diff options
Diffstat (limited to 'sys-libs/pam_wrapper')
5 files changed, 182 insertions, 0 deletions
diff --git a/sys-libs/pam_wrapper/Manifest b/sys-libs/pam_wrapper/Manifest index 7da8336e3805..ec6b57307663 100644 --- a/sys-libs/pam_wrapper/Manifest +++ b/sys-libs/pam_wrapper/Manifest @@ -1,5 +1,10 @@ AUX pam_wrapper-1.1.4-tests-import.patch 767 BLAKE2B 65ce88028190bbbd3aacdf0a3af7591ebe90e4c24fb3502ef631ee8b126377cc6fe2a8a124658d5624e569235c9d48751e1f8142dbb87f5179d6017647991f3c SHA512 420704520ef5e4d6e1a5f4fca64619ab29765e9a5ddd347d1fc5427664e212695b6c19d7c15fe787f7375570378a261fab99c2b345ff7e96f3a7aaaf35e51939 +AUX pam_wrapper-1.1.5-env-var-typo.patch 957 BLAKE2B 8dbbe94484339ff2b1062c43133fc9d5986cdcbf70d26e2eee65a990a273cfcb7dda8fd9c8d240481528fb49ab2c32e1538a0e79d7cfd3c443fa3acb45852b04 SHA512 a220ea15815185c58184947123d7ba3fd2cc150f276f38bce222f3979c478459db344a87ea401bc239748855d81ec993e48b15c60be98006f0c99d61585c76ed +AUX pam_wrapper-1.1.5-mkdir-race.patch 1476 BLAKE2B fcd85c50086dfe54b2473b885aba4a2891a55f18e9c61c98f345d1f86d2b3dd320eab7e491b01916760a82092d51f990cb742141e36c899c2e4756bfae426b57 SHA512 60d0f0d62fa73f0fc2aeeb1218197435e8266ed1e055d038dac58636d6bc2c0a99fbe24de688a0a5929a0b13fdec64d3334910b6ae18fec0971dfea26bdaa119 +AUX pam_wrapper-1.1.5-tests-import.patch 724 BLAKE2B a19af5ba7534ee0e106e464df2a0cb58af59cbdf90d0f4632d70ecb4ccf2558068919caf1e50874a30e771390193c18fa1ecc457129e400fdf50cfcca5c11344 SHA512 e2e9eeb26582feee621b8bfeb363052d23d898bdd44f5e7a399220cf4c4fd96e0e476a162f86b643a1557ceddd20a1cae11be3344fde3a1485f4c07b98bcf962 DIST pam_wrapper-1.1.4.tar.gz 170882 BLAKE2B fa0a789f6fd6f809c7ef80e354e886b5f1f0b4212060dc0e388a44701e4a1f49635b8f47344156ad65cd273660e3b0a806480c37875a830e2f5d8e56c4ec0818 SHA512 3b68dc6d7815707d74d1340facd9c2de4dff3934402ac2c2632371b39c41a75744434744ed7308e157be03a03a941405638cadb6f34995de56fb1f5f45d37de2 +DIST pam_wrapper-1.1.5.tar.gz 95037 BLAKE2B 78adeaac3994349460c2c9966e1145c3c6b78189cf1e6092cf0272bc82498c2182b114d718ce47b3403e32255d8ae5e65dee22e7bc261442323a661a4dbd1b38 SHA512 eee2c0683bd87c5416b52115105a9a2397cbec261e358ff20d9b272509f64ee5ea50a4adcb04f7791d451ca904ffd31c3bc07dc53555c3808f50f71634ab6323 EBUILD pam_wrapper-1.1.4-r2.ebuild 2011 BLAKE2B 4a3b59007bccaf8af11dddb0717b600fe14a52d1a52c72dfa523ab12bc78aae0ab8c5dadb9474f7b646f4eae08d05c4a9c3f89282a031f0b4922acd5b9c9877c SHA512 2ae30db5fa69125b751a6cc032d63080f9e8f5f564f269e4fc5a41b927fab21a56f593ca18ee2b0ce0805301d97a1812d59e6d0d0ffce2f10ad7dbfa2dfe3b50 EBUILD pam_wrapper-1.1.4-r3.ebuild 2012 BLAKE2B 8821b5cbef33bff9e9bcc1bfceaf43d44e45c8dffe7b70bdfec5bb044f6bf87a83b62aae2795d9196e1377bc59520c1fcac6894d7df66fb24f6afcb77f123ff0 SHA512 8a23e450d303103cf14aedc418a49e95c8ab0ad02e72d23202a1a4f0ca40cd85ca27e6cfd8cf3dc6b43edb73308de5e23d5f4b88104117d4db59b00f8b99e805 +EBUILD pam_wrapper-1.1.5.ebuild 2094 BLAKE2B c075e39ee7f317ce02a5bfc8e8eabbac87cc6493612eb797f122ff40241c1ef3dc086a7bd06274b14f78b8219d3be03a8973a95f03e72b5be686e07ef63e7660 SHA512 f0b53a46e44929c7bd389c2da9d895b0614bec4c0663f1804587eac857336e4a5aa277405f1c823105ceb5e7fde5a25e4bcd5ad1c3e1fb6616931ccc745a4b03 MISC metadata.xml 250 BLAKE2B e398673dd1a3522ccddb89a82a53fc2578d8e0777ec46f889d01d618609a22958d91699beef513c7912799e0e8ff985200f7c67bba941235da25c24cd4b48f09 SHA512 16834c3cbecd0dd5a9c8c311d2b8ebc63d8cd72c5891498f4f0048988993c104aadd4e24e632bf54071c11f810716432e89e4afab029555875f9f52794daa6e9 diff --git a/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-env-var-typo.patch b/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-env-var-typo.patch new file mode 100644 index 000000000000..0874e5daaf24 --- /dev/null +++ b/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-env-var-typo.patch @@ -0,0 +1,25 @@ +https://git.samba.org/?p=pam_wrapper.git;a=commit;h=9f0cccf7432dd9be1de953f9b13a7f9b06c40442 + +From 9f0cccf7432dd9be1de953f9b13a7f9b06c40442 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider <asn@cryptomilk.org> +Date: Fri, 10 Nov 2023 15:38:37 +0100 +Subject: [PATCH] pwrap: Fix PAM_WRAPPER_DISABLE_DEEPBIND environment variable +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Andreas Schneider <asn@cryptomilk.org> +Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> +--- a/src/pam_wrapper.c ++++ b/src/pam_wrapper.c +@@ -336,7 +336,7 @@ static void *pwrap_load_lib_handle(enum pwrap_lib lib) + + #ifdef RTLD_DEEPBIND + const char *env_preload = getenv("LD_PRELOAD"); +- const char *env_deepbind = getenv("UID_WRAPPER_DISABLE_DEEPBIND"); ++ const char *env_deepbind = getenv("PAM_WRAPPER_DISABLE_DEEPBIND"); + bool enable_deepbind = true; + + /* Don't do a deepbind if we run with libasan */ +-- +2.34.1 diff --git a/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-mkdir-race.patch b/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-mkdir-race.patch new file mode 100644 index 000000000000..f3c1458d6dce --- /dev/null +++ b/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-mkdir-race.patch @@ -0,0 +1,40 @@ +https://git.samba.org/?p=pam_wrapper.git;a=commitdiff;h=7bd24b0e54995da5f333575f97c9f1fa796fe0f1 + +From 7bd24b0e54995da5f333575f97c9f1fa796fe0f1 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Jan=20Kundr=C3=A1t?= <jan.kundrat@cesnet.cz> +Date: Mon, 6 Nov 2023 18:34:58 +0100 +Subject: [PATCH] die quickly upon mkdir failure +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +We just had this failure in our CI system that's currently running just +three PAM-wrapped tests in parallel. Since this is a classic TOCTOU race +(albeit in a test code, and therefore with little to no security +implications), the `mkdir` can fail, and when that happens it's much +better to just die quickly rather than continuing as if nothing +happened. + +Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz> +Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> +Reviewed-by: Andreas Schneider <asn@cryptomilk.org> +--- a/src/pam_wrapper.c ++++ b/src/pam_wrapper.c +@@ -893,6 +893,7 @@ static void pwrap_init(void) + PWRAP_LOG(PWRAP_LOG_ERROR, + "Failed to create pam_wrapper config dir: %s - %s", + tmp_config_dir, strerror(errno)); ++ exit(1); + } + + /* Create file with the PID of the the process */ +@@ -1121,6 +1122,7 @@ static void pwrap_init(void) + PWRAP_LOG(PWRAP_LOG_ERROR, + "Failed to create pam_wrapper config dir: %s - %s", + tmp_config_dir, strerror(errno)); ++ exit(1); + } + + /* Create file with the PID of the the process */ +-- +2.34.1 diff --git a/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-tests-import.patch b/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-tests-import.patch new file mode 100644 index 000000000000..884583c098b4 --- /dev/null +++ b/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-tests-import.patch @@ -0,0 +1,22 @@ +--- a/tests/pypamtest_test.py ++++ b/tests/pypamtest_test.py +@@ -15,19 +15,6 @@ class PyPamTestCase(unittest.TestCase): + self.assertSequenceEqual(test_result.errors, info_list) + + class PyPamTestImport(unittest.TestCase): +- def setUp(self): +- " Make sure we load the in-tree module " +- if sys.hexversion >= 0x3000000: +- self.modpath = os.path.join(os.getcwd(), "../src/python/python3") +- else: +- self.assertTrue(False) +- self.system_path = sys.path[:] +- sys.path = [ self.modpath ] +- +- def tearDown(self): +- " Restore the system path " +- sys.path = self.system_path +- + def testImport(self): + " Import the module " + try: diff --git a/sys-libs/pam_wrapper/pam_wrapper-1.1.5.ebuild b/sys-libs/pam_wrapper/pam_wrapper-1.1.5.ebuild new file mode 100644 index 000000000000..8ce00c0e4a60 --- /dev/null +++ b/sys-libs/pam_wrapper/pam_wrapper-1.1.5.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit cmake-multilib python-r1 + +DESCRIPTION="A tool to test PAM applications and PAM modules" +HOMEPAGE="https://cwrap.org/pam_wrapper.html" +SRC_URI=" + https://www.samba.org/ftp/pub/cwrap/${P}.tar.gz + https://ftp.samba.org/pub/cwrap/${P}.tar.gz +" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" +IUSE="test" +RESTRICT="!test? ( test )" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +# Require newer PAM so we know where it's located, bug #825078 +RDEPEND=" + ${PYTHON_DEPS} + >=sys-libs/pam-1.5.3-r1:0=[${MULTILIB_USEDEP}] +" +DEPEND=" + ${RDEPEND} + test? ( dev-util/cmocka[${MULTILIB_USEDEP}] ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-1.1.5-tests-import.patch + "${FILESDIR}"/${P}-mkdir-race.patch + "${FILESDIR}"/${P}-env-var-typo.patch +) + +multilib_src_configure() { + configure_for_python() { + local mycmakeargs=( -DUNIT_TESTING=OFF ) + cmake_src_configure + } + + if multilib_is_native_abi ; then + # Build the Pythons for each version (but only for the native ABI) + # bug #737468 + python_foreach_impl configure_for_python + fi + + # Do the regular build now + local mycmakeargs=( + -DUNIT_TESTING=$(usex test) + -DCMAKE_DISABLE_FIND_PACKAGE_Python{Libs,Interp,SiteLibs}=ON + ) + cmake_src_configure +} + +multilib_src_compile() { + if multilib_is_native_abi ; then + python_foreach_impl cmake_src_compile + fi + + # Compile the "proper" version without Python last + cmake_src_compile +} + +multilib_src_test() { + cmake_src_test + + # Fails b/c of sandbox? + #python_test() { + # local -x PYTHONPATH="${BUILD_DIR}/src/python/python3:${PYTHONPATH}" + # elog "${PYTHONPATH}" + # ${EPYTHON} "${S}"/tests/pypamtest_test.py || die "Tests failed with ${EPYTHON}" + #} + + #if multilib_is_native_abi ; then + # python_foreach_impl python_test + #fi +} + +multilib_src_install() { + if multilib_is_native_abi ; then + python_foreach_impl cmake_src_install + fi + + # Install the "proper" version without Python last + cmake_src_install +} |