# HG changeset patch # User David Demelier # Date 1554142200 -7200 # Node ID 3b0114bc74380871d8f3347ed14cf005c287dd10 # Parent df76922c2bf0d8a78ca785a2123a45dddbae8bf4 security/linux-pam: initial import, closes #1483 diff -r df76922c2bf0 -r 3b0114bc7438 security/linux-pam/linux-pam.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/linux-pam/linux-pam.sh Mon Apr 01 20:10:00 2019 +0200 @@ -0,0 +1,91 @@ +#!/bin/sh +# +# Copyright (c) 2019 David Demelier +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# + +PKGNAME=linux-pam +PKGVERSION=1.3.1 +PKGREVISION=1 +PKGLICENSE="BSD" +PKGSUMMARY="pluggable authentication modules" +PKGDOWNLOAD="https://github.com/linux-pam/linux-pam/releases/download/v$PKGVERSION/Linux-PAM-$PKGVERSION.tar.xz" +PKGOPTIONS="NLS SELINUX" +PKGPROTECT="etc/environment + etc/security/access.conf + etc/security/group.conf + etc/security/limits.conf + etc/security/namespace.conf + etc/security/namespace.init + etc/security/pam_env.conf + etc/security/time.conf" + +: ${CHOST:=$(uname -m)-linux-musl} +: ${CBUILD:=$(uname -m)-linux-musl} +: ${CC:=clang} +: ${CFLAGS:=-O2} +: ${LDFLAGS:=} +: ${LIBS:=} +: ${NLS:=yes} +: ${SELINUX:=no} + +if [ "$NLS" = "yes" ]; then + PKGDEPENDS="core/gettext $PKGDEPENDS" + with_nls="--enable-nls" +else + with_nls="--disable-nls" +fi + +if [ "$SELINUX" = "yes" ]; then + with_selinux="--enable-selinux" +else + with_selinux="--disable-selinux" +fi + +build() +{ + rm -rf Linux-PAM-$PKGVERSION + tar xvaf Linux-PAM-$PKGVERSION.tar.xz + pushd Linux-PAM-$PKGVERSION + + # https://git.alpinelinux.org/aports/tree/main/linux-pam/APKBUILD#n32 + sed -i -e 's/pam_rhosts//g' modules/Makefile.am + + # https://git.alpinelinux.org/aports/plain/main/linux-pam/musl-fix-pam_exec.patch + # https://git.alpinelinux.org/aports/plain/main/linux-pam/fix-compat.patch + patch -p0 < ../musl.patch + + autoreconf -vif + CC="$CC" \ + CFLAGS="$CFLAGS" \ + LDFLAGS="$LDFLAGS" \ + LIBS="$LIBS" \ + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sbindir=/usr/sbin \ + --disable-db \ + --libdir=/usr/lib \ + --docdir=/usr/share/doc/linux-pam \ + $with_nls \ + $with_selinux + make + make install DESTDIR=$DESTDIR + rm -f $DESTDIR/usr/lib/libpam{,c,_misc}.la + rm -f $DESTDIR/usr/lib/security/pam*.la + + popd + rm -rf Linux-PAM-$PKGVERSION +} diff -r df76922c2bf0 -r 3b0114bc7438 security/linux-pam/musl.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/linux-pam/musl.patch Mon Apr 01 20:10:00 2019 +0200 @@ -0,0 +1,53 @@ +--- modules/pam_exec/pam_exec.c.orig ++++ modules/pam_exec/pam_exec.c +@@ -103,11 +103,14 @@ + int optargc; + const char *logfile = NULL; + const char *authtok = NULL; ++ char authtok_buf[PAM_MAX_RESP_SIZE+1]; ++ + pid_t pid; + int fds[2]; + int stdout_fds[2]; + FILE *stdout_file = NULL; + ++ memset(authtok_buf, 0, sizeof(authtok_buf)); + if (argc < 1) { + pam_syslog (pamh, LOG_ERR, + "This module needs at least one argument"); +@@ -180,12 +183,12 @@ + if (resp) + { + pam_set_item (pamh, PAM_AUTHTOK, resp); +- authtok = strndupa (resp, PAM_MAX_RESP_SIZE); ++ authtok = strncpy (authtok_buf, resp, sizeof (authtok_buf)); + _pam_drop (resp); + } + } + else +- authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE); ++ authtok = strncpy (authtok_buf, void_pass, sizeof (authtok_buf)); + + if (pipe(fds) != 0) + { +--- modules/pam_lastlog/pam_lastlog.c.orig ++++ modules/pam_lastlog/pam_lastlog.c +@@ -10,6 +10,7 @@ + + #include "config.h" + ++#include + #include + #include + #include +@@ -48,6 +49,10 @@ + + #ifndef _PATH_BTMP + # define _PATH_BTMP "/var/log/btmp" ++#endif ++ ++#ifndef __GLIBC__ ++#define logwtmp(args...) + #endif + + /* XXX - time before ignoring lock. Is 1 sec enough? */