pam: Update to 1.3.0

This is a major update to the latest available version of pam.

* Adjust source download location.
* Replace various hardcode path.
* Enable testsuite.
* Drop SELinux support.

Fixes #11219.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/pam/pam.nm b/pam/pam.nm
index 54be8d075c85d881721a924ed5d0dd202a318afc..1f4da195ebb7b3e3ff5201033b78c33636633667 100644 (file)
--- a/pam/pam.nm
+++ b/pam/pam.nm
@@ -4,7 +4,7 @@
 ###############################################################################
 
 name       = pam
-version    = 1.1.6
+version    = 1.3.0
 release    = 1
 thisapp    = Linux-PAM-%{version}
 
@@ -22,7 +22,7 @@ end
 # This is the old location that might be revived in future
 # source_dl = http://ftp.us.kernel.org/pub/linux/libs/pam/library/
 
-source_dl  = https://fedorahosted.org/releases/l/i/linux-pam/
+source_dl  = http://www.linux-pam.org/library/
 
 build
        requires
@@ -30,24 +30,35 @@ build
                bison
                cracklib-devel
                flex
-               libselinux-devel
        end
 
+       export LD_LIBRARY_PATH = %{DIR_APP}/libpam/.libs
+
        configure_options += \
                --includedir=%{includedir}/security \
                --docdir=/usr/share/doc/Linux-PAM-%{version} \
                --enable-read-both-confs \
                --disable-rpath
 
+       test
+               # Temporary copy our pam config files to the sysconfdir
+               # the chroot environment. They are required by various tests
+               # of the testsuite.
+               cp -avf %{DIR_SOURCE}/pam.d %{sysconfdir}
+
+               # Run the testsuite.
+               make check
+       end
+
        install_cmds
                #useradd -D -b /home
                #sed -i 's/yes/no/' %{BUILDROOT}/etc/default/useradd
-               mkdir -pv %{BUILDROOT}/etc/security
+               mkdir -pv %{BUILDROOT}%{sysconfdir}/security
                install -v -m644 %{DIR_SOURCE}/pam_env.conf \
-                       %{BUILDROOT}/etc/security/pam_env.conf
+                       %{BUILDROOT}%{sysconfdir}/security/pam_env.conf
 
                # Included in setup package
-               rm -f %{BUILDROOT}/etc/environment
+               rm -f %{BUILDROOT}%{sysconfdir}/environment
 
                # Install man pages.
                mkdir -pv %{BUILDROOT}%{mandir}/man5
@@ -61,7 +72,7 @@ end
 packages
        package %{name}
                configfiles
-                       /etc/pam.d
+                       %{sysconfdir}/pam.d
                end
        end
 

diff --git a/pam/patches/pam-1.1.5-unix-no-fallback.patch b/pam/patches/pam-1.1.5-unix-no-fallback.patch
deleted file mode 100644 (file)
index 7857196..0000000
--- a/pam/patches/pam-1.1.5-unix-no-fallback.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml
---- Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback        2011-06-21 11:04:56.000000000 +0200
-+++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml    2012-05-09 11:54:34.442036404 +0200
-@@ -265,11 +265,10 @@
-         <listitem>
-           <para>
-             When a user changes their password next,
--            encrypt it with the SHA256 algorithm. If the
--            SHA256 algorithm is not known to the <citerefentry>
-+            encrypt it with the SHA256 algorithm. The
-+            SHA256 algorithm must be supported by the <citerefentry>
-           <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
--            </citerefentry> function,
--            fall back to MD5.
-+            </citerefentry> function.
-           </para>
-         </listitem>
-       </varlistentry>
-@@ -280,11 +279,10 @@
-         <listitem>
-           <para>
-             When a user changes their password next,
--            encrypt it with the SHA512 algorithm. If the
--            SHA512 algorithm is not known to the <citerefentry>
-+            encrypt it with the SHA512 algorithm. The
-+            SHA512 algorithm must be supported by the <citerefentry>
-           <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
--            </citerefentry> function,
--            fall back to MD5.
-+            </citerefentry> function.
-           </para>
-         </listitem>
-       </varlistentry>
-@@ -295,11 +293,10 @@
-         <listitem>
-           <para>
-             When a user changes their password next,
--            encrypt it with the blowfish algorithm. If the
--            blowfish algorithm is not known to the <citerefentry>
-+            encrypt it with the blowfish algorithm. The
-+            blowfish algorithm must be supported by the <citerefentry>
-           <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
--            </citerefentry> function,
--            fall back to MD5.
-+            </citerefentry> function.
-           </para>
-         </listitem>
-       </varlistentry>
-diff -up Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback Linux-PAM-1.1.5/modules/pam_unix/passverify.c
---- Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback  2012-05-09 11:48:12.409632377 +0200
-+++ Linux-PAM-1.1.5/modules/pam_unix/passverify.c      2012-05-09 11:48:36.953172291 +0200
-@@ -427,15 +427,14 @@ PAMH_ARG_DECL(char * create_password_has
-       if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
-               /* libxcrypt/libc doesn't know the algorithm, use MD5 */
-               pam_syslog(pamh, LOG_ERR,
--                         "Algo %s not supported by the crypto backend, "
--                         "falling back to MD5\n",
-+                         "Algo %s not supported by the crypto backend.\n",
-                          on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
-                          on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
-                          on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
-               if(sp) {
-                  memset(sp, '\0', strlen(sp));
-               }
--              return crypt_md5_wrapper(password);
-+              return NULL;
-       }
- 
-       return x_strdup(sp);