From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sat, 23 Mar 2013 14:35:41 +0000 (+0100)
Subject: pam: Update to 1.1.6.
X-Git-Tag: pango~250^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=61867160fc7add5ffc8e282d5812258b3ca28a00;p=people%2Fstevee%2Fipfire-3.x.git

pam: Update to 1.1.6.

* Update to the latest version of pam.
* Add patches to fix build with glibc 2.16 and newer versions.
---

diff --git a/pam/pam.nm b/pam/pam.nm
index be4f7a242..54be8d075 100644
--- a/pam/pam.nm
+++ b/pam/pam.nm
@@ -4,8 +4,8 @@
 ###############################################################################
 
 name       = pam
-version    = 1.1.5
-release    = 3
+version    = 1.1.6
+release    = 1
 thisapp    = Linux-PAM-%{version}
 
 groups     = System/Base
@@ -60,10 +60,6 @@ end
 
 packages
 	package %{name}
-		requires
-			pam_ldap
-		end
-
 		configfiles
 			/etc/pam.d
 		end
diff --git a/pam/patches/pam-1.1.5-unix-build.patch b/pam/patches/pam-1.1.5-unix-build.patch
new file mode 100644
index 000000000..d1f30d071
--- /dev/null
+++ b/pam/patches/pam-1.1.5-unix-build.patch
@@ -0,0 +1,34 @@
+diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c.build Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c
+--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c.build	2012-07-23 18:46:27.709804094 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c	2012-07-23 18:46:27.764805293 +0200
+@@ -47,6 +47,8 @@
+ #include <time.h>		/* for time() */
+ #include <errno.h>
+ #include <sys/wait.h>
++#include <sys/time.h>
++#include <sys/resource.h>
+ 
+ #include <security/_pam_macros.h>
+ 
+diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c.build Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c
+--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c.build	2012-07-23 18:55:16.433314731 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c	2012-07-23 18:54:48.064697131 +0200
+@@ -53,6 +53,7 @@
+ #include <fcntl.h>
+ #include <ctype.h>
+ #include <sys/time.h>
++#include <sys/resource.h>
+ #include <sys/stat.h>
+ 
+ #include <signal.h>
+diff -up Linux-PAM-1.1.5/modules/pam_unix/support.c.build Linux-PAM-1.1.5/modules/pam_unix/support.c
+--- Linux-PAM-1.1.5/modules/pam_unix/support.c.build	2012-07-23 18:46:27.000000000 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/support.c	2012-07-23 18:54:23.645165507 +0200
+@@ -18,6 +18,7 @@
+ #include <signal.h>
+ #include <ctype.h>
+ #include <syslog.h>
++#include <sys/time.h>
+ #include <sys/resource.h>
+ #ifdef HAVE_RPCSVC_YPCLNT_H
+ #include <rpcsvc/ypclnt.h>
diff --git a/pam/patches/pam-1.1.5-unix-no-fallback.patch b/pam/patches/pam-1.1.5-unix-no-fallback.patch
new file mode 100644
index 000000000..785719675
--- /dev/null
+++ b/pam/patches/pam-1.1.5-unix-no-fallback.patch
@@ -0,0 +1,69 @@
+diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml
+--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback	2011-06-21 11:04:56.000000000 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml	2012-05-09 11:54:34.442036404 +0200
+@@ -265,11 +265,10 @@
+         <listitem>
+           <para>
+             When a user changes their password next,
+-            encrypt it with the SHA256 algorithm. If the
+-            SHA256 algorithm is not known to the <citerefentry>
++            encrypt it with the SHA256 algorithm. The
++            SHA256 algorithm must be supported by the <citerefentry>
+ 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+-            </citerefentry> function,
+-            fall back to MD5.
++            </citerefentry> function.
+           </para>
+         </listitem>
+       </varlistentry>
+@@ -280,11 +279,10 @@
+         <listitem>
+           <para>
+             When a user changes their password next,
+-            encrypt it with the SHA512 algorithm. If the
+-            SHA512 algorithm is not known to the <citerefentry>
++            encrypt it with the SHA512 algorithm. The
++            SHA512 algorithm must be supported by the <citerefentry>
+ 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+-            </citerefentry> function,
+-            fall back to MD5.
++            </citerefentry> function.
+           </para>
+         </listitem>
+       </varlistentry>
+@@ -295,11 +293,10 @@
+         <listitem>
+           <para>
+             When a user changes their password next,
+-            encrypt it with the blowfish algorithm. If the
+-            blowfish algorithm is not known to the <citerefentry>
++            encrypt it with the blowfish algorithm. The
++            blowfish algorithm must be supported by the <citerefentry>
+ 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+-            </citerefentry> function,
+-            fall back to MD5.
++            </citerefentry> function.
+           </para>
+         </listitem>
+       </varlistentry>
+diff -up Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback Linux-PAM-1.1.5/modules/pam_unix/passverify.c
+--- Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback	2012-05-09 11:48:12.409632377 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/passverify.c	2012-05-09 11:48:36.953172291 +0200
+@@ -427,15 +427,14 @@ PAMH_ARG_DECL(char * create_password_has
+ 	if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
+ 		/* libxcrypt/libc doesn't know the algorithm, use MD5 */
+ 		pam_syslog(pamh, LOG_ERR,
+-			   "Algo %s not supported by the crypto backend, "
+-			   "falling back to MD5\n",
++			   "Algo %s not supported by the crypto backend.\n",
+ 			   on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
+ 			   on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
+ 			   on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
+ 		if(sp) {
+ 		   memset(sp, '\0', strlen(sp));
+ 		}
+-		return crypt_md5_wrapper(password);
++		return NULL;
+ 	}
+ 
+ 	return x_strdup(sp);