linux-PAM_ADG.html \
+- $(srcdir)/html/sag-*.html \
++ $(srcdir)/html/adg-*.html \
+ $(DESTDIR)$(htmldir)/
+- test -f Linux-PAM_ADG.txt || exit 0; \
++ test -f Linux-PAM_ADG.txt -o -f $(srcdir)/Linux-PAM_ADG.txt || exit 0; \
+ $(install_sh_DATA) Linux-PAM_ADG.txt $(DESTDIR)$(docdir)/ || \
+ $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.txt \
+ $(DESTDIR)$(docdir)/
+- test -f Linux-PAM_ADG.pdf || exit 0; \
++ test -f Linux-PAM_ADG.pdf -o -f $(srcdir)/Linux-PAM_ADG.pdf || exit 0; \
+ $(install_sh_DATA) Linux-PAM_ADG.pdf $(DESTDIR)$(pdfdir)/ || \
+ $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.pdf \
+ $(DESTDIR)$(pdfdir)/
+@@ -486,18 +486,18 @@ uninstall-local:
+
+ releasedocs: all
+ $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html
+- test -f html/Linux-PAM_ADG.html || exit 0; \
++ test -f html/Linux-PAM_ADG.html -o -f $(srcdir)/html/Linux-PAM_ADG.html || exit 0; \
+ cp -ap html/Linux-PAM_ADG.html html/adg-*.html \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/ || \
+ cp -ap $(srcdir)/html/Linux-PAM_ADG.html \
+ $(srcdir)/html/adg-*.html \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/
+- test -f Linux-PAM_ADG.txt || exit 0; \
++ test -f Linux-PAM_ADG.txt -o -f $(srcdir)/Linux-PAM_ADG.txt || exit 0; \
+ cp -p Linux-PAM_ADG.txt \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \
+ cp -p $(srcdir)/Linux-PAM_ADG.txt \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/
+- test -f Linux-PAM_ADG.pdf || exit 0; \
++ test -f Linux-PAM_ADG.pdf -o -f $(srcdir)/Linux-PAM_ADG.pdf || exit 0; \
+ cp -p Linux-PAM_ADG.pdf \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \
+ cp -p $(srcdir)/Linux-PAM_ADG.pdf \
+--- a/doc/mwg/Makefile.in
++++ b/doc/mwg/Makefile.in
+@@ -463,17 +463,17 @@ install-data-local:
+ $(mkinstalldirs) $(DESTDIR)$(docdir)
+ $(mkinstalldirs) $(DESTDIR)$(pdfdir)
+ $(mkinstalldirs) $(DESTDIR)$(htmldir)
+- test -f html/Linux-PAM_MWG.html || exit 0; \
++ test -f html/Linux-PAM_MWG.html -o -f $(srcdir)/html/Linux-PAM_MWG.html || exit 0; \
+ $(install_sh_DATA) html/Linux-PAM_MWG.html html/mwg-*.html \
+ $(DESTDIR)$(htmldir)/ || \
+ $(install_sh_DATA) $(srcdir)/html/Linux-PAM_MWG.html \
+- $(srcdir)/html/sag-*.html \
++ $(srcdir)/html/mwg-*.html \
+ $(DESTDIR)$(htmldir)/
+- test -f Linux-PAM_MWG.txt || exit 0; \
++ test -f Linux-PAM_MWG.txt -o -f $(srcdir)/Linux-PAM_MWG.txt || exit 0; \
+ $(install_sh_DATA) Linux-PAM_MWG.txt $(DESTDIR)$(docdir)/ || \
+ $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.txt \
+ $(DESTDIR)$(docdir)/
+- test -f Linux-PAM_MWG.pdf || exit 0; \
++ test -f Linux-PAM_MWG.pdf -o -f $(srcdir)/Linux-PAM_MWG.pdf || exit 0; \
+ $(install_sh_DATA) Linux-PAM_MWG.pdf $(DESTDIR)$(pdfdir)/ || \
+ $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.pdf \
+ $(DESTDIR)$(pdfdir)/
+@@ -486,18 +486,18 @@ uninstall-local:
+
+ releasedocs: all
+ $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html
+- test -f html/Linux-PAM_MWG.html || exit 0; \
++ test -f html/Linux-PAM_MWG.html -o -f $(srcdir)/html/Linux-PAM_MWG.html || exit 0; \
+ cp -ap html/Linux-PAM_MWG.html html/mwg-*.html \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/ || \
+ cp -ap $(srcdir)/html/Linux-PAM_MWG.html \
+ $(srcdir)/html/mwg-*.html \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/
+- test -f Linux-PAM_MWG.txt || exit 0; \
++ test -f Linux-PAM_MWG.txt -o -f $(srcdir)/Linux-PAM_MWG.txt || exit 0; \
+ cp -p Linux-PAM_MWG.txt \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \
+ cp -p $(srcdir)/Linux-PAM_MWG.txt \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/
+- test -f Linux-PAM_MWG.pdf || exit 0; \
++ test -f Linux-PAM_MWG.pdf -o -f $(srcdir)/Linux-PAM_MWG.pdf || exit 0; \
+ cp -p Linux-PAM_MWG.pdf \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \
+ cp -p $(srcdir)/Linux-PAM_MWG.pdf \
+--- a/doc/sag/Makefile.in
++++ b/doc/sag/Makefile.in
+@@ -463,17 +463,17 @@ install-data-local:
+ $(mkinstalldirs) $(DESTDIR)$(docdir)
+ $(mkinstalldirs) $(DESTDIR)$(pdfdir)
+ $(mkinstalldirs) $(DESTDIR)$(htmldir)
+- test -f html/Linux-PAM_SAG.html || exit 0; \
++ test -f html/Linux-PAM_SAG.html -o -f $(srcdir)/html/Linux-PAM_SAG.html || exit 0; \
+ $(install_sh_DATA) html/Linux-PAM_SAG.html html/sag-*.html \
+ $(DESTDIR)$(htmldir)/ || \
+ $(install_sh_DATA) $(srcdir)/html/Linux-PAM_SAG.html \
+ $(srcdir)/html/sag-*.html \
+ $(DESTDIR)$(htmldir)/
+- test -f Linux-PAM_SAG.txt || exit 0; \
++ test -f Linux-PAM_SAG.txt -o -f $(srcdir)/Linux-PAM_SAG.txt || exit 0; \
+ $(install_sh_DATA) Linux-PAM_SAG.txt $(DESTDIR)$(docdir)/ || \
+ $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.txt \
+ $(DESTDIR)$(docdir)/
+- test -f Linux-PAM_SAG.pdf || exit 0; \
++ test -f Linux-PAM_SAG.pdf -o -f $(srcdir)/Linux-PAM_SAG.pdf || exit 0; \
+ $(install_sh_DATA) Linux-PAM_SAG.pdf $(DESTDIR)$(pdfdir)/ || \
+ $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.pdf \
+ $(DESTDIR)$(pdfdir)/
+@@ -486,18 +486,18 @@ uninstall-local:
+
+ releasedocs: all
+ $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html
+- test -f html/Linux-PAM_SAG.html || exit 0; \
++ test -f html/Linux-PAM_SAG.html -o -f $(srcdir)/html/Linux-PAM_SAG.html || exit 0; \
+ cp -ap html/Linux-PAM_SAG.html html/sag-*.html \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/ || \
+ cp -ap $(srcdir)/html/Linux-PAM_SAG.html \
+ $(srcdir)/html/sag-*.html \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/
+- test -f Linux-PAM_SAG.txt || exit 0; \
++ test -f Linux-PAM_SAG.txt -o -f $(srcdir)/Linux-PAM_SAG.txt || exit 0; \
+ cp -p Linux-PAM_SAG.txt \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \
+ cp -p $(srcdir)/Linux-PAM_SAG.txt \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/
+- test -f Linux-PAM_SAG.pdf || exit 0; \
++ test -f Linux-PAM_SAG.pdf -o -f $(srcdir)/Linux-PAM_SAG.pdf || exit 0; \
+ cp -p Linux-PAM_SAG.pdf \
+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \
+ cp -p $(srcdir)/Linux-PAM_SAG.pdf \
diff --git a/sys-libs/pam/metadata.xml b/sys-libs/pam/metadata.xml
new file mode 100644
index 00000000000..4ee5aecd2bb
--- /dev/null
+++ b/sys-libs/pam/metadata.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>pam</herd>
+ <maintainer>
+ <email>pam-bugs@gentoo.org</email>
+ </maintainer>
+ <use>
+ <flag name='audit'>Enable support for <pkg>sys-process/audit</pkg></flag>
+
+ <flag name="berkdb">
+ Build the pam_userdb module, that allows to authenticate users
+ against a Berkeley DB file. Please note that enabling this USE
+ flag will create a PAM module that links to the Berkeley DB (as
+ provided by <pkg>sys-libs/db</pkg>) installed in /usr/lib and
+ will thus not work for boot-critical services authentication.
+ </flag>
+
+ <flag name="cracklib">
+ Build the pam_cracklib module, that allows to verify the chosen
+ passwords' strength through the use of
+ <pkg>sys-libs/cracklib</pkg>. Please note that simply enabling
+ the USE flag on this package will not make use of pam_cracklib
+ by default, you should also enable it in
+ <pkg>sys-auth/pambase</pkg> as well as update your configuration
+ files.
+ </flag>
+ </use>
+ <upstream>
+ <remote-id type="cpe">cpe:/a:kernel:linux-pam</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-libs/pam/pam-1.1.5.ebuild b/sys-libs/pam/pam-1.1.5.ebuild
new file mode 100644
index 00000000000..da863addcd8
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.5.ebuild
@@ -0,0 +1,186 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+inherit libtool multilib eutils pam toolchain-funcs flag-o-matic db-use
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="https://fedorahosted.org/releases/l/i/linux-pam/${MY_P}.tar.bz2
+ https://fedorahosted.org/releases/l/i/linux-pam/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb nis"
+
+RDEPEND="nls? ( virtual/libintl )
+ cracklib? ( >=sys-libs/cracklib-2.8.3 )
+ audit? ( sys-process/audit )
+ selinux? ( >=sys-libs/libselinux-1.28 )
+ berkdb? ( sys-libs/db )
+ elibc_glibc? (
+ >=sys-libs/glibc-2.7
+ nis? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )
+ )"
+DEPEND="${RDEPEND}
+ >=sys-devel/libtool-2
+ sys-devel/flex
+ nls? ( sys-devel/gettext )
+ virtual/pkgconfig"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+ !sys-auth/openpam
+ !sys-auth/pam_userdb"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ return $retval
+}
+
+pkg_setup() {
+ check_old_modules
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${MY_P}+glibc-2.16.patch
+
+ elibtoolize
+}
+
+src_configure() {
+ local myconf
+
+ if use hppa || use elibc_FreeBSD; then
+ myconf="${myconf} --disable-pie"
+ fi
+
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+ export ac_cv_header_xcrypt_h=no
+
+ econf \
+ --disable-dependency-tracking \
+ --enable-fast-install \
+ --libdir="${EPREFIX}"/usr/$(get_libdir) \
+ --docdir="${EPREFIX}"/usr/share/doc/${PF} \
+ --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security \
+ --enable-isadir="${EPREFIX}"/$(get_libdir)/security \
+ $(use_enable nls) \
+ $(use_enable selinux) \
+ $(use_enable cracklib) \
+ $(use_enable audit) \
+ $(use_enable debug) \
+ $(use_enable berkdb db) \
+ $(use_enable nis) \
+ --with-db-uniquename=-$(db_findver sys-libs/db) \
+ --disable-prelude \
+ ${myconf}
+}
+
+src_compile() {
+ emake sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "emake failed"
+}
+
+src_test() {
+ # explicitly allow parallel-build during testing
+ emake sepermitlockdir="${EPREFIX}/var/run/sepermit" check || die "emake check failed"
+}
+
+src_install() {
+ local lib
+
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "make install failed"
+
+ # Need to be suid
+ fperms u+s /sbin/unix_chkpwd
+
+ gen_usr_ldscript -a pam pamc pam_misc
+
+ # create extra symlinks just in case something depends on them...
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+
+ dodoc CHANGELOG ChangeLog README AUTHORS Copyright NEWS
+
+ docinto modules
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ # Get rid of the .la files. We certainly don't need them for PAM
+ # modules, and libpam is installed as a shared object only, so we
+ # don't need them for static linking either.
+ find "${D}" -name '*.la' -delete
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+ if [ -x "${ROOT}"/var/log/tallylog ] ; then
+ elog ""
+ elog "Because of a bug present up to version 1.1.1-r2, you have"
+ elog "an executable /var/log/tallylog file. You can safely"
+ elog "correct it by running the command"
+ elog " chmod -x /var/log/tallylog"
+ elog ""
+ fi
+}
diff --git a/sys-libs/pam/pam-1.1.6-r2.ebuild b/sys-libs/pam/pam-1.1.6-r2.ebuild
new file mode 100644
index 00000000000..8cdc8f2ccd8
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.6-r2.ebuild
@@ -0,0 +1,197 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib eutils pam toolchain-funcs flag-o-matic db-use autotools
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+ http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb nis"
+
+RDEPEND="nls? ( virtual/libintl )
+ cracklib? ( >=sys-libs/cracklib-2.8.3 )
+ audit? ( sys-process/audit )
+ selinux? ( >=sys-libs/libselinux-1.28 )
+ berkdb? ( sys-libs/db )
+ elibc_glibc? (
+ >=sys-libs/glibc-2.7
+ nis? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )
+ )"
+DEPEND="${RDEPEND}
+ >=sys-devel/libtool-2
+ sys-devel/flex
+ nls? ( sys-devel/gettext )
+ virtual/pkgconfig"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+ !<sys-apps/openrc-0.11.8
+ !sys-auth/openpam
+ !sys-auth/pam_userdb"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ return $retval
+}
+
+pkg_pretend() {
+ # do not error out, this is just a warning, one could build a binpkg
+ # with old modules enabled.
+ check_old_modules
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${MY_P}-destdir.patch
+ epatch "${FILESDIR}"/${MY_P}+glibc-2.16.patch
+
+ eautoreconf
+ elibtoolize
+}
+
+src_configure() {
+ local myconf
+
+ if use hppa || use elibc_FreeBSD; then
+ myconf="${myconf} --disable-pie"
+ fi
+
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+ export ac_cv_header_xcrypt_h=no
+
+ econf \
+ --enable-fast-install \
+ --libdir="${EPREFIX}"/usr/$(get_libdir) \
+ --docdir="${EPREFIX}"/usr/share/doc/${PF} \
+ --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security \
+ --enable-isadir="${EPREFIX}"/$(get_libdir)/security \
+ $(use_enable nls) \
+ $(use_enable selinux) \
+ $(use_enable cracklib) \
+ $(use_enable audit) \
+ $(use_enable debug) \
+ $(use_enable berkdb db) \
+ $(use_enable nis) \
+ --with-db-uniquename=-$(db_findver sys-libs/db) \
+ --disable-prelude \
+ ${myconf}
+}
+
+src_compile() {
+ emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+src_test() {
+ # explicitly allow parallel-build during testing
+ emake sepermitlockdir="${EPREFIX}/run/sepermit" check
+}
+
+src_install() {
+ local lib
+
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="${EPREFIX}/run/sepermit"
+
+ # Need to be suid
+ fperms u+s /sbin/unix_chkpwd
+
+ gen_usr_ldscript -a pam pamc pam_misc
+
+ # create extra symlinks just in case something depends on them...
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+
+ dodoc CHANGELOG ChangeLog README AUTHORS Copyright NEWS
+
+ docinto modules
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ # Get rid of the .la files. We certainly don't need them for PAM
+ # modules, and libpam is installed as a shared object only, so we
+ # don't need them for static linking either.
+ find "${D}" -name '*.la' -delete
+
+ if use selinux; then
+ dodir /usr/lib/tmpfiles.d
+ cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+ fi
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+ if [ -x "${ROOT}"/var/log/tallylog ] ; then
+ elog ""
+ elog "Because of a bug present up to version 1.1.1-r2, you have"
+ elog "an executable /var/log/tallylog file. You can safely"
+ elog "correct it by running the command"
+ elog " chmod -x /var/log/tallylog"
+ elog ""
+ fi
+}
diff --git a/sys-libs/pam/pam-1.1.8-r1.ebuild b/sys-libs/pam/pam-1.1.8-r1.ebuild
new file mode 100644
index 00000000000..e57a0cfa4a4
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.8-r1.ebuild
@@ -0,0 +1,183 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib eutils pam toolchain-funcs flag-o-matic db-use autotools-utils
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+ http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb nis"
+
+RDEPEND="nls? ( virtual/libintl )
+ cracklib? ( >=sys-libs/cracklib-2.8.3 )
+ audit? ( sys-process/audit )
+ selinux? ( >=sys-libs/libselinux-1.28 )
+ berkdb? ( sys-libs/db )
+ elibc_glibc? (
+ >=sys-libs/glibc-2.7
+ nis? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )
+ )"
+DEPEND="${RDEPEND}
+ >=sys-devel/libtool-2
+ sys-devel/flex
+ nls? ( sys-devel/gettext )
+ virtual/pkgconfig"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+ !<sys-apps/openrc-0.11.8
+ !sys-auth/openpam
+ !sys-auth/pam_userdb"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ return $retval
+}
+
+pkg_pretend() {
+ # do not error out, this is just a warning, one could build a binpkg
+ # with old modules enabled.
+ check_old_modules
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-1.1.8-doc-install.patch #473650
+
+ elibtoolize
+}
+
+src_configure() {
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+ export ac_cv_header_xcrypt_h=no
+
+ local myeconfargs=(
+ --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html
+ --libdir="${EPREFIX}"/usr/$(get_libdir) \
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security
+ --enable-isadir="${EPREFIX}"/$(get_libdir)/security
+ $(use_enable nls)
+ $(use_enable selinux)
+ $(use_enable cracklib)
+ $(use_enable audit)
+ $(use_enable debug)
+ $(use_enable berkdb db)
+ $(use_enable nis)
+ --with-db-uniquename=-$(db_findver sys-libs/db)
+ --disable-prelude
+ )
+
+ if use hppa || use elibc_FreeBSD; then
+ myeconfargs+=( --disable-pie )
+ fi
+
+ autotools-utils_src_configure
+}
+
+src_compile() {
+ autotools-utils_src_compile sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+src_install() {
+ autotools-utils_src_install sepermitlockdir="${EPREFIX}/run/sepermit"
+
+ # Need to be suid
+ fperms u+s /sbin/unix_chkpwd
+
+ gen_usr_ldscript -a pam pamc pam_misc
+
+ # create extra symlinks just in case something depends on them...
+ local lib
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+
+ docinto modules
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ prune_libtool_files --all
+
+ if use selinux; then
+ dodir /usr/lib/tmpfiles.d
+ cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+ fi
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+ if [ -x "${EROOT}"/var/log/tallylog ] ; then
+ elog ""
+ elog "Because of a bug present up to version 1.1.1-r2, you have"
+ elog "an executable /var/log/tallylog file. You can safely"
+ elog "correct it by running the command"
+ elog " chmod -x /var/log/tallylog"
+ elog ""
+ fi
+}
diff --git a/sys-libs/pam/pam-1.1.8-r2.ebuild b/sys-libs/pam/pam-1.1.8-r2.ebuild
new file mode 100644
index 00000000000..0cc239dd2b7
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.8-r2.ebuild
@@ -0,0 +1,198 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+ http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb nis"
+
+RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
+ audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+ selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+ berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] )
+ elibc_glibc? (
+ >=sys-libs/glibc-2.7
+ nis? ( || ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] <sys-libs/glibc-2.14 ) )
+ )"
+DEPEND="${RDEPEND}
+ >=sys-devel/libtool-2
+ >=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}]
+ nls? ( sys-devel/gettext )
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+ !<sys-apps/openrc-0.11.8
+ !sys-auth/openpam
+ !sys-auth/pam_userdb
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ return $retval
+}
+
+pkg_pretend() {
+ # do not error out, this is just a warning, one could build a binpkg
+ # with old modules enabled.
+ check_old_modules
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-1.1.8-doc-install.patch #473650
+
+ elibtoolize
+}
+
+multilib_src_configure() {
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+ export ac_cv_header_xcrypt_h=no
+
+ local myconf=(
+ --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html
+ --libdir="${EPREFIX}"/usr/$(get_libdir) \
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security
+ --enable-isadir="${EPREFIX}"/$(get_libdir)/security
+ $(use_enable nls)
+ $(use_enable selinux)
+ $(use_enable cracklib)
+ $(use_enable audit)
+ $(use_enable debug)
+ $(use_enable berkdb db)
+ $(use_enable nis)
+ --with-db-uniquename=-$(db_findver sys-libs/db)
+ --disable-prelude
+ )
+
+ if use hppa || use elibc_FreeBSD; then
+ myconf+=( --disable-pie )
+ fi
+
+ ECONF_SOURCE=${S} \
+ econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="${EPREFIX}/run/sepermit"
+
+ local prefix
+ if multilib_is_native_abi; then
+ prefix=
+ gen_usr_ldscript -a pam pamc pam_misc
+ else
+ prefix=/usr
+ fi
+
+ # create extra symlinks just in case something depends on them...
+ local lib
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ # Need to be suid
+ fperms u+s /sbin/unix_chkpwd
+
+ docinto modules
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ if use selinux; then
+ dodir /usr/lib/tmpfiles.d
+ cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+ fi
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+ if [[ -x "${EROOT}"/var/log/tallylog ]] ; then
+ elog ""
+ elog "Because of a bug present up to version 1.1.1-r2, you have"
+ elog "an executable /var/log/tallylog file. You can safely"
+ elog "correct it by running the command"
+ elog " chmod -x /var/log/tallylog"
+ elog ""
+ fi
+}
diff --git a/sys-libs/pam/pam-1.1.8-r3.ebuild b/sys-libs/pam/pam-1.1.8-r3.ebuild
new file mode 100644
index 00000000000..f04ef9486f2
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.8-r3.ebuild
@@ -0,0 +1,195 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+ http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="audit berkdb cracklib debug nis nls +pie selinux test vim-syntax"
+
+RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
+ audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+ selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+ berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] )
+ nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+ >=sys-devel/libtool-2
+ >=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}]
+ nls? ( sys-devel/gettext )
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+ !<sys-apps/openrc-0.11.8
+ !sys-auth/openpam
+ !sys-auth/pam_userdb
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ return ${retval}
+}
+
+pkg_pretend() {
+ # do not error out, this is just a warning, one could build a binpkg
+ # with old modules enabled.
+ check_old_modules
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-1.1.8-doc-install.patch #473650
+ epatch "${FILESDIR}"/${PN}-1.1.8-CVE-2013-7041.patch #493432
+ epatch "${FILESDIR}"/${PN}-1.1.8-CVE-2014-2583.patch #505604
+
+ elibtoolize
+}
+
+multilib_src_configure() {
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+ export ac_cv_header_xcrypt_h=no
+
+ local myconf=(
+ --docdir='$(datarootdir)'/doc/${PF}
+ --htmldir='$(docdir)/html'
+ --libdir='$(prefix)'/$(get_libdir)
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security
+ --enable-isadir='.' #464016
+ $(use_enable nls)
+ $(use_enable selinux)
+ $(use_enable cracklib)
+ $(use_enable audit)
+ $(use_enable debug)
+ $(use_enable berkdb db)
+ $(use_enable nis)
+ $(use_enable pie)
+ --with-db-uniquename=-$(db_findver sys-libs/db)
+ --disable-prelude
+ )
+
+ ECONF_SOURCE=${S} \
+ econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="${EPREFIX}/run/sepermit"
+
+ local prefix
+ if multilib_is_native_abi; then
+ prefix=
+ gen_usr_ldscript -a pam pamc pam_misc
+ else
+ prefix=/usr
+ fi
+
+ # create extra symlinks just in case something depends on them...
+ local lib
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ # Need to be suid
+ fperms 4711 /sbin/unix_chkpwd
+
+ docinto modules
+ local dir
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ if use selinux; then
+ dodir /usr/lib/tmpfiles.d
+ cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+ fi
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+ if [[ -x "${EROOT}"/var/log/tallylog ]] ; then
+ elog ""
+ elog "Because of a bug present up to version 1.1.1-r2, you have"
+ elog "an executable /var/log/tallylog file. You can safely"
+ elog "correct it by running the command"
+ elog " chmod -x /var/log/tallylog"
+ elog ""
+ fi
+}
diff --git a/sys-libs/pam/pam-1.1.8.ebuild b/sys-libs/pam/pam-1.1.8.ebuild
new file mode 100644
index 00000000000..1ebba4c8dca
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.8.ebuild
@@ -0,0 +1,181 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib eutils pam toolchain-funcs flag-o-matic db-use autotools-utils
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+ http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb nis"
+
+RDEPEND="nls? ( virtual/libintl )
+ cracklib? ( >=sys-libs/cracklib-2.8.3 )
+ audit? ( sys-process/audit )
+ selinux? ( >=sys-libs/libselinux-1.28 )
+ berkdb? ( sys-libs/db )
+ elibc_glibc? (
+ >=sys-libs/glibc-2.7
+ nis? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )
+ )"
+DEPEND="${RDEPEND}
+ >=sys-devel/libtool-2
+ sys-devel/flex
+ nls? ( sys-devel/gettext )
+ virtual/pkgconfig"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+ !<sys-apps/openrc-0.11.8
+ !sys-auth/openpam
+ !sys-auth/pam_userdb"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ return $retval
+}
+
+pkg_pretend() {
+ # do not error out, this is just a warning, one could build a binpkg
+ # with old modules enabled.
+ check_old_modules
+}
+
+src_prepare() {
+ elibtoolize
+}
+
+src_configure() {
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+ export ac_cv_header_xcrypt_h=no
+
+ local myeconfargs=(
+ --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html
+ --libdir="${EPREFIX}"/usr/$(get_libdir) \
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security
+ --enable-isadir="${EPREFIX}"/$(get_libdir)/security
+ $(use_enable nls)
+ $(use_enable selinux)
+ $(use_enable cracklib)
+ $(use_enable audit)
+ $(use_enable debug)
+ $(use_enable berkdb db)
+ $(use_enable nis)
+ --with-db-uniquename=-$(db_findver sys-libs/db)
+ --disable-prelude
+ )
+
+ if use hppa || use elibc_FreeBSD; then
+ myeconfargs+=( --disable-pie )
+ fi
+
+ autotools-utils_src_configure
+}
+
+src_compile() {
+ autotools-utils_src_compile sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+src_install() {
+ autotools-utils_src_install sepermitlockdir="${EPREFIX}/run/sepermit"
+
+ # Need to be suid
+ fperms u+s /sbin/unix_chkpwd
+
+ gen_usr_ldscript -a pam pamc pam_misc
+
+ # create extra symlinks just in case something depends on them...
+ local lib
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+
+ docinto modules
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ prune_libtool_files --all
+
+ if use selinux; then
+ dodir /usr/lib/tmpfiles.d
+ cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+ fi
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+ if [ -x "${ROOT}"/var/log/tallylog ] ; then
+ elog ""
+ elog "Because of a bug present up to version 1.1.1-r2, you have"
+ elog "an executable /var/log/tallylog file. You can safely"
+ elog "correct it by running the command"
+ elog " chmod -x /var/log/tallylog"
+ elog ""
+ fi
+}
diff --git a/sys-libs/pam/pam-1.2.0.ebuild b/sys-libs/pam/pam-1.2.0.ebuild
new file mode 100644
index 00000000000..a44d9eaea2a
--- /dev/null
+++ b/sys-libs/pam/pam-1.2.0.ebuild
@@ -0,0 +1,194 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+ http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="audit berkdb cracklib debug nis nls +pie selinux test vim-syntax"
+
+RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
+ audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+ selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+ berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] )
+ nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+ >=sys-devel/libtool-2
+ >=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}]
+ nls? ( sys-devel/gettext )
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+ !<sys-apps/openrc-0.11.8
+ !sys-auth/openpam
+ !sys-auth/pam_userdb
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ return ${retval}
+}
+
+pkg_pretend() {
+ # do not error out, this is just a warning, one could build a binpkg
+ # with old modules enabled.
+ check_old_modules
+}
+
+src_prepare() {
+ elibtoolize
+}
+
+multilib_src_configure() {
+ # Do not let user's BROWSER setting mess us up. #549684
+ unset BROWSER
+
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+ export ac_cv_header_xcrypt_h=no
+
+ local myconf=(
+ --docdir='$(datarootdir)'/doc/${PF}
+ --htmldir='$(docdir)/html'
+ --libdir='$(prefix)'/$(get_libdir)
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security
+ --enable-isadir='.' #464016
+ $(use_enable nls)
+ $(use_enable selinux)
+ $(use_enable cracklib)
+ $(use_enable audit)
+ $(use_enable debug)
+ $(use_enable berkdb db)
+ $(use_enable nis)
+ $(use_enable pie)
+ --with-db-uniquename=-$(db_findver sys-libs/db)
+ --disable-prelude
+ )
+
+ ECONF_SOURCE=${S} \
+ econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="${EPREFIX}/run/sepermit"
+
+ local prefix
+ if multilib_is_native_abi; then
+ prefix=
+ gen_usr_ldscript -a pam pamc pam_misc
+ else
+ prefix=/usr
+ fi
+
+ # create extra symlinks just in case something depends on them...
+ local lib
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ # Need to be suid
+ fperms 4711 /sbin/unix_chkpwd
+
+ docinto modules
+ local dir
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ if use selinux; then
+ dodir /usr/lib/tmpfiles.d
+ cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+ fi
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+ if [[ -x "${EROOT}"/var/log/tallylog ]] ; then
+ elog ""
+ elog "Because of a bug present up to version 1.1.1-r2, you have"
+ elog "an executable /var/log/tallylog file. You can safely"
+ elog "correct it by running the command"
+ elog " chmod -x /var/log/tallylog"
+ elog ""
+ fi
+}
diff --git a/sys-libs/pam/pam-1.2.1-r1.ebuild b/sys-libs/pam/pam-1.2.1-r1.ebuild
new file mode 100644
index 00000000000..0c86a62dc36
--- /dev/null
+++ b/sys-libs/pam/pam-1.2.1-r1.ebuild
@@ -0,0 +1,202 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use fcaps
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+HOMEPAGE="http://www.linux-pam.org/ https://fedorahosted.org/linux-pam/"
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+ http://www.linux-pam.org/documentation/${MY_PN}-1.2.0-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="audit berkdb cracklib debug nis nls +pie selinux test vim-syntax"
+
+RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
+ audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+ selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+ berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] )
+ nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+ >=sys-devel/libtool-2
+ >=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}]
+ nls? ( sys-devel/gettext )
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+ !<sys-apps/openrc-0.11.8
+ !sys-auth/openpam
+ !sys-auth/pam_userdb
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ return ${retval}
+}
+
+pkg_pretend() {
+ # do not error out, this is just a warning, one could build a binpkg
+ # with old modules enabled.
+ check_old_modules
+}
+
+src_unpack() {
+ # Upstream didn't release a new doc tarball (since nothing changed?).
+ unpack ${MY_PN}-1.2.0-docs.tar.bz2
+ mv Linux-PAM-1.2.{0,1} || die
+ unpack ${MY_P}.tar.bz2
+}
+
+src_prepare() {
+ elibtoolize
+}
+
+multilib_src_configure() {
+ # Do not let user's BROWSER setting mess us up. #549684
+ unset BROWSER
+
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+ export ac_cv_header_xcrypt_h=no
+
+ local myconf=(
+ --docdir='$(datarootdir)'/doc/${PF}
+ --htmldir='$(docdir)/html'
+ --libdir='$(prefix)'/$(get_libdir)
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security
+ --enable-isadir='.' #464016
+ $(use_enable nls)
+ $(use_enable selinux)
+ $(use_enable cracklib)
+ $(use_enable audit)
+ $(use_enable debug)
+ $(use_enable berkdb db)
+ $(use_enable nis)
+ $(use_enable pie)
+ --with-db-uniquename=-$(db_findver sys-libs/db)
+ --disable-prelude
+ )
+
+ ECONF_SOURCE=${S} \
+ econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="${EPREFIX}/run/sepermit"
+
+ local prefix
+ if multilib_is_native_abi; then
+ prefix=
+ gen_usr_ldscript -a pam pamc pam_misc
+ else
+ prefix=/usr
+ fi
+
+ # create extra symlinks just in case something depends on them...
+ local lib
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ docinto modules
+ local dir
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ if use selinux; then
+ dodir /usr/lib/tmpfiles.d
+ cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+ fi
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+ if [[ -x "${EROOT}"/var/log/tallylog ]] ; then
+ elog ""
+ elog "Because of a bug present up to version 1.1.1-r2, you have"
+ elog "an executable /var/log/tallylog file. You can safely"
+ elog "correct it by running the command"
+ elog " chmod -x /var/log/tallylog"
+ elog ""
+ fi
+
+ # The pam_unix module needs to check the password of the user which requires
+ # read access to /etc/shadow only.
+ fcaps cap_dac_override sbin/unix_chkpwd
+}
diff --git a/sys-libs/pam/pam-1.2.1.ebuild b/sys-libs/pam/pam-1.2.1.ebuild
new file mode 100644
index 00000000000..67d1dd2487a
--- /dev/null
+++ b/sys-libs/pam/pam-1.2.1.ebuild
@@ -0,0 +1,201 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+HOMEPAGE="http://www.linux-pam.org/ https://fedorahosted.org/linux-pam/"
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+ http://www.linux-pam.org/documentation/${MY_PN}-1.2.0-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="audit berkdb cracklib debug nis nls +pie selinux test vim-syntax"
+
+RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
+ audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+ selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+ berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] )
+ nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+ >=sys-devel/libtool-2
+ >=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}]
+ nls? ( sys-devel/gettext )
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
+PDEPEND="sys-auth/pambase
+ vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+ !<sys-apps/openrc-0.11.8
+ !sys-auth/openpam
+ !sys-auth/pam_userdb
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+ local retval="0"
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+ eerror ""
+ eerror "Your current setup is using the pam_stack module."
+ eerror "This module is deprecated and no longer supported, and since version"
+ eerror "0.99 is no longer installed, nor provided by any other package."
+ eerror "The package will be built (to allow binary package builds), but will"
+ eerror "not be installed."
+ eerror "Please replace pam_stack usage with proper include directive usage,"
+ eerror "following the PAM Upgrade guide at the following URL"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+ eerror ""
+ eerror "Your current setup is using one or more of the following modules,"
+ eerror "that are not built or supported anymore:"
+ eerror "pam_pwdb, pam_console"
+ eerror "If you are in real need for these modules, please contact the maintainers"
+ eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+ eerror "use cases."
+ eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+ eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+ eerror ""
+
+ retval=1
+ fi
+
+ return ${retval}
+}
+
+pkg_pretend() {
+ # do not error out, this is just a warning, one could build a binpkg
+ # with old modules enabled.
+ check_old_modules
+}
+
+src_unpack() {
+ # Upstream didn't release a new doc tarball (since nothing changed?).
+ unpack ${MY_PN}-1.2.0-docs.tar.bz2
+ mv Linux-PAM-1.2.{0,1} || die
+ unpack ${MY_P}.tar.bz2
+}
+
+src_prepare() {
+ elibtoolize
+}
+
+multilib_src_configure() {
+ # Do not let user's BROWSER setting mess us up. #549684
+ unset BROWSER
+
+ # Disable automatic detection of libxcrypt; we _don't_ want the
+ # user to link libxcrypt in by default, since we won't track the
+ # dependency and allow to break PAM this way.
+ export ac_cv_header_xcrypt_h=no
+
+ local myconf=(
+ --docdir='$(datarootdir)'/doc/${PF}
+ --htmldir='$(docdir)/html'
+ --libdir='$(prefix)'/$(get_libdir)
+ --enable-securedir="${EPREFIX}"/$(get_libdir)/security
+ --enable-isadir='.' #464016
+ $(use_enable nls)
+ $(use_enable selinux)
+ $(use_enable cracklib)
+ $(use_enable audit)
+ $(use_enable debug)
+ $(use_enable berkdb db)
+ $(use_enable nis)
+ $(use_enable pie)
+ --with-db-uniquename=-$(db_findver sys-libs/db)
+ --disable-prelude
+ )
+
+ ECONF_SOURCE=${S} \
+ econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install \
+ sepermitlockdir="${EPREFIX}/run/sepermit"
+
+ local prefix
+ if multilib_is_native_abi; then
+ prefix=
+ gen_usr_ldscript -a pam pamc pam_misc
+ else
+ prefix=/usr
+ fi
+
+ # create extra symlinks just in case something depends on them...
+ local lib
+ for lib in pam pamc pam_misc; do
+ if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+ dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
+ fi
+ done
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ # Need to be suid
+ fperms 4711 /sbin/unix_chkpwd
+
+ docinto modules
+ local dir
+ for dir in modules/pam_*; do
+ newdoc "${dir}"/README README."$(basename "${dir}")"
+ done
+
+ if use selinux; then
+ dodir /usr/lib/tmpfiles.d
+ cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+ fi
+}
+
+pkg_preinst() {
+ check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+ ewarn "Some software with pre-loaded PAM libraries might experience"
+ ewarn "warnings or failures related to missing symbols and/or versions"
+ ewarn "after any update. While unfortunate this is a limit of the"
+ ewarn "implementation of PAM and the software, and it requires you to"
+ ewarn "restart the software manually after the update."
+ ewarn ""
+ ewarn "You can get a list of such software running a command like"
+ ewarn " lsof / | egrep -i 'del.*libpam\\.so'"
+ ewarn ""
+ ewarn "Alternatively, simply reboot your system."
+ if [[ -x "${EROOT}"/var/log/tallylog ]] ; then
+ elog ""
+ elog "Because of a bug present up to version 1.1.1-r2, you have"
+ elog "an executable /var/log/tallylog file. You can safely"
+ elog "correct it by running the command"
+ elog " chmod -x /var/log/tallylog"
+ elog ""
+ fi
+}