gentoo Easter resync : 12.04.2020

author: V3n3RiX <venerix@redcorelinux.org> 2020-04-12 03:41:30 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2020-04-12 03:41:30 +0100
commit: 623ee73d661e5ed8475cb264511f683407d87365 (patch)
tree: 993eb27c93ec7a2d2d19550300d888fc1fed9e69 /sys-auth/google-authenticator
parent: ceeeb463cc1eef97fd62eaee8bf2196ba04bc384 (diff)
4 files changed, 310 insertions, 8 deletions
diff --git a/sys-auth/google-authenticator/Manifest b/sys-auth/google-authenticator/Manifest
index c5bacca0c3ec..76d011dae87b 100644
--- a/sys-auth/google-authenticator/Manifest
+++ b/sys-auth/google-authenticator/Manifest
@@ -1,4 +1,5 @@
+AUX 1.08-remove-failing-tests.patch 12425 BLAKE2B 9077d21d45b4c2b763d1ed5da7d22ec996f4e0314a6c29d63cf09bab2bebaf986601fab611c46dcfb04de13100a07c66e613cae78b9ccf87a98a893fcc0c7159 SHA512 0f1b45abcde2da0ebcf7361f70ee8392eafa20bd147200d578de85e4c16cd618610eddf6be88ab82893c887ca6837663777dff8a2fa5437a9bfd339849531453
 DIST google-authenticator-1.08.tar.gz 62767 BLAKE2B ae1f5b1feac40da9beec28c81f39edfcc5e46df4cad4575d76deda9a183e8324ded79af9b7831c0572682749bb209b5371747b98a114af404d3225b9b0ff15f8 SHA512 f53d2fc20b5fa0f4621566509a2ef746077e3345de289bd2c9565440eb972e3a80807bf50a2cce8e2cc520df72c2e236629a921e3fce90fd635aff0c0ef36f75
-EBUILD google-authenticator-1.08.ebuild 1260 BLAKE2B acffe49b29ec62cffdd47d1a18fe918f0bc6f7de72d96dd26509b51e77ae109a56738e3c9e39171821f3cd37b8d6cc87a2e2067ec664f96e2c65b6418618002f SHA512 a81801862b138441fbedd400dffce86461233872ac9b81167d52999a58d9018c426dce2c35287c2d3791c5310b7b1f4c772868d0db0008d38369858c881abade
-EBUILD google-authenticator-9999.ebuild 1260 BLAKE2B acffe49b29ec62cffdd47d1a18fe918f0bc6f7de72d96dd26509b51e77ae109a56738e3c9e39171821f3cd37b8d6cc87a2e2067ec664f96e2c65b6418618002f SHA512 a81801862b138441fbedd400dffce86461233872ac9b81167d52999a58d9018c426dce2c35287c2d3791c5310b7b1f4c772868d0db0008d38369858c881abade
+EBUILD google-authenticator-1.08.ebuild 1298 BLAKE2B 3438c3ae4ca8dd60e5815054646fd739cdafe4cb28d3f2cfc25f29b7a87ff5b4c4272643c0217384344a065f102bba3c243c783322131a05c4d4a4d956d5a85a SHA512 13ef174d6e294b33c8652342db8cba05a26b40390795e124ae17fcc03573c8e7d307e07b12e94a2caa643e7826d0fb61042e27bd08def4b7b2d41eb65848a172
+EBUILD google-authenticator-9999.ebuild 1298 BLAKE2B 3438c3ae4ca8dd60e5815054646fd739cdafe4cb28d3f2cfc25f29b7a87ff5b4c4272643c0217384344a065f102bba3c243c783322131a05c4d4a4d956d5a85a SHA512 13ef174d6e294b33c8652342db8cba05a26b40390795e124ae17fcc03573c8e7d307e07b12e94a2caa643e7826d0fb61042e27bd08def4b7b2d41eb65848a172
 MISC metadata.xml 572 BLAKE2B 517e23755181f4a47aa6b6fdde473011b6337e570e48b9e381f6c8b3afcefeb751ecfee7b8ea3719af4ced771ef6870ffa5c8761d25fb30b5b52a2453079d35e SHA512 70f6c08533a9609a06d5e293ed7fc50860d50d2263bce19eef7194c9d2351554700eb36d2098c0cbd1c13b01270861423128dd81d536ada0526546258cd6e8d5
diff --git a/sys-auth/google-authenticator/files/1.08-remove-failing-tests.patch b/sys-auth/google-authenticator/files/1.08-remove-failing-tests.patch
new file mode 100644
index 000000000000..9b207dc20df7
--- /dev/null
+++ b/sys-auth/google-authenticator/files/1.08-remove-failing-tests.patch
@@ -0,0 +1,301 @@
+From 9e26b1885250cb0b7a710d9ae65542e3fcae684f Mon Sep 17 00:00:00 2001
+From: Ronny Gutbrod <gentoo@tastytea.de>
+Date: Sat, 11 Apr 2020 21:08:37 +0200
+Subject: [PATCH] Remove calls to  pam_sm_authenticate().
+
+It tries to change the user id, which is prohibited by the sandbox. See #624588.
+---
+ tests/pam_google_authenticator_unittest.c | 271 ----------------------
+ 1 file changed, 271 deletions(-)
+
+diff --git a/tests/pam_google_authenticator_unittest.c b/tests/pam_google_authenticator_unittest.c
+index edade47..0661b8b 100644
+--- a/tests/pam_google_authenticator_unittest.c
++++ b/tests/pam_google_authenticator_unittest.c
+@@ -338,72 +338,6 @@ int main(int argc, char *argv[]) {
+     // Make sure num_prompts_shown is still 0.
+     verify_prompts_shown(0);
+
+-    // Set the timestamp that this test vector needs
+-    set_time(10000*30);
+-
+-    response = "123456";
+-
+-    // Check if we can log in when using an invalid verification code
+-    puts("Testing failed login attempt");
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR);
+-    verify_prompts_shown(expected_bad_prompts_shown);
+-
+-    // Check required number of digits
+-    if (conv_mode == TWO_PROMPTS) {
+-      puts("Testing required number of digits");
+-      response = "50548";
+-      assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR);
+-      verify_prompts_shown(expected_bad_prompts_shown);
+-      response = "0050548";
+-      assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR);
+-      verify_prompts_shown(expected_bad_prompts_shown);
+-      response = "00050548";
+-      assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR);
+-      verify_prompts_shown(expected_bad_prompts_shown);
+-    }
+-
+-    // Test a blank response
+-    puts("Testing a blank response");
+-    response = "";
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR);
+-    verify_prompts_shown(expected_bad_prompts_shown);
+-
+-    // Set the response that we should send back to the authentication module
+-    response = "050548";
+-
+-    // Test handling of missing state files
+-    puts("Test handling of missing state files");
+-    const char *old_secret = targv[0];
+-    targv[0] = "secret=/NOSUCHFILE";
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR);
+-    verify_prompts_shown(password_is_provided_from_external ? 0 : expected_bad_prompts_shown);
+-    targv[targc++] = "nullok";
+-    targv[targc] = NULL;
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_IGNORE);
+-    verify_prompts_shown(0);
+-    targv[--targc] = NULL;
+-    targv[0] = old_secret;
+-
+-    // Check if we can log in when using a valid verification code
+-    puts("Testing successful login");
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_SUCCESS);
+-    verify_prompts_shown(expected_good_prompts_shown);
+-
+-    // Test the STEP_SIZE option
+-    puts("Testing STEP_SIZE option");
+-    assert(!chmod(fn, 0600));
+-    assert((fd = open(fn, O_APPEND | O_WRONLY)) >= 0);
+-    assert(write(fd, "\n\" STEP_SIZE 60\n", 16) == 16);
+-    close(fd);
+-    for (int *tm  = (int []){ 9998, 9999, 10001, 10002, 10000, -1 },
+-             *res = (int []){ PAM_AUTH_ERR, PAM_SUCCESS, PAM_SUCCESS,
+-                              PAM_AUTH_ERR, PAM_SUCCESS };
+-         *tm >= 0;) {
+-      set_time(*tm++ * 60);
+-      assert(pam_sm_authenticate(NULL, 0, targc, targv) == *res++);
+-      verify_prompts_shown(expected_good_prompts_shown);
+-    }
+-
+     // Reset secret file after step size testing.
+     assert(!chmod(fn, 0600));
+     assert((fd = open(fn, O_TRUNC | O_WRONLY)) >= 0);
+@@ -411,211 +345,6 @@ int main(int argc, char *argv[]) {
+     assert(write(fd, "\n\" TOTP_AUTH", 12) == 12);
+     close(fd);
+
+-    // Test the WINDOW_SIZE option
+-    puts("Testing WINDOW_SIZE option");
+-    for (int *tm  = (int []){ 9998, 9999, 10001, 10002, 10000, -1 },
+-             *res = (int []){ PAM_AUTH_ERR, PAM_SUCCESS, PAM_SUCCESS,
+-                              PAM_AUTH_ERR, PAM_SUCCESS };
+-         *tm >= 0;) {
+-      set_time(*tm++ * 30);
+-      assert(pam_sm_authenticate(NULL, 0, targc, targv) == *res++);
+-      verify_prompts_shown(expected_good_prompts_shown);
+-    }
+-    assert(!chmod(fn, 0600));
+-    assert((fd = open(fn, O_APPEND | O_WRONLY)) >= 0);
+-    assert(write(fd, "\n\" WINDOW_SIZE 6\n", 17) == 17);
+-    close(fd);
+-    for (int *tm  = (int []){ 9996, 9997, 10002, 10003, 10000, -1 },
+-             *res = (int []){ PAM_AUTH_ERR, PAM_SUCCESS, PAM_SUCCESS,
+-                              PAM_AUTH_ERR, PAM_SUCCESS };
+-         *tm >= 0;) {
+-      set_time(*tm++ * 30);
+-      assert(pam_sm_authenticate(NULL, 0, targc, targv) == *res++);
+-      verify_prompts_shown(expected_good_prompts_shown);
+-    }
+-
+-    // Test the DISALLOW_REUSE option
+-    puts("Testing DISALLOW_REUSE option");
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_SUCCESS);
+-    verify_prompts_shown(expected_good_prompts_shown);
+-    assert(!chmod(fn, 0600));
+-    assert((fd = open(fn, O_APPEND | O_WRONLY)) >= 0);
+-    assert(write(fd, "\" DISALLOW_REUSE\n", 17) == 17);
+-    close(fd);
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_SUCCESS);
+-    verify_prompts_shown(expected_good_prompts_shown);
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR);
+-    verify_prompts_shown(expected_good_prompts_shown);
+-
+-    // Test that DISALLOW_REUSE expires old entries from the re-use list
+-    char *old_response = response;
+-    for (int i = 10001; i < 10008; ++i) {
+-      set_time(i * 30);
+-      char buf[7];
+-      response = buf;
+-      sprintf(response, "%06d", compute_code(binary_secret,
+-                                             binary_secret_len, i));
+-      assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_SUCCESS);
+-      verify_prompts_shown(expected_good_prompts_shown);
+-    }
+-    set_time(10000 * 30);
+-    response = old_response;
+-    assert((fd = open(fn, O_RDONLY)) >= 0);
+-    char state_file_buf[4096] = { 0 };
+-    assert(read(fd, state_file_buf, sizeof(state_file_buf)-1) > 0);
+-    close(fd);
+-    const char *disallow = strstr(state_file_buf, "\" DISALLOW_REUSE ");
+-    assert(disallow);
+-    assert(!memcmp(disallow + 17,
+-                   "10002 10003 10004 10005 10006 10007\n", 36));
+-
+-    // Test the RATE_LIMIT option
+-    puts("Testing RATE_LIMIT option");
+-    assert(!chmod(fn, 0600));
+-    assert((fd = open(fn, O_APPEND | O_WRONLY)) >= 0);
+-    assert(write(fd, "\" RATE_LIMIT 4 120\n", 19) == 19);
+-    close(fd);
+-    for (int *tm  = (int []){ 20000, 20001, 20002, 20003, 20004, 20006, -1 },
+-             *res = (int []){ PAM_SUCCESS, PAM_SUCCESS, PAM_SUCCESS,
+-                              PAM_SUCCESS, PAM_AUTH_ERR, PAM_SUCCESS, -1 };
+-         *tm >= 0;) {
+-      set_time(*tm * 30);
+-      char buf[7];
+-      response = buf;
+-      sprintf(response, "%06d",
+-              compute_code(binary_secret, binary_secret_len, *tm++));
+-      assert(pam_sm_authenticate(NULL, 0, targc, targv) == *res);
+-      verify_prompts_shown(
+-          *res != PAM_SUCCESS ? 0 : expected_good_prompts_shown);
+-      ++res;
+-    }
+-    set_time(10000 * 30);
+-    response = old_response;
+-    assert(!chmod(fn, 0600));
+-    assert((fd = open(fn, O_RDWR)) >= 0);
+-    memset(state_file_buf, 0, sizeof(state_file_buf));
+-    assert(read(fd, state_file_buf, sizeof(state_file_buf)-1) > 0);
+-    const char *rate_limit = strstr(state_file_buf, "\" RATE_LIMIT ");
+-    assert(rate_limit);
+-    assert(!memcmp(rate_limit + 13,
+-                   "4 120 600060 600090 600120 600180\n", 35));
+-
+-    // Test trailing space in RATE_LIMIT. This is considered a file format
+-    // error.
+-    char *eol = strchr(rate_limit, '\n');
+-    *eol = ' ';
+-    assert(!lseek(fd, 0, SEEK_SET));
+-    assert(write(fd, state_file_buf, strlen(state_file_buf)) ==
+-           strlen(state_file_buf));
+-    close(fd);
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR);
+-    verify_prompts_shown(0);
+-    assert(!strncmp(get_error_msg(),
+-                    "Invalid list of timestamps in RATE_LIMIT", 40));
+-    *eol = '\n';
+-    assert(!chmod(fn, 0600));
+-    assert((fd = open(fn, O_WRONLY)) >= 0);
+-    assert(write(fd, state_file_buf, strlen(state_file_buf)) ==
+-           strlen(state_file_buf));
+-    close(fd);
+-
+-    // Test TIME_SKEW option
+-    puts("Testing TIME_SKEW");
+-    for (int i = 0; i < 4; ++i) {
+-      set_time((12000 + i)*30);
+-      char buf[7];
+-      response = buf;
+-      sprintf(response, "%06d",
+-              compute_code(binary_secret, binary_secret_len, 11000 + i));
+-      assert(pam_sm_authenticate(NULL, 0, targc, targv) ==
+-             (i >= 2 ? PAM_SUCCESS : PAM_AUTH_ERR));
+-      verify_prompts_shown(expected_good_prompts_shown);
+-    }
+-
+-    puts("Testing TIME_SKEW - noskewadj");
+-    set_time(12020 * 30);
+-    char buf[7];
+-    response = buf;
+-    sprintf(response, "%06d", compute_code(binary_secret,
+-                                           binary_secret_len, 11010));
+-    targv[targc] = "noskewadj";
+-    assert(pam_sm_authenticate(NULL, 0, targc+1, targv) == PAM_AUTH_ERR);
+-    targv[targc] = NULL;
+-    verify_prompts_shown(expected_bad_prompts_shown);
+-    set_time(10000*30);
+-
+-    // Test scratch codes
+-    puts("Testing scratch codes");
+-    response = "12345678";
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR);
+-    verify_prompts_shown(expected_bad_prompts_shown);
+-    assert(!chmod(fn, 0600));
+-    assert((fd = open(fn, O_APPEND | O_WRONLY)) >= 0);
+-    assert(write(fd, "12345678\n", 9) == 9);
+-    close(fd);
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_SUCCESS);
+-    verify_prompts_shown(expected_good_prompts_shown);
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR);
+-    verify_prompts_shown(expected_bad_prompts_shown);
+-
+-    // Set up secret file for counter-based codes.
+-    assert(!chmod(fn, 0600));
+-    assert((fd = open(fn, O_TRUNC | O_WRONLY)) >= 0);
+-    assert(write(fd, secret, sizeof(secret)-1) == sizeof(secret)-1);
+-    assert(write(fd, "\n\" HOTP_COUNTER 1\n", 18) == 18);
+-    close(fd);
+-
+-    response = "293240";
+-
+-    // Check if we can log in when using a valid verification code
+-    puts("Testing successful counter-based login");
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_SUCCESS);
+-    verify_prompts_shown(expected_good_prompts_shown);
+-
+-    // Verify that the hotp counter incremented
+-    assert((fd = open(fn, O_RDONLY)) >= 0);
+-    memset(state_file_buf, 0, sizeof(state_file_buf));
+-    assert(read(fd, state_file_buf, sizeof(state_file_buf)-1) > 0);
+-    close(fd);
+-    const char *hotp_counter = strstr(state_file_buf, "\" HOTP_COUNTER ");
+-    assert(hotp_counter);
+-    assert(!memcmp(hotp_counter + 15, "2\n", 2));
+-
+-    // Check if we can log in when using an invalid verification code
+-    // (including the same code a second time)
+-    puts("Testing failed counter-based login attempt");
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR);
+-    verify_prompts_shown(expected_bad_prompts_shown);
+-
+-    // Verify that the hotp counter incremented
+-    assert((fd = open(fn, O_RDONLY)) >= 0);
+-    memset(state_file_buf, 0, sizeof(state_file_buf));
+-    assert(read(fd, state_file_buf, sizeof(state_file_buf)-1) > 0);
+-    close(fd);
+-    hotp_counter = strstr(state_file_buf, "\" HOTP_COUNTER ");
+-    assert(hotp_counter);
+-    assert(!memcmp(hotp_counter + 15, "3\n", 2));
+-
+-    response = "932068";
+-
+-    // Check if we can log in using a future valid verification code (using
+-    // default window_size of 3)
+-    puts("Testing successful future counter-based login");
+-    assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_SUCCESS);
+-    verify_prompts_shown(expected_good_prompts_shown);
+-
+-    // Verify that the hotp counter incremented
+-    assert((fd = open(fn, O_RDONLY)) >= 0);
+-    memset(state_file_buf, 0, sizeof(state_file_buf));
+-    assert(read(fd, state_file_buf, sizeof(state_file_buf)-1) > 0);
+-    close(fd);
+-    hotp_counter = strstr(state_file_buf, "\" HOTP_COUNTER ");
+-    assert(hotp_counter);
+-    assert(!memcmp(hotp_counter + 15, "6\n", 2));
+-
+-    // Remove the temporarily created secret file
+-    unlink(fn);
+-
+     // Release memory for the test arguments
+     for (int i = 0; i < targc; ++i) {
+       free((void *)targv[i]);
+--
+2.24.1
diff --git a/sys-auth/google-authenticator/google-authenticator-1.08.ebuild b/sys-auth/google-authenticator/google-authenticator-1.08.ebuild
index a087b7c55504..27600a569c7e 100644
--- a/sys-auth/google-authenticator/google-authenticator-1.08.ebuild
+++ b/sys-auth/google-authenticator/google-authenticator-1.08.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -10,7 +10,7 @@ if [[ ${PV} == 9999 ]] ; then
 	inherit git-r3
 else
 	SRC_URI="https://github.com/google/google-authenticator-libpam/archive/${PV}.tar.gz -> ${P}.tar.gz"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
 	S="${WORKDIR}/google-authenticator-libpam-${PV}"
 fi
 
@@ -24,7 +24,7 @@ IUSE=""
 DEPEND="sys-libs/pam"
 RDEPEND="${DEPEND}"
 
-RESTRICT="test"
+PATCHES=( "${FILESDIR}/1.08-remove-failing-tests.patch" )
 
 src_prepare() {
 	default
diff --git a/sys-auth/google-authenticator/google-authenticator-9999.ebuild b/sys-auth/google-authenticator/google-authenticator-9999.ebuild
index a087b7c55504..27600a569c7e 100644
--- a/sys-auth/google-authenticator/google-authenticator-9999.ebuild
+++ b/sys-auth/google-authenticator/google-authenticator-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -10,7 +10,7 @@ if [[ ${PV} == 9999 ]] ; then
 	inherit git-r3
 else
 	SRC_URI="https://github.com/google/google-authenticator-libpam/archive/${PV}.tar.gz -> ${P}.tar.gz"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
 	S="${WORKDIR}/google-authenticator-libpam-${PV}"
 fi
 
@@ -24,7 +24,7 @@ IUSE=""
 DEPEND="sys-libs/pam"
 RDEPEND="${DEPEND}"
 
-RESTRICT="test"
+PATCHES=( "${FILESDIR}/1.08-remove-failing-tests.patch" )
 
 src_prepare() {
 	default
author	V3n3RiX <venerix@redcorelinux.org>	2020-04-12 03:41:30 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2020-04-12 03:41:30 +0100
commit	623ee73d661e5ed8475cb264511f683407d87365 (patch)
tree	993eb27c93ec7a2d2d19550300d888fc1fed9e69 /sys-auth/google-authenticator
parent	ceeeb463cc1eef97fd62eaee8bf2196ba04bc384 (diff)