[PATCH] pam: Update to 1.3.0 - Development

12 Oct 2016

This is a major update to the latest available version of pam.
* Adjust source download location.
* Replace various hardcode path.
* Enable testsuite.
* Drop SELinux support.
Fixes #11219.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
---
 pam/pam.nm                                   | 25 +++++++---
 pam/patches/pam-1.1.5-unix-no-fallback.patch | 69 ----------------------------
 2 files changed, 18 insertions(+), 76 deletions(-)
 delete mode 100644 pam/patches/pam-1.1.5-unix-no-fallback.patch

diff --git a/pam/pam.nm b/pam/pam.nm
index 54be8d0..1f4da19 100644
--- a/pam/pam.nm
+++ b/pam/pam.nm
@@ -4,7 +4,7 @@
 ###############################################################################
name       = pam
-version    = 1.1.6
+version    = 1.3.0
 release    = 1
 thisapp    = Linux-PAM-%{version}
@@ -22,7 +22,7 @@ end
 # This is the old location that might be revived in future
 # source_dl = http://ftp.us.kernel.org/pub/linux/libs/pam/library/
-source_dl  = https://fedorahosted.org/releases/l/i/linux-pam/
+source_dl  = http://www.linux-pam.org/library/
build
    requires
@@ -30,24 +30,35 @@ build
    	bison
    	cracklib-devel
    	flex
-		libselinux-devel
    end
+	export LD_LIBRARY_PATH = %{DIR_APP}/libpam/.libs
+
    configure_options += \
    	--includedir=%{includedir}/security \
    	--docdir=/usr/share/doc/Linux-PAM-%{version} \
    	--enable-read-both-confs \
    	--disable-rpath
+	test
+		# Temporary copy our pam config files to the sysconfdir
+		# the chroot environment. They are required by various tests
+		# of the testsuite.
+		cp -avf %{DIR_SOURCE}/pam.d %{sysconfdir}
+
+		# Run the testsuite.
+		make check
+	end
+
    install_cmds
    	#useradd -D -b /home
    	#sed -i 's/yes/no/' %{BUILDROOT}/etc/default/useradd
-		mkdir -pv %{BUILDROOT}/etc/security
+		mkdir -pv %{BUILDROOT}%{sysconfdir}/security
    	install -v -m644 %{DIR_SOURCE}/pam_env.conf \
-			%{BUILDROOT}/etc/security/pam_env.conf
+			%{BUILDROOT}%{sysconfdir}/security/pam_env.conf
# Included in setup package
-		rm -f %{BUILDROOT}/etc/environment
+		rm -f %{BUILDROOT}%{sysconfdir}/environment
# Install man pages.
    	mkdir -pv %{BUILDROOT}%{mandir}/man5
@@ -61,7 +72,7 @@ end
 packages
    package %{name}
    	configfiles
-			/etc/pam.d
+			%{sysconfdir}/pam.d
    	end
    end
diff --git a/pam/patches/pam-1.1.5-unix-no-fallback.patch b/pam/patches/pam-1.1.5-unix-no-fallback.patch
deleted file mode 100644
index 7857196..0000000
--- a/pam/patches/pam-1.1.5-unix-no-fallback.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml
---- Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback	2011-06-21 11:04:56.000000000 +0200
-+++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml	2012-05-09 11:54:34.442036404 +0200
-@@ -265,11 +265,10 @@
-         <listitem>
-           <para>
-             When a user changes their password next,
--            encrypt it with the SHA256 algorithm. If the
--            SHA256 algorithm is not known to the <citerefentry>
-+            encrypt it with the SHA256 algorithm. The
-+            SHA256 algorithm must be supported by the <citerefentry>
- 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
--            </citerefentry> function,
--            fall back to MD5.
-+            </citerefentry> function.
-           </para>
-         </listitem>
-       </varlistentry>
-@@ -280,11 +279,10 @@
-         <listitem>
-           <para>
-             When a user changes their password next,
--            encrypt it with the SHA512 algorithm. If the
--            SHA512 algorithm is not known to the <citerefentry>
-+            encrypt it with the SHA512 algorithm. The
-+            SHA512 algorithm must be supported by the <citerefentry>
- 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
--            </citerefentry> function,
--            fall back to MD5.
-+            </citerefentry> function.
-           </para>
-         </listitem>
-       </varlistentry>
-@@ -295,11 +293,10 @@
-         <listitem>
-           <para>
-             When a user changes their password next,
--            encrypt it with the blowfish algorithm. If the
--            blowfish algorithm is not known to the <citerefentry>
-+            encrypt it with the blowfish algorithm. The
-+            blowfish algorithm must be supported by the <citerefentry>
- 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
--            </citerefentry> function,
--            fall back to MD5.
-+            </citerefentry> function.
-           </para>
-         </listitem>
-       </varlistentry>
-diff -up Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback Linux-PAM-1.1.5/modules/pam_unix/passverify.c
---- Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback	2012-05-09 11:48:12.409632377 +0200
-+++ Linux-PAM-1.1.5/modules/pam_unix/passverify.c	2012-05-09 11:48:36.953172291 +0200
-@@ -427,15 +427,14 @@ PAMH_ARG_DECL(char * create_password_has
- 	if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
- 		/* libxcrypt/libc doesn't know the algorithm, use MD5 */
- 		pam_syslog(pamh, LOG_ERR,
--			   "Algo %s not supported by the crypto backend, "
--			   "falling back to MD5\n",
-+			   "Algo %s not supported by the crypto backend.\n",
- 			   on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
- 			   on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
- 			   on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
- 		if(sp) {
- 		   memset(sp, '\0', strlen(sp));
- 		}
--		return crypt_md5_wrapper(password);
-+		return NULL;
- 	}
- 
- 	return x_strdup(sp);
-- 
2.7.4


    