godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-04 06:10:16 +03:00
Code Issues Packages Projects Releases Wiki Activity

package/linux-pam: bump to version 1.5.1

Browse Source 
- Drop patches (already in version) and so autoreconf
- cracklib is not a dependency since
  d702ff714c

https://github.com/linux-pam/linux-pam/releases/tag/v1.5.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine
2020-11-27 18:13:36 +01:00
committed by Peter Korsgaard
parent 3950c53cd0
commit 276f1e0a89
4 changed files with 3 additions and 369 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
package/linux-pam/0001-configure-ac-fix-build-failure-when-crypt-does-not-require-libcrypt.patch
View File

@@ -1,37 +0,0 @@
From aef363c7e8e942224e6cffc4398366c6e5d31749 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Thu, 11 Jun 2020 00:04:32 +0200
Subject: [PATCH] configure.ac: fix build failure when crypt() does not require
libcrypt
Since commit 522246d20e4cd92fadc2d760228cb7e78cbeb4c5, the build fails
if "none required" is returned by AC_SEARCH_LIBS for libcrypt.
Resolves: https://github.com/linux-pam/linux-pam/pull/235
Fixes: http://autobuild.buildroot.org/results/92b3dd7c984d2b843ac9aacacd69eec99f28743e
Fixes: v1.4.0~228 ("Use cached 'crypt' library result correctly")
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Retrieved from:
https://github.com/linux-pam/linux-pam/commit/aef363c7e8e942224e6cffc4398366c6e5d31749]
---
configure.ac | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index ea08a7a3..c1862ea7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -428,7 +428,11 @@ AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"],
[crypt_libs="crypt"])
BACKUP_LIBS=$LIBS
-AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="${ac_cv_search_crypt}", LIBCRYPT="")
+AC_SEARCH_LIBS([crypt],[$crypt_libs])
+case "$ac_cv_search_crypt" in
+ -l*) LIBCRYPT="$ac_cv_search_crypt" ;;
+ *) LIBCRYPT="" ;;
+esac
AC_CHECK_FUNCS(crypt_r crypt_gensalt_r)
LIBS=$BACKUP_LIBS
AC_SUBST(LIBCRYPT)

320
package/linux-pam/0002-fix-build-on-musl.patch
View File

@@ -1,320 +0,0 @@
From 295bf7403364b23ab03287ecdd95ea266d6f4d89 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Thu, 11 Jun 2020 17:39:03 +0200
Subject: [PATCH] fix build on musl
Rename check_user_in_passwd from pam_localuser.c to
pam_modutil_check_user_in_passwd and use it in pam_faillock.c instead of
fgetpwent_r which is not available on musl
Fix #236
Fixes:
- http://autobuild.buildroot.org/results/0432736ffee376dd84757469434a4bbcfdcdaf4b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/linux-pam/linux-pam/pull/237]
---
libpam/Makefile.am | 1 +
libpam/include/security/pam_modutil.h | 5 ++
libpam/libpam.map | 5 ++
libpam/pam_modutil_check_user_in_passwd.c | 89 +++++++++++++++++++++++
modules/pam_faillock/pam_faillock.c | 37 +---------
modules/pam_localuser/pam_localuser.c | 86 +---------------------
6 files changed, 103 insertions(+), 120 deletions(-)
create mode 100644 libpam/pam_modutil_check_user_in_passwd.c
diff --git a/libpam/Makefile.am b/libpam/Makefile.am
index 9252a837..a8fc428d 100644
--- a/libpam/Makefile.am
+++ b/libpam/Makefile.am
@@ -35,6 +35,7 @@ libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \
pam_misc.c pam_password.c pam_prelude.c \
pam_session.c pam_start.c pam_strerror.c \
pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \
+ pam_modutil_check_user_in_passwd.c \
pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \
pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \
pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c \
diff --git a/libpam/include/security/pam_modutil.h b/libpam/include/security/pam_modutil.h
index 3a6aec6a..33f87b90 100644
--- a/libpam/include/security/pam_modutil.h
+++ b/libpam/include/security/pam_modutil.h
@@ -58,6 +58,11 @@ extern "C" {
#include <security/_pam_types.h>
+extern int PAM_NONNULL((1,2))
+pam_modutil_check_user_in_passwd(pam_handle_t *pamh,
+ const char *user_name,
+ const char *file_name);
+
extern struct passwd * PAM_NONNULL((1,2))
pam_modutil_getpwnam(pam_handle_t *pamh, const char *user);
diff --git a/libpam/libpam.map b/libpam/libpam.map
index c9690a91..3cc7ef35 100644
--- a/libpam/libpam.map
+++ b/libpam/libpam.map
@@ -82,3 +82,8 @@ LIBPAM_1.4 {
global:
pam_start_confdir;
} LIBPAM_1.0;
+
+LIBPAM_MODUTIL_1.4.1 {
+ global:
+ pam_modutil_check_user_in_passwd;
+} LIBPAM_MODUTIL_1.3.2;
diff --git a/libpam/pam_modutil_check_user_in_passwd.c b/libpam/pam_modutil_check_user_in_passwd.c
new file mode 100644
index 00000000..b998aa25
--- /dev/null
+++ b/libpam/pam_modutil_check_user_in_passwd.c
@@ -0,0 +1,89 @@
+#include "pam_modutil_private.h"
+#include <security/pam_ext.h>
+
+#include <stdio.h>
+#include <syslog.h>
+
+int
+pam_modutil_check_user_in_passwd(pam_handle_t *pamh,
+ const char *user_name,
+ const char *file_name)
+{
+ int rc;
+ size_t user_len;
+ FILE *fp;
+ char line[BUFSIZ];
+
+ /* Validate the user name. */
+ if ((user_len = strlen(user_name)) == 0) {
+ pam_syslog(pamh, LOG_NOTICE, "user name is not valid");
+ return PAM_SERVICE_ERR;
+ }
+
+ if (user_len > sizeof(line) - sizeof(":")) {
+ pam_syslog(pamh, LOG_NOTICE, "user name is too long");
+ return PAM_SERVICE_ERR;
+ }
+
+ if (strchr(user_name, ':') != NULL) {
+ /*
+ * "root:x" is not a local user name even if the passwd file
+ * contains a line starting with "root:x:".
+ */
+ return PAM_PERM_DENIED;
+ }
+
+ /* Open the passwd file. */
+ if (file_name == NULL) {
+ file_name = "/etc/passwd";
+ }
+ if ((fp = fopen(file_name, "r")) == NULL) {
+ pam_syslog(pamh, LOG_ERR, "error opening %s: %m", file_name);
+ return PAM_SERVICE_ERR;
+ }
+
+ /*
+ * Scan the file using fgets() instead of fgetpwent_r() because
+ * the latter is not flexible enough in handling long lines
+ * in passwd files.
+ */
+ rc = PAM_PERM_DENIED;
+ while (fgets(line, sizeof(line), fp) != NULL) {
+ size_t line_len;
+ const char *str;
+
+ /*
+ * Does this line start with the user name
+ * followed by a colon?
+ */
+ if (strncmp(user_name, line, user_len) == 0 &&
+ line[user_len] == ':') {
+ rc = PAM_SUCCESS;
+ break;
+ }
+ /* Has a newline been read? */
+ line_len = strlen(line);
+ if (line_len < sizeof(line) - 1 ||
+ line[line_len - 1] == '\n') {
+ /* Yes, continue with the next line. */
+ continue;
+ }
+
+ /* No, read till the end of this line first. */
+ while ((str = fgets(line, sizeof(line), fp)) != NULL) {
+ line_len = strlen(line);
+ if (line_len == 0 ||
+ line[line_len - 1] == '\n') {
+ break;
+ }
+ }
+ if (str == NULL) {
+ /* fgets returned NULL, we are done. */
+ break;
+ }
+ /* Continue with the next line. */
+ }
+
+ fclose(fp);
+ return rc;
+}
diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c
index f592d0a2..8bca46ca 100644
--- a/modules/pam_faillock/pam_faillock.c
+++ b/modules/pam_faillock/pam_faillock.c
@@ -348,42 +348,7 @@ set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, const c
static int
check_local_user (pam_handle_t *pamh, const char *user)
{
- struct passwd pw, *pwp;
- char buf[16384];
- int found = 0;
- FILE *fp;
- int errn;
-
- fp = fopen(PATH_PASSWD, "r");
- if (fp == NULL) {
- pam_syslog(pamh, LOG_ERR, "unable to open %s: %m",
- PATH_PASSWD);
- return -1;
- }
-
- for (;;) {
- errn = fgetpwent_r(fp, &pw, buf, sizeof (buf), &pwp);
- if (errn == ERANGE) {
- pam_syslog(pamh, LOG_WARNING, "%s contains very long lines; corrupted?",
- PATH_PASSWD);
- break;
- }
- if (errn != 0)
- break;
- if (strcmp(pwp->pw_name, user) == 0) {
- found = 1;
- break;
- }
- }
-
- fclose (fp);
-
- if (errn != 0 && errn != ENOENT) {
- pam_syslog(pamh, LOG_ERR, "unable to enumerate local accounts: %m");
- return -1;
- } else {
- return found;
- }
+ return pam_modutil_check_user_in_passwd(pamh, user, NULL);
}
static int
diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c
index cb507524..a9f2233c 100644
--- a/modules/pam_localuser/pam_localuser.c
+++ b/modules/pam_localuser/pam_localuser.c
@@ -45,92 +45,10 @@
#include <unistd.h>
#include <security/pam_modules.h>
+#include <security/pam_modutil.h>
#include <security/pam_ext.h>
#include "pam_inline.h"
-static int
-check_user_in_passwd(pam_handle_t *pamh, const char *user_name,
- const char *file_name)
-{
- int rc;
- size_t user_len;
- FILE *fp;
- char line[BUFSIZ];
-
- /* Validate the user name. */
- if ((user_len = strlen(user_name)) == 0) {
- pam_syslog(pamh, LOG_NOTICE, "user name is not valid");
- return PAM_SERVICE_ERR;
- }
-
- if (user_len > sizeof(line) - sizeof(":")) {
- pam_syslog(pamh, LOG_NOTICE, "user name is too long");
- return PAM_SERVICE_ERR;
- }
-
- if (strchr(user_name, ':') != NULL) {
- /*
- * "root:x" is not a local user name even if the passwd file
- * contains a line starting with "root:x:".
- */
- return PAM_PERM_DENIED;
- }
-
- /* Open the passwd file. */
- if (file_name == NULL) {
- file_name = "/etc/passwd";
- }
- if ((fp = fopen(file_name, "r")) == NULL) {
- pam_syslog(pamh, LOG_ERR, "error opening %s: %m", file_name);
- return PAM_SERVICE_ERR;
- }
-
- /*
- * Scan the file using fgets() instead of fgetpwent_r() because
- * the latter is not flexible enough in handling long lines
- * in passwd files.
- */
- rc = PAM_PERM_DENIED;
- while (fgets(line, sizeof(line), fp) != NULL) {
- size_t line_len;
- const char *str;
-
- /*
- * Does this line start with the user name
- * followed by a colon?
- */
- if (strncmp(user_name, line, user_len) == 0 &&
- line[user_len] == ':') {
- rc = PAM_SUCCESS;
- break;
- }
- /* Has a newline been read? */
- line_len = strlen(line);
- if (line_len < sizeof(line) - 1 ||
- line[line_len - 1] == '\n') {
- /* Yes, continue with the next line. */
- continue;
- }
-
- /* No, read till the end of this line first. */
- while ((str = fgets(line, sizeof(line), fp)) != NULL) {
- line_len = strlen(line);
- if (line_len == 0 ||
- line[line_len - 1] == '\n') {
- break;
- }
- }
- if (str == NULL) {
- /* fgets returned NULL, we are done. */
- break;
- }
- /* Continue with the next line. */
- }
-
- fclose(fp);
- return rc;
-}
-
int
pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
@@ -173,7 +91,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
return rc == PAM_CONV_AGAIN ? PAM_INCOMPLETE : rc;
}
- return check_user_in_passwd(pamh, user_name, file_name);
+ return pam_modutil_check_user_in_passwd(pamh, user_name, file_name);
}
int
--
2.26.2

4
package/linux-pam/linux-pam.hash
View File

@@ -1,6 +1,6 @@
# Locally computed hashes after checking signature at # Locally computed hashes after checking signature at
# https://github.com/linux-pam/linux-pam/releases/download/v1.4.0/Linux-PAM-1.4.0.tar.xz.asc # https://github.com/linux-pam/linux-pam/releases/download/v1.5.0/Linux-PAM-1.5.1.tar.xz.asc
# signed with the key 8C6BFD92EE0F42EDF91A6A736D1A7F052E5924BB # signed with the key 8C6BFD92EE0F42EDF91A6A736D1A7F052E5924BB
sha256 cd6d928c51e64139be3bdb38692c68183a509b83d4f2c221024ccd4bcddfd034 Linux-PAM-1.4.0.tar.xz sha256 201d40730b1135b1b3cdea09f2c28ac634d73181ccd0172ceddee3649c5792fc Linux-PAM-1.5.1.tar.xz
# Locally computed # Locally computed
sha256 133d98e7a2ab3ffd330b4debb0bfc10fea21e4b2b5a5b09de2e924293be5ff08 Copyright sha256 133d98e7a2ab3ffd330b4debb0bfc10fea21e4b2b5a5b09de2e924293be5ff08 Copyright

11
package/linux-pam/linux-pam.mk
View File

@@ -4,7 +4,7 @@
# #
################################################################################ ################################################################################
LINUX_PAM_VERSION = 1.4.0 LINUX_PAM_VERSION = 1.5.1
LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.xz LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.xz
LINUX_PAM_SITE = https://github.com/linux-pam/linux-pam/releases/download/v$(LINUX_PAM_VERSION) LINUX_PAM_SITE = https://github.com/linux-pam/linux-pam/releases/download/v$(LINUX_PAM_VERSION)
LINUX_PAM_INSTALL_STAGING = YES LINUX_PAM_INSTALL_STAGING = YES
@@ -20,8 +20,6 @@ LINUX_PAM_DEPENDENCIES = flex host-flex host-pkgconf \
$(TARGET_NLS_DEPENDENCIES) $(TARGET_NLS_DEPENDENCIES)
LINUX_PAM_LICENSE = BSD-3-Clause LINUX_PAM_LICENSE = BSD-3-Clause
LINUX_PAM_LICENSE_FILES = Copyright LINUX_PAM_LICENSE_FILES = Copyright
# We're patching configure.ac
LINUX_PAM_AUTORECONF = YES
LINUX_PAM_MAKE_OPTS += LIBS=$(TARGET_NLS_LIBS) LINUX_PAM_MAKE_OPTS += LIBS=$(TARGET_NLS_LIBS)
ifeq ($(BR2_PACKAGE_LIBSELINUX),y) ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
@@ -42,13 +40,6 @@ else
LINUX_PAM_CONF_OPTS += --disable-audit LINUX_PAM_CONF_OPTS += --disable-audit
endif endif
ifeq ($(BR2_PACKAGE_CRACKLIB),y)
LINUX_PAM_CONF_OPTS += --enable-cracklib
LINUX_PAM_DEPENDENCIES += cracklib
else
LINUX_PAM_CONF_OPTS += --disable-cracklib
endif
# Install default pam config (deny everything except login) # Install default pam config (deny everything except login)
define LINUX_PAM_INSTALL_CONFIG define LINUX_PAM_INSTALL_CONFIG
$(INSTALL) -m 0644 -D package/linux-pam/login.pam \ $(INSTALL) -m 0644 -D package/linux-pam/login.pam \