gentoo resync : 19.03.2019

author: V3n3RiX <venerix@redcorelinux.org> 2019-03-19 11:37:34 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2019-03-19 11:37:34 +0000
commit: b7b97785ebbb2f11d24d14dab8b81ed274f4ce6a (patch)
tree: 9fd110f9fc996e8a4213eeda994a8c112491b86d /sys-auth
parent: 066d27181e9a797ad9f8fc43b49fc9a10ff2f707 (diff)
18 files changed, 292 insertions, 299 deletions
diff --git a/sys-auth/Manifest.gz b/sys-auth/Manifest.gz
index 2aa08f66d4f0..6efc23ecf962 100644
--- a/sys-auth/Manifest.gz
+++ b/sys-auth/Manifest.gz
diff --git a/sys-auth/elogind/Manifest b/sys-auth/elogind/Manifest
index fab321d50efb..69f2121a8501 100644
--- a/sys-auth/elogind/Manifest
+++ b/sys-auth/elogind/Manifest
@@ -1,9 +1,10 @@
 AUX elogind-238.1-docs.patch 793 BLAKE2B eb6683d5bf221459fb0ff0aab6f10f179769bcaf6a914f6b41f8526ee2075924f80cee1cd320aa7697d60bed24d5652e6bc8c02451a0da98c4b29cb8a73641ce SHA512 16503a616b511e4cf049260c34b1390844ce06b22a99e31813b11886d1dc12c90aa46b3dc67343b2a33df85923b5cd6116d7338ee9bd32f2d7a9be9db934ca74
 AUX elogind-239.3-broken-test.patch 593 BLAKE2B 16b67f89479d823609e44af141bb51790b2e06ae3e9f56977f2fc231fb5e5ac5419df6ad5c13b10650dc9b87f2470307f65619530d8e0f2be505a1a4344a1e31 SHA512 cebf306753beefc9ce5c62ca3c5afa332fac9757868f1b58664b2fb2ee1d39b38786362cf5c2f045b5f96bd9d10558bfcd1c787fc6eb9cfb61514807aeeb9208
+AUX elogind-241.1-docs.patch 855 BLAKE2B 08fc89a264ab0408c13caa059649a004b775ec2e75ca0561d658106c9947ee0f6b9594ede8a40eb0fb7d0d0454123411f7c408e4701b88d20e0c4042a84b6916 SHA512 9260d94e77512ab8dede225d01c56194b01a0140be66489991ec17f6e1d09f7ab9f9b2efa0205fe3c6c3dedcd2145d6b9eb6126aef047a02e228cd4270972124
 AUX elogind.conf.in 218 BLAKE2B 7ee0a72c4a628a233fdbb2d3104487859aaa7e5c4f2624e5a4eafb37ed90fb8f64349b1a8acc92e69ec618496bb7f6263b7a5d0fe15a1afe1c03f5955743f079 SHA512 2c62ab28d7db9cd52489069f80363159000385a25dd7f2afe5a03598a0b7a1f61af7c18df71f6286e72f5966e55b62a4029e30cb786dd813bb201b9e20adccd7
 AUX elogind.init 490 BLAKE2B 71c102f89a71a2963da50b153d8696a9480d81caa48e8422e7f39614e9bfb0b09037bc4dea202c3735e170140752429dd54747b99941d861453b4714dcb98819 SHA512 60fe1cb55ec0f605f06fb3744a0300accebfc14c4ecd24b7db2e8b0cb1537e816a4a4ccbc4b2eeac45e2f3ca8942dd10d24bdcd814cccbc2ceed198b2657238a
-DIST elogind-238.2.tar.gz 1075847 BLAKE2B 17e4d8ffabb65a210f34076223e502c9019a7fa639f6cc12b1c8a0e186d8a6e97f115cd68487c86470915a8208dead6830577d2da3ffd85ed2e12c3a699ef2c5 SHA512 c66dd514d7c708a1d1c52ac9f25f34af839c4d4ff452302b40eb95c040c1d3d8d238b4e35c33d81af71f6aac22c8793951d91d005e6595e02124edb976baf640
 DIST elogind-239.3.tar.gz 1171080 BLAKE2B 95d158a861641415f2c6ea3648bafd32ee3da80b0258e33fb7b88cf834f42c4d76b634af055f81dfba7c6477423edf73ad7c0d79e5e3608938e90a713bdff00e SHA512 61399f82d6a93d77e0984dc67b9c7ebdda27ba2254810be9725a09f91fde41c66adb53a5fe7989f53d6b156b70f147471c89fa64a432bccc482e8057a0cddf84
-EBUILD elogind-238.2.ebuild 3470 BLAKE2B 85e9183f674fc4d40f4c617b7387a07eb10ebfc191cc79d407b168d0d454867558b4950a9fe085291ae09328b4fb0dd76c482b504f24e18318326dd88c1c109f SHA512 264f2fd1f695a183f20e300a781cb740617812a0d907c06a4d1c8b6276504450379e7cc0ed8762d1caf615c0cbdd0ef10ae900e9b4900cbafe7abba15d1b234d
-EBUILD elogind-239.3.ebuild 3478 BLAKE2B a3f8900e94a71d05c306e4f88d408a9344c23b4405941850067294f43c36ea681407140227da297accf804c47875ef8d6a219d273b4f3f6b96ca7d3cbfaed804 SHA512 a8b4c390f88d667ce457d0c0263747caf50d2e5f91534462d71aad3a773602a7c1725ae786a1575fffc35b3638d7f382137fd50bfa4942612c4bbbc3e66117bd
+DIST elogind-241.1.tar.gz 1399094 BLAKE2B d445f4db98da88ece22c1a61e846d3be4eeb4bb76272c1cf895f50d32b6bb0bf471b9cbc5b4760730fa4cfb17db518feb9fceb951eb4e1a2b19f4decfde12b52 SHA512 1bc058da23a595e386b9472579cc9f8247375f5600a511a929a50011adab9a6a36c041c2ab71eb545098d4baf5e35b0231893bfecc1349730316a2b6bda69f11
+EBUILD elogind-239.3.ebuild 3485 BLAKE2B 6ec3cc5c468bb22a45df7f484d046daa271c70715116e06c7c5c6da92e7fa970676183f7400c224d7811ca8fda51b8307e768f9b987adc656f8cacf9c6316b79 SHA512 f12a8e550324d98e0fb0c87968370a5ccea04fcfc408e5aa030aec6ce888c1c1bafe5b835fda6a0877f979bd3962cd27639bad32dd192c015c478849d9917626
+EBUILD elogind-241.1.ebuild 3436 BLAKE2B 8f6d058e69224ba776d9832c23f484b3b4b3b68e7daf8bdde44c5193a1f13573778c689875e0870075c0d628c485da3c1a71179573b508f59045d5834e38cfb0 SHA512 3d30937f43993848a9fe8c8432922510f87ed7d01c8275194652e2bcae02b2eb6a7285617f8766f0bab3f24419fbf2b14cfde9f20b4cbc402c1ff21b910cb475
 MISC metadata.xml 379 BLAKE2B fc63654412fa4cb02122205ad53d29ed35153457c5dd5c5ab8fa3c3dbfcc7c00b2704220d4cb9040f8d6f794bbb9bd0f8cb9be80d410efb6cf85eeee8ce46503 SHA512 30be0eb7903ffb83d9e24fbcacc8db09c0f8cd7187df5f75b2c12fb5cfae1110d52f29aba502ea92af53df02451cc40e0f3789382f87a16bd281f06e9cad6c68
diff --git a/sys-auth/elogind/elogind-239.3.ebuild b/sys-auth/elogind/elogind-239.3.ebuild
index bfab1c2cf5a8..6be102becc32 100644
--- a/sys-auth/elogind/elogind-239.3.ebuild
+++ b/sys-auth/elogind/elogind-239.3.ebuild
@@ -11,7 +11,7 @@ SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
 
 LICENSE="CC0-1.0 LGPL-2.1+ public-domain"
 SLOT="0"
-KEYWORDS="amd64 ~arm x86"
+KEYWORDS="amd64 ~arm ~arm64 x86"
 IUSE="+acl debug doc +pam +policykit selinux"
 
 COMMON_DEPEND="
diff --git a/sys-auth/elogind/elogind-238.2.ebuild b/sys-auth/elogind/elogind-241.1.ebuild
index 8717f7ddfe87..7e8c5b8fa20f 100644
--- a/sys-auth/elogind/elogind-238.2.ebuild
+++ b/sys-auth/elogind/elogind-241.1.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI=7
 
 inherit linux-info meson pam udev xdg-utils
 
@@ -11,7 +11,7 @@ SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
 
 LICENSE="CC0-1.0 LGPL-2.1+ public-domain"
 SLOT="0"
-KEYWORDS="amd64 ~arm x86"
+KEYWORDS="~amd64 ~arm ~arm64 ~x86"
 IUSE="+acl debug doc +pam +policykit selinux"
 
 COMMON_DEPEND="
@@ -41,7 +41,9 @@ PDEPEND="
 
 DOCS=( src/libelogind/sd-bus/GVARIANT-SERIALIZATION )
 
-PATCHES=( "${FILESDIR}/${PN}-238.1-docs.patch" )
+PATCHES=(
+	"${FILESDIR}/${PN}-241.1-docs.patch"
+)
 
 pkg_setup() {
 	local CONFIG_CHECK="~CGROUPS ~EPOLL ~INOTIFY_USER ~SIGNALFD ~TIMERFD"
@@ -80,7 +82,6 @@ src_configure() {
 		-Ddefault-hierarchy=${cgroupmode}
 		-Ddefault-kill-user-processes=false
 		-Dacl=$(usex acl true false)
-		-Ddebug-extra=$(usex debug elogind false)
 		--buildtype $(usex debug debug release)
 		-Dhtml=$(usex doc auto false)
 		-Dpam=$(usex pam true false)
diff --git a/sys-auth/elogind/files/elogind-241.1-docs.patch b/sys-auth/elogind/files/elogind-241.1-docs.patch
new file mode 100644
index 000000000000..2e53c498a480
--- /dev/null
+++ b/sys-auth/elogind/files/elogind-241.1-docs.patch
@@ -0,0 +1,24 @@
+--- a/meson.build	2019-02-22 19:22:44.395082783 +0100
++++ b/meson.build	2019-02-22 19:22:49.707082657 +0100
+@@ -3311,20 +3311,7 @@
+ # install_data('modprobe.d/systemd.conf',
+ #              install_dir : modprobedir)
+ #endif // 0
+-install_data('LICENSE.GPL2',
+-             'LICENSE.LGPL2.1',
+-             'NEWS',
+-             'README',
+-             'docs/CODING_STYLE.md',
+-#if 0 /// irrelevant for elogind
+-#              'docs/DISTRO_PORTING.md',
+-#              'docs/ENVIRONMENT.md',
+-#              'docs/HACKING.md',
+-#              'docs/TRANSIENT-SETTINGS.md',
+-#              'docs/TRANSLATORS.md',
+-#              'docs/UIDS-GIDS.md',
+-#endif // 0
+-             'src/libelogind/sd-bus/GVARIANT-SERIALIZATION',
++install_data('src/libelogind/sd-bus/GVARIANT-SERIALIZATION',
+              install_dir : docdir)
+ 
+ #if 0 /// UNNEEDED by elogind
diff --git a/sys-auth/munge/Manifest b/sys-auth/munge/Manifest
index 88cd89bdadd2..144570ba5682 100644
--- a/sys-auth/munge/Manifest
+++ b/sys-auth/munge/Manifest
@@ -1,4 +1,3 @@
-AUX fixed-recursive-use-of-make-in-makefiles.patch 4543 BLAKE2B 0c161e41a2097e2749697c40e85be5d36299f64e6c99cf0f6fe5841dcef5f16178608fc97e473e68843ae7b5e8e4352de23260a413d2e42e6e2ee8f9b511d668 SHA512 40b4a1c63283be83ed8355af31478e03f1aaf5de5e1c0fc2670e42a970a4097ff33e8885edcbea0e2ddd08ebc9a4f682a2df6f60a881eb1140c362d0e024bf4e
 AUX munged.confd 410 BLAKE2B e220ad22fc0367a9ec7766e768aac8907b34edaf5bfb00593e88dc5ce6f47cddae2df0cf1c7dd8a57ec3e644f1e489a5bae538992ce3fef191750e0ef1e7ff6d SHA512 571e9d1862be1e0389e1a45685853a1819f44cd7a89188223099703268f788f3097f8ee4e8abf36f30bb5fe81e7c57a9ec7981867b3528a37e63eb11f5b2e232
 AUX munged.initd 1127 BLAKE2B b0d43fe3f0c0354fc0935a0e3e3e0bf28770e5cba8b900c6bed7cf08cb57b742e71cba7adc7440c8564f6db208f6ef09ab4fe50a4381fb8988b4fed815d71cf3 SHA512 fc49ba42cc2b538fdbbd93f7422359d1410b4124e11afca7db0511da980360be14cf49aee829ed1f5762ad4723c68090088638c36d76b040fcafda063394adf2
 DIST munge-0.5.10.tar.bz2 424285 BLAKE2B 07c6423ba799400e9a99e3f33a7dee61ed35b8caa8b290f7da5ffc1e7fbdc37ad985d10101b9a18ccae4ca4274c44999549f9754b0e782cda98976b5f15e3f30 SHA512 b1b780d205d6cfbadfe6096156840d559c70de5b0023cbd604acfc29e1135036c98a949981d5c022e994c77213ee3d8d70e8fe825b645b030ad1adef92ed9479
diff --git a/sys-auth/munge/files/fixed-recursive-use-of-make-in-makefiles.patch b/sys-auth/munge/files/fixed-recursive-use-of-make-in-makefiles.patch
deleted file mode 100644
index 1810abc91f4a..000000000000
--- a/sys-auth/munge/files/fixed-recursive-use-of-make-in-makefiles.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From 5634ce9890da48f9ea88feece856361ce8f1563c Mon Sep 17 00:00:00 2001
-From: Brendan Horan <brendan@horan.hk>
-Date: Tue, 23 Jun 2015 09:32:31 +0800
-Subject: [PATCH] Fixed recursive use of make in makefiles [ make -> $(MAKE) ]
-
----
- Makefile.in                | 2 +-
- config/Make-inc.mk         | 2 +-
- src/Makefile.in            | 2 +-
- src/etc/Makefile.in        | 2 +-
- src/libcommon/Makefile.in  | 2 +-
- src/libmissing/Makefile.in | 2 +-
- src/libmunge/Makefile.in   | 2 +-
- src/munge/Makefile.in      | 2 +-
- src/munged/Makefile.in     | 2 +-
- 9 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 8b8ca76..df53ff1 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -830,7 +830,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
- $(top_builddir)/src/libmissing/libmissing.la \
- $(top_builddir)/src/libmunge/libmunge.la \
- : force-dependency-check
--	@cd `dirname $@` && make `basename $@`
-+	@cd `dirname $@` && $(MAKE) `basename $@`
- 
- force-dependency-check:
- 
-diff --git a/config/Make-inc.mk b/config/Make-inc.mk
-index 03a9622..edffea1 100644
---- a/config/Make-inc.mk
-+++ b/config/Make-inc.mk
-@@ -31,7 +31,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
- $(top_builddir)/src/libmissing/libmissing.la \
- $(top_builddir)/src/libmunge/libmunge.la \
- : force-dependency-check
--	@cd `dirname $@` && make `basename $@`
-+	@cd `dirname $@` && $(MAKE) `basename $@`
- 
- force-dependency-check:
- 
-diff --git a/src/Makefile.in b/src/Makefile.in
-index c89ec9c..38c32da 100644
---- a/src/Makefile.in
-+++ b/src/Makefile.in
-@@ -648,7 +648,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
- $(top_builddir)/src/libmissing/libmissing.la \
- $(top_builddir)/src/libmunge/libmunge.la \
- : force-dependency-check
--	@cd `dirname $@` && make `basename $@`
-+	@cd `dirname $@` && $(MAKE) `basename $@`
- 
- force-dependency-check:
- 
-diff --git a/src/etc/Makefile.in b/src/etc/Makefile.in
-index ffd41a0..d1eed84 100644
---- a/src/etc/Makefile.in
-+++ b/src/etc/Makefile.in
-@@ -451,7 +451,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
- $(top_builddir)/src/libmissing/libmissing.la \
- $(top_builddir)/src/libmunge/libmunge.la \
- : force-dependency-check
--	@cd `dirname $@` && make `basename $@`
-+	@cd `dirname $@` && $(MAKE) `basename $@`
- 
- force-dependency-check:
- 
-diff --git a/src/libcommon/Makefile.in b/src/libcommon/Makefile.in
-index 45419a8..8512b74 100644
---- a/src/libcommon/Makefile.in
-+++ b/src/libcommon/Makefile.in
-@@ -683,7 +683,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
- $(top_builddir)/src/libmissing/libmissing.la \
- $(top_builddir)/src/libmunge/libmunge.la \
- : force-dependency-check
--	@cd `dirname $@` && make `basename $@`
-+	@cd `dirname $@` && $(MAKE) `basename $@`
- 
- force-dependency-check:
- 
-diff --git a/src/libmissing/Makefile.in b/src/libmissing/Makefile.in
-index 10b1a78..187f4b3 100644
---- a/src/libmissing/Makefile.in
-+++ b/src/libmissing/Makefile.in
-@@ -572,7 +572,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
- $(top_builddir)/src/libmissing/libmissing.la \
- $(top_builddir)/src/libmunge/libmunge.la \
- : force-dependency-check
--	@cd `dirname $@` && make `basename $@`
-+	@cd `dirname $@` && $(MAKE) `basename $@`
- 
- force-dependency-check:
- 
-diff --git a/src/libmunge/Makefile.in b/src/libmunge/Makefile.in
-index 69dc54f..ab21fdc 100644
---- a/src/libmunge/Makefile.in
-+++ b/src/libmunge/Makefile.in
-@@ -752,7 +752,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
- $(top_builddir)/src/libmissing/libmissing.la \
- $(top_builddir)/src/libmunge/libmunge.la \
- : force-dependency-check
--	@cd `dirname $@` && make `basename $@`
-+	@cd `dirname $@` && $(MAKE) `basename $@`
- 
- force-dependency-check:
- 
-diff --git a/src/munge/Makefile.in b/src/munge/Makefile.in
-index f411d7e..411ec3b 100644
---- a/src/munge/Makefile.in
-+++ b/src/munge/Makefile.in
-@@ -752,7 +752,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
- $(top_builddir)/src/libmissing/libmissing.la \
- $(top_builddir)/src/libmunge/libmunge.la \
- : force-dependency-check
--	@cd `dirname $@` && make `basename $@`
-+	@cd `dirname $@` && $(MAKE) `basename $@`
- 
- force-dependency-check:
- 
-diff --git a/src/munged/Makefile.in b/src/munged/Makefile.in
-index c14fd0b..5112da3 100644
---- a/src/munged/Makefile.in
-+++ b/src/munged/Makefile.in
-@@ -1243,7 +1243,7 @@ $(top_builddir)/src/libcommon/libcommon.la \
- $(top_builddir)/src/libmissing/libmissing.la \
- $(top_builddir)/src/libmunge/libmunge.la \
- : force-dependency-check
--	@cd `dirname $@` && make `basename $@`
-+	@cd `dirname $@` && $(MAKE) `basename $@`
- 
- force-dependency-check:
- 
diff --git a/sys-auth/pam_u2f/Manifest b/sys-auth/pam_u2f/Manifest
index ae6cf7c57a47..cbbc55657356 100644
--- a/sys-auth/pam_u2f/Manifest
+++ b/sys-auth/pam_u2f/Manifest
@@ -4,5 +4,5 @@ DIST pam_u2f-1.0.6.tar.gz 375181 BLAKE2B eac1457cbfd7951fd617ea0cff4220d6e5fe6f3
 DIST pam_u2f-1.0.7.tar.gz 378513 BLAKE2B a5b48e7ed36052a517941bc4af2c88a9d66e0a911620832a9c6256b294b1fe291860f2d481db32ab9fdf6a4deebb8dd0c31de97ac52ff2411d707679d7a997d1 SHA512 5b8fe116782684e5da395a4923b4c300b0d4b6d9e297c8de5cc4ca2ed633fda30cdbc4ae6bbb8a582faf8068dbed13048a2b2f742ebe9eea208fbb7a407caf0a
 EBUILD pam_u2f-1.0.4-r1.ebuild 723 BLAKE2B 281e48b2a7dea48ccdcda12467859ac4d210f2d906034b0dfde7bb6bf35cf1602bbea3fe5b07de8c0b42586379b65e65d1272346aac7259d36e03e08ec6004ab SHA512 7e2e2f36f1983a9976e07b22b06f996f8ee476d00b120a7c958e833b1af55527a0f5490a4ab2836a9dae1cde4e63e1f37df4452d0ebdd8cdf585c74b8e720ec9
 EBUILD pam_u2f-1.0.6.ebuild 725 BLAKE2B 327461714876908d6c89f7007404510645092a3ec501c68bba967690a945fc895c0f30f99592ba94d744d948f307291438bab4d297935066180ffd216db238c1 SHA512 05ef485b7007c6c742043cb9a58b1c90fc87b3a3a0dcfcaebaf5fec6305e4e51a39b42bf85c287d560ff3116757ec34be883b32beb92363379f62720cf9a13c9
-EBUILD pam_u2f-1.0.7.ebuild 725 BLAKE2B 327461714876908d6c89f7007404510645092a3ec501c68bba967690a945fc895c0f30f99592ba94d744d948f307291438bab4d297935066180ffd216db238c1 SHA512 05ef485b7007c6c742043cb9a58b1c90fc87b3a3a0dcfcaebaf5fec6305e4e51a39b42bf85c287d560ff3116757ec34be883b32beb92363379f62720cf9a13c9
+EBUILD pam_u2f-1.0.7.ebuild 721 BLAKE2B 58a73ef046bcbd41c2faf9526ec0d01bcd450b9fd3c8de5ef51c029103f1b51ce0bfdafbeed51be129549d48f82f6b58c3f6f7eb25f9c5bde42e0ac0a02fded6 SHA512 e59b92a65229e89aaa8fa35307a21390be2217cdc0b856ca9728fd513fcc3167b8d59059c9e9478a45dbcc1ec89f0af7255d923a5dc5877652495f632bc3b419
 MISC metadata.xml 714 BLAKE2B 8694b13d8ec22eb56c2bf5637f0ef83c5adf369025aeec8f4512a79914cc00e43620d6db1d95361199c7861a41afd2f1c215758e84584af7d6fdeb7d00619101 SHA512 a59a8b6a51c50c63495eecf712d3a5c9f60b0a94d78a6d2a12d789eb334d77bc80b00de3c2368cbc3cc684c359085af71153f09d0ce5f9cf4f74be77fdc09277
diff --git a/sys-auth/pam_u2f/pam_u2f-1.0.7.ebuild b/sys-auth/pam_u2f/pam_u2f-1.0.7.ebuild
index c90ab12d94dd..32d7170e68de 100644
--- a/sys-auth/pam_u2f/pam_u2f-1.0.7.ebuild
+++ b/sys-auth/pam_u2f/pam_u2f-1.0.7.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -11,7 +11,7 @@ SRC_URI="https://developers.yubico.com/${PN/_/-}/Releases/${P}.tar.gz"
 
 LICENSE="BSD"
 SLOT="0"
-KEYWORDS="~amd64 ~x86"
+KEYWORDS="amd64 ~x86"
 IUSE="debug"
 
 RDEPEND="
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 2200030ceadc..640f4156a821 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -6,4 +6,5 @@ DIST polkit-0.115.tar.gz 1550932 BLAKE2B 3185ebed46209f88a9ffccbbcaf1bf180d1ae6d
 EBUILD polkit-0.113-r4.ebuild 3471 BLAKE2B 521e37d8ac00c3dfaed2f31e5aaedfec1e11b3ffd629e362b310c91b134642538fbea7fe2f9280ca21cd5bf1136b3142781e589660b08d1f1d2a8102a01e2bea SHA512 86ec712423c855648a56e998f8c77d37f24d3e9efe0898c8acc4a9e5ac09eb1cc5135f997c5a8dfa06bde4153f734d1bdbf44425eb004be4fb74df258a443a63
 EBUILD polkit-0.115-r1.ebuild 3470 BLAKE2B e3b4028f4fdf524834395990f2bb3e2688ca6c75744bc60d19d443d7c0789beef23ba7a634129bbe1cdd8ae7db1a030977a901fb7a1ca376fc773d36cff9560e SHA512 7114d38dc204eb8c4036837b388fa05294400963beaec71dbf178663bada70ba90d50714a792d596f190aa85c40930f65091dce97a1a34a627b3ca4fff31d331
 EBUILD polkit-0.115-r2.ebuild 3513 BLAKE2B a15953a542bfdee5bc3b774c05f1e9df9908266b006262a8f8c78c4d02bb755adf86ad7cb70e13306a2b0a8039f0c22ab7d5b0586f31405608b81b66e9cd90ab SHA512 ea5f3de2e0ff002601dc48ce412b2722cdb0aa360933ceb46f783c4fc1fdcf54b3d0fcf444b1bd5141434753e341acff44a5d6418fab1136192708c91321a52a
+EBUILD polkit-0.115-r3.ebuild 3530 BLAKE2B 9589254a81c6ff58fdc34d474c1ea1c059a8afeb3a36fa7ed51c737656f6d5c8f307776f3dfcf7f94363e21d04b723c7645cde67aa6ca26530a8aba93d96be9d SHA512 8c76dd7d324ef6e87a8ebe0922e3f284cc9cd5f7f11f0c98aeecfcdff00b3e28dc51ee46edaee4588205d648e6188fd013974981c78f86639a51eab35f5d1dd5
 MISC metadata.xml 493 BLAKE2B bbf2a4e83d0882480d0f2ba8b18ef439b234bd82538546d04753d63fa828f6b111afb78846c1a03f4aa93f89e6fd0a6a828c7908574a740c9c6880252a84e98d SHA512 9c7b199d1a3b1193beb4d01e52d5e90d81821aa6df6785482da7ee37c0ca777c12095f160bc997c77d0089429c2e338cf75d0a46836416736178cd661ffa80f5
diff --git a/sys-auth/polkit/polkit-0.115-r3.ebuild b/sys-auth/polkit/polkit-0.115-r3.ebuild
new file mode 100644
index 000000000000..ab8043864f71
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.115-r3.ebuild
@@ -0,0 +1,142 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools pam pax-utils systemd user xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+
+REQUIRED_USE="?? ( elogind systemd )"
+
+CDEPEND="
+	dev-lang/spidermonkey:52[-debug]
+	dev-libs/glib:2
+	dev-libs/expat
+	elogind? ( sys-auth/elogind )
+	introspection? ( dev-libs/gobject-introspection )
+	pam? (
+		sys-auth/pambase
+		virtual/pam
+	)
+	systemd? ( sys-apps/systemd:0=[policykit] )
+"
+DEPEND="${CDEPEND}
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/docbook-xsl-stylesheets
+	dev-libs/gobject-introspection-common
+	dev-libs/libxslt
+	dev-util/glib-utils
+	dev-util/gtk-doc-am
+	dev-util/intltool
+	sys-devel/gettext
+	virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+	gtk? ( || (
+		>=gnome-extra/polkit-gnome-0.105
+		>=lxde-base/lxsession-0.5.2
+	) )
+	kde? ( kde-plasma/polkit-kde-agent )
+	!systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+	# bug 660880
+	"${FILESDIR}"/polkit-0.115-elogind.patch
+	"${FILESDIR}"/CVE-2018-19788.patch
+)
+
+QA_MULTILIB_PATHS="
+	usr/lib/polkit-1/polkit-agent-helper-1
+	usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+	local u=polkitd
+	local g=polkitd
+	local h=/var/lib/polkit-1
+
+	enewgroup ${g}
+	enewuser ${u} -1 -1 ${h} ${g}
+	esethome ${u} ${h}
+}
+
+src_prepare() {
+	default
+
+	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+	# Workaround upstream hack around standard gtk-doc behavior, bug #552170
+	sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+		-e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+		-e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+		docs/polkit/Makefile.in || die
+
+	# disable broken test - bug #624022
+	sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+	# Fix cross-building, bug #590764, elogind patch, bug #598615
+	eautoreconf
+}
+
+src_configure() {
+	xdg_environment_reset
+
+	local myeconfargs=(
+		--localstatedir="${EPREFIX}"/var
+		--disable-static
+		--enable-man-pages
+		--disable-gtk-doc
+		--disable-examples
+		$(use_enable elogind libelogind)
+		$(use_enable introspection)
+		$(use_enable nls)
+		$(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+		--with-authfw=$(usex pam pam shadow)
+		$(use_enable systemd libsystemd-login)
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+		$(use_enable test)
+		--with-os-type=gentoo
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
+	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+	default
+
+	fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+	diropts -m0700 -o polkitd -g polkitd
+	keepdir /var/lib/polkit-1
+
+	if use examples; then
+		insinto /usr/share/doc/${PF}/examples
+		doins src/examples/{*.c,*.policy*}
+	fi
+
+	find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+	chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}
diff --git a/sys-auth/ssh-ldap-pubkey/Manifest b/sys-auth/ssh-ldap-pubkey/Manifest
index f079fc30080e..d13b066fbeb6 100644
--- a/sys-auth/ssh-ldap-pubkey/Manifest
+++ b/sys-auth/ssh-ldap-pubkey/Manifest
@@ -1,7 +1,5 @@
 DIST ssh-ldap-pubkey-1.3.0.tar.gz 14530 BLAKE2B 1de6913e4abb25d441731b3c36b64361f5fa8900c289b1f4ef58776ab0018414d20b4b24716833e1e27e5dc18079ec77c283bab88879e3fb719fc9ad054267ea SHA512 0c675b0bf68ccecdabda5f4f559772fd0d34151794c2a3855e063befffe9777ceb79e99b5649f15e5bd0c4ea40c22f734d1748a8053d49bffea58077b72efe16
 DIST ssh-ldap-pubkey-130478a7532a8d3dfb0c8e3fbeac494908b8ec55.patch 1494 BLAKE2B 3fb89340d8177db79396b13615437aa921ecc2d21b8ca5c918587bb07f9fb53bc8f356c50c57269b1ffe04995033815d7632ff060485d4c29d34dc7805227533 SHA512 dfc137b6fb2bc0aea698b23ea462de2bd00503b9b21f022b77b28d51020758730ea4017b890e298616beb198816489862830d4dda7cae5114572523ad6289472
 DIST ssh-ldap-pubkey-8d718357dfa5a62f919e61cf620a862cae87e833.patch 2215 BLAKE2B abeaa5a364cd98050fd8abb1019cc203b72e96baa4c3704c7aac6cadc07d999defa2333f6ca4f6793dd0e758b08ab198135c65d100f5f91eba6273c07dd20250 SHA512 85136608352fb35ede70eff8522e09167e48eed5c99a87756ea8b3f641de0dc169bf066d0c21a28fc35c41337372803d97bd37ca8bad1dbafb92464086fe3a63
-EBUILD ssh-ldap-pubkey-1.3.0-r1.ebuild 1722 BLAKE2B 129ad9685a52dd105e4b5a9d094dd53e9ff8463733eb09d9502df3612ca57828d5f2b064a7f78ec5114c18e029164c7fb4e19dbaa98c2add08e83cf9a297bca9 SHA512 c3ede48191ff78e1b8a3070b9a97ee0fa1c387c5f88f52e8396b44280baf6189e4475f4886916daf81a4fb7e58975acdcd0e521b048229d8477e2be595c2075f
 EBUILD ssh-ldap-pubkey-1.3.0-r2.ebuild 2225 BLAKE2B 21c534dca60954ad558297aa3c90fb655c09df98f196ef10baabbb7cc710437337fde7c8b32f47960d3c76532f010870970c8f6b5cfd953192a191b2acd8d922 SHA512 b8f30adb9fd1169563ca674e8c9717c788f4949fb55da2701c4871671bce10c1fb6ec99f15acc773949c243697521383a85e739cedb8440f116a0bc0d9209067
-EBUILD ssh-ldap-pubkey-1.3.0.ebuild 1592 BLAKE2B 0f9e074a466098a493740e3476e05425b223db18e47c6407429243952f2e794fc465cfd2dbb08a0b39861207bbc5c99c7c91b000c7839ce2eaba59b1be22729d SHA512 d9652275517dec7a8df0bd19401c128c7440112e01ff45f58f1afe953a4f60b245fd1d51f604e872024c9cad3c6c9b380ec5d06c3c28a2351f298453c8500d63
 MISC metadata.xml 523 BLAKE2B 0a9308f1acc865d1150c5d1f7275ab7d213965be821936aadc1e92b6a0ca0f3ba90a8e4b28a1683b182fe1d540991ff032407e641ce0ea4b4f8511a880e74d99 SHA512 f9db947dfb435f981350a30cd8d6d9163b9b5067f610eae87f17c85d6a123a2dd620aa06d1a290ed148321d68c37877662885b07b5af15fce3f13d0afbba67dc
diff --git a/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.3.0-r1.ebuild b/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.3.0-r1.ebuild
deleted file mode 100644
index fb9c5709b98d..000000000000
--- a/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.3.0-r1.ebuild
+++ /dev/null
@@ -1,71 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
-inherit distutils-r1
-
-DESCRIPTION="Utility to manage SSH public keys stored in LDAP"
-HOMEPAGE="https://github.com/jirutka/ssh-ldap-pubkey"
-
-if [[ ${PV} == "9999" ]]; then
-	EGIT_REPO_URI="https://github.com/jirutka/${PN}/${PN}.git"
-
-	inherit git-r3
-else
-	SRC_URI="https://github.com/jirutka/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-	KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~x86"
-fi
-
-LICENSE="MIT"
-SLOT="0"
-IUSE="schema test"
-RESTRICT="!test? ( test )"
-
-MY_CDEPEND="
-	dev-python/docopt[${PYTHON_USEDEP}]
-	>=dev-python/python-ldap-3.0[${PYTHON_USEDEP}]
-	virtual/logger"
-
-DEPEND="
-	${MY_CDEPEND}
-	dev-python/setuptools[${PYTHON_USEDEP}]
-	test? (
-		dev-python/pytest[${PYTHON_USEDEP}]
-		dev-python/pytest-describe[${PYTHON_USEDEP}]
-		dev-python/pytest-mock[${PYTHON_USEDEP}]
-	)"
-
-# We need to block previous net-misc/openssh packages
-# to avoid file collision on "/etc/openldap/schema/openssh-lpk.schema"
-RDEPEND="${MY_CDEPEND}
-	schema? ( !net-misc/openssh[ldap] )"
-
-DOCS=( README.md CHANGELOG.adoc )
-
-src_prepare() {
-	sed -i -e 's/pyldap/python-ldap >= 3.0/' setup.py || die
-	distutils-r1_src_prepare
-}
-
-python_test() {
-	pytest -vv || die "Tests failed under ${EPYTHON}"
-}
-
-python_install_all() {
-	distutils-r1_python_install_all
-
-	if use schema; then
-		insinto /etc/openldap/schema
-		doins etc/openssh-lpk.schema
-	fi
-
-	local MY_DOCDIR="/usr/share/doc/${PF}/examples"
-	insinto "${MY_DOCDIR}"
-	doins etc/ldap.conf
-
-	# We don't want to compress this small file to allow user
-	# to diff configuration against upstream's default
-	docompress -x "${MY_DOCDIR}"
-}
diff --git a/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.3.0.ebuild b/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.3.0.ebuild
deleted file mode 100644
index 7d04c5fd3009..000000000000
--- a/sys-auth/ssh-ldap-pubkey/ssh-ldap-pubkey-1.3.0.ebuild
+++ /dev/null
@@ -1,66 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
-inherit distutils-r1
-
-DESCRIPTION="Utility to manage SSH public keys stored in LDAP"
-HOMEPAGE="https://github.com/jirutka/ssh-ldap-pubkey"
-
-if [[ ${PV} == "9999" ]]; then
-	EGIT_REPO_URI="https://github.com/jirutka/${PN}/${PN}.git"
-
-	inherit git-r3
-else
-	SRC_URI="https://github.com/jirutka/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-	KEYWORDS="~alpha ~amd64 ~ppc64 ~x86"
-fi
-
-LICENSE="MIT"
-SLOT="0"
-IUSE="schema test"
-RESTRICT="!test? ( test )"
-
-MY_CDEPEND="
-	dev-python/docopt[${PYTHON_USEDEP}]
-	dev-python/pyldap[${PYTHON_USEDEP}]
-	virtual/logger"
-
-DEPEND="
-	${MY_CDEPEND}
-	dev-python/setuptools[${PYTHON_USEDEP}]
-	test? (
-		dev-python/pytest[${PYTHON_USEDEP}]
-		dev-python/pytest-describe[${PYTHON_USEDEP}]
-		dev-python/pytest-mock[${PYTHON_USEDEP}]
-	)"
-
-# We need to block previous net-misc/openssh packages
-# to avoid file collision on "/etc/openldap/schema/openssh-lpk.schema"
-RDEPEND="${MY_CDEPEND}
-	schema? ( !net-misc/openssh[ldap] )"
-
-DOCS=( README.md CHANGELOG.adoc )
-
-python_test() {
-	pytest -vv || die "Tests failed under ${EPYTHON}"
-}
-
-python_install_all() {
-	distutils-r1_python_install_all
-
-	if use schema; then
-		insinto /etc/openldap/schema
-		doins etc/openssh-lpk.schema
-	fi
-
-	local MY_DOCDIR="/usr/share/doc/${PF}/examples"
-	insinto "${MY_DOCDIR}"
-	doins etc/ldap.conf
-
-	# We don't want to compress this small file to allow user
-	# to diff configuration against upstream's default
-	docompress -x "${MY_DOCDIR}"
-}
diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest
index 9466fb6269e0..d3ecad02c4a2 100644
--- a/sys-auth/sssd/Manifest
+++ b/sys-auth/sssd/Manifest
@@ -1,9 +1,10 @@
 AUX sssd 489 BLAKE2B 552ffc9c5053e6de3e4d59ae50cbd95ae44460f51d7f753d9792eefb10507225a32beb91c1a47adf0ddbffff339a245f09c260738a781d05a0a955b8bf283148 SHA512 eab8d42d0188e55a18803b738af77c1969bf7c4b59503ee99975d4739e3c532c300e394a393327b7b98254672c1c2b0b15f81c9c27479e7cbbfb4995ab12b43e
 AUX sssd-curl-macros.patch 1104 BLAKE2B c03179ab4d608988316224b184c6bc349230e4ee4b79b866615ceb76f091cc28a667f09a591a8b3b98655d1f6160d2e49a4df4177e616d27e7f1e50d465642dc SHA512 77b311c7a8101e5facf046d08deb7a7d363ef6e393fa44feddf82e1398dede44aa3ac57555c10496b5ba1ca370f0f6370ba8c7cd1ae80a3b2657c3e3f9fbb063
+AUX sssd-fix-CVE-2019-3811.patch 3745 BLAKE2B c09dcdd2d4f698771e099c1aca008a42833375b0d723348ead780f84ce3491b54b7a9266b83c5c7e481ec997f69662bd45e33520a0b1ec37b93a8ef800093985 SHA512 b9d95fb9515e367dd7d645778f330a5c7c7fadb9c49ddbbcd78aee18c5918d0bb8e45735c508bf1f574307afc6076a34c420cacb7963b70333e0f678ff3864b6
 AUX sssd.conf 124 BLAKE2B b6f9c016a014510f97b036d23d5f50e1e13085220fe82b0e6ef7a3ceeb114e59af935f39e66e4ad60a46f43983930e5d381b16b0ed31ba4349abe38c4b509367 SHA512 f16908c44b213edbf6b0c6e8d49df92e8c06fc623279037074fe51e49b8aca7dc18f5ed83f71909fc8209df80dfc150583edb1687f88e61588bdf9d1fbf6ed5a
 AUX sssd.service 341 BLAKE2B 0cffcd43786633aa8e5bb42c54741cba676021c5a07554b08499504f8f630ff821ff334a21e2a4f9ae2d77d70d969018dd5a85d11b12bb31235a0ffcda4105c8 SHA512 99510d11f390722f56bc164059033fc40299dd4ea29f98cd5f08b2648f31b2e70afeb6b2d90f919bde595546c80b4e6941cf6f48130661ead09c0576043e4cf5
 DIST sssd-1.16.3.tar.gz 6217114 BLAKE2B eefaf8de466d0d76e9a4b60aefef6eb63c17a55b9a1f2e07e973a61d71cbe5432e92357656a1eb353d45bbc2fa92290cef45898d0b315d4a4c4074652ff25a23 SHA512 6165923f652f624bbe3ddc625ae682c4867eb7a20652d0cf74bbb8dda2307c917d3189ede26fd21a4fb5fd5926149271a65fa09f3affe928029ed99e6422b728
-DIST sssd-2.0.0.tar.gz 6263376 BLAKE2B 9785710d62485a1168749bf9a2989999f721e390356e599092f3274b6d7029af1f7d4c0a1b2b09d0d55233fd30cc661d4ad5bf9ca6ca53c75151dd1dab7515c5 SHA512 affeb0799d8a4fcbcb4b2ed7925b397ae6ba0e2982c5603e98636b765d3820a3b29ac58b0771e5cc00c752512f091ae4fd271d441544147a0570d3c14b535701
-EBUILD sssd-1.16.3-r1.ebuild 6199 BLAKE2B 56c981f72b3a45b10fc68059d073704ca3f04a8a0d2915a0912778e0482eb61fedc9f13916b401f43bdb6ce7e990c2392c2b5b6cde935305e0176b24f72da687 SHA512 47f0b7ec34fa27c340e947764c3b2e7b9b3b2740a56f8c9be09fbbc2d52c76ec4c12db731de89698f0475becc384a07288d2786ffc863b811f7ceb64966ef798
-EBUILD sssd-2.0.0-r1.ebuild 6201 BLAKE2B ce17198d255a390e7182be57019a01d47e26ecd17e9429324b318d6ca9f0553002decd8282186785d7c84cc84a2e3e36ff4901e8d549e84d23b212371a76c973 SHA512 4fe06340622cedd8031f56775340ad43933c2fd26b089d219e083d0e1b9d0b8115986662f487cf9ff1050d43bad2de52c1196786e399fc3a833ba3dbd60f45c4
+DIST sssd-2.1.0.tar.gz 6463331 BLAKE2B 9226370dc384c58841d944bdf9b067d953bf138ee7a289f01a4b8bb5d09beee3b9f21609989123d8f4f9fc13237670d61e32dcb194555ddc6785c598ce78d08c SHA512 12a7e5b89d462350af3c43e15b24a437dd985ac4a2e419d5e52cc0d05c6eacb9319d39b23681595ef860120cd1ae6e5fb265054afeddcb05d3d5f5de5d6ffa63
+EBUILD sssd-1.16.3-r2.ebuild 6293 BLAKE2B a119a5c17f85303865c1932de2b7d3c5acebba684f46a01dae4a8e7a12d5edaabe49ea56024d2beedf6ed6f76be4407ac2c70049a547844af5e8d05cba364171 SHA512 51f4d5164cee659555005c9714553066d3656b71cd7ab37d36309c7f5e80419bac5e221667f470a61f824f1d2bc42cfa3e8ad54e0308574cb530e9b26335ac06
+EBUILD sssd-2.1.0.ebuild 6201 BLAKE2B 6d3bfcc63d3d6042a34c26fa499af5ac76ea4537b16d8df77f7822ed156f32310d07aa49c79e4539eac48546c88b01fcf57bf4aa5b37d3621ea53f5ade12aa06 SHA512 cf338e0f6f13a22f0d210d7c6a991f9e81948112972cc94025df9acecfb95eb1883aa29a409fc8ebf637421b284b9d7654ffc3e9de1ae83a6321c67298c77bd4
 MISC metadata.xml 1090 BLAKE2B 7085d66b3454b3756d7dab49b6d9525c4ba90156d07f2710f4eb3c5bf3bbd9d10412d511dc0fe091ac4c5291f87a258fac6adbe9732d20a96660f4e0a66cf247 SHA512 2cbf20cd206a45bd82b1416926a02de06bf40b1b4168f19202c367cf8e24d764745b8a5116366ee10520cae15800e17b43d3000995419117f02b2d37474f142e
diff --git a/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch b/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch
new file mode 100644
index 000000000000..87db45fd24bb
--- /dev/null
+++ b/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch
@@ -0,0 +1,96 @@
+From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001
+From: Tomas Halman <thalman@redhat.com>
+Date: Mon, 3 Dec 2018 14:11:31 +0100
+Subject: [PATCH] nss: sssd returns '/' for emtpy home directories
+
+For empty home directory in passwd file sssd returns "/". Sssd
+should respect system behaviour and return the same as nsswitch
+"files" module - return empty string.
+
+Resolves:
+https://pagure.io/SSSD/sssd/issue/3901
+
+Reviewed-by: Simo Sorce <simo@redhat.com>
+Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
+(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49)
+---
+ src/confdb/confdb.c                      |  9 +++++++++
+ src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++
+ src/responder/nss/nss_protocol_pwent.c   |  2 +-
+ src/tests/intg/test_files_provider.py    |  2 +-
+ 4 files changed, 30 insertions(+), 2 deletions(-)
+
+diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
+index a3eb9c66d9..17bb4f8274 100644
+--- a/src/confdb/confdb.c
++++ b/src/confdb/confdb.c
+@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
+             ret = ENOMEM;
+             goto done;
+         }
++    } else {
++        if (strcasecmp(domain->provider, "ad") == 0) {
++            /* ad provider default */
++            domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u");
++            if (!domain->fallback_homedir) {
++                ret = ENOMEM;
++                goto done;
++            }
++        }
+     }
+ 
+     tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml
+index 818a2bf787..425b7e8ee0 100644
+--- a/src/man/include/ad_modified_defaults.xml
++++ b/src/man/include/ad_modified_defaults.xml
+@@ -76,4 +76,23 @@
+             </listitem>
+         </itemizedlist>
+     </refsect2>
++    <refsect2 id='nss_modifications'>
++        <title>NSS configuration</title>
++        <itemizedlist>
++            <listitem>
++                <para>
++                    fallback_homedir = /home/%d/%u
++                </para>
++                <para>
++                    The AD provider automatically sets
++                    "fallback_homedir = /home/%d/%u" to provide personal
++                    home directories for users without the homeDirectory
++                    attribute. If your AD Domain is properly
++                    populated with Posix attributes, and you want to avoid
++                    this fallback behavior, you can explicitly
++                    set "fallback_homedir = %o".
++                </para>
++            </listitem>
++        </itemizedlist>
++    </refsect2>
+ </refsect1>
+diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c
+index af9e74fc86..86fa4ec465 100644
+--- a/src/responder/nss/nss_protocol_pwent.c
++++ b/src/responder/nss/nss_protocol_pwent.c
+@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx,
+ 
+     homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx);
+     if (homedir == NULL) {
+-        return "/";
++        return "";
+     }
+ 
+     return homedir;
+diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
+index ead1cc4c34..4761f1bd15 100644
+--- a/src/tests/intg/test_files_provider.py
++++ b/src/tests/intg/test_files_provider.py
+@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only):
+     Test that resolving a user without a homedir defined works and returns
+     a fallback value
+     """
+-    check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/'))
++    check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', ''))
+ 
+ 
+ def test_user_no_gecos(setup_pw_with_canary, files_domain_only):
diff --git a/sys-auth/sssd/sssd-1.16.3-r1.ebuild b/sys-auth/sssd/sssd-1.16.3-r2.ebuild
index 885dd7416e7e..f5efa5d6666b 100644
--- a/sys-auth/sssd/sssd-1.16.3-r1.ebuild
+++ b/sys-auth/sssd/sssd-1.16.3-r2.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI=7
 
 PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5,3_6,3_7} )
 
@@ -30,6 +30,7 @@ COMMON_DEP="
 	>=dev-libs/libpcre-8.30
 	>=app-crypt/mit-krb5-1.10.3
 	dev-libs/jansson
+	net-misc/curl
 	locator? (
 		>=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}]
 		>=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}]
@@ -86,6 +87,7 @@ src_prepare() {
 		"${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in"
 
 	eapply "${FILESDIR}"/${PN}-curl-macros.patch
+	eapply "${FILESDIR}"/${PN}-fix-CVE-2019-3811.patch
 
 	default
 	eautoreconf
@@ -189,7 +191,7 @@ multilib_src_install() {
 		dopammod .libs/pam_sss.so
 
 		into /
-		dolib .libs/libnss_sss.so*
+		dolib.so .libs/libnss_sss.so*
 
 		if use locator; then
 			exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
@@ -233,5 +235,5 @@ multilib_src_test() {
 pkg_postinst(){
 	elog "You must set up sssd.conf (default installed into /etc/sssd)"
 	elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
-	elog "features. Please see howto in	http://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2"
+	elog "features. Please see howto in	https://docs.pagure.org/SSSD.sssd/design_pages/index.html#implemented-in-1-16-x"
 }
diff --git a/sys-auth/sssd/sssd-2.0.0-r1.ebuild b/sys-auth/sssd/sssd-2.1.0.ebuild
index 4d67daf3221a..63f65b59a7ba 100644
--- a/sys-auth/sssd/sssd-2.0.0-r1.ebuild
+++ b/sys-auth/sssd/sssd-2.1.0.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI=7
 
 PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5,3_6,3_7} )
 
@@ -30,6 +30,7 @@ COMMON_DEP="
 	>=dev-libs/libpcre-8.30
 	>=app-crypt/mit-krb5-1.10.3
 	dev-libs/jansson
+	net-misc/curl
 	locator? (
 		>=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}]
 		>=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}]
@@ -85,8 +86,6 @@ src_prepare() {
 	sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \
 		"${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in"
 
-	eapply "${FILESDIR}"/${PN}-curl-macros.patch
-
 	default
 	eautoreconf
 	multilib_copy_sources
@@ -189,7 +188,7 @@ multilib_src_install() {
 		dopammod .libs/pam_sss.so
 
 		into /
-		dolib .libs/libnss_sss.so*
+		dolib.so .libs/libnss_sss.so*
 
 		if use locator; then
 			exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
@@ -233,5 +232,5 @@ multilib_src_test() {
 pkg_postinst(){
 	elog "You must set up sssd.conf (default installed into /etc/sssd)"
 	elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
-	elog "features. Please see howto in	http://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2"
+	elog "features. Please see howto in	https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html"
 }
author	V3n3RiX <venerix@redcorelinux.org>	2019-03-19 11:37:34 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2019-03-19 11:37:34 +0000
commit	b7b97785ebbb2f11d24d14dab8b81ed274f4ce6a (patch)
tree	9fd110f9fc996e8a4213eeda994a8c112491b86d /sys-auth
parent	066d27181e9a797ad9f8fc43b49fc9a10ff2f707 (diff)