diff options
Diffstat (limited to 'testing')
94 files changed, 4355 insertions, 1989 deletions
diff --git a/testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-1_pam.txt b/testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-1_pam.txt new file mode 100644 index 000000000..ef6a179a5 --- /dev/null +++ b/testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +ConsoleKit2: ConsoleKit2 (user, login, and seat tracking framework) +ConsoleKit2: +ConsoleKit2: ConsoleKit2 is a framework for defining and tracking users, login +ConsoleKit2: sessions, and seats. +ConsoleKit2: +ConsoleKit2: Homepage: https://github.com/ConsoleKit2/ConsoleKit2 +ConsoleKit2: +ConsoleKit2: +ConsoleKit2: +ConsoleKit2: +ConsoleKit2: diff --git a/testing/packages/PAM/at-3.2.1-x86_64-1_pam.txt b/testing/packages/PAM/at-3.2.1-x86_64-1_pam.txt new file mode 100644 index 000000000..acbeeeee1 --- /dev/null +++ b/testing/packages/PAM/at-3.2.1-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +at: at (delayed command execution) +at: +at: at and batch read shell commands from standard input (or a specified +at: file) storing them as a job to be scheduled for execution at a later +at: time. +at: +at: The 'at' command was written by David Parsons and Thomas Koenig. +at: +at: Homepage: http://blog.calhariz.com/tag/at +at: +at: diff --git a/testing/packages/PAM/cifs-utils-6.10-x86_64-2_pam.txt b/testing/packages/PAM/cifs-utils-6.10-x86_64-2_pam.txt new file mode 100644 index 000000000..cdd5c0729 --- /dev/null +++ b/testing/packages/PAM/cifs-utils-6.10-x86_64-2_pam.txt @@ -0,0 +1,11 @@ +cifs-utils: cifs-utils (CIFS filesystem utilities) +cifs-utils: +cifs-utils: This is the release version of cifs-utils, a package of utilities for +cifs-utils: doing and managing mounts of the Linux CIFS filesystem. The in-kernel +cifs-utils: CIFS filesystem is generally the preferred method for mounting +cifs-utils: SMB/CIFS shares on Linux. This filesystem relies on a set of +cifs-utils: user-space tools that were originally part of Samba, but have now been +cifs-utils: split off into this separate package. +cifs-utils: +cifs-utils: Home page: http://wiki.samba.org/index.php/LinuxCIFS_utils +cifs-utils: diff --git a/testing/packages/PAM/cracklib-2.9.7-x86_64-1_pam.txt b/testing/packages/PAM/cracklib-2.9.7-x86_64-1_pam.txt new file mode 100644 index 000000000..8b084ab03 --- /dev/null +++ b/testing/packages/PAM/cracklib-2.9.7-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +cracklib: cracklib (password checking library) +cracklib: +cracklib: CrackLib is a library which may be used in a passwd-like program to +cracklib: prevent users from choosing passwords that could be easily guessed. +cracklib: This package is an updated and modernized distribution of CrackLib as +cracklib: previously released by Alec Muffett. +cracklib: +cracklib: Homepage: https://github.com/cracklib/cracklib +cracklib: +cracklib: +cracklib: diff --git a/testing/packages/PAM/cups-2.3.1-x86_64-1_pam.txt b/testing/packages/PAM/cups-2.3.1-x86_64-1_pam.txt new file mode 100644 index 000000000..f581115e7 --- /dev/null +++ b/testing/packages/PAM/cups-2.3.1-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +cups: cups (Common UNIX Printing System) +cups: +cups: The Common UNIX Printing System provides a portable printing layer for +cups: UNIX(R)-like operating systems. It has been developed by Easy Software +cups: Products to promote a standard printing solution for all UNIX vendors +cups: and users. CUPS uses the Internet Printing Protocol ("IPP") as the +cups: basis for managing print jobs and queues. The CUPS package includes +cups: System V and Berkeley command-line interfaces, a PostScript RIP +cups: package for supporting non-PostScript printer drivers, and tools for +cups: creating additional printer drivers and other CUPS services. +cups: diff --git a/testing/packages/PAM/cyrus-sasl-2.1.27-x86_64-2_pam.txt b/testing/packages/PAM/cyrus-sasl-2.1.27-x86_64-2_pam.txt new file mode 100644 index 000000000..59a42e275 --- /dev/null +++ b/testing/packages/PAM/cyrus-sasl-2.1.27-x86_64-2_pam.txt @@ -0,0 +1,11 @@ +cyrus-sasl: cyrus-sasl (Simple Authentication and Security Layer) +cyrus-sasl: +cyrus-sasl: This is the Cyrus SASL library. Cyrus SASL is used by mail programs +cyrus-sasl: on the client or server side to provide authentication and +cyrus-sasl: authorization services. See RFC 2222 for more information. +cyrus-sasl: +cyrus-sasl: +cyrus-sasl: +cyrus-sasl: +cyrus-sasl: +cyrus-sasl: diff --git a/testing/packages/PAM/dovecot-2.3.9.2-x86_64-1_pam.txt b/testing/packages/PAM/dovecot-2.3.9.2-x86_64-1_pam.txt new file mode 100644 index 000000000..f7e7c9cca --- /dev/null +++ b/testing/packages/PAM/dovecot-2.3.9.2-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +dovecot: dovecot (IMAP and POP3 server) +dovecot: +dovecot: Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like +dovecot: systems, written with security foremost in mind. +dovecot: +dovecot: Dovecot can work with standard mbox and Maildir formats and it is +dovecot: fully compatible with UW-IMAP and Courier IMAP servers' +dovecot: implementation of them, as well as mail clients accessing the +dovecot: mailboxes directly. +dovecot: +dovecot: diff --git a/testing/packages/PAM/gnome-keyring-3.34.0-x86_64-1_pam.txt b/testing/packages/PAM/gnome-keyring-3.34.0-x86_64-1_pam.txt new file mode 100644 index 000000000..030f0c904 --- /dev/null +++ b/testing/packages/PAM/gnome-keyring-3.34.0-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +gnome-keyring: gnome-keyring (a tool to handle security credentials) +gnome-keyring: +gnome-keyring: GNOME Keyring is a program designed to take care of the user's +gnome-keyring: security credentials, such as user names and passwords, in an +gnome-keyring: easy to access manner. The keyring is implemented as a daemon +gnome-keyring: and uses the process name gnome-keyring-daemon. +gnome-keyring: +gnome-keyring: +gnome-keyring: +gnome-keyring: +gnome-keyring: diff --git a/testing/packages/PAM/hplip-3.19.12-x86_64-2_pam.txt b/testing/packages/PAM/hplip-3.19.12-x86_64-2_pam.txt new file mode 100644 index 000000000..b7b12a3b0 --- /dev/null +++ b/testing/packages/PAM/hplip-3.19.12-x86_64-2_pam.txt @@ -0,0 +1,11 @@ +hplip: hplip (HP print/scan/fax support) +hplip: +hplip: HPLIP is an HP developed solution for printing, scanning, and faxing +hplip: with HP inkjet and laser based printers in Linux. The HPLIP project +hplip: provides printing support for more than 1400 HP printer models, +hplip: including Deskjet, Officejet, Photosmart, PSC (Print Scan Copy), +hplip: Business Inkjet, LaserJet, and LaserJet MFP. +hplip: +hplip: Homepage: http://hplipopensource.com +hplip: +hplip: diff --git a/testing/packages/PAM/kde-workspace-4.11.22-x86_64-6_pam.txt b/testing/packages/PAM/kde-workspace-4.11.22-x86_64-6_pam.txt new file mode 100644 index 000000000..88fef50da --- /dev/null +++ b/testing/packages/PAM/kde-workspace-4.11.22-x86_64-6_pam.txt @@ -0,0 +1,11 @@ +kde-workspace: kde-workspace (KDE Plasma Desktop) +kde-workspace: +kde-workspace: This package provides the essential parts of the KDE Plasma Desktop +kde-workspace: that are presented to the user. +kde-workspace: +kde-workspace: +kde-workspace: +kde-workspace: +kde-workspace: +kde-workspace: +kde-workspace: diff --git a/testing/packages/PAM/libcap-2.31-x86_64-1_pam.txt b/testing/packages/PAM/libcap-2.31-x86_64-1_pam.txt new file mode 100644 index 000000000..d40f202ea --- /dev/null +++ b/testing/packages/PAM/libcap-2.31-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +libcap: libcap (get/set POSIX capabilities) +libcap: +libcap: This is a library for getting and setting POSIX.1e (formerly POSIX 6) +libcap: draft 15 capabilities. +libcap: +libcap: Libcap was written by Andrew G. Morgan; however, it would not +libcap: have been possible without the help of Aleph1, Roland Buresund, +libcap: Andrew Main, and Alexander Kjeldaas. +libcap: +libcap: Homepage: http://sites.google.com/site/fullycapable/ +libcap: diff --git a/testing/packages/PAM/libcgroup-0.41-x86_64-5_pam.txt b/testing/packages/PAM/libcgroup-0.41-x86_64-5_pam.txt new file mode 100644 index 000000000..23b5774da --- /dev/null +++ b/testing/packages/PAM/libcgroup-0.41-x86_64-5_pam.txt @@ -0,0 +1,11 @@ +libcgroup: libcgroup (library and utilities for kernel control groups) +libcgroup: +libcgroup: Control Groups provide a mechanism for aggregating/partitioning sets of +libcgroup: tasks, and all their future children, into hierarchical groups with +libcgroup: specialized behaviour. It makes use of a filesystem interface. +libcgroup: This package contains a library for developing applications that use +libcgroup: control groups, as well as some basic userspace tools for controlling +libcgroup: and monitoring control groups. +libcgroup: +libcgroup: Homepage: http://libcg.sourceforge.net/ +libcgroup: diff --git a/testing/packages/PAM/libpwquality-1.4.2-x86_64-1_pam.txt b/testing/packages/PAM/libpwquality-1.4.2-x86_64-1_pam.txt new file mode 100644 index 000000000..f11465499 --- /dev/null +++ b/testing/packages/PAM/libpwquality-1.4.2-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +libpwquality: libpwquality (password quality checking library) +libpwquality: +libpwquality: The libpwquality package provides common functions for password +libpwquality: quality checking and also scoring them based on their apparent +libpwquality: randomness. The library also provides a function for generating +libpwquality: random passwords with good pronounceability. +libpwquality: +libpwquality: Homepage: https://github.com/libpwquality/libpwquality +libpwquality: +libpwquality: +libpwquality: diff --git a/testing/packages/PAM/mariadb-10.4.12-x86_64-1_pam.txt b/testing/packages/PAM/mariadb-10.4.12-x86_64-1_pam.txt new file mode 100644 index 000000000..d45005822 --- /dev/null +++ b/testing/packages/PAM/mariadb-10.4.12-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +mariadb: mariadb (Drop-in replacement for the MySQL Database Server) +mariadb: +mariadb: MariaDB is a backward compatible, drop-in replacement branch of the +mariadb: MySQL(R) Database Server. It includes all major open source storage +mariadb: engines, including the Aria storage engine. +mariadb: +mariadb: Homepage: http://mariadb.org/ +mariadb: +mariadb: +mariadb: +mariadb: diff --git a/testing/packages/PAM/netatalk-3.1.12-x86_64-2_pam.txt b/testing/packages/PAM/netatalk-3.1.12-x86_64-2_pam.txt new file mode 100644 index 000000000..f66b47ad0 --- /dev/null +++ b/testing/packages/PAM/netatalk-3.1.12-x86_64-2_pam.txt @@ -0,0 +1,11 @@ +netatalk: netatalk (Appletalk file and print server) +netatalk: +netatalk: Netatalk is an Appletalk file and print server for Linux. Using +netatalk: Netatalk, Macintosh computers on your local network can mount Linux +netatalk: volumes as if they were standard Appletalk network drives, and can +netatalk: print to the Linux box's printer as if it were a network printer +netatalk: supporting PostScript. +netatalk: +netatalk: Netatalk was originally written by the Research Systems Unix Group at +netatalk: The University of Michigan, and is maintained by the Netatalk Team. +netatalk: diff --git a/testing/packages/PAM/netkit-rsh-0.17-x86_64-2_pam.txt b/testing/packages/PAM/netkit-rsh-0.17-x86_64-2_pam.txt new file mode 100644 index 000000000..f0884223f --- /dev/null +++ b/testing/packages/PAM/netkit-rsh-0.17-x86_64-2_pam.txt @@ -0,0 +1,11 @@ +netkit-rsh: netkit-rsh (the BSD rsh/rcp/rlogin clients and daemon) +netkit-rsh: +netkit-rsh: The old BSD rsh suite. Note that none of these programs provide +netkit-rsh: encryption or strong authentication of network connections. As such, +netkit-rsh: their use is discouraged. The "ssh" protocol and package is a +netkit-rsh: cryptographically secure replacement. +netkit-rsh: +netkit-rsh: +netkit-rsh: +netkit-rsh: +netkit-rsh: diff --git a/testing/packages/PAM/openssh-8.1p1-x86_64-1_pam.txt b/testing/packages/PAM/openssh-8.1p1-x86_64-1_pam.txt new file mode 100644 index 000000000..dca51ed45 --- /dev/null +++ b/testing/packages/PAM/openssh-8.1p1-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +openssh: openssh (Secure Shell daemon and clients) +openssh: +openssh: ssh (Secure Shell) is a program for logging into a remote machine and +openssh: for executing commands on a remote machine. It is intended to replace +openssh: rlogin and rsh, and provide secure encrypted communications between +openssh: two untrusted hosts over an insecure network. sshd (SSH Daemon) is +openssh: the daemon program for ssh. OpenSSH is based on the last free version +openssh: of Tatu Ylonen's SSH, further enhanced and cleaned up by Aaron +openssh: Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and +openssh: Dug Song. It has a homepage at http://www.openssh.com/ +openssh: diff --git a/testing/packages/PAM/openvpn-2.4.8-x86_64-1_pam.txt b/testing/packages/PAM/openvpn-2.4.8-x86_64-1_pam.txt new file mode 100644 index 000000000..73bb76e03 --- /dev/null +++ b/testing/packages/PAM/openvpn-2.4.8-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +openvpn: openvpn (secure IP tunnel daemon) +openvpn: +openvpn: OpenVPN is a full-featured SSL VPN which can accommodate a wide range +openvpn: of configurations, including remote access, site-to-site VPNs, WiFi +openvpn: security, and enterprise-scale remote access with load balancing, +openvpn: failover, and fine-grained access-controls. +openvpn: +openvpn: OpenVPN's home on the net is: http://openvpn.net +openvpn: +openvpn: +openvpn: diff --git a/testing/packages/PAM/pam-1.3.1-x86_64-1_pam.txt b/testing/packages/PAM/pam-1.3.1-x86_64-1_pam.txt new file mode 100644 index 000000000..eeab92033 --- /dev/null +++ b/testing/packages/PAM/pam-1.3.1-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +pam: pam (Pluggable Authentication Modules) +pam: +pam: PAM = Pluggable Authentication Modules. Basically, it is a flexible +pam: mechanism for authenticating users. PAM provides a way to develop +pam: programs that are independent of authentication scheme. However, +pam: these programs will need "authentication modules" (and libpam) at +pam: run-time in order to work. +pam: +pam: Homepage: http://www.linux-pam.org/ +pam: +pam: diff --git a/testing/packages/PAM/polkit-0.116-x86_64-1_pam.txt b/testing/packages/PAM/polkit-0.116-x86_64-1_pam.txt new file mode 100644 index 000000000..3fab4403d --- /dev/null +++ b/testing/packages/PAM/polkit-0.116-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +polkit: polkit (authentication framework) +polkit: +polkit: PolicyKit is an application-level toolkit for defining and handling +polkit: the policy that allows unprivileged processes to speak to privileged +polkit: processes. PolicyKit is specifically targeting applications in rich +polkit: desktop environments on multi-user UNIX-like operating systems. +polkit: +polkit: Homepage: http://www.freedesktop.org/wiki/Software/polkit +polkit: +polkit: +polkit: diff --git a/testing/packages/PAM/popa3d-1.0.3-x86_64-3_pam.txt b/testing/packages/PAM/popa3d-1.0.3-x86_64-3_pam.txt new file mode 100644 index 000000000..cb139b1f7 --- /dev/null +++ b/testing/packages/PAM/popa3d-1.0.3-x86_64-3_pam.txt @@ -0,0 +1,11 @@ +popa3d: popa3d (a POP3 daemon) +popa3d: +popa3d: popa3d is a Post Office Protocol version 3 (POP3) server. A POP3 +popa3d: server operates on local mailboxes on behalf of its remote users. +popa3d: Users can connect at any time to check their mailbox and fetch the +popa3d: mail that has accumulated. The design goals of this POP3 server are +popa3d: security, reliability, RFC compliance (slightly relaxed to work with +popa3d: real-world POP3 clients), and high performance. +popa3d: +popa3d: The popa3d daemon was written by Solar Designer. +popa3d: diff --git a/testing/packages/PAM/ppp-2.4.7-x86_64-3_pam.txt b/testing/packages/PAM/ppp-2.4.7-x86_64-3_pam.txt new file mode 100644 index 000000000..100076d06 --- /dev/null +++ b/testing/packages/PAM/ppp-2.4.7-x86_64-3_pam.txt @@ -0,0 +1,11 @@ +ppp: ppp (Point-to-Point Protocol) +ppp: +ppp: The Point-to-Point Protocol (PPP) provides a method for transmitting +ppp: data over serial links. It's commonly used for connecting to the +ppp: Internet using a modem. This package includes the PPP daemon (pppd), +ppp: which negotiates with the peer to establish the link and sets up the +ppp: ppp network interface, and pppsetup, an easy-to-use utility for +ppp: setting up your PPP daemon. +ppp: +ppp: +ppp: diff --git a/testing/packages/PAM/proftpd-1.3.6b-x86_64-1_pam.txt b/testing/packages/PAM/proftpd-1.3.6b-x86_64-1_pam.txt new file mode 100644 index 000000000..44ba1eb01 --- /dev/null +++ b/testing/packages/PAM/proftpd-1.3.6b-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +proftpd: proftpd (FTP server daemon) +proftpd: +proftpd: ProFTPD is the Professional File Transfer Protocol (FTP) server +proftpd: daemon. ProFTPD grew out of the desire to have a secure and +proftpd: configurable FTP server, and out of a significant admiration of the +proftpd: Apache web server. +proftpd: +proftpd: Homepage: http://www.proftpd.org +proftpd: +proftpd: +proftpd: diff --git a/testing/packages/PAM/samba-4.11.6-x86_64-1_pam.txt b/testing/packages/PAM/samba-4.11.6-x86_64-1_pam.txt new file mode 100644 index 000000000..e1800f156 --- /dev/null +++ b/testing/packages/PAM/samba-4.11.6-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +samba: samba (CIFS file and print server) +samba: +samba: Samba is a CIFS file and print server for CIFS clients. It allows +samba: you to make file space or printers on a Samba host available to CIFS +samba: clients (such as PCs running Windows). +samba: +samba: If you have any Windows file servers, you may be able to replace them +samba: or supplement them with Samba. One of Samba's big strengths is +samba: integration, so you can use it to tie together your Linux hosts and +samba: Windows PC clients. +samba: diff --git a/testing/packages/PAM/screen-4.8.0-x86_64-1_pam.txt b/testing/packages/PAM/screen-4.8.0-x86_64-1_pam.txt new file mode 100644 index 000000000..1566120ea --- /dev/null +++ b/testing/packages/PAM/screen-4.8.0-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +screen: screen (screen manager with VT100/ANSI terminal emulation) +screen: +screen: Screen is a full-screen window manager that multiplexes a physical +screen: terminal between several processes (typically interactive shells). +screen: Each virtual terminal provides the functions of a DEC VT100 terminal +screen: and several control functions from the ISO 6492 (ECMA 48, ANSI X3.64) +screen: and ISO 2022 standards (e.g. insert/delete line and support for +screen: multiple character sets). There is a scrollback history buffer for +screen: each virtual terminal and a copy-and-paste mechanism that allows +screen: moving text regions between windows. +screen: diff --git a/testing/packages/PAM/shadow-4.8.1-x86_64-2_pam.txt b/testing/packages/PAM/shadow-4.8.1-x86_64-2_pam.txt new file mode 100644 index 000000000..29a3d574d --- /dev/null +++ b/testing/packages/PAM/shadow-4.8.1-x86_64-2_pam.txt @@ -0,0 +1,11 @@ +shadow: shadow (shadow password suite) +shadow: +shadow: This package includes the necessary programs for handling account +shadow: information in the shadow password format, plus programs for managing +shadow: user and group accounts. It was written by Julianne Frances Haugh and +shadow: the Linux port is maintained by Tomasz Kloczko. +shadow: +shadow: Homepage: https://github.com/shadow-maint/shadow +shadow: +shadow: +shadow: diff --git a/testing/packages/PAM/sudo-1.8.31-x86_64-1_pam.txt b/testing/packages/PAM/sudo-1.8.31-x86_64-1_pam.txt new file mode 100644 index 000000000..427ea5539 --- /dev/null +++ b/testing/packages/PAM/sudo-1.8.31-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +sudo: sudo (give limited root privileges to certain users) +sudo: +sudo: 'sudo' is a command that allows users to execute some commands as +sudo: root. The /etc/sudoers file (edited with 'visudo') specifies which +sudo: users have access to sudo and which commands they can run. 'sudo' +sudo: logs all its activities to /var/log/ so the system administrator +sudo: can keep an eye on things. +sudo: +sudo: Homepage: https://www.sudo.ws +sudo: +sudo: diff --git a/testing/packages/PAM/system-config-printer-1.5.12-x86_64-2_pam.txt b/testing/packages/PAM/system-config-printer-1.5.12-x86_64-2_pam.txt new file mode 100644 index 000000000..0e58e872a --- /dev/null +++ b/testing/packages/PAM/system-config-printer-1.5.12-x86_64-2_pam.txt @@ -0,0 +1,11 @@ +system-config-printer: system-config-printer (CUPS printer administration tool) +system-config-printer: +system-config-printer: The purpose of the tool is to configure a CUPS server (often the local +system-config-printer: machine) using the CUPS API. The tool is written in Python, using +system-config-printer: pygtk for the graphical parts and Python bindings (pycups) for the +system-config-printer: CUPS API. It is largely the same as using the CUPS web interface for +system-config-printer: configuring printers, but has the advantage of being a native +system-config-printer: application rather than a web page. +system-config-printer: +system-config-printer: Home: https://github.com/zdohnal/system-config-printer +system-config-printer: diff --git a/testing/packages/PAM/util-linux-2.35.1-x86_64-1_pam.txt b/testing/packages/PAM/util-linux-2.35.1-x86_64-1_pam.txt new file mode 100644 index 000000000..7e4aa7b72 --- /dev/null +++ b/testing/packages/PAM/util-linux-2.35.1-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +util-linux: util-linux (a huge collection of essential utilities) +util-linux: +util-linux: The util-linux package is a huge collection of random utilities +util-linux: that are essential to run a Linux system. +util-linux: +util-linux: Homepage: https://www.kernel.org/pub/linux/utils/util-linux/ +util-linux: +util-linux: +util-linux: +util-linux: +util-linux: diff --git a/testing/packages/PAM/vsftpd-3.0.3-x86_64-5_pam.txt b/testing/packages/PAM/vsftpd-3.0.3-x86_64-5_pam.txt new file mode 100644 index 000000000..47182b362 --- /dev/null +++ b/testing/packages/PAM/vsftpd-3.0.3-x86_64-5_pam.txt @@ -0,0 +1,11 @@ +vsftpd: vsftpd (Very Secure FTP Daemon) +vsftpd: +vsftpd: vsftpd is an FTP server, or daemon. The 'vs' stands for Very Secure. +vsftpd: Obviously this is not a guarantee, but a reflection that the entire +vsftpd: codebase was written with security in mind, and carefully designed to +vsftpd: be resilient to attack (as well as extremely fast and scalable). +vsftpd: +vsftpd: The vsftpd homepage is https://security.appspot.com/vsftpd.html +vsftpd: +vsftpd: The Very Secure FTP Daemon was written by Chris Evans. +vsftpd: diff --git a/testing/packages/PAM/xdm-1.1.11-x86_64-9_pam.txt b/testing/packages/PAM/xdm-1.1.11-x86_64-9_pam.txt new file mode 100644 index 000000000..507599a68 --- /dev/null +++ b/testing/packages/PAM/xdm-1.1.11-x86_64-9_pam.txt @@ -0,0 +1,11 @@ +xdm: xdm (X11 display manager) +xdm: +xdm: xdm is part of X11. +xdm: +xdm: For more information about the X.Org Foundation (the providers of the +xdm: X.Org implementation of the X Window System), see their website: +xdm: +xdm: http://www.x.org +xdm: +xdm: +xdm: diff --git a/testing/packages/PAM/xlockmore-5.62-x86_64-1_pam.txt b/testing/packages/PAM/xlockmore-5.62-x86_64-1_pam.txt new file mode 100644 index 000000000..080d3280b --- /dev/null +++ b/testing/packages/PAM/xlockmore-5.62-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +xlockmore: xlockmore (screen locker for X) +xlockmore: +xlockmore: Patrick J. Naughton's xlock screensaver/locker for X, with many +xlockmore: more modes added by David A. Bagley. +xlockmore: +xlockmore: The 'Bob' bitmap has been included especially for Slackware, as well +xlockmore: as a Linux penguin logo. (NOTE: the image of J. R. "Bob" Dobbs is a +xlockmore: registered trademark of The Subgenius Foundation, used by permission) +xlockmore: +xlockmore: Homepage: http://sillycycle.com/xlockmore.html +xlockmore: diff --git a/testing/packages/PAM/xscreensaver-5.43-x86_64-1_pam.txt b/testing/packages/PAM/xscreensaver-5.43-x86_64-1_pam.txt new file mode 100644 index 000000000..b94c265bb --- /dev/null +++ b/testing/packages/PAM/xscreensaver-5.43-x86_64-1_pam.txt @@ -0,0 +1,11 @@ +xscreensaver: xscreensaver (a screen saver and locker for X) +xscreensaver: +xscreensaver: A modular screen saver and locker for the X Window System. Highly +xscreensaver: customizable: allows the use of any program that can draw on the +xscreensaver: root window as a display mode. More than 100 display modes are +xscreensaver: included in this package. +xscreensaver: +xscreensaver: Homepage: http://www.jwz.org/xscreensaver +xscreensaver: +xscreensaver: +xscreensaver: diff --git a/testing/source/PAM/a/cracklib/cracklib.SlackBuild b/testing/source/PAM/a/cracklib/cracklib.SlackBuild new file mode 100755 index 000000000..e58c28d79 --- /dev/null +++ b/testing/source/PAM/a/cracklib/cracklib.SlackBuild @@ -0,0 +1,149 @@ +#!/bin/sh + +# Copyright 2010,2011 Vincent Batts, Vienna, VA, USA +# Copyright 2010, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=cracklib +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +rm -rf $PKG +mkdir -p $TMP $PKG +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1 +cd $PKGNAM-$VERSION || exit 1 +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --sbindir=/sbin \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/man \ + --docdir=/usr/doc/$PKGNAM-$VERSION \ + --disable-static \ + --without-python \ + --build=$ARCH-slackware-linux || exit 1 + +make $NUMJOBS || exit 1 +make install DESTDIR=$PKG || exit 1 + +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + +mkdir -p $PKG/usr/share/cracklib + +# Fix perms on these first: +chmod 755 ./util/create-cracklib-dict +chmod 755 ./util/cracklib-format + +# If there's a large word list in the source directory, uncompress it to "cracklib-words": +if [ -r $CWD/cracklib-words-*.xz ]; then + xz -dc $CWD/cracklib-words-*.xz > cracklib-words +elif [ -r $CWD/cracklib-words-*.bz2 ]; then + bzip2 -dc $CWD/cracklib-words-*.bz2 > cracklib-words +elif [ -r $CWD/cracklib-words-*.gz ]; then + gzip -dc $CWD/cracklib-words-*.gz > cracklib-words +elif [ -r $CWD/cracklib-words-*.lz ]; then + lzip -dc $CWD/cracklib-words-*.lz > cracklib-words +fi + +# If cracklib-words exists, add it to the dictionary. Otherwise go with the bundled list. +if [ -r cracklib-words ]; then + PATH=$(pwd)/util:$PATH \ + ./util/create-cracklib-dict \ + -o $PKG/usr/share/cracklib/pw_dict \ + dicts/cracklib-small cracklib-words +else + PATH=$(pwd)/util:$PATH \ + ./util/create-cracklib-dict \ + -o $PKG/usr/share/cracklib/pw_dict \ + dicts/cracklib-small +fi + +mkdir -p $PKG/var/cache/cracklib +( cd $PKG/var/cache/cracklib +ln -s /usr/share/cracklib/pw_dict.pwd cracklib_dict.pwd +ln -s /usr/share/cracklib/pw_dict.pwi cracklib_dict.pwi +) + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION +cp -a \ + AUTHORS COPYING.LIB ChangeLog INSTALL NEWS README* \ + $PKG/usr/doc/$PKGNAM-$VERSION + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz + diff --git a/testing/source/PAM/a/cracklib/cracklib.url b/testing/source/PAM/a/cracklib/cracklib.url new file mode 100644 index 000000000..c7afd5ecc --- /dev/null +++ b/testing/source/PAM/a/cracklib/cracklib.url @@ -0,0 +1 @@ +https://github.com/cracklib/cracklib diff --git a/testing/source/binutils/slack-desc b/testing/source/PAM/a/cracklib/slack-desc index b2d81d1d8..071678612 100644 --- a/testing/source/binutils/slack-desc +++ b/testing/source/PAM/a/cracklib/slack-desc @@ -6,14 +6,14 @@ # customary to leave one space after the ':'. |-----handy-ruler------------------------------------------------------| -binutils: binutils (GNU binary development tools) -binutils: -binutils: Binutils is a collection of binary utilities. It includes "as" (the -binutils: portable GNU assembler), "ld" (the GNU linker), and other utilities -binutils: for creating and working with binary programs. -binutils: -binutils: These utilities are REQUIRED to compile C, C++, Objective-C, Fortran, -binutils: and most other programming languages. -binutils: -binutils: -binutils: +cracklib: cracklib (password checking library) +cracklib: +cracklib: CrackLib is a library which may be used in a passwd-like program to +cracklib: prevent users from choosing passwords that could be easily guessed. +cracklib: This package is an updated and modernized distribution of CrackLib as +cracklib: previously released by Alec Muffett. +cracklib: +cracklib: Homepage: https://github.com/cracklib/cracklib +cracklib: +cracklib: +cracklib: diff --git a/testing/source/PAM/a/libpwquality/doinst.sh b/testing/source/PAM/a/libpwquality/doinst.sh new file mode 100644 index 000000000..044ad84c5 --- /dev/null +++ b/testing/source/PAM/a/libpwquality/doinst.sh @@ -0,0 +1,14 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +config etc/security/pwquality.conf.new diff --git a/testing/source/PAM/a/libpwquality/libpwquality.SlackBuild b/testing/source/PAM/a/libpwquality/libpwquality.SlackBuild new file mode 100755 index 000000000..ac1555a6c --- /dev/null +++ b/testing/source/PAM/a/libpwquality/libpwquality.SlackBuild @@ -0,0 +1,143 @@ +#!/bin/bash + +# Copyright 2020 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=libpwquality +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$(uname -m)" in + i?86) ARCH=i586 ;; + arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) ARCH=$(uname -m) ;; + esac + export ARCH +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +elif [ "$ARCH" = "armv7hl" ]; then + SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" + LIBDIRSUFFIX="" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1 +cd $PKGNAM-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +# this typo was driving me crazy +sed -i "s/there defaults/their defaults/g" doc/man/pam_pwquality.8* + +# Configure, build, and install: +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --docdir=/usr/doc/$PKGNAM-$VERSION \ + --mandir=/usr/man \ + --infodir=/usr/info \ + --disable-static \ + --with-securedir=/lib/security \ + --with-python-binary=python3 \ + --build=$ARCH-slackware-linux || exit 1 +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + +mv $PKG/etc/security/pwquality.conf $PKG/etc/security/pwquality.conf.new + +# Strip binaries: +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + +# Compress manual pages: +find $PKG/usr/man -type f -exec gzip -9 {} \+ +for i in $( find $PKG/usr/man -type l ) ; do + ln -s $( readlink $i ).gz $i.gz + rm $i +done + +# Add a documentation directory: +mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION +cp -a \ + AUTHORS* ChangeLog COPYING* NEWS* README* \ + $PKG/usr/doc/${PKGNAM}-$VERSION + +# If there's a ChangeLog, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog +fi + +mkdir -p $PKG/install +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz diff --git a/testing/source/PAM/a/libpwquality/libpwquality.url b/testing/source/PAM/a/libpwquality/libpwquality.url new file mode 100644 index 000000000..fe741a807 --- /dev/null +++ b/testing/source/PAM/a/libpwquality/libpwquality.url @@ -0,0 +1 @@ +https://github.com/libpwquality/libpwquality diff --git a/testing/source/PAM/a/libpwquality/slack-desc b/testing/source/PAM/a/libpwquality/slack-desc new file mode 100644 index 000000000..0334b2ca7 --- /dev/null +++ b/testing/source/PAM/a/libpwquality/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +libpwquality: libpwquality (password quality checking library) +libpwquality: +libpwquality: The libpwquality package provides common functions for password +libpwquality: quality checking and also scoring them based on their apparent +libpwquality: randomness. The library also provides a function for generating +libpwquality: random passwords with good pronounceability. +libpwquality: +libpwquality: Homepage: https://github.com/libpwquality/libpwquality +libpwquality: +libpwquality: +libpwquality: diff --git a/testing/source/PAM/a/pam/doinst.sh b/testing/source/PAM/a/pam/doinst.sh new file mode 100644 index 000000000..e96721a14 --- /dev/null +++ b/testing/source/PAM/a/pam/doinst.sh @@ -0,0 +1,14 @@ + +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.1.3-nouserenv.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.1.3-nouserenv.patch new file mode 100644 index 000000000..f3a742c8d --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.1.3-nouserenv.patch @@ -0,0 +1,27 @@ +diff -up pam/modules/pam_env/pam_env.c.nouserenv pam/modules/pam_env/pam_env.c +--- pam/modules/pam_env/pam_env.c.nouserenv 2010-10-20 09:59:30.000000000 +0200 ++++ pam/modules/pam_env/pam_env.c 2010-11-01 14:42:01.000000000 +0100 +@@ -10,7 +10,7 @@ + #define DEFAULT_READ_ENVFILE 1 + + #define DEFAULT_USER_ENVFILE ".pam_environment" +-#define DEFAULT_USER_READ_ENVFILE 1 ++#define DEFAULT_USER_READ_ENVFILE 0 + + #include "config.h" + +diff -up pam/modules/pam_env/pam_env.8.xml.nouserenv pam/modules/pam_env/pam_env.8.xml +--- pam/modules/pam_env/pam_env.8.xml.nouserenv 2010-10-20 09:59:30.000000000 +0200 ++++ pam/modules/pam_env/pam_env.8.xml 2010-11-01 14:42:01.000000000 +0100 +@@ -147,7 +147,10 @@ + <listitem> + <para> + Turns on or off the reading of the user specific environment +- file. 0 is off, 1 is on. By default this option is on. ++ file. 0 is off, 1 is on. By default this option is off as user ++ supplied environment variables in the PAM environment could affect ++ behavior of subsequent modules in the stack without the consent ++ of the system administrator. + </para> + </listitem> + </varlistentry> diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.1.6-limits-user.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.1.6-limits-user.patch new file mode 100644 index 000000000..3c17b781a --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.1.6-limits-user.patch @@ -0,0 +1,20 @@ +diff -up Linux-PAM-1.1.6/modules/pam_limits/limits.conf.limits Linux-PAM-1.1.6/modules/pam_limits/limits.conf +--- Linux-PAM-1.1.6/modules/pam_limits/limits.conf.limits 2012-08-15 13:08:43.000000000 +0200 ++++ Linux-PAM-1.1.6/modules/pam_limits/limits.conf 2013-03-14 16:43:37.615087671 +0100 +@@ -1,5 +1,16 @@ + # /etc/security/limits.conf + # ++#This file sets the resource limits for the users logged in via PAM. ++#It does not affect resource limits of the system services. ++# ++#Also note that configuration files in /etc/security/limits.d directory, ++#which are read in alphabetical order, override the settings in this ++#file in case the domain is the same or more specific. ++#That means for example that setting a limit for wildcard domain here ++#can be overriden with a wildcard setting in a config file in the ++#subdirectory, but a user specific setting here can be overriden only ++#with a user specific setting in the subdirectory. ++# + #Each line describes a limit for a user in the form: + # + #<domain> <type> <item> <value> diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.1.8-audit-user-mgmt.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.1.8-audit-user-mgmt.patch new file mode 100644 index 000000000..277a5699f --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.1.8-audit-user-mgmt.patch @@ -0,0 +1,31 @@ +diff -up Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c +--- Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt 2013-06-18 16:11:21.000000000 +0200 ++++ Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c 2014-10-17 12:09:12.965490940 +0200 +@@ -997,9 +997,9 @@ main( int argc UNUSED, char **argv ) + #ifdef HAVE_LIBAUDIT + char buf[64]; + int audit_fd = audit_open(); +- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u reset=%hu", uid, cline_reset); +- audit_log_user_message(audit_fd, AUDIT_USER_ACCT, +- buf, NULL, NULL, ttyname(STDIN_FILENO), 1); ++ snprintf(buf, sizeof(buf), "pam_tally2 reset=%hu", cline_reset); ++ audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL, ++ buf, NULL, uid, NULL, NULL, ttyname(STDIN_FILENO), 1); + if (audit_fd >=0) + close(audit_fd); + #endif +@@ -1040,11 +1040,10 @@ main( int argc UNUSED, char **argv ) + } + else if ( !cline_reset ) { + #ifdef HAVE_LIBAUDIT +- char buf[64]; + int audit_fd = audit_open(); +- snprintf(buf, sizeof(buf), "pam_tally2 uid=all reset=0"); +- audit_log_user_message(audit_fd, AUDIT_USER_ACCT, +- buf, NULL, NULL, ttyname(STDIN_FILENO), 1); ++ audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL, ++ "pam_tally2-reset-all-accts reset=0", "*", -1, ++ NULL, NULL, ttyname(STDIN_FILENO), 1); + if (audit_fd >=0) + close(audit_fd); + #endif diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.1.8-full-relro.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.1.8-full-relro.patch new file mode 100644 index 000000000..b2d8526f9 --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.1.8-full-relro.patch @@ -0,0 +1,67 @@ +diff -up Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am +--- Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am.relro 2014-09-10 17:17:20.273401344 +0200 ++++ Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am 2014-09-10 17:17:07.857115369 +0200 +@@ -9,7 +9,7 @@ securelibfilterdir = $(SECUREDIR)/pam_fi + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(srcdir)/.. @PIE_CFLAGS@ +-AM_LDFLAGS = @PIE_LDFLAGS@ ++AM_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ + LDADD = $(top_builddir)/libpam/libpam.la + + securelibfilter_PROGRAMS = upperLOWER +diff -up Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.am +--- Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.am.relro 2013-06-18 16:11:21.000000000 +0200 ++++ Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.am 2014-09-10 17:18:42.922304935 +0200 +@@ -30,6 +30,8 @@ endif + + sbin_PROGRAMS = mkhomedir_helper + mkhomedir_helper_SOURCES = mkhomedir_helper.c ++mkhomedir_helper_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ ++mkhomedir_helper_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ + mkhomedir_helper_LDADD = $(top_builddir)/libpam/libpam.la + + if ENABLE_REGENERATE_MAN +diff -up Linux-PAM-1.1.8/modules/pam_tally2/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_tally2/Makefile.am +--- Linux-PAM-1.1.8/modules/pam_tally2/Makefile.am.relro 2013-06-18 16:11:21.000000000 +0200 ++++ Linux-PAM-1.1.8/modules/pam_tally2/Makefile.am 2014-09-10 17:22:04.339944040 +0200 +@@ -26,6 +26,8 @@ if HAVE_VERSIONING + pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map + endif + ++pam_tally2_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ ++pam_tally2_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ + pam_tally2_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) + + securelib_LTLIBRARIES = pam_tally2.la +diff -up Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.am +--- Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.am.relro 2013-06-18 16:11:21.000000000 +0200 ++++ Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.am 2014-08-13 16:02:49.906688139 +0200 +@@ -36,7 +36,7 @@ pam_timestamp_la_CFLAGS = $(AM_CFLAGS) + pam_timestamp_check_SOURCES = pam_timestamp_check.c + pam_timestamp_check_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ + pam_timestamp_check_LDADD = $(top_builddir)/libpam/libpam.la +-pam_timestamp_check_LDFLAGS = @PIE_LDFLAGS@ ++pam_timestamp_check_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ + + hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c + hmacfile_LDADD = $(top_builddir)/libpam/libpam.la +diff -up Linux-PAM-1.1.8/modules/pam_unix/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_unix/Makefile.am +--- Linux-PAM-1.1.8/modules/pam_unix/Makefile.am.relro 2013-06-18 16:11:21.000000000 +0200 ++++ Linux-PAM-1.1.8/modules/pam_unix/Makefile.am 2014-08-13 16:02:49.906688139 +0200 +@@ -55,13 +55,13 @@ bigcrypt_LDADD = @LIBCRYPT@ + unix_chkpwd_SOURCES = unix_chkpwd.c md5_good.c md5_broken.c bigcrypt.c \ + passverify.c + unix_chkpwd_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"unix_chkpwd\" +-unix_chkpwd_LDFLAGS = @PIE_LDFLAGS@ ++unix_chkpwd_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ + unix_chkpwd_LDADD = @LIBCRYPT@ @LIBSELINUX@ @LIBAUDIT@ + + unix_update_SOURCES = unix_update.c md5_good.c md5_broken.c bigcrypt.c \ + passverify.c + unix_update_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"unix_update\" +-unix_update_LDFLAGS = @PIE_LDFLAGS@ ++unix_update_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ + unix_update_LDADD = @LIBCRYPT@ @LIBSELINUX@ + + if ENABLE_REGENERATE_MAN diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.0-pwhistory-helper.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.0-pwhistory-helper.patch new file mode 100644 index 000000000..554e5c8f8 --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.0-pwhistory-helper.patch @@ -0,0 +1,806 @@ +diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/Makefile.am.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/Makefile.am +--- Linux-PAM-1.3.0/modules/pam_pwhistory/Makefile.am.pwhhelper 2016-03-24 12:45:42.000000000 +0100 ++++ Linux-PAM-1.3.0/modules/pam_pwhistory/Makefile.am 2016-05-06 15:18:42.307637933 +0200 +@@ -1,5 +1,6 @@ + # + # Copyright (c) 2008, 2009 Thorsten Kukuk <kukuk@suse.de> ++# Copyright (c) 2013 Red Hat, Inc. + # + + CLEANFILES = *~ +@@ -9,25 +10,34 @@ EXTRA_DIST = README $(MANS) $(XMLS) tst- + + TESTS = tst-pam_pwhistory + +-man_MANS = pam_pwhistory.8 ++man_MANS = pam_pwhistory.8 pwhistory_helper.8 + +-XMLS = README.xml pam_pwhistory.8.xml ++XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml + + securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) + +-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include +-AM_LDFLAGS = -no-undefined -avoid-version -module ++AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ ++ -DPWHISTORY_HELPER=\"$(sbindir)/pwhistory_helper\" ++ ++pam_pwhistory_la_LDFLAGS = -no-undefined -avoid-version -module + if HAVE_VERSIONING +- AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map ++ pam_pwhistory_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map + endif + + noinst_HEADERS = opasswd.h + + securelib_LTLIBRARIES = pam_pwhistory.la +-pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ ++pam_pwhistory_la_CFLAGS = $(AM_CFLAGS) ++pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ @LIBSELINUX@ + pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c + ++sbin_PROGRAMS = pwhistory_helper ++pwhistory_helper_CFLAGS = $(AM_CFLAGS) -DHELPER_COMPILE=\"pwhistory_helper\" @PIE_CFLAGS@ ++pwhistory_helper_SOURCES = pwhistory_helper.c opasswd.c ++pwhistory_helper_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ ++pwhistory_helper_LDADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ ++ + if ENABLE_REGENERATE_MAN + noinst_DATA = README + README: pam_pwhistory.8.xml +diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.c.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.c +--- Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.c.pwhhelper 2016-03-24 12:45:42.000000000 +0100 ++++ Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.c 2016-05-06 15:18:42.307637933 +0200 +@@ -1,5 +1,6 @@ + /* + * Copyright (c) 2008 Thorsten Kukuk <kukuk@suse.de> ++ * Copyright (c) 2013 Red Hat, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -38,6 +39,7 @@ + #endif + + #include <pwd.h> ++#include <shadow.h> + #include <time.h> + #include <ctype.h> + #include <errno.h> +@@ -47,6 +49,7 @@ + #include <string.h> + #include <stdlib.h> + #include <syslog.h> ++#include <stdarg.h> + #include <sys/stat.h> + + #if defined (HAVE_XCRYPT_H) +@@ -55,7 +58,14 @@ + #include <crypt.h> + #endif + ++#ifdef HELPER_COMPILE ++#define pam_modutil_getpwnam(h,n) getpwnam(n) ++#define pam_modutil_getspnam(h,n) getspnam(n) ++#define pam_syslog(h,a,...) helper_log_err(a,__VA_ARGS__) ++#else ++#include <security/pam_modutil.h> + #include <security/pam_ext.h> ++#endif + #include <security/pam_modules.h> + + #include "opasswd.h" +@@ -76,6 +86,19 @@ typedef struct { + char *old_passwords; + } opwd; + ++#ifdef HELPER_COMPILE ++void ++helper_log_err(int err, const char *format, ...) ++{ ++ va_list args; ++ ++ va_start(args, format); ++ openlog(HELPER_COMPILE, LOG_CONS | LOG_PID, LOG_AUTHPRIV); ++ vsyslog(err, format, args); ++ va_end(args); ++ closelog(); ++} ++#endif + + static int + parse_entry (char *line, opwd *data) +@@ -117,8 +140,8 @@ compare_password(const char *newpass, co + } + + /* Check, if the new password is already in the opasswd file. */ +-int +-check_old_pass (pam_handle_t *pamh, const char *user, ++PAMH_ARG_DECL(int ++check_old_pass, const char *user, + const char *newpass, int debug) + { + int retval = PAM_SUCCESS; +@@ -128,6 +151,11 @@ check_old_pass (pam_handle_t *pamh, cons + opwd entry; + int found = 0; + ++#ifndef HELPER_COMPILE ++ if (SELINUX_ENABLED) ++ return PAM_PWHISTORY_RUN_HELPER; ++#endif ++ + if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL) + { + if (errno != ENOENT) +@@ -213,9 +241,9 @@ check_old_pass (pam_handle_t *pamh, cons + return retval; + } + +-int +-save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid, +- const char *oldpass, int howmany, int debug UNUSED) ++PAMH_ARG_DECL(int ++save_old_pass, const char *user, ++ int howmany, int debug UNUSED) + { + char opasswd_tmp[] = TMP_PASSWORDS_FILE; + struct stat opasswd_stat; +@@ -226,10 +254,35 @@ save_old_pass (pam_handle_t *pamh, const + char *buf = NULL; + size_t buflen = 0; + int found = 0; ++ struct passwd *pwd; ++ const char *oldpass; ++ ++ pwd = pam_modutil_getpwnam (pamh, user); ++ if (pwd == NULL) ++ return PAM_USER_UNKNOWN; + + if (howmany <= 0) + return PAM_SUCCESS; + ++#ifndef HELPER_COMPILE ++ if (SELINUX_ENABLED) ++ return PAM_PWHISTORY_RUN_HELPER; ++#endif ++ ++ if ((strcmp(pwd->pw_passwd, "x") == 0) || ++ ((pwd->pw_passwd[0] == '#') && ++ (pwd->pw_passwd[1] == '#') && ++ (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0))) ++ { ++ struct spwd *spw = pam_modutil_getspnam (pamh, user); ++ ++ if (spw == NULL) ++ return PAM_USER_UNKNOWN; ++ oldpass = spw->sp_pwdp; ++ } ++ else ++ oldpass = pwd->pw_passwd; ++ + if (oldpass == NULL || *oldpass == '\0') + return PAM_SUCCESS; + +@@ -452,7 +505,7 @@ save_old_pass (pam_handle_t *pamh, const + { + char *out; + +- if (asprintf (&out, "%s:%d:1:%s\n", user, uid, oldpass) < 0) ++ if (asprintf (&out, "%s:%d:1:%s\n", user, pwd->pw_uid, oldpass) < 0) + { + retval = PAM_AUTHTOK_ERR; + if (oldpf) +diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.h.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.h +--- Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.h.pwhhelper 2016-03-24 12:45:42.000000000 +0100 ++++ Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.h 2016-05-06 15:18:42.307637933 +0200 +@@ -1,5 +1,6 @@ + /* + * Copyright (c) 2008 Thorsten Kukuk <kukuk@suse.de> ++ * Copyright (c) 2013 Red Hat, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -36,10 +37,32 @@ + #ifndef __OPASSWD_H__ + #define __OPASSWD_H__ + +-extern int check_old_pass (pam_handle_t *pamh, const char *user, +- const char *newpass, int debug); +-extern int save_old_pass (pam_handle_t *pamh, const char *user, +- uid_t uid, const char *oldpass, +- int howmany, int debug); ++#define PAM_PWHISTORY_RUN_HELPER PAM_CRED_INSUFFICIENT ++ ++#ifdef WITH_SELINUX ++#include <selinux/selinux.h> ++#define SELINUX_ENABLED is_selinux_enabled()>0 ++#else ++#define SELINUX_ENABLED 0 ++#endif ++ ++#ifdef HELPER_COMPILE ++#define PAMH_ARG_DECL(fname, ...) fname(__VA_ARGS__) ++#define PAMH_ARG(...) __VA_ARGS__ ++#else ++#define PAMH_ARG_DECL(fname, ...) fname(pam_handle_t *pamh, __VA_ARGS__) ++#define PAMH_ARG(...) pamh, __VA_ARGS__ ++#endif ++ ++#ifdef HELPER_COMPILE ++void ++helper_log_err(int err, const char *format, ...); ++#endif ++ ++PAMH_ARG_DECL(int ++check_old_pass, const char *user, const char *newpass, int debug); ++ ++PAMH_ARG_DECL(int ++save_old_pass, const char *user, int howmany, int debug); + + #endif /* __OPASSWD_H__ */ +diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/pam_pwhistory.c.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/pam_pwhistory.c +--- Linux-PAM-1.3.0/modules/pam_pwhistory/pam_pwhistory.c.pwhhelper 2016-04-04 11:22:28.000000000 +0200 ++++ Linux-PAM-1.3.0/modules/pam_pwhistory/pam_pwhistory.c 2016-05-06 15:19:31.610785512 +0200 +@@ -1,6 +1,7 @@ + /* + * Copyright (c) 2008, 2012 Thorsten Kukuk + * Author: Thorsten Kukuk <kukuk@thkukuk.de> ++ * Copyright (c) 2013 Red Hat, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -46,10 +47,14 @@ + #include <stdlib.h> + #include <string.h> + #include <unistd.h> +-#include <shadow.h> + #include <syslog.h> + #include <sys/types.h> + #include <sys/stat.h> ++#include <sys/time.h> ++#include <sys/resource.h> ++#include <sys/wait.h> ++#include <signal.h> ++#include <fcntl.h> + + #include <security/pam_modules.h> + #include <security/pam_modutil.h> +@@ -59,6 +64,7 @@ + #include "opasswd.h" + + #define DEFAULT_BUFLEN 2048 ++#define MAX_FD_NO 20000 + + struct options_t { + int debug; +@@ -102,6 +108,184 @@ parse_option (pam_handle_t *pamh, const + pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv); + } + ++static int ++run_save_helper(pam_handle_t *pamh, const char *user, ++ int howmany, int debug) ++{ ++ int retval, child; ++ struct sigaction newsa, oldsa; ++ ++ memset(&newsa, '\0', sizeof(newsa)); ++ newsa.sa_handler = SIG_DFL; ++ sigaction(SIGCHLD, &newsa, &oldsa); ++ ++ child = fork(); ++ if (child == 0) ++ { ++ int i = 0; ++ struct rlimit rlim; ++ int dummyfds[2]; ++ static char *envp[] = { NULL }; ++ char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; ++ ++ /* replace std file descriptors with a dummy pipe */ ++ if (pipe2(dummyfds, O_NONBLOCK) == 0) ++ { ++ dup2(dummyfds[0], STDIN_FILENO); ++ dup2(dummyfds[1], STDOUT_FILENO); ++ dup2(dummyfds[1], STDERR_FILENO); ++ } ++ ++ if (getrlimit(RLIMIT_NOFILE,&rlim) == 0) ++ { ++ if (rlim.rlim_max >= MAX_FD_NO) ++ rlim.rlim_max = MAX_FD_NO; ++ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) ++ { ++ if (i != dummyfds[0]) ++ close(i); ++ } ++ } ++ ++ /* exec binary helper */ ++ args[0] = strdup(PWHISTORY_HELPER); ++ args[1] = strdup("save"); ++ args[2] = x_strdup(user); ++ asprintf(&args[3], "%d", howmany); ++ asprintf(&args[4], "%d", debug); ++ ++ execve(args[0], args, envp); ++ ++ _exit(PAM_SYSTEM_ERR); ++ } ++ else if (child > 0) ++ { ++ /* wait for child */ ++ int rc = 0; ++ rc = waitpid(child, &retval, 0); /* wait for helper to complete */ ++ if (rc < 0) ++ { ++ pam_syslog(pamh, LOG_ERR, "pwhistory_helper save waitpid returned %d: %m", rc); ++ retval = PAM_SYSTEM_ERR; ++ } ++ else if (!WIFEXITED(retval)) ++ { ++ pam_syslog(pamh, LOG_ERR, "pwhistory_helper save abnormal exit: %d", retval); ++ retval = PAM_SYSTEM_ERR; ++ } ++ else ++ { ++ retval = WEXITSTATUS(retval); ++ } ++ } ++ else ++ { ++ retval = PAM_SYSTEM_ERR; ++ } ++ ++ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ ++ ++ return retval; ++} ++ ++static int ++run_check_helper(pam_handle_t *pamh, const char *user, ++ const char *newpass, int debug) ++{ ++ int retval, child, fds[2]; ++ struct sigaction newsa, oldsa; ++ ++ /* create a pipe for the password */ ++ if (pipe(fds) != 0) ++ return PAM_SYSTEM_ERR; ++ ++ memset(&newsa, '\0', sizeof(newsa)); ++ newsa.sa_handler = SIG_DFL; ++ sigaction(SIGCHLD, &newsa, &oldsa); ++ ++ child = fork(); ++ if (child == 0) ++ { ++ int i = 0; ++ struct rlimit rlim; ++ int dummyfds[2]; ++ static char *envp[] = { NULL }; ++ char *args[] = { NULL, NULL, NULL, NULL, NULL }; ++ ++ /* reopen stdin as pipe */ ++ dup2(fds[0], STDIN_FILENO); ++ ++ /* replace std file descriptors with a dummy pipe */ ++ if (pipe2(dummyfds, O_NONBLOCK) == 0) ++ { ++ dup2(dummyfds[1], STDOUT_FILENO); ++ dup2(dummyfds[1], STDERR_FILENO); ++ } ++ ++ if (getrlimit(RLIMIT_NOFILE,&rlim) == 0) ++ { ++ if (rlim.rlim_max >= MAX_FD_NO) ++ rlim.rlim_max = MAX_FD_NO; ++ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) ++ { ++ if (i != dummyfds[0]) ++ close(i); ++ } ++ } ++ ++ /* exec binary helper */ ++ args[0] = strdup(PWHISTORY_HELPER); ++ args[1] = strdup("check"); ++ args[2] = x_strdup(user); ++ asprintf(&args[3], "%d", debug); ++ ++ execve(args[0], args, envp); ++ ++ _exit(PAM_SYSTEM_ERR); ++ } ++ else if (child > 0) ++ { ++ /* wait for child */ ++ int rc = 0; ++ if (newpass == NULL) ++ newpass = ""; ++ ++ /* send the password to the child */ ++ if (write(fds[1], newpass, strlen(newpass)+1) == -1) ++ { ++ pam_syslog(pamh, LOG_ERR, "Cannot send password to helper: %m"); ++ retval = PAM_SYSTEM_ERR; ++ } ++ newpass = NULL; ++ close(fds[0]); /* close here to avoid possible SIGPIPE above */ ++ close(fds[1]); ++ rc = waitpid(child, &retval, 0); /* wait for helper to complete */ ++ if (rc < 0) ++ { ++ pam_syslog(pamh, LOG_ERR, "pwhistory_helper check waitpid returned %d: %m", rc); ++ retval = PAM_SYSTEM_ERR; ++ } ++ else if (!WIFEXITED(retval)) ++ { ++ pam_syslog(pamh, LOG_ERR, "pwhistory_helper check abnormal exit: %d", retval); ++ retval = PAM_SYSTEM_ERR; ++ } ++ else ++ { ++ retval = WEXITSTATUS(retval); ++ } ++ } ++ else ++ { ++ close(fds[0]); ++ close(fds[1]); ++ retval = PAM_SYSTEM_ERR; ++ } ++ ++ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ ++ ++ return retval; ++} + + /* This module saves the current crypted password in /etc/security/opasswd + and then compares the new password with all entries in this file. */ +@@ -109,7 +293,6 @@ parse_option (pam_handle_t *pamh, const + int + pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) + { +- struct passwd *pwd; + const char *newpass; + const char *user; + int retval, tries; +@@ -154,31 +337,13 @@ pam_sm_chauthtok (pam_handle_t *pamh, in + return PAM_SUCCESS; + } + +- pwd = pam_modutil_getpwnam (pamh, user); +- if (pwd == NULL) +- return PAM_USER_UNKNOWN; +- +- if ((strcmp(pwd->pw_passwd, "x") == 0) || +- ((pwd->pw_passwd[0] == '#') && +- (pwd->pw_passwd[1] == '#') && +- (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0))) +- { +- struct spwd *spw = pam_modutil_getspnam (pamh, user); +- if (spw == NULL) +- return PAM_USER_UNKNOWN; ++ retval = save_old_pass (pamh, user, options.remember, options.debug); + +- retval = save_old_pass (pamh, user, pwd->pw_uid, spw->sp_pwdp, +- options.remember, options.debug); +- if (retval != PAM_SUCCESS) +- return retval; +- } +- else +- { +- retval = save_old_pass (pamh, user, pwd->pw_uid, pwd->pw_passwd, +- options.remember, options.debug); +- if (retval != PAM_SUCCESS) +- return retval; +- } ++ if (retval == PAM_PWHISTORY_RUN_HELPER) ++ retval = run_save_helper(pamh, user, options.remember, options.debug); ++ ++ if (retval != PAM_SUCCESS) ++ return retval; + + newpass = NULL; + tries = 0; +@@ -207,8 +372,11 @@ pam_sm_chauthtok (pam_handle_t *pamh, in + if (options.debug) + pam_syslog (pamh, LOG_DEBUG, "check against old password file"); + +- if (check_old_pass (pamh, user, newpass, +- options.debug) != PAM_SUCCESS) ++ retval = check_old_pass (pamh, user, newpass, options.debug); ++ if (retval == PAM_PWHISTORY_RUN_HELPER) ++ retval = run_check_helper(pamh, user, newpass, options.debug); ++ ++ if (retval != PAM_SUCCESS) + { + if (getuid() || options.enforce_for_root || + (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) +diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.c.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.c +--- Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.c.pwhhelper 2016-05-06 15:18:42.308637957 +0200 ++++ Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.c 2016-05-06 15:18:42.308637957 +0200 +@@ -0,0 +1,209 @@ ++/* ++ * Copyright (c) 2013 Red Hat, Inc. ++ * Author: Tomas Mraz <tmraz@redhat.com> ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, and the entire permission notice in its entirety, ++ * including the disclaimer of warranties. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote ++ * products derived from this software without specific prior ++ * written permission. ++ * ++ * ALTERNATIVELY, this product may be distributed under the terms of ++ * the GNU Public License, in which case the provisions of the GPL are ++ * required INSTEAD OF the above restrictions. (This clause is ++ * necessary due to a potential bad interaction between the GPL and ++ * the restrictions contained in a BSD-style copyright.) ++ * ++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED ++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include "config.h" ++ ++#include <stdio.h> ++#include <stdlib.h> ++#include <string.h> ++#include <syslog.h> ++#include <errno.h> ++#include <unistd.h> ++#include <signal.h> ++#include <security/_pam_types.h> ++#include <security/_pam_macros.h> ++#include "opasswd.h" ++ ++#define MAXPASS 200 ++ ++static void ++su_sighandler(int sig) ++{ ++#ifndef SA_RESETHAND ++ /* emulate the behaviour of the SA_RESETHAND flag */ ++ if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) { ++ struct sigaction sa; ++ memset(&sa, '\0', sizeof(sa)); ++ sa.sa_handler = SIG_DFL; ++ sigaction(sig, &sa, NULL); ++ } ++#endif ++ if (sig > 0) { ++ _exit(sig); ++ } ++} ++ ++static void ++setup_signals(void) ++{ ++ struct sigaction action; /* posix signal structure */ ++ ++ /* ++ * Setup signal handlers ++ */ ++ (void) memset((void *) &action, 0, sizeof(action)); ++ action.sa_handler = su_sighandler; ++#ifdef SA_RESETHAND ++ action.sa_flags = SA_RESETHAND; ++#endif ++ (void) sigaction(SIGILL, &action, NULL); ++ (void) sigaction(SIGTRAP, &action, NULL); ++ (void) sigaction(SIGBUS, &action, NULL); ++ (void) sigaction(SIGSEGV, &action, NULL); ++ action.sa_handler = SIG_IGN; ++ action.sa_flags = 0; ++ (void) sigaction(SIGTERM, &action, NULL); ++ (void) sigaction(SIGHUP, &action, NULL); ++ (void) sigaction(SIGINT, &action, NULL); ++ (void) sigaction(SIGQUIT, &action, NULL); ++} ++ ++static int ++read_passwords(int fd, int npass, char **passwords) ++{ ++ int rbytes = 0; ++ int offset = 0; ++ int i = 0; ++ char *pptr; ++ while (npass > 0) ++ { ++ rbytes = read(fd, passwords[i]+offset, MAXPASS-offset); ++ ++ if (rbytes < 0) ++ { ++ if (errno == EINTR) continue; ++ break; ++ } ++ if (rbytes == 0) ++ break; ++ ++ while (npass > 0 && (pptr=memchr(passwords[i]+offset, '\0', rbytes)) ++ != NULL) ++ { ++ rbytes -= pptr - (passwords[i]+offset) + 1; ++ i++; ++ offset = 0; ++ npass--; ++ if (rbytes > 0) ++ { ++ if (npass > 0) ++ memcpy(passwords[i], pptr+1, rbytes); ++ memset(pptr+1, '\0', rbytes); ++ } ++ } ++ offset += rbytes; ++ } ++ ++ /* clear up */ ++ if (offset > 0 && npass > 0) ++ memset(passwords[i], '\0', offset); ++ ++ return i; ++} ++ ++ ++static int ++check_history(const char *user, const char *debug) ++{ ++ char pass[MAXPASS + 1]; ++ char *passwords[] = { pass }; ++ int npass; ++ int dbg = atoi(debug); /* no need to be too fancy here */ ++ int retval; ++ ++ /* read the password from stdin (a pipe from the pam_pwhistory module) */ ++ npass = read_passwords(STDIN_FILENO, 1, passwords); ++ ++ if (npass != 1) ++ { /* is it a valid password? */ ++ helper_log_err(LOG_DEBUG, "no password supplied"); ++ return PAM_AUTHTOK_ERR; ++ } ++ ++ retval = check_old_pass(user, pass, dbg); ++ ++ memset(pass, '\0', MAXPASS); /* clear memory of the password */ ++ ++ return retval; ++} ++ ++static int ++save_history(const char *user, const char *howmany, const char *debug) ++{ ++ int num = atoi(howmany); ++ int dbg = atoi(debug); /* no need to be too fancy here */ ++ int retval; ++ ++ retval = save_old_pass(user, num, dbg); ++ ++ return retval; ++} ++ ++int ++main(int argc, char *argv[]) ++{ ++ const char *option; ++ const char *user; ++ ++ /* ++ * Catch or ignore as many signal as possible. ++ */ ++ setup_signals(); ++ ++ /* ++ * we establish that this program is running with non-tty stdin. ++ * this is to discourage casual use. ++ */ ++ ++ if (isatty(STDIN_FILENO) || argc < 4) ++ { ++ fprintf(stderr, ++ "This binary is not designed for running in this way.\n"); ++ sleep(10); /* this should discourage/annoy the user */ ++ return PAM_SYSTEM_ERR; ++ } ++ ++ option = argv[1]; ++ user = argv[2]; ++ ++ if (strcmp(option, "check") == 0 && argc == 4) ++ return check_history(user, argv[3]); ++ else if (strcmp(option, "save") == 0 && argc == 5) ++ return save_history(user, argv[3], argv[4]); ++ ++ return PAM_SYSTEM_ERR; ++} ++ +diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.8.xml.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.8.xml +--- Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.8.xml.pwhhelper 2016-05-06 15:18:42.308637957 +0200 ++++ Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.8.xml 2016-05-06 15:18:42.308637957 +0200 +@@ -0,0 +1,68 @@ ++<?xml version="1.0" encoding='UTF-8'?> ++<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" ++ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> ++ ++<refentry id="pwhistory_helper"> ++ ++ <refmeta> ++ <refentrytitle>pwhistory_helper</refentrytitle> ++ <manvolnum>8</manvolnum> ++ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> ++ </refmeta> ++ ++ <refnamediv id="pwhistory_helper-name"> ++ <refname>pwhistory_helper</refname> ++ <refpurpose>Helper binary that transfers password hashes from passwd or shadow to opasswd</refpurpose> ++ </refnamediv> ++ ++ <refsynopsisdiv> ++ <cmdsynopsis id="pwhistory_helper-cmdsynopsis"> ++ <command>pwhistory_helper</command> ++ <arg choice="opt"> ++ ... ++ </arg> ++ </cmdsynopsis> ++ </refsynopsisdiv> ++ ++ <refsect1 id="pwhistory_helper-description"> ++ ++ <title>DESCRIPTION</title> ++ ++ <para> ++ <emphasis>pwhistory_helper</emphasis> is a helper program for the ++ <emphasis>pam_pwhistory</emphasis> module that transfers password hashes ++ from passwd or shadow file to the opasswd file and checks a password ++ supplied by user against the existing hashes in the opasswd file. ++ </para> ++ ++ <para> ++ The purpose of the helper is to enable tighter confinement of ++ login and password changing services. The helper is thus called only ++ when SELinux is enabled on the system. ++ </para> ++ ++ <para> ++ The interface of the helper - command line options, and input/output ++ data format are internal to the <emphasis>pam_pwhistory</emphasis> ++ module and it should not be called directly from applications. ++ </para> ++ </refsect1> ++ ++ <refsect1 id='pwhistory_helper-see_also'> ++ <title>SEE ALSO</title> ++ <para> ++ <citerefentry> ++ <refentrytitle>pam_pwhistory</refentrytitle><manvolnum>8</manvolnum> ++ </citerefentry> ++ </para> ++ </refsect1> ++ ++ <refsect1 id='pwhistory_helper-author'> ++ <title>AUTHOR</title> ++ <para> ++ Written by Tomas Mraz based on the code originally in ++ <emphasis>pam_pwhistory and pam_unix</emphasis> modules. ++ </para> ++ </refsect1> ++ ++</refentry> diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.0-unix-nomsg.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.0-unix-nomsg.patch new file mode 100644 index 000000000..33c226773 --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.0-unix-nomsg.patch @@ -0,0 +1,16 @@ +diff -up Linux-PAM-1.3.0/modules/pam_unix/pam_unix_passwd.c.nomsg Linux-PAM-1.3.0/modules/pam_unix/pam_unix_passwd.c +--- Linux-PAM-1.3.0/modules/pam_unix/pam_unix_passwd.c.nomsg 2016-04-11 13:08:47.000000000 +0200 ++++ Linux-PAM-1.3.0/modules/pam_unix/pam_unix_passwd.c 2017-04-20 16:51:24.853106709 +0200 +@@ -687,12 +687,6 @@ pam_sm_chauthtok(pam_handle_t *pamh, int + return PAM_SUCCESS; + } else if (off(UNIX__IAMROOT, ctrl) || + (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) { +- /* instruct user what is happening */ +- if (off(UNIX__QUIET, ctrl)) { +- retval = pam_info(pamh, _("Changing password for %s."), user); +- if (retval != PAM_SUCCESS) +- return retval; +- } + retval = pam_get_authtok(pamh, PAM_OLDAUTHTOK, &pass_old, NULL); + + if (retval != PAM_SUCCESS) { diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-coverity.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-coverity.patch new file mode 100644 index 000000000..cecf768f6 --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-coverity.patch @@ -0,0 +1,185 @@ +diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c +index 106ef7c..b2e94c7 100644 +--- a/libpam/pam_handlers.c ++++ b/libpam/pam_handlers.c +@@ -282,7 +282,6 @@ _pam_open_config_file(pam_handle_t *pamh + { + char *p; + FILE *f; +- int err = 0; + + /* Absolute path */ + if (service[0] == '/') { +diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c +index be53f34..07dce36 100644 +--- a/libpam_misc/misc_conv.c ++++ b/libpam_misc/misc_conv.c +@@ -211,7 +211,7 @@ static int read_string(int echo, const char *prompt, char **retstr) + line[nc] = '\0'; + } + *retstr = strdup(line); +- _pam_overwrite(line); ++ _pam_overwrite_n(line, sizeof(line)); + if (!*retstr) { + D(("no memory for response string")); + nc = -1; +@@ -244,7 +244,7 @@ static int read_string(int echo, const char *prompt, char **retstr) + D(("the timer appears to have expired")); + + *retstr = NULL; +- _pam_overwrite(line); ++ _pam_overwrite_n(line, sizeof(line)); + + cleanexit: + +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index 80d885d..3801862 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -806,7 +806,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + const char *user=NULL; + const void *void_from=NULL; + const char *from; +- const char const *default_config = PAM_ACCESS_CONFIG; ++ const char * const default_config = PAM_ACCESS_CONFIG; + struct passwd *user_pw; + char hostname[MAXHOSTNAMELEN + 1]; + int rv; +diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c +index 4bc4ae7..f8476b4 100644 +--- a/modules/pam_limits/pam_limits.c ++++ b/modules/pam_limits/pam_limits.c +@@ -342,7 +342,7 @@ static const char *lnames[RLIM_NLIMITS] = { + #endif + }; + +-static int str2rlimit(char *name) { ++static int str2rlimit(const char *name) { + int i; + if (!name || *name == '\0') + return -1; +@@ -352,7 +352,7 @@ static int str2rlimit(char *name) { + return -1; + } + +-static rlim_t str2rlim_t(char *value) { ++static rlim_t str2rlim_t(const char *value) { + unsigned long long rlimit = 0; + + if (!value) return (rlim_t)rlimit; +@@ -384,7 +384,7 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int + FILE *limitsfile; + const char *proclimits = "/proc/1/limits"; + char line[256]; +- char *units, *hard, *soft, *name; ++ const char *units, *hard, *soft, *name; + + if (!(limitsfile = fopen(proclimits, "r"))) { + pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM defaults", proclimits, strerror(errno)); +diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c +index 96bfd98..66d202c 100644 +--- a/modules/pam_loginuid/pam_loginuid.c ++++ b/modules/pam_loginuid/pam_loginuid.c +@@ -64,7 +64,7 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid) + fd = open("/proc/self/uid_map", O_RDONLY); + if (fd >= 0) { + count = pam_modutil_read(fd, uid_map, sizeof(uid_map)); +- if (strncmp(uid_map, host_uid_map, count) != 0) ++ if (count <= 0 || strncmp(uid_map, host_uid_map, count) != 0) + rc = PAM_IGNORE; + close(fd); + } +diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c +index 9e204c1..4b8d6b7 100644 +--- a/modules/pam_mkhomedir/mkhomedir_helper.c ++++ b/modules/pam_mkhomedir/mkhomedir_helper.c +@@ -232,6 +232,8 @@ create_homedir(const struct passwd *pwd, + { + pam_syslog(NULL, LOG_DEBUG, + "unable to open or stat src file %s: %m", newsource); ++ if (srcfd >= 0) ++ close(srcfd); + closedir(d); + + #ifndef PATH_MAX +diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c +index f541f89..85f5efa 100644 +--- a/modules/pam_namespace/pam_namespace.c ++++ b/modules/pam_namespace/pam_namespace.c +@@ -1418,6 +1418,7 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat * + if (fstat(fd, &newstatbuf) < 0) { + pam_syslog(idata->pamh, LOG_ERR, "Error stating %s, %m", + ipath); ++ close(fd); + rmdir(ipath); + return PAM_SESSION_ERR; + } +diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c +index e6cf346..813f579 100644 +--- a/modules/pam_pwhistory/opasswd.c ++++ b/modules/pam_pwhistory/opasswd.c +@@ -326,6 +326,9 @@ save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid, + n = strlen (buf); + #endif /* HAVE_GETLINE / HAVE_GETDELIM */ + ++ if (n < 1) ++ break; ++ + cp = buf; + save = strdup (buf); /* Copy to write the original data back. */ + if (save == NULL) +@@ -336,9 +339,6 @@ save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid, + goto error_opasswd; + } + +- if (n < 1) +- break; +- + tmp = strchr (cp, '#'); /* remove comments */ + if (tmp) + *tmp = '\0'; +diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c +index 17baabe..a9d9140 100644 +--- a/modules/pam_rootok/pam_rootok.c ++++ b/modules/pam_rootok/pam_rootok.c +@@ -66,14 +66,17 @@ log_callback (int type, const char *fmt, ...) + int audit_fd; + va_list ap; + +- va_start(ap, fmt); + #ifdef HAVE_LIBAUDIT + audit_fd = audit_open(); + + if (audit_fd >= 0) { + char *buf; ++ int ret; + +- if (vasprintf (&buf, fmt, ap) < 0) ++ va_start(ap, fmt); ++ ret = vasprintf (&buf, fmt, ap); ++ va_end(ap); ++ if (ret < 0) + return 0; + audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL, + NULL, 0); +@@ -83,6 +86,7 @@ log_callback (int type, const char *fmt, ...) + } + + #endif ++ va_start(ap, fmt); + vsyslog (LOG_USER | LOG_INFO, fmt, ap); + va_end(ap); + return 0; +diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c +index c653290..f37af0f 100644 +--- a/modules/pam_sepermit/pam_sepermit.c ++++ b/modules/pam_sepermit/pam_sepermit.c +@@ -353,7 +353,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user, + if (*sense == PAM_SUCCESS) { + if (ignore) + *sense = PAM_IGNORE; +- if (geteuid() == 0 && exclusive && get_loginuid(pamh) == -1) ++ if (geteuid() == 0 && exclusive && get_loginuid(pamh) == (uid_t)-1) + if (sepermit_lock(pamh, user, debug) < 0) + *sense = PAM_AUTH_ERR; + } diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-motd-multiple-paths.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-motd-multiple-paths.patch new file mode 100644 index 000000000..a0b069815 --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-motd-multiple-paths.patch @@ -0,0 +1,755 @@ +diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml +index 906c4ed..4e2110c 100644 +--- a/modules/pam_motd/pam_motd.8.xml ++++ b/modules/pam_motd/pam_motd.8.xml +@@ -21,6 +21,9 @@ + <arg choice="opt"> + motd=<replaceable>/path/filename</replaceable> + </arg> ++ <arg choice="opt"> ++ motd_dir=<replaceable>/path/dirname.d</replaceable> ++ </arg> + </cmdsynopsis> + </refsynopsisdiv> + +@@ -31,10 +34,49 @@ + <para> + pam_motd is a PAM module that can be used to display + arbitrary motd (message of the day) files after a successful +- login. By default the <filename>/etc/motd</filename> file is +- shown. The message size is limited to 64KB. ++ login. By default, pam_motd shows files in the ++ following locations: ++ </para> ++ <para> ++ <simplelist type='vert'> ++ <member><filename>/etc/motd</filename></member> ++ <member><filename>/run/motd</filename></member> ++ <member><filename>/usr/lib/motd</filename></member> ++ <member><filename>/etc/motd.d/</filename></member> ++ <member><filename>/run/motd.d/</filename></member> ++ <member><filename>/usr/lib/motd.d/</filename></member> ++ </simplelist> ++ </para> ++ <para> ++ Each message size is limited to 64KB. ++ </para> ++ <para> ++ If <filename>/etc/motd</filename> does not exist, ++ then <filename>/run/motd</filename> is shown. If ++ <filename>/run/motd</filename> does not exist, then ++ <filename>/usr/lib/motd</filename> is shown. ++ </para> ++ <para> ++ Similar overriding behavior applies to the directories. ++ Files in <filename>/etc/motd.d/</filename> override files ++ with the same name in <filename>/run/motd.d/</filename> and ++ <filename>/usr/lib/motd.d/</filename>. Files in <filename>/run/motd.d/</filename> ++ override files with the same name in <filename>/usr/lib/motd.d/</filename>. ++ </para> ++ <para> ++ Files the in the directories listed above are displayed in ++ lexicographic order by name. ++ </para> ++ <para> ++ To silence a message, ++ a symbolic link with target <filename>/dev/null</filename> ++ may be placed in <filename>/etc/motd.d</filename> with ++ the same filename as the message to be silenced. Example: ++ Creating a symbolic link as follows silences <filename>/usr/lib/motd.d/my_motd</filename>. ++ </para> ++ <para> ++ <command>ln -s /dev/null /etc/motd.d/my_motd</command> + </para> +- + </refsect1> + + <refsect1 id="pam_motd-options"> +@@ -47,8 +89,10 @@ + </term> + <listitem> + <para> +- The <filename>/path/filename</filename> file is displayed +- as message of the day. ++ The <filename>/path/filename</filename> file is displayed ++ as message of the day. Multiple paths to try can be ++ specified as a colon-separated list. By default this option ++ is set to <filename>/etc/motd:/run/motd:/usr/lib/motd</filename>. + </para> + </listitem> + </varlistentry> +@@ -59,16 +103,17 @@ + <listitem> + <para> + The <filename>/path/dirname.d</filename> directory is scanned +- and each file contained inside of it is displayed. ++ and each file contained inside of it is displayed. Multiple ++ directories to scan can be specified as a colon-separated list. ++ By default this option is set to <filename>/etc/motd.d:/run/motd.d:/usr/lib/motd.d</filename>. + </para> + </listitem> + </varlistentry> + </variablelist> + <para> +- When no options are given, the default is to display both +- <filename>/etc/motd</filename> and the contents of +- <filename>/etc/motd.d</filename>. Specifying either option (or both) +- will disable this default behavior. ++ When no options are given, the default behavior applies for both ++ options. Specifying either option (or both) will disable the ++ default behavior for both options. + </para> + </refsect1> + +diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c +index cc828d7..ec3ebd5 100644 +--- a/modules/pam_motd/pam_motd.c ++++ b/modules/pam_motd/pam_motd.c +@@ -33,8 +33,8 @@ + */ + + #define PAM_SM_SESSION +-#define DEFAULT_MOTD "/etc/motd" +-#define DEFAULT_MOTD_D "/etc/motd.d" ++#define DEFAULT_MOTD "/etc/motd:/run/motd:/usr/lib/motd" ++#define DEFAULT_MOTD_D "/etc/motd.d:/run/motd.d:/usr/lib/motd.d" + + #include <security/pam_modules.h> + #include <security/pam_modutil.h> +@@ -97,12 +97,234 @@ static void try_to_display_directory(pam_handle_t *pamh, const char *dirname) + } + } + ++/* ++ * Split a DELIM-separated string ARG into an array. ++ * Outputs a newly allocated array of strings OUT_ARG_SPLIT ++ * and the number of strings OUT_NUM_STRS. ++ * Returns 0 in case of error, 1 in case of success. ++ */ ++static int pam_split_string(const pam_handle_t *pamh, char *arg, char delim, ++ char ***out_arg_split, uint *out_num_strs) ++{ ++ char *arg_extracted = NULL; ++ const char *arg_ptr = arg; ++ char **arg_split = NULL; ++ char delim_str[2]; ++ int i = 0; ++ uint num_strs = 0; ++ int retval = 0; ++ ++ delim_str[0] = delim; ++ delim_str[1] = '\0'; ++ ++ if (arg == NULL) { ++ goto out; ++ } ++ ++ while (arg_ptr != NULL) { ++ num_strs++; ++ arg_ptr = strchr(arg_ptr + sizeof(const char), delim); ++ } ++ ++ arg_split = (char **)calloc(num_strs, sizeof(char *)); ++ if (arg_split == NULL) { ++ pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate string array"); ++ goto out; ++ } ++ ++ arg_extracted = strtok_r(arg, delim_str, &arg); ++ while (arg_extracted != NULL && i < num_strs) { ++ arg_split[i++] = arg_extracted; ++ arg_extracted = strtok_r(NULL, delim_str, &arg); ++ } ++ ++ retval = 1; ++ ++ out: ++ *out_num_strs = num_strs; ++ *out_arg_split = arg_split; ++ ++ return retval; ++} ++ ++/* Join A_STR and B_STR, inserting a "/" between them if one is not already trailing ++ * in A_STR or beginning B_STR. A pointer to a newly allocated string holding the ++ * joined string is returned in STRP_OUT. ++ * Returns -1 in case of error, or the number of bytes in the joined string in ++ * case of success. */ ++static int join_dir_strings(char **strp_out, const char *a_str, const char *b_str) ++{ ++ int has_sep = 0; ++ int retval = -1; ++ char *join_strp = NULL; ++ ++ if (strp_out == NULL || a_str == NULL || b_str == NULL) { ++ goto out; ++ } ++ if (strlen(a_str) == 0) { ++ goto out; ++ } ++ ++ has_sep = (a_str[strlen(a_str) - 1] == '/') || (b_str[0] == '/'); ++ ++ retval = asprintf(&join_strp, "%s%s%s", a_str, ++ (has_sep == 1) ? "" : "/", b_str); ++ ++ if (retval < 0) { ++ goto out; ++ } ++ ++ *strp_out = join_strp; ++ ++ out: ++ return retval; ++} ++ ++static int compare_strings(const void * a, const void * b) ++{ ++ const char *a_str = *(char **)a; ++ const char *b_str = *(char **)b; ++ ++ if (a_str == NULL && b_str == NULL) { ++ return 0; ++ } ++ else if (a_str == NULL) { ++ return -1; ++ } ++ else if (b_str == NULL) { ++ return 1; ++ } ++ else { ++ return strcmp(a_str, b_str); ++ } ++} ++ ++static int filter_dirents(const struct dirent *d) ++{ ++ return (d->d_type == DT_REG || d->d_type == DT_LNK); ++} ++ ++static void try_to_display_directories_with_overrides(pam_handle_t *pamh, ++ char **motd_dir_path_split, int num_motd_dirs) ++{ ++ struct dirent ***dirscans = NULL; ++ int *dirscans_sizes = NULL; ++ int dirscans_size_total = 0; ++ char **dirnames_all = NULL; ++ int i; ++ int i_dirnames = 0; ++ ++ if (pamh == NULL || motd_dir_path_split == NULL) { ++ goto out; ++ } ++ if (num_motd_dirs < 1) { ++ goto out; ++ } ++ ++ if ((dirscans = (struct dirent ***)calloc(num_motd_dirs, ++ sizeof(struct dirent **))) == NULL) { ++ pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirent arrays"); ++ goto out; ++ } ++ if ((dirscans_sizes = (int *)calloc(num_motd_dirs, sizeof(int))) == NULL) { ++ pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirent array sizes"); ++ goto out; ++ } ++ ++ for (i = 0; i < num_motd_dirs; i++) { ++ dirscans_sizes[i] = scandir(motd_dir_path_split[i], &(dirscans[i]), ++ filter_dirents, alphasort); ++ if (dirscans_sizes[i] < 0) { ++ pam_syslog(pamh, LOG_ERR, "pam_motd: error scanning directory %s", motd_dir_path_split[i]); ++ dirscans_sizes[i] = 0; ++ } ++ dirscans_size_total += dirscans_sizes[i]; ++ } ++ ++ /* Allocate space for all file names found in the directories, including duplicates. */ ++ if ((dirnames_all = (char **)calloc(dirscans_size_total, ++ sizeof(char *))) == NULL) { ++ pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirname array"); ++ goto out; ++ } ++ ++ for (i = 0; i < dirscans_size_total; i++) { ++ dirnames_all[i] = NULL; ++ } ++ ++ for (i = 0; i < num_motd_dirs; i++) { ++ int j; ++ ++ for (j = 0; j < dirscans_sizes[i]; j++) { ++ dirnames_all[i_dirnames] = dirscans[i][j]->d_name; ++ i_dirnames++; ++ } ++ } ++ ++ qsort(dirnames_all, dirscans_size_total, ++ sizeof(const char *), compare_strings); ++ ++ for (i = 0; i < dirscans_size_total; i++) { ++ int j; ++ ++ if (dirnames_all[i] == NULL) { ++ continue; ++ } ++ ++ /* Skip duplicate file names. */ ++ if (i > 0 && strcmp(dirnames_all[i], dirnames_all[i - 1]) == 0) { ++ continue; ++ } ++ ++ for (j = 0; j < num_motd_dirs; j++) { ++ char *abs_path = NULL; ++ ++ if (join_dir_strings(&abs_path, motd_dir_path_split[j], ++ dirnames_all[i]) < 0) { ++ continue; ++ } ++ ++ if (abs_path != NULL) { ++ int fd = open(abs_path, O_RDONLY, 0); ++ if (fd >= 0) { ++ try_to_display_fd(pamh, fd); ++ close(fd); ++ ++ /* We displayed a file, skip to the next file name. */ ++ break; ++ } ++ } ++ _pam_drop(abs_path); ++ } ++ } ++ ++ out: ++ _pam_drop(dirnames_all); ++ for (i = 0; i < num_motd_dirs; i++) { ++ int j; ++ for (j = 0; j < dirscans_sizes[i]; j++) { ++ _pam_drop(dirscans[i][j]); ++ } ++ _pam_drop(dirscans[i]); ++ } ++ _pam_drop(dirscans_sizes); ++ _pam_drop(dirscans); ++ ++ return; ++} ++ + int pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + int retval = PAM_IGNORE; + const char *motd_path = NULL; ++ char *motd_path_copy = NULL; ++ int num_motd_paths = 0; ++ char **motd_path_split = NULL; + const char *motd_dir_path = NULL; ++ char *motd_dir_path_copy = NULL; ++ int num_motd_dir_paths = 0; ++ char **motd_dir_path_split = NULL; + + if (flags & PAM_SILENT) { + return retval; +@@ -141,16 +363,52 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, + } + + if (motd_path != NULL) { +- int fd = open(motd_path, O_RDONLY, 0); ++ motd_path_copy = strdup(motd_path); ++ } ++ ++ if (motd_path_copy != NULL) { ++ if (pam_split_string(pamh, motd_path_copy, ':', ++ &motd_path_split, &num_motd_paths) == 0) { ++ goto out; ++ } ++ } ++ ++ if (motd_dir_path != NULL) { ++ motd_dir_path_copy = strdup(motd_dir_path); ++ } + +- if (fd >= 0) { +- try_to_display_fd(pamh, fd); +- close(fd); ++ if (motd_dir_path_copy != NULL) { ++ if (pam_split_string(pamh, motd_dir_path_copy, ':', ++ &motd_dir_path_split, &num_motd_dir_paths) == 0) { ++ goto out; + } + } + +- if (motd_dir_path != NULL) +- try_to_display_directory(pamh, motd_dir_path); ++ if (motd_path_split != NULL) { ++ int i; ++ ++ for (i = 0; i < num_motd_paths; i++) { ++ int fd = open(motd_path_split[i], O_RDONLY, 0); ++ ++ if (fd >= 0) { ++ try_to_display_fd(pamh, fd); ++ close(fd); ++ ++ /* We found and displayed a file, move onto next filename. */ ++ break; ++ } ++ } ++ } ++ ++ if (motd_dir_path_split != NULL) ++ try_to_display_directories_with_overrides(pamh, motd_dir_path_split, ++ num_motd_dir_paths); ++ ++ out: ++ _pam_drop(motd_path_copy); ++ _pam_drop(motd_path_split); ++ _pam_drop(motd_dir_path_copy); ++ _pam_drop(motd_dir_path_split); + + return retval; + } +diff --git a/xtests/Makefile.am b/xtests/Makefile.am +index a6d6f8d..4d5aba3 100644 +--- a/xtests/Makefile.am ++++ b/xtests/Makefile.am +@@ -32,7 +32,10 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ + tst-pam_substack5.pamd tst-pam_substack5a.pamd tst-pam_substack5.sh \ + tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh \ + tst-pam_pwhistory1.pamd tst-pam_pwhistory1.sh \ +- tst-pam_time1.pamd time.conf ++ tst-pam_time1.pamd time.conf \ ++ tst-pam_motd.sh tst-pam_motd1.sh tst-pam_motd2.sh \ ++ tst-pam_motd3.sh tst-pam_motd4.sh tst-pam_motd1.pamd \ ++ tst-pam_motd2.pamd tst-pam_motd3.pamd tst-pam_motd4.pamd + + XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ + tst-pam_dispatch4 tst-pam_dispatch5 \ +@@ -41,7 +44,7 @@ XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ + tst-pam_access1 tst-pam_access2 tst-pam_access3 \ + tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ + tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \ +- tst-pam_pwhistory1 tst-pam_time1 ++ tst-pam_pwhistory1 tst-pam_time1 tst-pam_motd + + NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \ + tst-pam_substack4 tst-pam_substack5 tst-pam_assemble_line1 +diff --git a/xtests/tst-pam_motd.c b/xtests/tst-pam_motd.c +new file mode 100644 +index 0000000..bba2f9d +--- /dev/null ++++ b/xtests/tst-pam_motd.c +@@ -0,0 +1,69 @@ ++/* ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, and the entire permission notice in its entirety, ++ * including the disclaimer of warranties. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote ++ * products derived from this software without specific prior ++ * written permission. ++ * ++ * ALTERNATIVELY, this product may be distributed under the terms of ++ * the GNU Public License, in which case the provisions of the GPL are ++ * required INSTEAD OF the above restrictions. (This clause is ++ * necessary due to a potential bad interaction between the GPL and ++ * the restrictions contained in a BSD-style copyright.) ++ * ++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED ++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include <config.h> ++#endif ++ ++#include <stdio.h> ++#include <stdlib.h> ++#include <security/pam_appl.h> ++#include <security/pam_misc.h> ++ ++static struct pam_conv conv = { ++ misc_conv, ++ NULL ++}; ++ ++int main(int argc, char *argv[]) ++{ ++ pam_handle_t *pamh=NULL; ++ char *tst_arg = NULL; ++ int retval; ++ ++ if (argc > 1) ++ tst_arg = argv[1]; ++ ++ retval = pam_start(tst_arg, NULL, &conv, &pamh); ++ ++ retval = pam_open_session(pamh, 0); ++ ++ retval = pam_close_session(pamh, 0); ++ ++ if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */ ++ pamh = NULL; ++ exit(1); ++ } ++ ++ return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */ ++} +diff --git a/xtests/tst-pam_motd.sh b/xtests/tst-pam_motd.sh +new file mode 100755 +index 0000000..9080128 +--- /dev/null ++++ b/xtests/tst-pam_motd.sh +@@ -0,0 +1,8 @@ ++#!/bin/bash ++ ++set -e ++ ++./tst-pam_motd1.sh ++./tst-pam_motd2.sh ++./tst-pam_motd3.sh ++./tst-pam_motd4.sh +diff --git a/xtests/tst-pam_motd1.pamd b/xtests/tst-pam_motd1.pamd +new file mode 100644 +index 0000000..ddea82c +--- /dev/null ++++ b/xtests/tst-pam_motd1.pamd +@@ -0,0 +1,3 @@ ++#%PAM-1.0 ++session required pam_permit.so ++session optional pam_motd.so motd=tst-pam_motd1.d/etc/motd motd_dir=tst-pam_motd1.d/etc/motd.d +diff --git a/xtests/tst-pam_motd1.sh b/xtests/tst-pam_motd1.sh +new file mode 100755 +index 0000000..cc88854 +--- /dev/null ++++ b/xtests/tst-pam_motd1.sh +@@ -0,0 +1,36 @@ ++#!/bin/bash ++ ++TST_DIR="tst-pam_motd1.d" ++ ++function tst_cleanup() { ++ rm -rf "${TST_DIR}" ++ rm -f tst-pam_motd1.out ++} ++ ++mkdir -p ${TST_DIR} ++mkdir -p ${TST_DIR}/etc/motd.d ++ ++# Verify the case of single motd and motd.d directory works ++echo "motd: /etc/motd" > ${TST_DIR}/etc/motd ++echo "motd: /etc/motd.d/test" > ${TST_DIR}/etc/motd.d/test ++ ++./tst-pam_motd tst-pam_motd1 > tst-pam_motd1.out ++ ++RET=$? ++ ++motd_to_show_output=$(cat tst-pam_motd1.out | grep "motd: /etc/motd") ++if [ -z "${motd_to_show_output}" ]; ++then ++ tst_cleanup ++ exit 1 ++fi ++ ++motd_dir_to_show_output=$(cat tst-pam_motd1.out | grep "motd: /etc/motd.d/test") ++if [ -z "${motd_dir_to_show_output}" ]; ++then ++ tst_cleanup ++ exit 1 ++fi ++ ++tst_cleanup ++exit $RET +diff --git a/xtests/tst-pam_motd2.pamd b/xtests/tst-pam_motd2.pamd +new file mode 100644 +index 0000000..8200191 +--- /dev/null ++++ b/xtests/tst-pam_motd2.pamd +@@ -0,0 +1,3 @@ ++#%PAM-1.0 ++session required pam_permit.so ++session optional pam_motd.so motd=tst-pam_motd2.d/etc/motd:tst-pam_motd2.d/run/motd:tst-pam_motd2.d/usr/lib/motd motd_dir=tst-pam_motd2.d/etc/motd.d:tst-pam_motd2.d/run/motd.d:tst-pam_motd2.d/usr/lib/motd.d +diff --git a/xtests/tst-pam_motd2.sh b/xtests/tst-pam_motd2.sh +new file mode 100755 +index 0000000..d26ea92 +--- /dev/null ++++ b/xtests/tst-pam_motd2.sh +@@ -0,0 +1,53 @@ ++#!/bin/bash ++ ++TST_DIR="tst-pam_motd2.d" ++ ++function tst_cleanup() { ++ rm -rf "${TST_DIR}" ++ rm -f tst-pam_motd2.out ++} ++ ++mkdir -p ${TST_DIR} ++mkdir -p ${TST_DIR}/etc/motd.d ++mkdir -p ${TST_DIR}/run/motd.d ++mkdir -p ${TST_DIR}/usr/lib/motd.d ++ ++echo "motd: /etc/motd" > ${TST_DIR}/etc/motd ++echo "motd: /run/motd" > ${TST_DIR}/run/motd ++echo "motd: /usr/lib/motd" > ${TST_DIR}/usr/lib/motd ++ ++# Drop a motd file in test directories such that every overriding ++# condition (for 3 directories in this case) will be seen. ++echo "motd: e0r0u1 in usr/lib - will show" > ${TST_DIR}/usr/lib/motd.d/e0r0u1.motd ++echo "motd: e0r1u0 in run - will show" > ${TST_DIR}/run/motd.d/e0r1u0.motd ++echo "motd: e0r1u1 in usr/lib - not show" > ${TST_DIR}/usr/lib/motd.d/e0r1u1.motd ++echo "motd: e0r1u1 in run - will show" > ${TST_DIR}/run/motd.d/e0r1u1.motd ++echo "motd: e1r0u0 in etc - will show" > ${TST_DIR}/etc/motd.d/e1r0u0.motd ++echo "motd: e1r0u1 in usr/lib - not show" > ${TST_DIR}/usr/lib/motd.d/e1r0u1.motd ++echo "motd: e1r0u1 in etc - will show" > ${TST_DIR}/etc/motd.d/e1r0u1.motd ++echo "motd: e1r1u0 in run - not show" > ${TST_DIR}/run/motd.d/e1r1u0.motd ++echo "motd: e1r1u0 in etc - will show" > ${TST_DIR}/etc/motd.d/e1r1u0.motd ++echo "motd: e1r1u1 in usr/lib - not show" > ${TST_DIR}/usr/lib/motd.d/e1r1u1.motd ++echo "motd: e1r1u1 in run - not show" > ${TST_DIR}/run/motd.d/e1r1u1.motd ++echo "motd: e1r1u1 in etc - will show" > ${TST_DIR}/etc/motd.d/e1r1u1.motd ++ ++./tst-pam_motd tst-pam_motd2 > tst-pam_motd2.out ++ ++RET=$? ++ ++motd_to_show_output=$(cat tst-pam_motd2.out | grep "motd: /etc/motd") ++if [ -z "${motd_to_show_output}" ]; ++then ++ tst_cleanup ++ exit 1 ++fi ++ ++motd_dir_not_show_output=$(cat tst-pam_motd2.out | grep "not show") ++if [ -n "${motd_dir_not_show_output}" ]; ++then ++ tst_cleanup ++ exit 1 ++fi ++ ++tst_cleanup ++exit $RET +diff --git a/xtests/tst-pam_motd3.pamd b/xtests/tst-pam_motd3.pamd +new file mode 100644 +index 0000000..a8b8cbf +--- /dev/null ++++ b/xtests/tst-pam_motd3.pamd +@@ -0,0 +1,3 @@ ++#%PAM-1.0 ++session required pam_permit.so ++session optional pam_motd.so motd=tst-pam_motd3.d/etc/motd:tst-pam_motd3.d/run/motd:tst-pam_motd3.d/usr/lib/motd motd_dir=tst-pam_motd3.d/etc/motd.d:tst-pam_motd3.d/run/motd.d:tst-pam_motd3.d/usr/lib/motd.d +diff --git a/xtests/tst-pam_motd3.sh b/xtests/tst-pam_motd3.sh +new file mode 100755 +index 0000000..e18856b +--- /dev/null ++++ b/xtests/tst-pam_motd3.sh +@@ -0,0 +1,53 @@ ++#!/bin/bash ++ ++TST_DIR="tst-pam_motd3.d" ++ ++function tst_cleanup() { ++ rm -rf "${TST_DIR}" ++ rm -f tst-pam_motd3.out ++} ++ ++mkdir -p ${TST_DIR} ++mkdir -p ${TST_DIR}/etc/motd.d ++mkdir -p ${TST_DIR}/run/motd.d ++mkdir -p ${TST_DIR}/usr/lib/motd.d ++ ++# Verify motd is still displayed when not overridden ++echo "motd: test-show in run - show" > ${TST_DIR}/run/motd.d/test-show.motd ++ ++# Test overridden by a symlink to a file that isn't /dev/null; symlink target should show ++echo "motd: hidden-by-symlink in usr/lib - not show" > ${TST_DIR}/usr/lib/motd.d/hidden-by-symlink.motd ++echo "motd: test-from-symlink - show" > ${TST_DIR}/test-from-symlink.motd ++ln -sr ${TST_DIR}/test-from-symlink.motd ${TST_DIR}/run/motd.d/hidden-by-symlink.motd ++ ++# Test hidden by a null symlink ++echo "motd: hidden-by-null-symlink in run - not show" > ${TST_DIR}/run/motd.d/hidden-by-null-symlink.motd ++ln -s /dev/null ${TST_DIR}/etc/motd.d/hidden-by-null-symlink.motd ++ ++./tst-pam_motd tst-pam_motd3 > tst-pam_motd3.out ++ ++RET=$? ++ ++motd_dir_not_show_output=$(cat tst-pam_motd3.out | grep "not show") ++if [ -n "${motd_dir_not_show_output}" ]; ++then ++ tst_cleanup ++ exit 1 ++fi ++ ++motd_test_show_output=$(cat tst-pam_motd3.out | grep "test-show.*- show") ++if [ -z "${motd_test_show_output}" ]; ++then ++ tst_cleanup ++ exit 1 ++fi ++ ++motd_general_symlink_show_output=$(cat tst-pam_motd3.out | grep "test-from-symlink.*- show") ++if [ -z "${motd_general_symlink_show_output}" ]; ++then ++ tst_cleanup ++ exit 1 ++fi ++ ++tst_cleanup ++exit $RET +diff --git a/xtests/tst-pam_motd4.pamd b/xtests/tst-pam_motd4.pamd +new file mode 100644 +index 0000000..9dc311a +--- /dev/null ++++ b/xtests/tst-pam_motd4.pamd +@@ -0,0 +1,3 @@ ++#%PAM-1.0 ++session required pam_permit.so ++session optional pam_motd.so motd=tst-pam_motd4.d/etc/motd +diff --git a/xtests/tst-pam_motd4.sh b/xtests/tst-pam_motd4.sh +new file mode 100755 +index 0000000..6022177 +--- /dev/null ++++ b/xtests/tst-pam_motd4.sh +@@ -0,0 +1,27 @@ ++#!/bin/bash ++ ++TST_DIR="tst-pam_motd4.d" ++ ++function tst_cleanup() { ++ rm -rf "${TST_DIR}" ++ rm -f tst-pam_motd4.out ++} ++ ++mkdir -p ${TST_DIR}/etc ++ ++# Verify the case of single motd with no motd_dir given in tst-pam_motd4.pamd ++echo "motd: /etc/motd" > ${TST_DIR}/etc/motd ++ ++./tst-pam_motd tst-pam_motd4 > tst-pam_motd4.out ++ ++RET=$? ++ ++motd_to_show_output=$(cat tst-pam_motd4.out | grep "motd: /etc/motd") ++if [ -z "${motd_to_show_output}" ]; ++then ++ tst_cleanup ++ exit 1 ++fi ++ ++tst_cleanup ++exit $RET diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-noflex.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-noflex.patch new file mode 100644 index 000000000..c65d22537 --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-noflex.patch @@ -0,0 +1,24 @@ +diff -up Linux-PAM-1.3.1/doc/Makefile.am.noflex Linux-PAM-1.3.1/doc/Makefile.am +--- Linux-PAM-1.3.1/doc/Makefile.am.noflex 2017-02-10 11:10:15.000000000 +0100 ++++ Linux-PAM-1.3.1/doc/Makefile.am 2018-05-18 14:53:50.300997606 +0200 +@@ -2,7 +2,7 @@ + # Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de> + # + +-SUBDIRS = man specs sag adg mwg ++SUBDIRS = man sag adg mwg + + CLEANFILES = *~ + +diff -up Linux-PAM-1.3.1/Makefile.am.noflex Linux-PAM-1.3.1/Makefile.am +--- Linux-PAM-1.3.1/Makefile.am.noflex 2018-05-18 14:53:50.301997629 +0200 ++++ Linux-PAM-1.3.1/Makefile.am 2018-05-18 14:55:31.576353800 +0200 +@@ -4,7 +4,7 @@ + + AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 dist-xz check-news + +-SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests ++SUBDIRS = libpam tests libpamc libpam_misc modules po doc examples xtests + + CLEANFILES = *~ + diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-redhat-modules.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-redhat-modules.patch new file mode 100644 index 000000000..4d3f37414 --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-redhat-modules.patch @@ -0,0 +1,78 @@ +diff -up Linux-PAM-1.3.1/configure.ac.redhat-modules Linux-PAM-1.3.1/configure.ac +--- Linux-PAM-1.3.1/configure.ac.redhat-modules 2018-05-18 12:57:57.000000000 +0200 ++++ Linux-PAM-1.3.1/configure.ac 2018-11-26 12:58:14.623545121 +0100 +@@ -611,10 +611,12 @@ AC_CONFIG_FILES([Makefile libpam/Makefil + libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \ + po/Makefile.in \ + modules/Makefile \ ++ modules/pam_chroot/Makefile modules/pam_console/Makefile \ ++ modules/pam_postgresok/Makefile \ + modules/pam_access/Makefile modules/pam_cracklib/Makefile \ + modules/pam_debug/Makefile modules/pam_deny/Makefile \ + modules/pam_echo/Makefile modules/pam_env/Makefile \ +- modules/pam_faildelay/Makefile \ ++ modules/pam_faildelay/Makefile modules/pam_faillock/Makefile \ + modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \ + modules/pam_ftp/Makefile modules/pam_group/Makefile \ + modules/pam_issue/Makefile modules/pam_keyinit/Makefile \ +diff -up Linux-PAM-1.3.1/doc/sag/pam_faillock.xml.redhat-modules Linux-PAM-1.3.1/doc/sag/pam_faillock.xml +--- Linux-PAM-1.3.1/doc/sag/pam_faillock.xml.redhat-modules 2018-11-26 12:58:14.623545121 +0100 ++++ Linux-PAM-1.3.1/doc/sag/pam_faillock.xml 2018-11-26 12:58:14.623545121 +0100 +@@ -0,0 +1,38 @@ ++<?xml version='1.0' encoding='UTF-8'?> ++<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" ++ "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> ++<section id='sag-pam_faillock'> ++ <title>pam_faillock - temporarily locking access based on failed authentication attempts during an interval</title> ++ <cmdsynopsis> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" ++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//cmdsynopsis[@id = "pam_faillock-cmdsynopsisauth"]/*)'/> ++ </cmdsynopsis> ++ <cmdsynopsis> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" ++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//cmdsynopsis[@id = "pam_faillock-cmdsynopsisacct"]/*)'/> ++ </cmdsynopsis> ++ <section id='sag-pam_faillock-description'> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" ++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-description"]/*)'/> ++ </section> ++ <section id='sag-pam_faillock-options'> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" ++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-options"]/*)'/> ++ </section> ++ <section id='sag-pam_faillock-types'> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" ++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-types"]/*)'/> ++ </section> ++ <section id='sag-pam_faillock-return_values'> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" ++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-return_values"]/*)'/> ++ </section> ++ <section id='sag-pam_faillock-examples'> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" ++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-examples"]/*)'/> ++ </section> ++ <section id='sag-pam_faillock-author'> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" ++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-author"]/*)'/> ++ </section> ++</section> +diff -up Linux-PAM-1.3.1/modules/Makefile.am.redhat-modules Linux-PAM-1.3.1/modules/Makefile.am +--- Linux-PAM-1.3.1/modules/Makefile.am.redhat-modules 2017-02-10 11:10:15.000000000 +0100 ++++ Linux-PAM-1.3.1/modules/Makefile.am 2018-11-26 12:58:14.623545121 +0100 +@@ -3,13 +3,14 @@ + # + + SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \ ++ pam_chroot pam_console pam_postgresok pam_faillock \ + pam_env pam_exec pam_faildelay pam_filter pam_ftp \ + pam_group pam_issue pam_keyinit pam_lastlog pam_limits \ + pam_listfile pam_localuser pam_loginuid pam_mail \ + pam_mkhomedir pam_motd pam_namespace pam_nologin \ + pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \ + pam_selinux pam_sepermit pam_shells pam_stress \ +- pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \ ++ pam_succeed_if pam_time pam_timestamp \ + pam_tty_audit pam_umask \ + pam_unix pam_userdb pam_warn pam_wheel pam_xauth + diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch new file mode 100644 index 000000000..bff9d47ea --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch @@ -0,0 +1,34 @@ +From f7abb8c1ef3aa31e6c2564a8aaf69683a77c2016 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org> +Date: Thu, 15 Nov 2018 15:01:57 +0100 +Subject: [PATCH] pam_unix: Use bcrypt b-variant for computing new hashes. + +Bcrypt hashes used the "$2a$" prefix since 1997. +However, in 2011 an implementation bug was discovered in bcrypt +affecting the handling of characters in passphrases with the 8th +bit set. + +Besides fixing the bug, OpenBSD 5.5 introduced the "$2b$" prefix +for a behavior that exactly matches crypt_blowfish's "$2y$", and +the crypt_blowfish implementation supports it as well since v1.1. + +That said new computed bcrypt hashes should use the "$2b$" prefix. + +* modules/pam_unix/passverify.c: Use bcrypt b-variant. +--- + modules/pam_unix/passverify.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index 9c1771e2..1f433b3a 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -385,7 +385,7 @@ PAMH_ARG_DECL(char * create_password_hash, + /* algoid = "$1" */ + return crypt_md5_wrapper(password); + } else if (on(UNIX_BLOWFISH_PASS, ctrl)) { +- algoid = "$2a$"; ++ algoid = "$2b$"; + } else if (on(UNIX_SHA256_PASS, ctrl)) { + algoid = "$5$"; + } else if (on(UNIX_SHA512_PASS, ctrl)) { diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch new file mode 100644 index 000000000..5cbc35b03 --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch @@ -0,0 +1,73 @@ +From 86eed7ca01864b9fd17099e57f10f2b9b6b568a1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org> +Date: Mon, 26 Nov 2018 22:33:17 +0100 +Subject: [PATCH] pam_unix: Report unusable hashes found by checksalt to + syslog. + +libxcrypt can be build-time configured to support (or not support) +various hashing methods. Future versions will also have support for +runtime configuration by the system's vendor and/or administrator. + +For that reason adminstrator should be notified by pam if users cannot +log into their account anymore because of such a change in the system's +configuration of libxcrypt. + +Also check for malformed hashes, like descrypt hashes starting with +"$2...", which might have been generated by unsafe base64 encoding +functions as used in glibc <= 2.16. +Such hashes are likely to be rejected by many recent implementations +of libcrypt. + +* modules/pam_unix/passverify.c (verify_pwd_hash): Report unusable +hashes found by checksalt to syslog. +--- + modules/pam_unix/passverify.c | 36 +++++++++++++++++++++++++++++++++++ + 1 file changed, 36 insertions(+) + +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index eb2444bb..2c808eb5 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -103,6 +103,42 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) + * Ok, we don't know the crypt algorithm, but maybe + * libcrypt knows about it? We should try it. + */ ++#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE ++ /* Get the status of the hash from checksalt */ ++ int retval_checksalt = crypt_checksalt(hash); ++ ++ /* ++ * Check for hashing methods that are disabled by ++ * libcrypt configuration and/or system preset. ++ */ ++ if (retval_checksalt == CRYPT_SALT_METHOD_DISABLED) { ++ /* ++ * pam_syslog() needs a pam handle, ++ * but that's not available here. ++ */ ++ helper_log_err(LOG_ERR, ++ "pam_unix(verify_pwd_hash): The method " ++ "for computing the hash \"%.6s\" has been " ++ "disabled in libcrypt by the preset from " ++ "the system's vendor and/or administrator.", ++ hash); ++ } ++ /* ++ * Check for malformed hashes, like descrypt hashes ++ * starting with "$2...", which might have been ++ * generated by unsafe base64 encoding functions ++ * as used in glibc <= 2.16. ++ * Such hashes are likely to be rejected by many ++ * recent implementations of libcrypt. ++ */ ++ if (retval_checksalt == CRYPT_SALT_INVALID) { ++ helper_log_err(LOG_ERR, ++ "pam_unix(verify_pwd_hash): The hash \"%.6s\"" ++ "does not use a method known by the version " ++ "of libcrypt this system is supplied with.", ++ hash); ++ } ++#endif + #ifdef HAVE_CRYPT_R + struct crypt_data *cdata; + cdata = malloc(sizeof(*cdata)); diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch new file mode 100644 index 000000000..0a74e940e --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch @@ -0,0 +1,40 @@ +From 62425bf2a0c72d0e23139d0b285547a7add26251 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org> +Date: Thu, 15 Nov 2018 19:49:44 +0100 +Subject: [PATCH] pam_unix: Add support for crypt_checksalt, if libcrypt + supports it. + +libxcrypt v4.3 has added the crypt_checksalt function to whether +the prefix at the begining of a given hash string refers to a +supported hashing method. + +Future revisions of this function will add support to check whether +the hashing method, the prefix refers to, was disabled or considered +deprecated by the system's factory presets or system administrator. +Furthermore it will be able to detect whether the parameters, which +are used by the corresponding hashing method, being encoded in the +hash string are not considered to be strong enough anymore. + +*modules/pam_unix/passverify.c: Add support for crypt_checksalt. +--- + modules/pam_unix/passverify.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index 1f433b3a..6132130a 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -244,7 +244,13 @@ PAMH_ARG_DECL(int check_shadow_expiry, + D(("account expired")); + return PAM_ACCT_EXPIRED; + } ++#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE ++ if (spent->sp_lstchg == 0 || ++ crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_METHOD_LEGACY || ++ crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_TOO_CHEAP) { ++#else + if (spent->sp_lstchg == 0) { ++#endif + D(("need a new password")); + *daysleft = 0; + return PAM_NEW_AUTHTOK_REQD; diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch new file mode 100644 index 000000000..41733ae04 --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch @@ -0,0 +1,104 @@ +From d8d11db2cef65da5d2afa7acf21aa9c8cd88abed Mon Sep 17 00:00:00 2001 +From: Tomas Mraz <tmraz@fedoraproject.org> +Date: Tue, 27 Nov 2018 16:11:03 +0100 +Subject: [PATCH] pam_unix: Use pam_syslog instead of helper_log_err. + +* modules/pam_unix/passverify.c (verify_pwd_hash): Add pamh argument via + PAMH_ARG_DECL. Call pam_syslog() instead of helper_log_err(). +* modules/pam_unix/passverify.h: Adjust the declaration of verify_pwd_hash(). +* modules/pam_unix/support.c (_unix_verify_password): Add the pamh argument + to verify_pwd_hash() call. +--- + modules/pam_unix/passverify.c | 24 +++++++++++++----------- + modules/pam_unix/passverify.h | 6 +++--- + modules/pam_unix/support.c | 2 +- + 3 files changed, 17 insertions(+), 15 deletions(-) + +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index 2c808eb5..80e32767 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -65,8 +65,8 @@ strip_hpux_aging(char *hash) + } + } + +-int +-verify_pwd_hash(const char *p, char *hash, unsigned int nullok) ++PAMH_ARG_DECL(int verify_pwd_hash, ++ const char *p, char *hash, unsigned int nullok) + { + size_t hash_len; + char *pp = NULL; +@@ -116,11 +116,10 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) + * pam_syslog() needs a pam handle, + * but that's not available here. + */ +- helper_log_err(LOG_ERR, +- "pam_unix(verify_pwd_hash): The method " +- "for computing the hash \"%.6s\" has been " +- "disabled in libcrypt by the preset from " +- "the system's vendor and/or administrator.", ++ pam_syslog(pamh, LOG_ERR, ++ "The support for password hash \"%.6s\" " ++ "has been disabled in libcrypt " ++ "configuration.", + hash); + } + /* +@@ -132,12 +131,15 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) + * recent implementations of libcrypt. + */ + if (retval_checksalt == CRYPT_SALT_INVALID) { +- helper_log_err(LOG_ERR, +- "pam_unix(verify_pwd_hash): The hash \"%.6s\"" +- "does not use a method known by the version " +- "of libcrypt this system is supplied with.", ++ pam_syslog(pamh, LOG_ERR, ++ "The password hash \"%.6s\" is unknown to " ++ "libcrypt.", + hash); + } ++#else ++#ifndef HELPER_COMPILE ++ (void)pamh; ++#endif + #endif + #ifdef HAVE_CRYPT_R + struct crypt_data *cdata; +diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h +index 086c28ac..e9a88fbf 100644 +--- a/modules/pam_unix/passverify.h ++++ b/modules/pam_unix/passverify.h +@@ -12,9 +12,6 @@ + + #define OLD_PASSWORDS_FILE "/etc/security/opasswd" + +-int +-verify_pwd_hash(const char *p, char *hash, unsigned int nullok); +- + int + is_pwd_shadowed(const struct passwd *pwd); + +@@ -65,6 +62,9 @@ read_passwords(int fd, int npass, char **passwords); + #define PAMH_ARG(...) pamh, __VA_ARGS__ + #endif + ++PAMH_ARG_DECL(int verify_pwd_hash, ++ const char *p, char *hash, unsigned int nullok); ++ + PAMH_ARG_DECL(char * create_password_hash, + const char *password, unsigned long long ctrl, int rounds); + +diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c +index 6894288d..ea5594d2 100644 +--- a/modules/pam_unix/support.c ++++ b/modules/pam_unix/support.c +@@ -770,7 +770,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name + } + } + } else { +- retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl)); ++ retval = verify_pwd_hash(pamh, p, salt, off(UNIX__NONULL, ctrl)); + } + + if (retval == PAM_SUCCESS) { diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch new file mode 100644 index 000000000..8ae4abfd8 --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch @@ -0,0 +1,95 @@ +From 05aa693b7db6b818d31e41f0cab1d5fb4f49600e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org> +Date: Thu, 15 Nov 2018 15:58:56 +0100 +Subject: [PATCH] pam_unix: Prefer a gensalt function, that supports auto + entropy. + +* modules/pam_unix/pam_unix_passwd.c: Initialize rounds parameter to 0. +* modules/pam_unix/passverify.c: Prefer gensalt with auto entropy. +* modules/pam_unix/support.c: Fix sanitizing of rounds parameter. +--- + modules/pam_unix/pam_unix_passwd.c | 2 +- + modules/pam_unix/passverify.c | 13 +++++++++++++ + modules/pam_unix/support.c | 7 +++++-- + 3 files changed, 19 insertions(+), 3 deletions(-) + +Index: Linux-PAM-1.3.1/modules/pam_unix/pam_unix_passwd.c +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_unix/pam_unix_passwd.c ++++ Linux-PAM-1.3.1/modules/pam_unix/pam_unix_passwd.c +@@ -607,7 +607,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int + unsigned int ctrl, lctrl; + int retval; + int remember = -1; +- int rounds = -1; ++ int rounds = 0; + int pass_min_len = 0; + + /* <DO NOT free() THESE> */ +Index: Linux-PAM-1.3.1/modules/pam_unix/passverify.c +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_unix/passverify.c ++++ Linux-PAM-1.3.1/modules/pam_unix/passverify.c +@@ -375,7 +375,12 @@ PAMH_ARG_DECL(char * create_password_has + const char *password, unsigned int ctrl, int rounds) + { + const char *algoid; ++#if defined(CRYPT_GENSALT_OUTPUT_SIZE) && CRYPT_GENSALT_OUTPUT_SIZE > 64 ++ /* Strings returned by crypt_gensalt_rn will be no longer than this. */ ++ char salt[CRYPT_GENSALT_OUTPUT_SIZE]; ++#else + char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */ ++#endif + char *sp; + #ifdef HAVE_CRYPT_R + struct crypt_data *cdata = NULL; +@@ -406,6 +411,13 @@ PAMH_ARG_DECL(char * create_password_has + return crypted; + } + ++#if defined(CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY) && CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY ++ /* ++ * Any version of libcrypt supporting auto entropy is ++ * guaranteed to have crypt_gensalt_rn(). ++ */ ++ sp = crypt_gensalt_rn(algoid, rounds, NULL, 0, salt, sizeof(salt)); ++#else + #ifdef HAVE_CRYPT_GENSALT_R + if (on(UNIX_BLOWFISH_PASS, ctrl)) { + char entropy[17]; +@@ -423,6 +435,7 @@ PAMH_ARG_DECL(char * create_password_has + #ifdef HAVE_CRYPT_GENSALT_R + } + #endif ++#endif /* CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY */ + #ifdef HAVE_CRYPT_R + sp = NULL; + cdata = malloc(sizeof(*cdata)); +Index: Linux-PAM-1.3.1/modules/pam_unix/support.c +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_unix/support.c ++++ Linux-PAM-1.3.1/modules/pam_unix/support.c +@@ -175,6 +175,7 @@ int _set_ctrl(pam_handle_t *pamh, int fl + + if (val) { + *rounds = strtol(val, NULL, 10); ++ set(UNIX_ALGO_ROUNDS, ctrl); + free (val); + } + } +@@ -254,11 +255,13 @@ int _set_ctrl(pam_handle_t *pamh, int fl + if (*rounds < 4 || *rounds > 31) + *rounds = 5; + } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { +- if ((*rounds < 1000) || (*rounds == INT_MAX)) ++ if ((*rounds < 1000) || (*rounds == INT_MAX)) { + /* don't care about bogus values */ ++ *rounds = 0; + unset(UNIX_ALGO_ROUNDS, ctrl); +- if (*rounds >= 10000000) ++ } else if (*rounds >= 10000000) { + *rounds = 9999999; ++ } + } + } + diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch new file mode 100644 index 000000000..8755cf602 --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch @@ -0,0 +1,105 @@ +Index: Linux-PAM-1.3.1/modules/pam_unix/pam_unix.8.xml +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_unix/pam_unix.8.xml ++++ Linux-PAM-1.3.1/modules/pam_unix/pam_unix.8.xml +@@ -293,11 +293,10 @@ + <listitem> + <para> + When a user changes their password next, +- encrypt it with the SHA256 algorithm. If the +- SHA256 algorithm is not known to the <citerefentry> ++ encrypt it with the SHA256 algorithm. The ++ SHA256 algorithm must be supported by the <citerefentry> + <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry> function, +- fall back to MD5. ++ </citerefentry> function. + </para> + </listitem> + </varlistentry> +@@ -308,11 +307,10 @@ + <listitem> + <para> + When a user changes their password next, +- encrypt it with the SHA512 algorithm. If the +- SHA512 algorithm is not known to the <citerefentry> ++ encrypt it with the SHA512 algorithm. The ++ SHA512 algorithm must be supported by the <citerefentry> + <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry> function, +- fall back to MD5. ++ </citerefentry> function. + </para> + </listitem> + </varlistentry> +@@ -323,11 +321,10 @@ + <listitem> + <para> + When a user changes their password next, +- encrypt it with the blowfish algorithm. If the +- blowfish algorithm is not known to the <citerefentry> ++ encrypt it with the blowfish algorithm. The ++ blowfish algorithm must be supported by the <citerefentry> + <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry> function, +- fall back to MD5. ++ </citerefentry> function. + </para> + </listitem> + </varlistentry> +@@ -338,11 +335,10 @@ + <listitem> + <para> + When a user changes their password next, +- encrypt it with the gost-yescrypt algorithm. If the +- gost-yescrypt algorithm is not known to the <citerefentry> ++ encrypt it with the gost-yescrypt algorithm. The ++ gost-yescrypt algorithm must be supported by the <citerefentry> + <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry> function, +- fall back to MD5. ++ </citerefentry> function. + </para> + </listitem> + </varlistentry> +@@ -353,11 +349,10 @@ + <listitem> + <para> + When a user changes their password next, +- encrypt it with the yescrypt algorithm. If the +- yescrypt algorithm is not known to the <citerefentry> ++ encrypt it with the yescrypt algorithm. The ++ yescrypt algorithm must be supported by the <citerefentry> + <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry> function, +- fall back to MD5. ++ </citerefentry> function. + </para> + </listitem> + </varlistentry> +Index: Linux-PAM-1.3.1/modules/pam_unix/passverify.c +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_unix/passverify.c ++++ Linux-PAM-1.3.1/modules/pam_unix/passverify.c +@@ -466,10 +466,9 @@ PAMH_ARG_DECL(char * create_password_has + sp = crypt(password, salt); + #endif + if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) { +- /* libxcrypt/libc doesn't know the algorithm, use MD5 */ ++ /* libxcrypt/libc doesn't know the algorithm, error out */ + pam_syslog(pamh, LOG_ERR, +- "Algo %s not supported by the crypto backend, " +- "falling back to MD5\n", ++ "Algo %s not supported by the crypto backend.\n", + on(UNIX_YESCRYPT_PASS, ctrl) ? "yescrypt" : + on(UNIX_GOST_YESCRYPT_PASS, ctrl) ? "gost_yescrypt" : + on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : +@@ -481,7 +480,7 @@ PAMH_ARG_DECL(char * create_password_has + #ifdef HAVE_CRYPT_R + free(cdata); + #endif +- return crypt_md5_wrapper(password); ++ return NULL; + } + sp = x_strdup(sp); + #ifdef HAVE_CRYPT_R diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch new file mode 100644 index 000000000..14f285deb --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch @@ -0,0 +1,34 @@ +From a2b72aeb86f297d349bc9e6a8f059fedf97a499a Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" <ldv@altlinux.org> +Date: Thu, 31 May 2018 00:20:18 +0000 +Subject: [PATCH] pam_unix: remove obsolete _unix_read_password prototype + +The function was removed by commit Linux-PAM-1.3.0~5 +so the function prototype should go as well. + +* modules/pam_unix/support.h (_unix_read_password): Remove. + +Complements: 7e09188c5dc4 ("pam_unix: Use pam_get_authtok() instead of +direct pam_prompt() calls.") +--- + modules/pam_unix/support.h | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h +index b4c279c3..543e9b9f 100644 +--- a/modules/pam_unix/support.h ++++ b/modules/pam_unix/support.h +@@ -164,13 +164,6 @@ extern int _unix_blankpasswd(pam_handle_t *pamh,unsigned int ctrl, + const char *name); + extern int _unix_verify_password(pam_handle_t * pamh, const char *name + ,const char *p, unsigned int ctrl); +-extern int _unix_read_password(pam_handle_t * pamh +- ,unsigned int ctrl +- ,const char *comment +- ,const char *prompt1 +- ,const char *prompt2 +- ,const char *data_name +- ,const void **pass); + + extern int _unix_run_verify_binary(pam_handle_t *pamh, + unsigned int ctrl, const char *user, int *daysleft); diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-yescrypt.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-yescrypt.patch new file mode 100644 index 000000000..f04a59ce7 --- /dev/null +++ b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-yescrypt.patch @@ -0,0 +1,479 @@ +From 16bd523f85ede9fa9115f80e826f2d803d7e61d4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org> +Date: Thu, 15 Nov 2018 16:38:05 +0100 +Subject: [PATCH] pam_unix: Add support for (gost-)yescrypt hashing methods. + +libxcrypt (v4.2 and later) has added support for the yescrypt +hashing method; gost-yescrypt has been added in v4.3. + +* modules/pam_unix/pam_unix.8.xml: Documentation for (gost-)yescrypt. +* modules/pam_unix/pam_unix_acct.c: Use 64 bit type for control flags. +* modules/pam_unix/pam_unix_auth.c: Likewise. +* modules/pam_unix/pam_unix_passwd.c: Likewise. +* modules/pam_unix/pam_unix_sess.c: Likewise. +* modules/pam_unix/passverify.c: Add support for (gost-)yescrypt. +* modules/pam_unix/passverify.h: Use 64 bit type for control flags. +* modules/pam_unix/support.c: Set sane rounds for (gost-)yescrypt. +* modules/pam_unix/support.h: Add support for (gost-)yescrypt. +--- + modules/pam_unix/pam_unix.8.xml | 35 +++++++++- + modules/pam_unix/pam_unix_acct.c | 4 +- + modules/pam_unix/pam_unix_auth.c | 4 +- + modules/pam_unix/pam_unix_passwd.c | 12 ++-- + modules/pam_unix/pam_unix_sess.c | 4 +- + modules/pam_unix/passverify.c | 8 ++- + modules/pam_unix/passverify.h | 2 +- + modules/pam_unix/support.c | 33 ++++++---- + modules/pam_unix/support.h | 101 +++++++++++++++-------------- + 9 files changed, 128 insertions(+), 75 deletions(-) + +diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml +index 1b318f11..cae2aeaa 100644 +--- a/modules/pam_unix/pam_unix.8.xml ++++ b/modules/pam_unix/pam_unix.8.xml +@@ -331,14 +331,45 @@ + </para> + </listitem> + </varlistentry> ++ <varlistentry> ++ <term> ++ <option>gost_yescrypt</option> ++ </term> ++ <listitem> ++ <para> ++ When a user changes their password next, ++ encrypt it with the gost-yescrypt algorithm. If the ++ gost-yescrypt algorithm is not known to the <citerefentry> ++ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> ++ </citerefentry> function, ++ fall back to MD5. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>yescrypt</option> ++ </term> ++ <listitem> ++ <para> ++ When a user changes their password next, ++ encrypt it with the yescrypt algorithm. If the ++ yescrypt algorithm is not known to the <citerefentry> ++ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> ++ </citerefentry> function, ++ fall back to MD5. ++ </para> ++ </listitem> ++ </varlistentry> + <varlistentry> + <term> + <option>rounds=<replaceable>n</replaceable></option> + </term> + <listitem> + <para> +- Set the optional number of rounds of the SHA256, SHA512 +- and blowfish password hashing algorithms to ++ Set the optional number of rounds of the SHA256, SHA512, ++ blowfish, gost-yescrypt, and yescrypt password hashing ++ algorithms to + <replaceable>n</replaceable>. + </para> + </listitem> +diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c +index fbc84e2f..d8d084ac 100644 +--- a/modules/pam_unix/pam_unix_acct.c ++++ b/modules/pam_unix/pam_unix_acct.c +@@ -62,7 +62,7 @@ + #include "support.h" + #include "passverify.h" + +-int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, ++int _unix_run_verify_binary(pam_handle_t *pamh, unsigned long long ctrl, + const char *user, int *daysleft) + { + int retval=0, child, fds[2]; +@@ -185,7 +185,7 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, + int + pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) + { +- unsigned int ctrl; ++ unsigned long long ctrl; + const void *void_uname; + const char *uname; + int retval, daysleft; +diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c +index 9d9f709d..905fc66c 100644 +--- a/modules/pam_unix/pam_unix_auth.c ++++ b/modules/pam_unix/pam_unix_auth.c +@@ -96,7 +96,7 @@ setcred_free (pam_handle_t *pamh UNUSED, void *ptr, int err UNUSED) + int + pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) + { +- unsigned int ctrl; ++ unsigned long long ctrl; + int retval, *ret_data = NULL; + const char *name; + const char *p; +@@ -194,7 +194,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, + { + int retval; + const void *pretval = NULL; +- unsigned int ctrl; ++ unsigned long long ctrl; + + D(("called.")); + +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index f2c42513..df4c1233 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -138,7 +138,7 @@ __taddr2port (const struct netconfig *nconf, const struct netbuf *nbuf) + } + #endif + +-static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) ++static char *getNISserver(pam_handle_t *pamh, unsigned long long ctrl) + { + char *master; + char *domainname; +@@ -233,7 +233,7 @@ static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) + + #ifdef WITH_SELINUX + +-static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user, ++static int _unix_run_update_binary(pam_handle_t *pamh, unsigned long long ctrl, const char *user, + const char *fromwhat, const char *towhat, int remember) + { + int retval, child, fds[2]; +@@ -388,7 +388,7 @@ static int check_old_password(const char *forwho, const char *newpass) + + static int _do_setpass(pam_handle_t* pamh, const char *forwho, + const char *fromwhat, +- char *towhat, unsigned int ctrl, int remember) ++ char *towhat, unsigned long long ctrl, int remember) + { + struct passwd *pwd = NULL; + int retval = 0; +@@ -512,7 +512,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, + return retval; + } + +-static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned int ctrl) ++static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned long long ctrl) + { + struct passwd *pwent = NULL; /* Password and shadow password */ + struct spwd *spent = NULL; /* file entries for the user */ +@@ -542,7 +542,7 @@ static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned in + } + + static int _pam_unix_approve_pass(pam_handle_t * pamh +- ,unsigned int ctrl ++ ,unsigned long long ctrl + ,const char *pass_old + ,const char *pass_new, + int pass_min_len) +@@ -600,7 +600,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh + int + pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) + { +- unsigned int ctrl, lctrl; ++ unsigned long long ctrl, lctrl; + int retval; + int remember = -1; + int rounds = 0; +diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c +index 03e7dcd9..4b8af530 100644 +--- a/modules/pam_unix/pam_unix_sess.c ++++ b/modules/pam_unix/pam_unix_sess.c +@@ -67,7 +67,7 @@ int + pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) + { + char *user_name, *service; +- unsigned int ctrl; ++ unsigned long long ctrl; + int retval; + const char *login_name; + +@@ -103,7 +103,7 @@ int + pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) + { + char *user_name, *service; +- unsigned int ctrl; ++ unsigned long long ctrl; + int retval; + + D(("called.")); +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index 95dfe528..39e2bfac 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -387,7 +387,7 @@ crypt_md5_wrapper(const char *pass_new) + } + + PAMH_ARG_DECL(char * create_password_hash, +- const char *password, unsigned int ctrl, int rounds) ++ const char *password, unsigned long long ctrl, int rounds) + { + const char *algoid; + #if defined(CRYPT_GENSALT_OUTPUT_SIZE) && CRYPT_GENSALT_OUTPUT_SIZE > 64 +@@ -404,6 +404,10 @@ PAMH_ARG_DECL(char * create_password_hash, + if (on(UNIX_MD5_PASS, ctrl)) { + /* algoid = "$1" */ + return crypt_md5_wrapper(password); ++ } else if (on(UNIX_YESCRYPT_PASS, ctrl)) { ++ algoid = "$y$"; ++ } else if (on(UNIX_GOST_YESCRYPT_PASS, ctrl)) { ++ algoid = "$gy$"; + } else if (on(UNIX_BLOWFISH_PASS, ctrl)) { + algoid = "$2b$"; + } else if (on(UNIX_SHA256_PASS, ctrl)) { +@@ -466,6 +470,8 @@ PAMH_ARG_DECL(char * create_password_hash, + pam_syslog(pamh, LOG_ERR, + "Algo %s not supported by the crypto backend, " + "falling back to MD5\n", ++ on(UNIX_YESCRYPT_PASS, ctrl) ? "yescrypt" : ++ on(UNIX_GOST_YESCRYPT_PASS, ctrl) ? "gost_yescrypt" : + on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : + on(UNIX_SHA256_PASS, ctrl) ? "sha256" : + on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); +diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h +index caf7ae8a..086c28ac 100644 +--- a/modules/pam_unix/passverify.h ++++ b/modules/pam_unix/passverify.h +@@ -66,7 +66,7 @@ read_passwords(int fd, int npass, char **passwords); + #endif + + PAMH_ARG_DECL(char * create_password_hash, +- const char *password, unsigned int ctrl, int rounds); ++ const char *password, unsigned long long ctrl, int rounds); + + PAMH_ARG_DECL(int get_account_info, + const char *name, struct passwd **pwd, struct spwd **spwdent); +diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c +index 8cbc4217..6894288d 100644 +--- a/modules/pam_unix/support.c ++++ b/modules/pam_unix/support.c +@@ -107,7 +107,7 @@ search_key (const char *key, const char *filename) + + /* this is a front-end for module-application conversations */ + +-int _make_remark(pam_handle_t * pamh, unsigned int ctrl, ++int _make_remark(pam_handle_t * pamh, unsigned long long ctrl, + int type, const char *text) + { + int retval = PAM_SUCCESS; +@@ -122,10 +122,11 @@ int _make_remark(pam_handle_t * pamh, unsigned int ctrl, + * set the control flags for the UNIX module. + */ + +-int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, +- int *pass_min_len, int argc, const char **argv) ++unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember, ++ int *rounds, int *pass_min_len, int argc, ++ const char **argv) + { +- unsigned int ctrl; ++ unsigned long long ctrl; + char *val; + int j; + +@@ -243,15 +244,23 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, + set(UNIX__NONULL, ctrl); + } + +- /* Set default rounds for blowfish */ +- if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl) && rounds != NULL) { +- *rounds = 5; +- set(UNIX_ALGO_ROUNDS, ctrl); ++ /* Set default rounds for blowfish, gost-yescrypt and yescrypt */ ++ if (off(UNIX_ALGO_ROUNDS, ctrl) && rounds != NULL) { ++ if (on(UNIX_BLOWFISH_PASS, ctrl) || ++ on(UNIX_GOST_YESCRYPT_PASS, ctrl) || ++ on(UNIX_YESCRYPT_PASS, ctrl)) { ++ *rounds = 5; ++ set(UNIX_ALGO_ROUNDS, ctrl); ++ } + } + + /* Enforce sane "rounds" values */ + if (on(UNIX_ALGO_ROUNDS, ctrl)) { +- if (on(UNIX_BLOWFISH_PASS, ctrl)) { ++ if (on(UNIX_GOST_YESCRYPT_PASS, ctrl) || ++ on(UNIX_YESCRYPT_PASS, ctrl)) { ++ if (*rounds < 3 || *rounds > 11) ++ *rounds = 5; ++ } else if (on(UNIX_BLOWFISH_PASS, ctrl)) { + if (*rounds < 4 || *rounds > 31) + *rounds = 5; + } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { +@@ -532,7 +541,7 @@ int _unix_comesfromsource(pam_handle_t *pamh, + #include <sys/wait.h> + + static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, +- unsigned int ctrl, const char *user) ++ unsigned long long ctrl, const char *user) + { + int retval, child, fds[2]; + struct sigaction newsa, oldsa; +@@ -658,7 +667,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, + */ + + int +-_unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) ++_unix_blankpasswd (pam_handle_t *pamh, unsigned long long ctrl, const char *name) + { + struct passwd *pwd = NULL; + char *salt = NULL; +@@ -706,7 +715,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) + } + + int _unix_verify_password(pam_handle_t * pamh, const char *name +- ,const char *p, unsigned int ctrl) ++ ,const char *p, unsigned long long ctrl) + { + struct passwd *pwd = NULL; + char *salt = NULL; +diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h +index 543e9b9f..e02c05e0 100644 +--- a/modules/pam_unix/support.h ++++ b/modules/pam_unix/support.h +@@ -22,8 +22,8 @@ + + typedef struct { + const char *token; +- unsigned int mask; /* shall assume 32 bits of flags */ +- unsigned int flag; ++ unsigned long long mask; /* shall assume 64 bits of flags */ ++ unsigned long long flag; + unsigned int is_hash_algo; + } UNIX_Ctrls; + +@@ -48,7 +48,7 @@ typedef struct { + + /* the generic mask */ + +-#define _ALL_ON_ (~0U) ++#define _ALL_ON_ (~0ULL) + + /* end of macro definitions definitions for the control flags */ + +@@ -98,47 +98,51 @@ typedef struct { + #define UNIX_QUIET 28 /* Don't print informational messages */ + #define UNIX_NO_PASS_EXPIRY 29 /* Don't check for password expiration if not used for authentication */ + #define UNIX_DES 30 /* DES, default */ ++#define UNIX_GOST_YESCRYPT_PASS 31 /* new password hashes will use gost-yescrypt */ ++#define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */ + /* -------------- */ +-#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 33 /* number of ctrl arguments defined */ + +-#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) ++#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl)) + + static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = + { +-/* symbol token name ctrl mask ctrl * +- * ----------------------- ------------------- --------------------- -------- */ +- +-/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, +-/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, +-/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, +-/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, +-/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020, 0}, +-/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040, 0}, +-/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0}, +-/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0}, +-/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0}, +-/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, +-/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, +-/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, +-/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, +-/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000, 1}, +-/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0, 0}, +-/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, +-/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, +-/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, +-/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000, 1}, +-/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, +-/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, +-/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, +-/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, +-/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000, 1}, +-/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000, 1}, +-/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, +-/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, +-/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, +-/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, +-/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, +-/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, ++/* symbol token name ctrl mask ctrl * ++ * --------------------------- -------------------- ------------------------- ---------------- */ ++ ++/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, ++/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, ++/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, ++/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, ++/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060ULL), 020, 0}, ++/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060ULL), 040, 0}, ++/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0}, ++/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600ULL), 0200, 0}, ++/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600ULL), 0400, 0}, ++/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, ++/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, ++/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, ++/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, ++/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(015660420000ULL), 020000, 1}, ++/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000ULL), 0, 0}, ++/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, ++/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, ++/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, ++/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(015660420000ULL), 0400000, 1}, ++/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, ++/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, ++/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, ++/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, ++/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(015660420000ULL), 020000000, 1}, ++/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(015660420000ULL), 040000000, 1}, ++/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, ++/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(015660420000ULL), 0200000000, 1}, ++/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, ++/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, ++/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, ++/* UNIX_DES */ {"des", _ALL_ON_^(015660420000ULL), 0, 1}, ++/* UNIX_GOST_YESCRYPT_PASS */ {"gost_yescrypt", _ALL_ON_^(015660420000ULL), 04000000000, 1}, ++/* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(015660420000ULL), 010000000000, 1}, + }; + + #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) +@@ -151,20 +155,23 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = + _pam_drop(xx); \ + } + +-extern int _make_remark(pam_handle_t * pamh, unsigned int ctrl +- ,int type, const char *text); +-extern int _set_ctrl(pam_handle_t * pamh, int flags, int *remember, int *rounds, +- int *pass_min_len, int argc, const char **argv); ++extern int _make_remark(pam_handle_t * pamh, unsigned long long ctrl, ++ int type, const char *text); ++extern unsigned long long _set_ctrl(pam_handle_t * pamh, int flags, ++ int *remember, int *rounds, ++ int *pass_min_len, ++ int argc, const char **argv); + extern int _unix_getpwnam (pam_handle_t *pamh, + const char *name, int files, int nis, + struct passwd **ret); + extern int _unix_comesfromsource (pam_handle_t *pamh, + const char *name, int files, int nis); +-extern int _unix_blankpasswd(pam_handle_t *pamh,unsigned int ctrl, ++extern int _unix_blankpasswd(pam_handle_t *pamh, unsigned long long ctrl, + const char *name); +-extern int _unix_verify_password(pam_handle_t * pamh, const char *name +- ,const char *p, unsigned int ctrl); ++extern int _unix_verify_password(pam_handle_t * pamh, const char *name, ++ const char *p, unsigned long long ctrl); + + extern int _unix_run_verify_binary(pam_handle_t *pamh, +- unsigned int ctrl, const char *user, int *daysleft); ++ unsigned long long ctrl, ++ const char *user, int *daysleft); + #endif /* _PAM_UNIX_SUPPORT_H */ diff --git a/testing/source/PAM/a/pam/pam.SlackBuild b/testing/source/PAM/a/pam/pam.SlackBuild new file mode 100755 index 000000000..ccd19e304 --- /dev/null +++ b/testing/source/PAM/a/pam/pam.SlackBuild @@ -0,0 +1,232 @@ +#!/bin/sh + +# Copyright 2010 Vincent Batts, vbatts@hashbangbash.com +# Copyright 2010, 2011 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +SRCNAM=Linux-PAM +PKGNAM=pam +PAMRHVER=${PAMRHVER:-$(echo pam-redhat-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf $SRCNAM-$VERSION +tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1 +cd $SRCNAM-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +# Better take the Red Hat added modules and patches, because that's very +# likely to be the most standard as far as PAM goes: +tar xvf $CWD/pam-redhat-$PAMRHVER.tar.?z || exit 1 +for file in CHANGELOG COPYING README ; do + mv pam-redhat-$PAMRHVER/${file}* ./${file}.pam-redhat +done +mv pam-redhat-$PAMRHVER/* modules +zcat $CWD/fedora-patches/pam-1.3.1-redhat-modules.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-noflex.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.1.3-nouserenv.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.1.6-limits-user.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.1.8-full-relro.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.0-pwhistory-helper.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.1.8-audit-user-mgmt.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.0-unix-nomsg.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-coverity.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-yescrypt.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-no-fallback.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-motd-multiple-paths.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch.gz | patch -p1 --verbose || exit 1 + +# pam_tally2 removed in recent redhat-modules.patch, but we'll keep it +# for now since system-auth in the shadow package uses it. Perhaps see if +# pam_faillock can replace the usage there? +zcat $CWD/patches/pam.pam_tally2.slackware.diff.gz | patch -p1 --verbose || exit 1 + +# Upstream git patch to prevent pam_tally2 from doing an fsync() +# with every failed login. This can cause system slowdowns, especially +# on Internet-connected machines that may endure endless dictionary +# attacks. +zcat $CWD/patches/pam.pam_tally2.no.fsync.patch.gz | patch -p1 --verbose || exit 1 + +# Improve the comments in /etc/environment: +zcat $CWD/patches/pam.etc.environment.better.comments.diff.gz | patch -p1 --verbose || exit 1 + +autoreconf -ivf || exit 1 + +# Using --enable-securedir=/lib/security/ because some downstream software +# (last I checked) assumes this, so /lib64/security/ was a problem... +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/ \ + --libdir=/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --includedir=/usr/include/security \ + --enable-securedir=/lib/security \ + --datarootdir=/usr/share \ + --localstatedir=/var \ + --mandir=/usr/man \ + --docdir=/usr/doc/$PKGNAM-$VERSION \ + --disable-regenerate-docu \ + --disable-audit \ + --disable-prelude \ + --disable-rpath \ + --disable-selinux \ + --disable-static \ + --build=$ARCH-slackware-linux || exit 1 + +# Make these man pages or the build falls over later +xmlto man modules/pam_faillock/faillock.8.xml -o modules/pam_faillock/ +xmlto man modules/pam_faillock/pam_faillock.8.xml -o modules/pam_faillock/ +xmlto man modules/pam_pwhistory/pwhistory_helper.8.xml -o modules/pam_pwhistory/ + +make -C po update-gmo +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + +# The ones in /lib/security can also go: +rm -f $PKG/lib/security/*.la + +# Add extra symlinks added by pam.spec: +( cd $PKG/lib/security + for type in acct auth passwd session ; do + ln -sf pam_unix.so pam_unix_${type}.so + done +) + +# This is a pam helper that can only be called from pam +chown root:root $PKG/sbin/unix_chkpwd +chmod 6755 $PKG/sbin/unix_chkpwd + +# This package can own the /etc/pam.d/ directory +mkdir -p $PKG/etc/pam.d + +# Strip binaries: +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null +) + +# Don't clobber config files: +find $PKG/etc -type f -exec mv {} {}.new \; + +# Compress and if needed symlink the man pages: +if [ -d $PKG/usr/man ]; then + ( cd $PKG/usr/man + for manpagedir in $(find . -type d -name "man*") ; do + ( cd $manpagedir + for eachpage in $( find . -type l -maxdepth 1) ; do + ln -s $( readlink $eachpage ).gz $eachpage.gz + rm $eachpage + done + gzip -9 *.? + ) + done + ) +fi + +mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION +cp -a \ + AUTHORS COPYING* Copyright NEWS README* \ + $PKG/usr/doc/$PKGNAM-$VERSION + +# If there's a ChangeLog, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog +fi +if [ -r CHANGELOG ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) + cat CHANGELOG | head -n 1000 > $DOCSDIR/CHANGELOG + touch -r CHANGELOG $DOCSDIR/CHANGELOG +fi +rm -f $PKG/usr/doc/$PKGNAM-$VERSION/index.html + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh + +# Append config statements to the install/doinst.sh: +( cd $PKG + for i in $(find etc -type f -name "*.new") ; do + echo "config $i" >> $PKG/install/doinst.sh ; + done +) + +cd $PKG +/sbin/makepkg -p -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz diff --git a/testing/source/PAM/a/pam/pam.url b/testing/source/PAM/a/pam/pam.url new file mode 100644 index 000000000..07dfcb99b --- /dev/null +++ b/testing/source/PAM/a/pam/pam.url @@ -0,0 +1,2 @@ +#http://www.linux-pam.org/library/Linux-PAM-1.3.1.tar.bz2 +https://github.com/linux-pam/linux-pam/releases diff --git a/testing/source/PAM/a/pam/patches/pam.etc.environment.better.comments.diff b/testing/source/PAM/a/pam/patches/pam.etc.environment.better.comments.diff new file mode 100644 index 000000000..6899e4c14 --- /dev/null +++ b/testing/source/PAM/a/pam/patches/pam.etc.environment.better.comments.diff @@ -0,0 +1,15 @@ +--- ./modules/pam_env/environment.orig 2017-02-10 04:10:15.000000000 -0600 ++++ ./modules/pam_env/environment 2020-01-02 14:40:48.793005303 -0600 +@@ -1,5 +1,10 @@ +-# +-# This file is parsed by pam_env module ++# /etc/environment ++# This file is parsed by pam_env module. ++# This file may contain environment variable settings that should be used ++# system-wide. Please note that it is not a script file and should only ++# contain assignment expressions, one per line. ++# The environment variables in this file will be loaded before those in other ++# files such as: /etc/profile, /etc/profile.d/*, ~/.profile, etc. + # + # Syntax: simple "KEY=VAL" pairs on separate lines + # diff --git a/testing/source/PAM/a/pam/patches/pam.pam_tally2.no.fsync.patch b/testing/source/PAM/a/pam/patches/pam.pam_tally2.no.fsync.patch new file mode 100644 index 000000000..15b40115d --- /dev/null +++ b/testing/source/PAM/a/pam/patches/pam.pam_tally2.no.fsync.patch @@ -0,0 +1,35 @@ +From b136bff25e93be6f11de74aca03569022364b973 Mon Sep 17 00:00:00 2001 +From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name> +Date: Mon, 25 Feb 2019 20:50:48 +0100 +Subject: [PATCH] pam_tally2: Remove unnecessary fsync() + +pam_tally2 does fsync() after writing to a tally file. +This causes hard drive cache flushes on every failed SSH login on many +(if not most) filesystems. +And an internet-exposed machine can have a lot of these failed logins. + +This operation however doesn't seem to be necessary - the pam_tally2 +module does not do any operation which would need explicit post-crash +ordering, it just does simple file reads and writes. +And doing a fsync() after them doesn't close any race if the system happens +to crash between a write being posted and its fsync() completion. + +Let's remove this operation to get rid of all these extra cache flushes. +--- + modules/pam_tally2/pam_tally2.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c +index 984edf6a..ce7f5aee 100644 +--- a/modules/pam_tally2/pam_tally2.c ++++ b/modules/pam_tally2/pam_tally2.c +@@ -484,10 +484,6 @@ set_tally(pam_handle_t *pamh, uid_t uid, + } + } + +- if (fsync(*tfile)) { +- pam_syslog(pamh, LOG_ALERT, "update (fsync) failed for %s: %m", filename); +- return PAM_AUTH_ERR; +- } + return PAM_SUCCESS; + } diff --git a/testing/source/PAM/a/pam/patches/pam.pam_tally2.slackware.diff b/testing/source/PAM/a/pam/patches/pam.pam_tally2.slackware.diff new file mode 100644 index 000000000..8ab853210 --- /dev/null +++ b/testing/source/PAM/a/pam/patches/pam.pam_tally2.slackware.diff @@ -0,0 +1,11 @@ +--- ./modules/Makefile.am.orig 2019-07-16 13:18:28.619322386 -0500 ++++ ./modules/Makefile.am 2019-07-16 13:45:49.260371056 -0500 +@@ -10,7 +10,7 @@ + pam_mkhomedir pam_motd pam_namespace pam_nologin \ + pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \ + pam_selinux pam_sepermit pam_shells pam_stress \ +- pam_succeed_if pam_time pam_timestamp \ ++ pam_succeed_if pam_tally2 pam_time pam_timestamp \ + pam_tty_audit pam_umask \ + pam_unix pam_userdb pam_warn pam_wheel pam_xauth + diff --git a/testing/source/PAM/a/pam/slack-desc b/testing/source/PAM/a/pam/slack-desc new file mode 100644 index 000000000..7c0bcbbd9 --- /dev/null +++ b/testing/source/PAM/a/pam/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +pam: pam (Pluggable Authentication Modules) +pam: +pam: PAM = Pluggable Authentication Modules. Basically, it is a flexible +pam: mechanism for authenticating users. PAM provides a way to develop +pam: programs that are independent of authentication scheme. However, +pam: these programs will need "authentication modules" (and libpam) at +pam: run-time in order to work. +pam: +pam: Homepage: http://www.linux-pam.org/ +pam: +pam: diff --git a/testing/source/PAM/build-all-pam-packages.sh b/testing/source/PAM/build-all-pam-packages.sh new file mode 100755 index 000000000..3f8846113 --- /dev/null +++ b/testing/source/PAM/build-all-pam-packages.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +cd $(dirname $0) ; CWD=$(pwd) + +rm -rf /tmp/pam-packages +TMP=/tmp/pam-packages +export TMP +mkdir -p $TMP + +BUILDLIST=$CWD/buildlist ./make_world.sh + +# Give everything a _pam build suffix while it remains in /testing: +( cd $TMP + for package in *.txz ; do + mv $package $(basename $package .txz)_pam.txz + done +) diff --git a/testing/source/PAM/buildlist b/testing/source/PAM/buildlist new file mode 100644 index 000000000..b05fcbf66 --- /dev/null +++ b/testing/source/PAM/buildlist @@ -0,0 +1,33 @@ +a/cracklib/cracklib.SlackBuild +a/pam/pam.SlackBuild +a/libpwquality/libpwquality.SlackBuild +source/a/shadow/shadow.SlackBuild +source/a/util-linux/util-linux.SlackBuild +source/a/libcgroup/libcgroup.SlackBuild +source/ap/cups/cups.SlackBuild +source/ap/hplip/hplip.SlackBuild +source/ap/screen/screen.SlackBuild +source/ap/sudo/sudo.SlackBuild +source/l/ConsoleKit2/ConsoleKit2.SlackBuild +source/l/gnome-keyring/gnome-keyring.SlackBuild +source/l/polkit/polkit.SlackBuild +source/l/system-config-printer/system-config-printer.SlackBuild +source/n/dovecot/dovecot.SlackBuild +source/n/netatalk/netatalk.SlackBuild +source/n/openssh/openssh.SlackBuild +source/n/openvpn/openvpn.SlackBuild +source/n/popa3d/popa3d.SlackBuild +source/n/ppp/ppp.SlackBuild +source/n/proftpd/proftpd.SlackBuild +source/n/samba/samba.SlackBuild +source/n/vsftpd/vsftpd.SlackBuild +source/x/x11/x11.SlackBuild app xdm +source/l/libcap/libcap.SlackBuild +source/n/cyrus-sasl/cyrus-sasl.SlackBuild +source/n/cifs-utils/cifs-utils.SlackBuild +source/n/netkit-rsh/netkit-rsh.SlackBuild +source/ap/at/at.SlackBuild +source/ap/mariadb/mariadb.SlackBuild +source/xap/xlockmore/xlockmore.SlackBuild +source/xap/xscreensaver/xscreensaver.SlackBuild +source/kde/kde.SlackBuild kdebase:kde-workspace diff --git a/testing/source/PAM/make_world.sh b/testing/source/PAM/make_world.sh new file mode 100755 index 000000000..a269e96f0 --- /dev/null +++ b/testing/source/PAM/make_world.sh @@ -0,0 +1,302 @@ +#!/bin/bash +# Copyright 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# make_world for Slackware: rebuilds all the SlackBuild scripts that are +# listed in the given build list. +# Each line needs to look like (for example, and without beginning with "# "): +# a/grep/grep.SlackBuild +# For x11/KDE packages, you may specify a specific package to be built using +# the arguments understood by the SlackBuild. For example: +# kde/kde.SlackBuild kdelibs:kdelibs +# Any line beginning with "#" will be skipped. + +# WARNING: This script has the potential to mess up your system. +# It is not recommended to run this on a production machine. +# This script is meant to be used on a fully installed and updated system. +# Using it on a partially installed system may result in broken packages, +# packages with missing features, or build failures. If there are circular +# dependencies, more than one build may be needed to get a correct package. +# +# Slackware is not Gentoo. +# For Amusement Purposes Only. + +# Not all SlackBuilds are compatible with this script. In order for a build +# script to work, it needs these features: +# 1) cd into the script directory when run i.e.: cd $(dirname $0) ; CWD=$(pwd) +# 2) Handle $TMP properly (less of an issue if you don't change $TMP) +# 3) Support output package name reporting with PRINT_PACKAGE_NAME=yes + +cd $(dirname $0) ; CWD=$(pwd) +# Some SlackBuilds do not work (yet) with a different $TMP setting. +TMP=${TMP:-/tmp} +export TMP +# Where the SlackBuild script puts the built package (i.e., $TMP). +OUTPUT_LOCATION=${OUTPUT_LOCATION:-$TMP} +# Used for logs and lock files. +LOGDIR=$TMP/make_world +# Lockfiles. You might need to purge these before restarting a build. +mkdir -p $LOGDIR/lock + +# Set a custom Slackware source directory. By default we assume we are already +# in the source directory. +SLACKWARE_SOURCE_DIRECTORY=${SLACKWARE_SOURCE_DIRECTORY:-} +if [ ! -z "$SLACKWARE_SOURCE_DIRECTORY" ]; then + # Make sure this ends in '/': + if [ ! "$(echo $SLACKWARE_SOURCE_DIRECTORY | rev | cut -b 1)" = "/" ]; then + SLACKWARE_SOURCE_DIRECTORY="${SLACKWARE_SOURCE_DIRECTORY}/" + fi +fi + +# To wipe build directories and package creation directories after each +# package is built, set this to anything other than "no". You might need +# to use this if you're short on build space. NOTE: if you use this +# feature, you can NOT run more than one copy of this script at the same +# time! It will wipe build trees for other packages before they can finish. +# Otherwise, file locking is used and you may run as many parallel copies +# of this script as you think will help to speed things along. +WIPE_AFTER_BUILD=${WIPE_AFTER_BUILD:-no} + +# Be kind, don't hit control-c! If you do, you might leave broken packages, +# logfiles, and locks in $TMP that will cause problems for you later. If you're +# not in a huge hurry to quit, create this file (replace with $TMP if needed): +# /tmp/make_world/lock/abort +# This will cause all instances of make_world.sh to exit when they complete the +# task they are working on. +rm -f $LOGDIR/lock/abort + +BUILDLIST=${BUILDLIST:-$LOGDIR/buildlist} +if [ ! -r $BUILDLIST -a ! -r ${BUILDLIST}.lock ]; then + # The buildlist does not exist, so attempt to create one that builds + # everything except for the kernels (the kernel scripts are not compatible + # with make_world.sh, mostly because of the need to reboot the new kernel). + touch ${BUILDLIST} ${BUILDLIST}.lock + echo "Generating list of packages to build in ${BUILDLIST}..." + for script in ${SLACKWARE_SOURCE_DIRECTORY}*/*/*.SlackBuild ; do + # Only add the script if the SlackBuild name matches the directory name: + if [ "$(basename $(echo $script | cut -f 1 -d ' ') .SlackBuild)" = "$(echo $(dirname $(echo $script | cut -f 1 -d ' ')) | rev | cut -f 1 -d / | rev)" ]; then + if [ "$uname -m)" = "x86_64" -a "$(basename $(echo $script | cut -f 1 -d ' '))" = "isapnptools.SlackBuild" ]; then + # Don't try to build isapnptools on x86_64. + continue + fi + echo $script >> $BUILDLIST + fi + done + if [ -r ${SLACKWARE_SOURCE_DIRECTORY}kde/kde.SlackBuild ]; then + echo "${SLACKWARE_SOURCE_DIRECTORY}kde/kde.SlackBuild" >> $BUILDLIST + fi + rm -f ${BUILDLIST}.lock + # Set GEN_LIST_ONLY=yes if you'd like to exit after generating a build list. + # You might want to do this to comment some build scripts out first, or if + # you'd like to sort it into a "magic build order". ;-) This script is pretty + # good at just brute-forcing things, though (with a few runs). + if [ "$GEN_LIST_ONLY" = "yes" ]; then + echo "Generated ${BUILDLIST}. Exiting." + exit 0 + fi +fi +if [ -r ${BUILDLIST}.lock ]; then + echo -n "Waiting for ${BUILDLIST}.lock to be removed..." + while [ 0 ]; do + if [ ! -r ${BUILDLIST}.lock ]; then + break + fi + sleep 5 + done + echo " done." +fi +echo "Using buildlist $BUILDLIST." + +# To use shuffle mode (build packages in a random order each time through), +# pass SHUFFLE=yes (or anything other than "no") to this script. +SHUFFLE=${SHUFFLE:-no} +if [ "$SHUFFLE" = "no" ]; then + SHUF=cat +else + SHUF=shuf +fi + +# To keep repeating the build list, set $REPEAT to anything other than "no": +REPEAT=${REPEAT:-no} + +# To always rebuild a SlackBuild even if already built packages are found, set +# FORCE_BUILD=yes: +FORCE_BUILD=${FORCE_BUILD:-no} + +# Function to do the build: +do_build() { + if [ "$HAVE_GLOBAL_LOCK" = "true" ]; then + # Wait for other builds to complete + echo -n "have global lock, waiting for other builds to complete... " + while [ 0 ]; do + sleep 5 + if ! /bin/ls $LOGDIR/lock/*.lock 1> /dev/null 2> /dev/null ; then + echo -n "done, continuing... " + break + fi + done + fi + # If we're trying again, we don't want to leave a failure log in the logs + # directory. But save it just in case... + if [ -r $LOGDIR/$(basename $(echo $buildscript | cut -f 1 -d ' ')).log.failed ]; then + mkdir -p $LOGDIR/faillog-backups + mv $LOGDIR/$(basename $(echo $buildscript | cut -f 1 -d ' ')).log.failed $LOGDIR/faillog-backups + fi + $buildscript &> $LOGDIR/$(basename $(echo $buildscript | cut -f 1 -d ' ')).log + if [ ! $? = 0 ]; then + # Exit code from SlackBuild indicated an error: + echo "$(PRINT_PACKAGE_NAME=foo $buildscript | head -n 1) failed to build." + mv $LOGDIR/$(basename $(echo $buildscript | cut -f 1 -d ' ')).log $LOGDIR/$(basename $(echo $buildscript | cut -f 1 -d ' ')).log.failed + elif [ ! -r $OUTPUT_LOCATION/$(PRINT_PACKAGE_NAME=foo $buildscript | head -n 1) ]; then + # No error code returned from SlackBuild, but the package(s) were not found. + # Possibly the SlackBuild doesn't honor $TMP, and a non-/tmp $TMP variable was set? + echo "$(PRINT_PACKAGE_NAME=foo $buildscript | head -n 1) failed to build." + mv $LOGDIR/$(basename $(echo $buildscript | cut -f 1 -d ' ')).log $LOGDIR/$(basename $(echo $buildscript | cut -f 1 -d ' ')).log.failed + else + # Figure out a progress report to include with the successful build message: + cat $BUILDLIST | grep -v "^$" | grep -v "^#" | sort | uniq | cut -f 1 -d ' ' | rev | cut -f 1 -d / | rev > $LOGDIR/tmp-pkgs-to-build.$$ + # OK, we don't know if every *.log is actually finished if we're running + # more than one make_world.sh, but whatever. It's an estimate. + /bin/ls $LOGDIR/*.log | rev | cut -f 2,3 -d . | cut -f 1 -d / | rev > $LOGDIR/tmp-pkgs-built-or-building.$$ + NUMTOTAL="$(cat $LOGDIR/tmp-pkgs-to-build.$$ | wc -l)" + NUMBUILT="$(grep -x -f $LOGDIR/tmp-pkgs-built-or-building.$$ $LOGDIR/tmp-pkgs-to-build.$$ | wc -l)" + rm -f $LOGDIR/tmp-pkgs-to-build.$$ $LOGDIR/tmp-pkgs-built-or-building.$$ + echo "$(PRINT_PACKAGE_NAME=foo $buildscript | head -n 1) built successfully ($NUMBUILT/$NUMTOTAL)." + for package in $(PRINT_PACKAGE_NAME=foo $buildscript) ; do + upgradepkg --install-new --reinstall $OUTPUT_LOCATION/$package > /dev/null 2>&1 + done + # The post-build cleanup is pretty sloppy. It will not clean up all of + # the build-related residue, and it may possibly delete some things that + # this script did not put there. It's also not compatible with running + # more than one copy of make_world.sh simultaneously. + # Think more than twice before using this. + if [ ! "$WIPE_AFTER_BUILD" = "no" ]; then + ( cd $TMP + rm -f configure CMakeLists.txt + for findconfigure in */configure ; do + rm -rf "$(dirname $findconfigure)" + done + for findautogen in */autogen.sh ; do + rm -rf "$(dirname $findautogen)" + done + for findcmake in */CMakeLists.txt ; do + rm -rf "$(dirname $findcmake)" + done + for findmake in */Makefile ; do + rm -rf "$(dirname $findmake)" + done + for findmeson in */meson.build ; do + rm -rf "$(dirname $findmeson)" + done + for findpython in */setup.py ; do + rm -rf "$(dirname $findpython)" + done + rm -rf package-* + ) + fi + fi +} + +# Main loop: +while [ 0 ]; do + # Skip any blank lines or lines in the buildlist that begin with #: + cat $BUILDLIST | grep -v "^$" | grep -v "^#" | $SHUF | while read buildscript ; do + if [ -r $LOGDIR/lock/abort ]; then + echo "Exiting (abort requested)." + exit 0 + fi + # If there's a global lock, we have to wait for it to be released: + if [ -r $LOGDIR/lock/lock.global ]; then + HELD_BY="$(cat $LOGDIR/lock/lock.global)" + echo -n "Waiting for global lock release (held by ${HELD_BY})... " + while [ 0 ]; do + sleep 10 + if [ ! -r $LOGDIR/lock/lock.global ]; then + echo "released." + break + fi + if [ ! "${HELD_BY}" = "$(cat $LOGDIR/lock/lock.global)" ]; then + HELD_BY="$(cat $LOGDIR/lock/lock.global)" + echo + echo -n "Waiting for global lock release (held by ${HELD_BY})... " + fi + done + fi + echo -n "Working on $buildscript... " + if [ -r $OUTPUT_LOCATION/$(PRINT_PACKAGE_NAME=foo $buildscript | head -n 1) -a $FORCE_BUILD = no ]; then + echo "skipping because built package(s) were found." + continue + fi + # Use flock to only allow one instance of this script to work on a given + # SlackBuild script at a time. If the SlackBuild is already locked, we'll + # just move on to the next one. Yes, you can run more than one copy of this + # script at the same time to speed things up! + # + # See if we need a global lock. Some SlackBuilds are disruptive and other + # builds should not take place until they have completed. For example, perl + # removes itself from the system during the build. Assume that we need a + # global lock for any package that uses removepkg, upgradepkg, slacktrack, + # or trackbuild. Also, you may add the identifier REQUIRE_GLOBAL_LOCK + # anywhere in a SlackBuild script to make it require the global lock. + HAVE_GLOBAL_LOCK=false + if grep -q -e removepkg -e upgradepkg -e slacktrack -e trackbuild -e REQUIRE_GLOBAL_LOCK $(dirname $(echo $buildscript | cut -f 1 -d ' '))/$(basename $(echo $buildscript | cut -f 1 -d ' ')) ; then + # pkgtools, x11, and KDE all trigger the detection above, but none of them + # really need the global lock. So only request the lock if the build + # script is not one of those. + if ! echo "$(basename $(echo $buildscript | cut -f 1 -d ' '))" | grep -q -x -e pkgtools.SlackBuild -e x11.SlackBuild -e kde.SlackBuild ; then + HAVE_GLOBAL_LOCK=true + fi + fi + if [ "$HAVE_GLOBAL_LOCK" = "true" ]; then + ( flock 9 || exit 11 + echo $(basename $(echo $buildscript | cut -f 1 -d ' ')) >> $LOGDIR/lock/lock.global + do_build + ) 9> $LOGDIR/lock/lock.global + # Remove lock file: + rm -f $LOGDIR/lock/lock.global + else + ( flock -n 9 || exit 11 + do_build + ) 9> $LOGDIR/lock/$(basename $(echo $buildscript | cut -f 1 -d ' ')).lock + if [ $? = 11 ]; then + echo "skipping (locked by another make_world.sh instance)." + continue + fi + # Remove lock file: + rm -f $LOGDIR/lock/$(basename $(echo $buildscript | cut -f 1 -d ' ')).lock + fi + done + if [ "$REPEAT" = "no" ]; then + break + else + # Figure out if we skipped everything and exit REPEAT mode if we did: + cat $BUILDLIST | grep -v "^$" | grep -v "^#" | sort | uniq | cut -f 1 -d ' ' | rev | cut -f 1 -d / | rev > $LOGDIR/tmp-pkgs-to-build.$$ + /bin/ls $LOGDIR/*.log | rev | cut -f 2,3 -d . | cut -f 1 -d / | rev > $LOGDIR/tmp-pkgs-built-or-building.$$ + NUMTOTAL="$(cat $LOGDIR/tmp-pkgs-to-build.$$ | wc -l)" + NUMBUILT="$(grep -x -f $LOGDIR/tmp-pkgs-built-or-building.$$ $LOGDIR/tmp-pkgs-to-build.$$ | wc -l)" + rm -f $LOGDIR/tmp-pkgs-to-build.$$ $LOGDIR/tmp-pkgs-built-or-building.$$ + if [ "$NUMTOTAL" = "$NUMBUILT" ]; then + echo "All packages have been built ($NUMBUILT/$NUMTOTAL). Exiting." + break + else + echo "Repeating BUILDLIST since some packages are not built yet ($NUMBUILT/$NUMTOTAL complete)." + fi + fi +done diff --git a/testing/source/PAM/source b/testing/source/PAM/source new file mode 120000 index 000000000..03cc5a68e --- /dev/null +++ b/testing/source/PAM/source @@ -0,0 +1 @@ +../../../source
\ No newline at end of file diff --git a/testing/source/binutils/binutils.SlackBuild b/testing/source/binutils/binutils.SlackBuild deleted file mode 100755 index d50e5cb07..000000000 --- a/testing/source/binutils/binutils.SlackBuild +++ /dev/null @@ -1,247 +0,0 @@ -#!/bin/bash - -# Copyright 2005-2018 Patrick J. Volkerding, Sebeka, Minnesota, USA -# All rights reserved. -# -# Redistribution and use of this script, with or without modification, is -# permitted provided that the following conditions are met: -# -# 1. Redistributions of this script must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO -# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -# Modified 2011 by Eric Hameleers <alien at slackware.com> for ARM port. - -cd $(dirname $0) ; CWD=$(pwd) - -PKGNAM=binutils -VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} - -# Automatically determine the architecture we're building on: -MARCH=$( uname -m ) -if [ -z "$ARCH" ]; then - case "$MARCH" in - i?86) export ARCH=i586 ;; - armv7hl) export ARCH=$MARCH ;; - arm*) export ARCH=arm ;; - # Unless $ARCH is already set, use uname -m for all other archs: - *) export ARCH=$MARCH ;; - esac -fi - -# If the variable PRINT_PACKAGE_NAME is set, then this script will report what -# the name of the created package would be, and then exit. This information -# could be useful to other scripts. -if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then - echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" - exit 0 -fi - -NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} - -# Set to ld.gold or ld.bfd: -DEFAULT_LD=ld.bfd - -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - # The config option below is currently needed to compile on x86: - WERROR="--enable-werror=no" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686 -mtune=i686" - # The config option below is currently needed to compile on x86: - WERROR="--enable-werror=no" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" - LIBDIRSUFFIX="64" -elif [ "$ARCH" = "armv7hl" ]; then - SLKCFLAGS="-O2 -march=armv7-a -mfpu=vfpv3-d16" - LIBDIRSUFFIX="" -else - SLKCFLAGS="-O2" - LIBDIRSUFFIX="" -fi - -case "$ARCH" in - arm*) TARGET=$ARCH-slackware-linux-gnueabi ;; - *) TARGET=$ARCH-slackware-linux ;; -esac - -TMP=${TMP:-/tmp} -PKG=$TMP/package-binutils - -rm -rf $PKG -mkdir -p $TMP $PKG - -cd $TMP -rm -rf binutils-$VERSION -tar xvf $CWD/binutils-$VERSION.tar.?z || exit 1 -cd binutils-$VERSION || exit 1 - -# Various upstream patches: -zcat $CWD/patches/binutils-2.20.51.0.2-libtool-lib64.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/patches/binutils-2.25-version.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/patches/binutils-2.25-set-long-long.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/patches/binutils-2.20.51.0.10-copy-osabi.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/patches/binutils-2.20.51.0.10-sec-merge-emit.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/patches/binutils-2.24-ldforcele.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/patches/binutils-2.25.1-cleansweep.patch.gz | patch -p2 --verbose || exit 1 - -# Export the demangle.h header file: -zcat $CWD/patches/binutils.export.demangle.h.diff.gz | patch -p1 --verbose || exit 1 -# Don't check to see if "config.h" was included in the installed headers: -zcat $CWD/patches/binutils.no-config-h-check.diff.gz | patch -p1 --verbose || exit 1 - -# Set %version to something halfway meaningful: -sed -i -e 's/%''{release}/slack15/g' bfd/Makefile{.am,.in} - -chown -R root:root . -find . \ - \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ - -exec chmod 755 {} \+ -o \ - \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ - -exec chmod 644 {} \+ - -# End of preparations -if echo "$*" | grep -qw -- --prep ; then - exit 0 -fi - -# Build for an x86 glibc2-based Linux system: -CFLAGS="$SLKCFLAGS" \ -./configure \ - --prefix=/usr \ - --libdir=/usr/lib${LIBDIRSUFFIX} \ - --mandir=/usr/man \ - --infodir=/usr/info \ - --with-docdir=/usr/doc/binutils-$VERSION \ - --disable-compressed-debug-sections \ - --enable-shared \ - --enable-multilib \ - --enable-64-bit-bfd \ - --enable-plugins \ - --enable-threads \ - --enable-targets=i386-efi-pe,${TARGET} \ - --enable-install-libiberty \ - --enable-gold=yes \ - --enable-ld=default \ - --enable-initfini-array \ - $WERROR \ - --build=$TARGET \ - || exit 1 - -# Use "tooldir=/usr" to avoid internal references to the /usr/${TARGET}/ -# directory. While binutils won't actually use that directory after this, -# we'll still create it since some people have made local use of it. -# Note that this will place ldscripts in /usr/lib, even on $ARCH that -# use LIBDIRSUFFIX=64. According to Ian Lance Taylor, the ldscripts have -# been built into the linker for quite some time and the ones in the -# filesystem aren't actually loaded. For the most part they are now -# documentation and it doesn't matter where they reside. -make clean || exit 1 -make tooldir=/usr $NUMJOBS || make tooldir=/usr || exit 1 -make tooldir=/usr install DESTDIR=$PKG || exit 1 - -# Using tooldir=/usr also makes the /usr/${TARGET}/lib${LIBDIRSUFFIX} -# directory obsolete, and the build will no longer install it. But since -# some people might be making local use of that directory, we'll install -# it anyway: -mkdir -p $PKG/usr/${TARGET}/lib${LIBDIRSUFFIX} -# Same with /usr/${TARGET}/bin: -mkdir -p $PKG/usr/${TARGET}/bin - -# Don't ship .la files: -rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la - -# COMMENTED OUT, since a valid use case was provided for windres on Linux. -# None of these tools are very large, and unless they can be shown to be -# non-functional, there's no good reason to exclude them. -## Remove Windows specific tools / docs (if they exist): -#rm -f $PKG/usr/bin/{dlltool,nlmconv,windres,windmc} -#rm -f $PKG/usr/man/man1/{dlltool,nlmconv,windres,windmc}* - -# Add a symlink since binutils's version of strings used to be called -# "strings-GNU" on Slackware, and it's possible that people have scripts -# that use that name: -( cd $PKG/usr/bin ; ln -sf strings strings-GNU ) - -## OBSOLETE, since we're using tooldir=/usr. But we'll keep this cruft as a -## reference until we get the all clear on the tooldir= changes. :-) -## Move ldscripts to /usr/lib${LIBDIRSUFFIX}, and then put symlinks in place -#mv $PKG/usr/${TARGET}/lib/ldscripts $PKG/usr/lib${LIBDIRSUFFIX} -#( cd $PKG/usr/${TARGET} -# ln -s /usr/lib${LIBDIRSUFFIX}/ldscripts lib/ldscripts -# for FILE in ar as ld ld.bfd ld.gold nm objcopy objdump ranlib strip ; do -# if [ -r "/usr/bin/$FILE" ]; then -# rm -f bin/$FILE -# ln -s /usr/bin/$FILE bin/$FILE -# fi -# done -#) - -# If the requested default linker is present, make it the default: -# Set the link differently on the system to change the default at runtime. -if [ -r $PKG/usr/bin/$DEFAULT_LD ]; then - ( cd $PKG/usr/bin ; rm -f ld ; ln -sf $DEFAULT_LD ld ) -fi - -find $PKG | xargs file | grep -e "executable" -e "shared object" \ - | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null - -# Remove some unneeded man pages, and then compress the rest -rm -f $PKG/usr/man/man1/{dlltool,windres}.1 -( cd $PKG/usr/man - find . -type f -exec gzip -9 {} \+ - for i in $(find . -type l) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done -) - -# Compress info pages -rm -f $PKG/usr/info/dir -gzip -9 $PKG/usr/info/* - -mkdir -p $PKG/usr/doc/binutils-$VERSION -cp \ - $CWD/release.binutils-* \ - COPYING* ChangeLog.linux MAI* README* \ - $PKG/usr/doc/binutils-$VERSION - -# If there's a ChangeLog, installing at least part of the recent history -# is useful, but don't let it get totally out of control: -if [ -r ChangeLog ]; then - DOCSDIR=$(echo $PKG/usr/doc/*-$VERSION) - cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog - touch -r ChangeLog $DOCSDIR/ChangeLog -fi - -chown -R root:root $PKG/usr/doc/binutils-$VERSION - -# Add slack-desc: -mkdir -p $PKG/install -cat $CWD/slack-desc > $PKG/install/slack-desc - -cd $PKG -/sbin/makepkg -l y -c n $TMP/binutils-$VERSION-$ARCH-$BUILD.txz - -cat << EOF - -############################# -oprofile links to libbfd so -be sure to recompile that -############################# - -EOF diff --git a/testing/source/binutils/patches/binutils-2.20.51.0.10-copy-osabi.patch b/testing/source/binutils/patches/binutils-2.20.51.0.10-copy-osabi.patch deleted file mode 100644 index 6bd9f3dfc..000000000 --- a/testing/source/binutils/patches/binutils-2.20.51.0.10-copy-osabi.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- binutils-2.26.orig/bfd/elf.c 2016-01-25 10:11:33.482288877 +0000 -+++ binutils-2.26/bfd/elf.c 2016-01-25 10:16:48.520223863 +0000 -@@ -1300,6 +1300,13 @@ _bfd_elf_copy_private_bfd_data (bfd *ibf - } - } - -+ /* If the input BFD has the OSABI field set and the -+ output BFD does not, then copy the value. */ -+ if (elf_elfheader (ibfd)->e_ident [EI_OSABI] != ELFOSABI_NONE -+ && elf_elfheader (obfd)->e_ident [EI_OSABI] == ELFOSABI_NONE) -+ elf_elfheader (obfd)->e_ident [EI_OSABI] = -+ elf_elfheader (ibfd)->e_ident [EI_OSABI]; -+ - return TRUE; - } - diff --git a/testing/source/binutils/patches/binutils-2.20.51.0.10-sec-merge-emit.patch b/testing/source/binutils/patches/binutils-2.20.51.0.10-sec-merge-emit.patch deleted file mode 100644 index 238beb38b..000000000 --- a/testing/source/binutils/patches/binutils-2.20.51.0.10-sec-merge-emit.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- binutils-2.26.orig/bfd/merge.c 2016-01-25 10:11:33.505289018 +0000 -+++ binutils-2.26/bfd/merge.c 2016-01-25 10:19:56.961381656 +0000 -@@ -334,7 +334,7 @@ sec_merge_emit (bfd *abfd, struct sec_me - - /* Trailing alignment needed? */ - off = sec->size - off; -- if (off != 0) -+ if (off != 0 && alignment_power) - { - if (contents) - memcpy (contents + offset, pad, off); diff --git a/testing/source/binutils/patches/binutils-2.20.51.0.2-libtool-lib64.patch b/testing/source/binutils/patches/binutils-2.20.51.0.2-libtool-lib64.patch deleted file mode 100644 index 142fc7e27..000000000 --- a/testing/source/binutils/patches/binutils-2.20.51.0.2-libtool-lib64.patch +++ /dev/null @@ -1,236 +0,0 @@ -diff -rcp ../binutils-2.20.51.0.7.original/bfd/configure ./bfd/configure ---- a/bfd/configure 2010-04-08 14:53:48.000000000 +0100 -+++ b/bfd/configure 2010-04-08 14:56:50.000000000 +0100 -@@ -10762,10 +10762,34 @@ - # before this can be enabled. - hardcode_into_libs=yes - -+ # find out which ABI we are using -+ libsuff= -+ case "$host_cpu" in -+ x86_64*|s390*|powerpc*|ppc*|sparc*) -+ echo 'int i;' > conftest.$ac_ext -+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 -+ (eval $ac_compile) 2>&5 -+ ac_status=$? -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); }; then -+ case `/usr/bin/file conftest.$ac_objext` in -+ *64-bit*) -+ libsuff=64 -+ if test x"$sys_lib_search_path_spec" = x"/lib /usr/lib /usr/local/lib"; then -+ sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" -+ fi -+ sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff}" -+ ;; -+ esac -+ fi -+ rm -rf conftest* -+ ;; -+ esac -+ - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` -- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" -+ sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on -diff -rcp ../binutils-2.20.51.0.7.original/binutils/configure ./binutils/configure ---- a/binutils/configure 2010-04-08 14:53:45.000000000 +0100 -+++ b/binutils/configure 2010-04-08 14:56:21.000000000 +0100 -@@ -10560,10 +10560,34 @@ - # before this can be enabled. - hardcode_into_libs=yes - -+ # find out which ABI we are using -+ libsuff= -+ case "$host_cpu" in -+ x86_64*|s390*|powerpc*|ppc*|sparc*) -+ echo 'int i;' > conftest.$ac_ext -+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 -+ (eval $ac_compile) 2>&5 -+ ac_status=$? -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); }; then -+ case `/usr/bin/file conftest.$ac_objext` in -+ *64-bit*) -+ libsuff=64 -+ if test x"$sys_lib_search_path_spec" = x"/lib /usr/lib /usr/local/lib"; then -+ sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" -+ fi -+ sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff}" -+ ;; -+ esac -+ fi -+ rm -rf conftest* -+ ;; -+ esac -+ - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` -- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" -+ sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on -diff -rcp ../binutils-2.20.51.0.7.original/gas/configure ./gas/configure ---- a/gas/configure 2010-04-08 14:53:47.000000000 +0100 -+++ b/gas/configure 2010-04-08 14:57:24.000000000 +0100 -@@ -10547,10 +10547,34 @@ - # before this can be enabled. - hardcode_into_libs=yes - -+ # find out which ABI we are using -+ libsuff= -+ case "$host_cpu" in -+ x86_64*|s390*|powerpc*|ppc*|sparc*) -+ echo 'int i;' > conftest.$ac_ext -+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 -+ (eval $ac_compile) 2>&5 -+ ac_status=$? -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); }; then -+ case `/usr/bin/file conftest.$ac_objext` in -+ *64-bit*) -+ libsuff=64 -+ if test x"$sys_lib_search_path_spec" = x"/lib /usr/lib /usr/local/lib"; then -+ sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" -+ fi -+ sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff}" -+ ;; -+ esac -+ fi -+ rm -rf conftest* -+ ;; -+ esac -+ - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` -- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" -+ sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on -diff -rcp ../binutils-2.20.51.0.7.original/gprof/configure ./gprof/configure ---- a/gprof/configure 2010-04-08 14:53:45.000000000 +0100 -+++ b/gprof/configure 2010-04-08 14:57:50.000000000 +0100 -@@ -10485,10 +10485,34 @@ - # before this can be enabled. - hardcode_into_libs=yes - -+ # find out which ABI we are using -+ libsuff= -+ case "$host_cpu" in -+ x86_64*|s390*|powerpc*|ppc*|sparc*) -+ echo 'int i;' > conftest.$ac_ext -+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 -+ (eval $ac_compile) 2>&5 -+ ac_status=$? -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); }; then -+ case `/usr/bin/file conftest.$ac_objext` in -+ *64-bit*) -+ libsuff=64 -+ if test x"$sys_lib_search_path_spec" = x"/lib /usr/lib /usr/local/lib"; then -+ sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" -+ fi -+ sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff}" -+ ;; -+ esac -+ fi -+ rm -rf conftest* -+ ;; -+ esac -+ - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` -- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" -+ sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on -diff -rcp ../binutils-2.20.51.0.7.original/ld/configure ./ld/configure ---- a/ld/configure 2010-04-08 14:53:44.000000000 +0100 -+++ b/ld/configure 2010-04-08 14:58:21.000000000 +0100 -@@ -10966,10 +10966,34 @@ - # before this can be enabled. - hardcode_into_libs=yes - -+ # find out which ABI we are using -+ libsuff= -+ case "$host_cpu" in -+ x86_64*|s390*|powerpc*|ppc*|sparc*) -+ echo 'int i;' > conftest.$ac_ext -+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 -+ (eval $ac_compile) 2>&5 -+ ac_status=$? -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); }; then -+ case `/usr/bin/file conftest.$ac_objext` in -+ *64-bit*) -+ libsuff=64 -+ if test x"$sys_lib_search_path_spec" = x"/lib /usr/lib /usr/local/lib"; then -+ sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" -+ fi -+ sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff}" -+ ;; -+ esac -+ fi -+ rm -rf conftest* -+ ;; -+ esac -+ - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` -- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" -+ sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on -Only in .: .#libtool.m4 -Only in .: #libtool.m4# -diff -rcp ../binutils-2.20.51.0.7.original/opcodes/configure ./opcodes/configure ---- a/opcodes/configure 2010-04-08 14:53:45.000000000 +0100 -+++ b/opcodes/configure 2010-04-08 14:59:10.000000000 +0100 -@@ -10496,10 +10496,34 @@ - # before this can be enabled. - hardcode_into_libs=yes - -+ # find out which ABI we are using -+ libsuff= -+ case "$host_cpu" in -+ x86_64*|s390*|powerpc*|ppc*|sparc*) -+ echo 'int i;' > conftest.$ac_ext -+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 -+ (eval $ac_compile) 2>&5 -+ ac_status=$? -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); }; then -+ case `/usr/bin/file conftest.$ac_objext` in -+ *64-bit*) -+ libsuff=64 -+ if test x"$sys_lib_search_path_spec" = x"/lib /usr/lib /usr/local/lib"; then -+ sys_lib_search_path_spec="/lib${libsuff} /usr/lib${libsuff} /usr/local/lib${libsuff}" -+ fi -+ sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff}" -+ ;; -+ esac -+ fi -+ rm -rf conftest* -+ ;; -+ esac -+ - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` -- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" -+ sys_lib_dlsearch_path_spec="/lib${libsuff} /usr/lib${libsuff} $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on diff --git a/testing/source/binutils/patches/binutils-2.24-ldforcele.patch b/testing/source/binutils/patches/binutils-2.24-ldforcele.patch deleted file mode 100644 index 194cf1ea9..000000000 --- a/testing/source/binutils/patches/binutils-2.24-ldforcele.patch +++ /dev/null @@ -1,54 +0,0 @@ -Common subdirectories: ../binutils-2.24.orig/ld/emulparams and ld/emulparams -Common subdirectories: ../binutils-2.24.orig/ld/emultempl and ld/emultempl -diff -up ../binutils-2.24.orig/ld/ldlang.c ld/ldlang.c ---- a/ld/ldlang.c 2014-05-09 10:35:04.589504928 +0100 -+++ b/ld/ldlang.c 2014-05-09 10:35:55.515661478 +0100 -@@ -7096,6 +7096,18 @@ - && little != NULL) - format = little; - -+ if (getenv ("LD_FORCE_LE") != NULL) -+ { -+ if (strcmp (format, "elf64-powerpc") == 0) -+ format = "elf64-powerpcle"; -+ else if (strcmp (format, "elf32-powerpc") == 0) -+ format = "elf32-powerpcle"; -+ else if (strcmp (format, "elf64-big") == 0) -+ format = "elf64-little"; -+ else if (strcmp (format, "elf32-big") == 0) -+ format = "elf32-little"; -+ } -+ - output_target = format; - } - } -Only in ld: ldlang.c.orig -diff -up ../binutils-2.24.orig/ld/ldmain.c ld/ldmain.c ---- a/ld/ldmain.c 2014-05-09 10:35:04.593504941 +0100 -+++ b/ld/ldmain.c 2014-05-09 10:35:55.515661478 +0100 -@@ -603,6 +603,18 @@ - } - } - -+ if ((strncmp (emulation, "elf64ppc", 8) == 0 -+ || strncmp (emulation, "elf32ppc", 8) == 0) -+ && getenv ("LD_FORCE_LE") != NULL) -+ { -+ size_t len = strlen (emulation); -+ char *le = xmalloc (len + 2); -+ memcpy (le, emulation, 5); -+ le[5] = 'l'; -+ memcpy (le + 6, emulation + 5, len - 4); -+ emulation = le; -+ } -+ - return emulation; - } - -Only in ld: ldmain.c.orig -Common subdirectories: ../binutils-2.24.orig/ld/ldscripts and ld/ldscripts -Common subdirectories: ../binutils-2.24.orig/ld/.libs and ld/.libs -Common subdirectories: ../binutils-2.24.orig/ld/po and ld/po -Common subdirectories: ../binutils-2.24.orig/ld/scripttempl and ld/scripttempl -Common subdirectories: ../binutils-2.24.orig/ld/testsuite and ld/testsuite -Common subdirectories: ../binutils-2.24.orig/ld/tmpdir and ld/tmpdir diff --git a/testing/source/binutils/patches/binutils-2.25-set-long-long.patch b/testing/source/binutils/patches/binutils-2.25-set-long-long.patch deleted file mode 100644 index 1ea741811..000000000 --- a/testing/source/binutils/patches/binutils-2.25-set-long-long.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up binutils-2.25.orig/bfd/configure.ac binutils-2.25/bfd/configure.ac ---- binutils-2.25.orig/bfd/configure.ac 2014-12-24 10:34:45.590491143 +0000 -+++ binutils-2.25/bfd/configure.ac 2014-12-24 10:36:12.997981992 +0000 -@@ -183,11 +183,13 @@ if test "x${ac_cv_sizeof_long}" = "x8"; - BFD_HOST_64BIT_LONG=1 - test -n "${HOST_64BIT_TYPE}" || HOST_64BIT_TYPE="long" - test -n "${HOST_U_64BIT_TYPE}" || HOST_U_64BIT_TYPE="unsigned long" --elif test "x${ac_cv_sizeof_long_long}" = "x8"; then -+fi -+if test "x${ac_cv_sizeof_long_long}" = "x8"; then - BFD_HOST_64BIT_LONG_LONG=1 - test -n "${HOST_64BIT_TYPE}" || HOST_64BIT_TYPE="long long" - test -n "${HOST_U_64BIT_TYPE}" || HOST_U_64BIT_TYPE="unsigned long long" -- if test "x${ac_cv_sizeof_void_p}" = "x8"; then -+ if test "x${ac_cv_sizeof_void_p}" = "x8" \ -+ -a "x${ac_cv_sizeof_long}" != "x8"; then - BFD_HOSTPTR_T="unsigned long long" - fi - fi -diff -up ../binutils-2.20.51.0.7.original/bfd/configure ./bfd/configure ---- a/bfd/configure 2010-04-08 15:23:58.000000000 +0100 -+++ b/bfd/configure 2010-04-08 15:24:06.000000000 +0100 -@@ -12819,11 +12819,13 @@ - BFD_HOST_64BIT_LONG=1 - test -n "${HOST_64BIT_TYPE}" || HOST_64BIT_TYPE="long" - test -n "${HOST_U_64BIT_TYPE}" || HOST_U_64BIT_TYPE="unsigned long" --elif test "x${ac_cv_sizeof_long_long}" = "x8"; then -+fi -+if test "x${ac_cv_sizeof_long_long}" = "x8"; then - BFD_HOST_64BIT_LONG_LONG=1 - test -n "${HOST_64BIT_TYPE}" || HOST_64BIT_TYPE="long long" - test -n "${HOST_U_64BIT_TYPE}" || HOST_U_64BIT_TYPE="unsigned long long" -- if test "x${ac_cv_sizeof_void_p}" = "x8"; then -+ if test "x${ac_cv_sizeof_void_p}" = "x8" \ -+ -a "x${ac_cv_sizeof_long}" != "x8"; then - BFD_HOSTPTR_T="unsigned long long" - fi - fi diff --git a/testing/source/binutils/patches/binutils-2.25-version.patch b/testing/source/binutils/patches/binutils-2.25-version.patch deleted file mode 100644 index d97e81bc4..000000000 --- a/testing/source/binutils/patches/binutils-2.25-version.patch +++ /dev/null @@ -1,44 +0,0 @@ ---- binutils-2.26.orig/bfd/Makefile.am 2016-01-25 10:11:33.505289018 +0000 -+++ binutils-2.26/bfd/Makefile.am 2016-01-25 10:13:23.489964145 +0000 -@@ -1043,8 +1043,8 @@ DISTCLEANFILES = $(BUILD_CFILES) $(BUILD - bfdver.h: $(srcdir)/version.h $(srcdir)/development.sh $(srcdir)/Makefile.in - @echo "creating $@" - @bfd_version=`echo "$(VERSION)" | $(SED) -e 's/\([^\.]*\)\.*\([^\.]*\)\.*\([^\.]*\)\.*\([^\.]*\)\.*\([^\.]*\).*/\1.00\2.00\3.00\4.00\5/' -e 's/\([^\.]*\)\..*\(..\)\..*\(..\)\..*\(..\)\..*\(..\)$$/\1\2\3\4\5/'` ;\ -- bfd_version_string="\"$(VERSION)\"" ;\ -- bfd_soversion="$(VERSION)" ;\ -+ bfd_version_string="\"$(VERSION)-%{release}\"" ;\ -+ bfd_soversion="$(VERSION)-%{release}" ;\ - bfd_version_package="\"$(PKGVERSION)\"" ;\ - report_bugs_to="\"$(REPORT_BUGS_TO)\"" ;\ - . $(srcdir)/development.sh ;\ -@@ -1055,7 +1055,7 @@ bfdver.h: $(srcdir)/version.h $(srcdir)/ - fi ;\ - $(SED) -e "s,@bfd_version@,$$bfd_version," \ - -e "s,@bfd_version_string@,$$bfd_version_string," \ -- -e "s,@bfd_version_package@,$$bfd_version_package," \ -+ -e "s,@bfd_version_package@,\"version \"," \ - -e "s,@report_bugs_to@,$$report_bugs_to," \ - < $(srcdir)/version.h > $@; \ - echo "$${bfd_soversion}" > libtool-soversion ---- binutils-2.26.orig/bfd/Makefile.in 2016-01-25 10:11:33.505289018 +0000 -+++ binutils-2.26/bfd/Makefile.in 2016-01-25 10:14:17.818297941 +0000 -@@ -2111,8 +2111,8 @@ stmp-lcoff-h: $(LIBCOFF_H_FILES) - bfdver.h: $(srcdir)/version.h $(srcdir)/development.sh $(srcdir)/Makefile.in - @echo "creating $@" - @bfd_version=`echo "$(VERSION)" | $(SED) -e 's/\([^\.]*\)\.*\([^\.]*\)\.*\([^\.]*\)\.*\([^\.]*\)\.*\([^\.]*\).*/\1.00\2.00\3.00\4.00\5/' -e 's/\([^\.]*\)\..*\(..\)\..*\(..\)\..*\(..\)\..*\(..\)$$/\1\2\3\4\5/'` ;\ -- bfd_version_string="\"$(VERSION)\"" ;\ -- bfd_soversion="$(VERSION)" ;\ -+ bfd_version_string="\"$(VERSION)-%{release}\"" ;\ -+ bfd_soversion="$(VERSION)-%{release}" ;\ - bfd_version_package="\"$(PKGVERSION)\"" ;\ - report_bugs_to="\"$(REPORT_BUGS_TO)\"" ;\ - . $(srcdir)/development.sh ;\ -@@ -2123,7 +2123,7 @@ bfdver.h: $(srcdir)/version.h $(srcdir)/ - fi ;\ - $(SED) -e "s,@bfd_version@,$$bfd_version," \ - -e "s,@bfd_version_string@,$$bfd_version_string," \ -- -e "s,@bfd_version_package@,$$bfd_version_package," \ -+ -e "s,@bfd_version_package@,\"version \"," \ - -e "s,@report_bugs_to@,$$report_bugs_to," \ - < $(srcdir)/version.h > $@; \ - echo "$${bfd_soversion}" > libtool-soversion diff --git a/testing/source/binutils/patches/binutils-2.25.1-cleansweep.patch b/testing/source/binutils/patches/binutils-2.25.1-cleansweep.patch deleted file mode 100644 index 2603d1302..000000000 --- a/testing/source/binutils/patches/binutils-2.25.1-cleansweep.patch +++ /dev/null @@ -1,63 +0,0 @@ ---- ../binutils-2.25.1.orig/ld/testsuite/ld-plugin/lto.exp 2016-01-08 15:24:58.241083264 +0000 -+++ ld/testsuite/ld-plugin/lto.exp 2016-01-08 16:30:51.845827089 +0000 -@@ -386,6 +386,11 @@ if { [at_least_gcc_version 4 7] } { - } - } - -+# Fedora specific binutils patches break some of the tests that follow... -+restore_notify -+return -+ -+ - # Run "ld -r" to generate inputs for complex LTO tests. - run_dump_test "lto-3r" - remote_exec host "mv" "tmpdir/dump tmpdir/lto-3.o" ---- ../binutils-2.26.orig/ld/testsuite/ld-size/size.exp 2016-01-27 15:51:27.223093570 +0000 -+++ ld/testsuite/ld-size/size.exp 2016-01-27 16:00:04.262015016 +0000 -@@ -113,37 +113,6 @@ run_cc_link_tests [list \ - "libsize-6b.so" \ - ] \ - [list \ -- "Build libsize-7.so" \ -- "-shared" \ -- "-fPIC" \ -- {size-7b.c} \ -- {} \ -- "libsize-7.so" \ -- ] \ -- [list \ -- "Build size-7" \ -- "$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/libsize-7.so" \ -- "$NOPIE_CFLAGS" \ -- {size-7a.c} \ -- {{readelf -rW size-7.rd}} \ -- "size-7.exe" \ -- ] \ -- [list \ -- "Build libsize-8.so" \ -- "-shared" "-fPIC" \ -- {size-8b.c} \ -- {} \ -- "libsize-8.so" \ -- ] \ -- [list \ -- "Build size-8" \ -- "$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/libsize-8.so" \ -- "$NOPIE_CFLAGS" \ -- {size-8a.c} \ -- {{readelf -rW size-8.rd}} \ -- "size-8.exe" \ -- ] \ -- [list \ - "Build libsize-9.so" \ - "-shared" \ - "-fPIC" \ -@@ -161,6 +130,8 @@ run_cc_link_tests [list \ - ] \ - ] - -+return -+ - # Check if size relocation works at run-time. - catch "exec tmpdir/size-7.exe > tmpdir/dump.out" exec_output - if ![string match "" $exec_output] then { diff --git a/testing/source/binutils/patches/binutils.export.demangle.h.diff b/testing/source/binutils/patches/binutils.export.demangle.h.diff deleted file mode 100644 index 8720da592..000000000 --- a/testing/source/binutils/patches/binutils.export.demangle.h.diff +++ /dev/null @@ -1,30 +0,0 @@ ---- ./bfd/Makefile.in.orig 2019-02-02 09:47:56.000000000 -0600 -+++ ./bfd/Makefile.in 2019-02-02 14:10:55.709944225 -0600 -@@ -249,7 +249,7 @@ - esac - am__bfdinclude_HEADERS_DIST = $(INCDIR)/plugin-api.h bfd.h \ - $(INCDIR)/ansidecl.h $(INCDIR)/symcat.h bfd_stdint.h \ -- $(INCDIR)/diagnostics.h $(INCDIR)/bfdlink.h -+ $(INCDIR)/diagnostics.h $(INCDIR)/bfdlink.h $(INCDIR)/demangle.h - HEADERS = $(bfdinclude_HEADERS) - RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ - distclean-recursive maintainer-clean-recursive -@@ -469,6 +469,7 @@ - @INSTALL_LIBBFD_TRUE@bfdinclude_HEADERS = $(BFD_H) \ - @INSTALL_LIBBFD_TRUE@ $(INCDIR)/ansidecl.h $(INCDIR)/symcat.h \ - @INSTALL_LIBBFD_TRUE@ bfd_stdint.h $(INCDIR)/diagnostics.h \ -+@INSTALL_LIBBFD_TRUE@ $(INCDIR)/demangle.h \ - @INSTALL_LIBBFD_TRUE@ $(INCDIR)/bfdlink.h $(am__append_2) - @INSTALL_LIBBFD_FALSE@rpath_bfdlibdir = @bfdlibdir@ - @INSTALL_LIBBFD_FALSE@noinst_LTLIBRARIES = libbfd.la ---- ./bfd/Makefile.am.orig 2019-01-19 10:01:32.000000000 -0600 -+++ ./bfd/Makefile.am 2019-02-02 14:09:28.363952384 -0600 -@@ -33,7 +33,7 @@ - bfdincludedir = @bfdincludedir@ - bfdlib_LTLIBRARIES = libbfd.la - bfdinclude_HEADERS = $(BFD_H) $(INCDIR)/ansidecl.h $(INCDIR)/symcat.h \ -- bfd_stdint.h $(INCDIR)/diagnostics.h $(INCDIR)/bfdlink.h -+ bfd_stdint.h $(INCDIR)/diagnostics.h $(INCDIR)/bfdlink.h $(INCDIR)/demangle.h - else !INSTALL_LIBBFD - # Empty these so that the respective installation directories will not be created. - bfdlibdir = diff --git a/testing/source/binutils/patches/binutils.no-config-h-check.diff b/testing/source/binutils/patches/binutils.no-config-h-check.diff deleted file mode 100644 index 55cba7fbf..000000000 --- a/testing/source/binutils/patches/binutils.no-config-h-check.diff +++ /dev/null @@ -1,28 +0,0 @@ ---- ./bfd/bfd-in2.h.orig 2013-02-27 14:28:03.000000000 -0600 -+++ ./bfd/bfd-in2.h 2013-04-02 15:57:44.847202021 -0500 -@@ -32,11 +32,6 @@ - #ifndef __BFD_H_SEEN__ - #define __BFD_H_SEEN__ - --/* PR 14072: Ensure that config.h is included first. */ --#if !defined PACKAGE && !defined PACKAGE_VERSION --#error config.h must be included before this header --#endif -- - #ifdef __cplusplus - extern "C" { - #endif ---- ./bfd/bfd-in.h.orig 2013-02-27 14:28:03.000000000 -0600 -+++ ./bfd/bfd-in.h 2013-04-02 15:57:44.846202021 -0500 -@@ -25,11 +25,6 @@ - #ifndef __BFD_H_SEEN__ - #define __BFD_H_SEEN__ - --/* PR 14072: Ensure that config.h is included first. */ --#if !defined PACKAGE && !defined PACKAGE_VERSION --#error config.h must be included before this header --#endif -- - #ifdef __cplusplus - extern "C" { - #endif diff --git a/testing/source/glibc/doinst.sh-glibc b/testing/source/glibc/doinst.sh-glibc deleted file mode 100644 index e2c7d3ef1..000000000 --- a/testing/source/glibc/doinst.sh-glibc +++ /dev/null @@ -1,164 +0,0 @@ -#!/bin/sh -# Copyright (C) 2002, 2005 Slackware Linux, Inc. -# Copyright 2005, 2006, 2007, 2011, 2012, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# Swap glibc on the fly. -# -# If we're on a running system we have to handle this _very_ carefully. :-) -# The tricks involved here get trickier every time... - -# OK, now we have to be sure of a few things. First, you do have a 2.6 -# kernel running, right? - -if [ -r /proc/ksyms ]; then - echo "FATAL: you need to be running a 2.6.x kernel in order to upgrade" - echo "to this version of glibc." - echo - sleep 999 - exit 1 -fi - -# Next, stop using the /lib/ntpl libraries. These are now obsolete and -# will break the installation if present: -if [ -d lib/tls ]; then - mkdir -p lib/obsolete - mv lib/tls lib/obsolete -fi -if [ -x sbin/ldconfig ]; then - sbin/ldconfig -r . 2> /dev/null -fi - -# Install NPTL glibc libraries: -if [ -x /sbin/ldconfig -a -d lib/incoming ]; then # swap on the fly - # Try to protect with flock against another installpkg/removepkg running - # ldconfig while we're doing the on-the-fly install: - mkdir -p run/lock/pkgtools - ( flock 9 || exit 11 - # First create copies of the incoming libraries: - ( cd lib/incoming - for file in * ; do - if [ ! -r ../${file}.incoming ]; then - cp -a $file ../${file}.incoming - fi - done - ) - # Then switch to them all at once: - /sbin/ldconfig -l lib/*.incoming 2> /dev/null - # Remove old versions of the glibc libraries. If you really don't want to - # do this for some reason, create a file /etc/glibc-nowipe. - if [ ! -r etc/glibc-nowipe ]; then - ( cd lib - for INCOMING in incoming/*-* ; do - LIBPREFIX=$(basename $INCOMING | cut -f 1 -d -) - for LIBRARY in ${LIBPREFIX}-* ; do - # Don't remove the library if it ends in .incoming: - if [ "$(echo $LIBRARY | rev | cut -f 1 -d .)" = "gnimocni" ]; then - continue - fi - # Don't remove symlinks: - if [ -L $LIBRARY ]; then - continue - fi - rm -f $LIBRARY - done - done - ) - fi - # Finally, rename them and clean up: - ( cd lib - for file in *.incoming ; do - rm -f `basename $file .incoming` - cp -a $file `basename $file .incoming` - /sbin/ldconfig -l `basename $file .incoming` 2> /dev/null - rm -f $file - done - ) - ) 9> run/lock/pkgtools/ldconfig.lock -else # no ldconfig? This is a broken situation, but we will do what we can: - ( cd lib/incoming - for file in * ; do - cp -a $file .. - done - ) -fi -# Now, get rid of the temporary directory: -rm -rf lib/incoming -# Done installing NPTL glibc libraries. - -# Handle config files: -config() { - NEW="$1" - OLD="$(dirname $NEW)/$(basename $NEW .new)" - # If there's no config file by that name, mv it over: - if [ ! -r $OLD ]; then - mv $NEW $OLD - elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy - rm $NEW - fi - # Otherwise, we leave the .new copy for the admin to consider... -} -config etc/nscd.conf.new -config etc/profile.d/glibc.csh.new -config etc/profile.d/glibc.sh.new -# Clearly you already decided this issue. :-) -rm -f etc/profile.d/glibc.csh.new -rm -f etc/profile.d/glibc.sh.new - -# This block below *should* be dead code, but it's probably safer to leave it -# here as a fallback. It no longer has complete coverage of all the links -# that would be needed in /lib${LIBDIRSUFFIX}, but it covers enough that if -# we did fall back on this the machine would boot until it reached the boot -# time call to ldconfig, which would then take care of any missing links. -# In case there's no ldconfig, make the links manually: -if [ ! -x /sbin/ldconfig ]; then -( cd lib ; rm -rf libnss_nis.so.2 ) -( cd lib ; ln -sf libnss_nis-@@VERSION@@.so libnss_nis.so.2 ) -( cd lib ; rm -rf libm.so.6 ) -( cd lib ; ln -sf libm-@@VERSION@@.so libm.so.6 ) -( cd lib ; rm -rf libnss_files.so.2 ) -( cd lib ; ln -sf libnss_files-@@VERSION@@.so libnss_files.so.2 ) -( cd lib ; rm -rf libresolv.so.2 ) -( cd lib ; ln -sf libresolv-@@VERSION@@.so libresolv.so.2 ) -( cd lib ; rm -rf libnsl.so.1 ) -( cd lib ; ln -sf libnsl-@@VERSION@@.so libnsl.so.1 ) -( cd lib ; rm -rf libutil.so.1 ) -( cd lib ; ln -sf libutil-@@VERSION@@.so libutil.so.1 ) -( cd lib ; rm -rf libnss_compat.so.2 ) -( cd lib ; ln -sf libnss_compat-@@VERSION@@.so libnss_compat.so.2 ) -( cd lib ; rm -rf libthread_db.so.1 ) -( cd lib ; ln -sf libthread_db-1.0.so libthread_db.so.1 ) -( cd lib ; rm -rf libnss_hesiod.so.2 ) -( cd lib ; ln -sf libnss_hesiod-@@VERSION@@.so libnss_hesiod.so.2 ) -( cd lib ; rm -rf libanl.so.1 ) -( cd lib ; ln -sf libanl-@@VERSION@@.so libanl.so.1 ) -( cd lib ; rm -rf libcrypt.so.1 ) -( cd lib ; ln -sf libcrypt-@@VERSION@@.so libcrypt.so.1 ) -( cd lib ; rm -rf libBrokenLocale.so.1 ) -( cd lib ; ln -sf libBrokenLocale-@@VERSION@@.so libBrokenLocale.so.1 ) -( cd lib ; rm -rf ld-linux.so.2 ) -( cd lib ; ln -sf ld-@@VERSION@@.so ld-linux.so.2 ) -( cd lib ; rm -rf libdl.so.2 ) -( cd lib ; ln -sf libdl-@@VERSION@@.so libdl.so.2 ) -( cd lib ; rm -rf libnss_dns.so.2 ) -( cd lib ; ln -sf libnss_dns-@@VERSION@@.so libnss_dns.so.2 ) -( cd lib ; rm -rf libpthread.so.0 ) -( cd lib ; ln -sf libpthread-@@VERSION@@.so libpthread.so.0 ) -( cd lib ; rm -rf libnss_nisplus.so.2 ) -( cd lib ; ln -sf libnss_nisplus-@@VERSION@@.so libnss_nisplus.so.2 ) -( cd lib ; rm -rf libc.so.6 ) -( cd lib ; ln -sf libc-@@VERSION@@.so libc.so.6 ) -( cd lib ; rm -rf librt.so.1 ) -( cd lib ; ln -sf librt-@@VERSION@@.so librt.so.1 ) -fi - -# More links: diff --git a/testing/source/glibc/doinst.sh-glibc-solibs b/testing/source/glibc/doinst.sh-glibc-solibs deleted file mode 100644 index 3d4466043..000000000 --- a/testing/source/glibc/doinst.sh-glibc-solibs +++ /dev/null @@ -1,161 +0,0 @@ -#!/bin/sh -# Copyright (C) 2002, 2005 Slackware Linux, Inc. -# Copyright 2005, 2006, 2011, 2012, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# Swap glibc on the fly. -# -# If we're on a running system we have to handle this _very_ carefully. :-) -# The tricks involved here get trickier every time... - -# OK, now we have to be sure of a few things. First, you do have a 2.6 -# kernel running, right? - -if [ -r /proc/ksyms ]; then - echo "FATAL: you need to be running a 2.6.x kernel in order to upgrade" - echo "to this version of glibc." - echo - sleep 999 - exit 1 -fi - -# Next, stop using the /lib/ntpl libraries. These are now obsolete and -# will break the installation if present: -if [ -d lib/tls ]; then - mkdir -p lib/obsolete - mv lib/tls lib/obsolete -fi -if [ -x sbin/ldconfig ]; then - sbin/ldconfig -r . 2> /dev/null -fi - -# Install NPTL glibc libraries: -if [ -x /sbin/ldconfig -a -d lib/incoming ]; then # swap on the fly - # Try to protect with flock against another installpkg/removepkg running - # ldconfig while we're doing the on-the-fly install: - mkdir -p run/lock/pkgtools - ( flock 9 || exit 11 - # First create copies of the incoming libraries: - ( cd lib/incoming - for file in * ; do - if [ ! -r ../${file}.incoming ]; then - cp -a $file ../${file}.incoming - fi - done - ) - # Then switch to them all at once: - /sbin/ldconfig -l lib/*.incoming 2> /dev/null - # Remove old versions of the glibc libraries. If you really don't want to - # do this for some reason, create a file /etc/glibc-nowipe. - if [ ! -r etc/glibc-nowipe ]; then - ( cd lib - for INCOMING in incoming/*-* ; do - LIBPREFIX=$(basename $INCOMING | cut -f 1 -d -) - for LIBRARY in ${LIBPREFIX}-* ; do - # Don't remove the library if it ends in .incoming: - if [ "$(echo $LIBRARY | rev | cut -f 1 -d .)" = "gnimocni" ]; then - continue - fi - # Don't remove symlinks: - if [ -L $LIBRARY ]; then - continue - fi - rm -f $LIBRARY - done - done - ) - fi - # Finally, rename them and clean up: - ( cd lib - for file in *.incoming ; do - rm -f `basename $file .incoming` - cp -a $file `basename $file .incoming` - /sbin/ldconfig -l `basename $file .incoming` 2> /dev/null - rm -f $file - done - ) - ) 9> run/lock/pkgtools/ldconfig.lock -else # no ldconfig? This is a broken situation, but we will do what we can: - ( cd lib/incoming - for file in * ; do - cp -a $file .. - done - ) -fi -# Now, get rid of the temporary directory: -rm -rf lib/incoming -# Done installing NPTL glibc libraries. - -# Handle config files: -config() { - NEW="$1" - OLD="$(dirname $NEW)/$(basename $NEW .new)" - # If there's no config file by that name, mv it over: - if [ ! -r $OLD ]; then - mv $NEW $OLD - elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy - rm $NEW - fi - # Otherwise, we leave the .new copy for the admin to consider... -} -config etc/profile.d/glibc.csh.new -config etc/profile.d/glibc.sh.new -# Clearly you already decided this issue. :-) -rm -f etc/profile.d/glibc.csh.new -rm -f etc/profile.d/glibc.sh.new - -# This block below *should* be dead code, but it's probably safer to leave it -# here as a fallback. It no longer has complete coverage of all the links -# that would be needed in /lib${LIBDIRSUFFIX}, but it covers enough that if -# we did fall back on this the machine would boot until it reached the boot -# time call to ldconfig, which would then take care of any missing links. -if [ ! -x /sbin/ldconfig ]; then -( cd lib ; rm -rf libnss_nis.so.2 ) -( cd lib ; ln -sf libnss_nis-@@VERSION@@.so libnss_nis.so.2 ) -( cd lib ; rm -rf libm.so.6 ) -( cd lib ; ln -sf libm-@@VERSION@@.so libm.so.6 ) -( cd lib ; rm -rf libnss_files.so.2 ) -( cd lib ; ln -sf libnss_files-@@VERSION@@.so libnss_files.so.2 ) -( cd lib ; rm -rf libresolv.so.2 ) -( cd lib ; ln -sf libresolv-@@VERSION@@.so libresolv.so.2 ) -( cd lib ; rm -rf libnsl.so.1 ) -( cd lib ; ln -sf libnsl-@@VERSION@@.so libnsl.so.1 ) -( cd lib ; rm -rf libutil.so.1 ) -( cd lib ; ln -sf libutil-@@VERSION@@.so libutil.so.1 ) -( cd lib ; rm -rf libnss_compat.so.2 ) -( cd lib ; ln -sf libnss_compat-@@VERSION@@.so libnss_compat.so.2 ) -( cd lib ; rm -rf libthread_db.so.1 ) -( cd lib ; ln -sf libthread_db-1.0.so libthread_db.so.1 ) -( cd lib ; rm -rf libnss_hesiod.so.2 ) -( cd lib ; ln -sf libnss_hesiod-@@VERSION@@.so libnss_hesiod.so.2 ) -( cd lib ; rm -rf libanl.so.1 ) -( cd lib ; ln -sf libanl-@@VERSION@@.so libanl.so.1 ) -( cd lib ; rm -rf libcrypt.so.1 ) -( cd lib ; ln -sf libcrypt-@@VERSION@@.so libcrypt.so.1 ) -( cd lib ; rm -rf libBrokenLocale.so.1 ) -( cd lib ; ln -sf libBrokenLocale-@@VERSION@@.so libBrokenLocale.so.1 ) -( cd lib ; rm -rf ld-linux.so.2 ) -( cd lib ; ln -sf ld-@@VERSION@@.so ld-linux.so.2 ) -( cd lib ; rm -rf libdl.so.2 ) -( cd lib ; ln -sf libdl-@@VERSION@@.so libdl.so.2 ) -( cd lib ; rm -rf libnss_dns.so.2 ) -( cd lib ; ln -sf libnss_dns-@@VERSION@@.so libnss_dns.so.2 ) -( cd lib ; rm -rf libpthread.so.0 ) -( cd lib ; ln -sf libpthread-@@VERSION@@.so libpthread.so.0 ) -( cd lib ; rm -rf libnss_nisplus.so.2 ) -( cd lib ; ln -sf libnss_nisplus-@@VERSION@@.so libnss_nisplus.so.2 ) -( cd lib ; rm -rf libc.so.6 ) -( cd lib ; ln -sf libc-@@VERSION@@.so libc.so.6 ) -( cd lib ; rm -rf librt.so.1 ) -( cd lib ; ln -sf librt-@@VERSION@@.so librt.so.1 ) -fi - diff --git a/testing/source/glibc/glibc-2.29.en_US.no.am.pm.date.format.diff b/testing/source/glibc/glibc-2.29.en_US.no.am.pm.date.format.diff deleted file mode 100644 index 0a14ca3b9..000000000 --- a/testing/source/glibc/glibc-2.29.en_US.no.am.pm.date.format.diff +++ /dev/null @@ -1,14 +0,0 @@ ---- ./localedata/locales/en_US.orig 2019-01-31 10:45:36.000000000 -0600 -+++ ./localedata/locales/en_US 2019-01-31 22:35:02.033009166 -0600 -@@ -118,7 +118,10 @@ - t_fmt_ampm "%I:%M:%S %p" - % - % Appropriate date and time representation for date(1) --date_fmt "%a %d %b %Y %r %Z" -+% [ Slackware editor's note - no thank you, US users -+% of UNIX-like systems expect a 24 hour clock, just -+% like users in the vast majority of other locales. ] -+%date_fmt "%a %d %b %Y %r %Z" - % - % Strings for AM/PM - % diff --git a/testing/source/glibc/glibc-c-utf8-locale.patch b/testing/source/glibc/glibc-c-utf8-locale.patch deleted file mode 100644 index 7fabf303f..000000000 --- a/testing/source/glibc/glibc-c-utf8-locale.patch +++ /dev/null @@ -1,270 +0,0 @@ -From 2eda7b462b415105f5a05c1323372d4e39d46439 Mon Sep 17 00:00:00 2001 -From: Mike FABIAN <mfabian@redhat.com> -Date: Mon, 10 Aug 2015 15:58:12 +0200 -Subject: [PATCH] Add a C.UTF-8 locale - ---- - localedata/SUPPORTED | 1 + - localedata/locales/C | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 239 insertions(+) - create mode 100644 localedata/locales/C - -diff --git a/localedata/SUPPORTED b/localedata/SUPPORTED -index 8ca023e..2a78391 100644 ---- a/localedata/SUPPORTED -+++ b/localedata/SUPPORTED -@@ -1,6 +1,7 @@ - # This file names the currently supported and somewhat tested locales. - # If you have any additions please file a glibc bug report. - SUPPORTED-LOCALES=\ -+C.UTF-8/UTF-8 \ - aa_DJ.UTF-8/UTF-8 \ - aa_DJ/ISO-8859-1 \ - aa_ER/UTF-8 \ -diff --git a/localedata/locales/C b/localedata/locales/C -new file mode 100644 -index 0000000..fdf460e ---- /dev/null -+++ b/localedata/locales/C -@@ -0,0 +1,238 @@ -+escape_char / -+comment_char % -+% Locale for C locale in UTF-8 -+ -+LC_IDENTIFICATION -+title "C locale" -+source "" -+address "" -+contact "" -+email "mfabian@redhat.com" -+tel "" -+fax "" -+language "C" -+territory "" -+revision "1.0" -+date "2015-08-10" -+% -+category "i18n:2012";LC_IDENTIFICATION -+category "i18n:2012";LC_CTYPE -+category "i18n:2012";LC_COLLATE -+category "i18n:2012";LC_TIME -+category "i18n:2012";LC_NUMERIC -+category "i18n:2012";LC_MONETARY -+category "i18n:2012";LC_MESSAGES -+category "i18n:2012";LC_PAPER -+category "i18n:2012";LC_NAME -+category "i18n:2012";LC_ADDRESS -+category "i18n:2012";LC_TELEPHONE -+category "i18n:2012";LC_MEASUREMENT -+END LC_IDENTIFICATION -+ -+LC_CTYPE -+copy "i18n" -+ -+translit_start -+include "translit_combining";"" -+translit_end -+ -+END LC_CTYPE -+ -+LC_COLLATE -+order_start forward -+<U0000> -+.. -+<UFFFF> -+<U10000> -+.. -+<U1FFFF> -+<U20000> -+.. -+<U2FFFF> -+<UE0000> -+.. -+<UEFFFF> -+<UF0000> -+.. -+<UFFFFF> -+<U100000> -+.. -+<U10FFFF> -+UNDEFINED -+order_end -+END LC_COLLATE -+ -+LC_MONETARY -+% This is the 14652 i18n fdcc-set definition for -+% the LC_MONETARY category -+% (except for the int_curr_symbol and currency_symbol, they are empty in -+% the 14652 i18n fdcc-set definition and also empty in -+% glibc/locale/C-monetary.c. But localedef complains in that case). -+% -+% Using "USD" for int_curr_symbol. But maybe "XXX" would be better? -+% XXX is "No currency" (https://en.wikipedia.org/wiki/ISO_4217) -+int_curr_symbol "<U0055><U0053><U0044><U0020>" -+% Using "$" for currency_symbol. But maybe <U00A4> would be better? -+% U+00A4 is the "generic currency symbol" -+% (https://en.wikipedia.org/wiki/Currency_sign_%28typography%29) -+currency_symbol "<U0024>" -+mon_decimal_point "<U002E>" -+mon_thousands_sep "" -+mon_grouping -1 -+positive_sign "" -+negative_sign "<U002D>" -+int_frac_digits -1 -+frac_digits -1 -+p_cs_precedes -1 -+int_p_sep_by_space -1 -+p_sep_by_space -1 -+n_cs_precedes -1 -+int_n_sep_by_space -1 -+n_sep_by_space -1 -+p_sign_posn -1 -+n_sign_posn -1 -+% -+END LC_MONETARY -+ -+LC_NUMERIC -+% This is the POSIX Locale definition for -+% the LC_NUMERIC category. -+% -+decimal_point "<U002E>" -+thousands_sep "" -+grouping -1 -+END LC_NUMERIC -+ -+LC_TIME -+% This is the POSIX Locale definition for -+% the LC_TIME category. -+% -+% Abbreviated weekday names (%a) -+abday "<U0053><U0075><U006E>";"<U004D><U006F><U006E>";/ -+ "<U0054><U0075><U0065>";"<U0057><U0065><U0064>";/ -+ "<U0054><U0068><U0075>";"<U0046><U0072><U0069>";/ -+ "<U0053><U0061><U0074>" -+ -+% Full weekday names (%A) -+day "<U0053><U0075><U006E><U0064><U0061><U0079>";/ -+ "<U004D><U006F><U006E><U0064><U0061><U0079>";/ -+ "<U0054><U0075><U0065><U0073><U0064><U0061><U0079>";/ -+ "<U0057><U0065><U0064><U006E><U0065><U0073><U0064><U0061><U0079>";/ -+ "<U0054><U0068><U0075><U0072><U0073><U0064><U0061><U0079>";/ -+ "<U0046><U0072><U0069><U0064><U0061><U0079>";/ -+ "<U0053><U0061><U0074><U0075><U0072><U0064><U0061><U0079>" -+ -+% Abbreviated month names (%b) -+abmon "<U004A><U0061><U006E>";"<U0046><U0065><U0062>";/ -+ "<U004D><U0061><U0072>";"<U0041><U0070><U0072>";/ -+ "<U004D><U0061><U0079>";"<U004A><U0075><U006E>";/ -+ "<U004A><U0075><U006C>";"<U0041><U0075><U0067>";/ -+ "<U0053><U0065><U0070>";"<U004F><U0063><U0074>";/ -+ "<U004E><U006F><U0076>";"<U0044><U0065><U0063>" -+ -+% Full month names (%B) -+mon "<U004A><U0061><U006E><U0075><U0061><U0072><U0079>";/ -+ "<U0046><U0065><U0062><U0072><U0075><U0061><U0072><U0079>";/ -+ "<U004D><U0061><U0072><U0063><U0068>";/ -+ "<U0041><U0070><U0072><U0069><U006C>";/ -+ "<U004D><U0061><U0079>";/ -+ "<U004A><U0075><U006E><U0065>";/ -+ "<U004A><U0075><U006C><U0079>";/ -+ "<U0041><U0075><U0067><U0075><U0073><U0074>";/ -+ "<U0053><U0065><U0070><U0074><U0065><U006D><U0062><U0065><U0072>";/ -+ "<U004F><U0063><U0074><U006F><U0062><U0065><U0072>";/ -+ "<U004E><U006F><U0076><U0065><U006D><U0062><U0065><U0072>";/ -+ "<U0044><U0065><U0063><U0065><U006D><U0062><U0065><U0072>" -+ -+% Week description, consists of three fields: -+% 1. Number of days in a week. -+% 2. Gregorian date that is a first weekday (19971130 for Sunday, 19971201 for Monday). -+% 3. The weekday number to be contained in the first week of the year. -+% -+% ISO 8601 conforming applications should use the values 7, 19971201 (a -+% Monday), and 4 (Thursday), respectively. -+week 7;19971201;4 -+first_weekday 1 -+first_workday 1 -+ -+% Appropriate date and time representation (%c) -+% "%a %b %e %H:%M:%S %Y" -+d_t_fmt "<U0025><U0061><U0020><U0025><U0062><U0020><U0025><U0065><U0020><U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U0059>" -+ -+% Appropriate date representation (%x) -+% "%m/%d/%y" -+d_fmt "<U0025><U006D><U002F><U0025><U0064><U002F><U0025><U0079>" -+ -+% Appropriate time representation (%X) -+% "%H:%M:%S" -+t_fmt "<U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053>" -+ -+% Appropriate AM/PM time representation (%r) -+% "%I:%M:%S %p" -+t_fmt_ampm "<U0025><U0049><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U0070>" -+ -+% Equivalent of AM/PM (%p) "AM"/"PM" -+% -+am_pm "<U0041><U004D>";"<U0050><U004D>" -+ -+% Appropriate date representation (date(1)) "%a %b %e %H:%M:%S %Z %Y" -+date_fmt "<U0025><U0061><U0020><U0025><U0062><U0020><U0025><U0065><U0020><U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U005A><U0020><U0025><U0059>" -+END LC_TIME -+ -+LC_MESSAGES -+% This is the POSIX Locale definition for -+% the LC_NUMERIC category. -+% -+yesexpr "<U005E><U005B><U0079><U0059><U005D>" -+noexpr "<U005E><U005B><U006E><U004E><U005D>" -+yesstr "<U0059><U0065><U0073>" -+nostr "<U004E><U006F>" -+END LC_MESSAGES -+ -+LC_PAPER -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_PAPER category. -+% (A4 paper, this is also used in the built in C/POSIX -+% locale in glibc/locale/C-paper.c) -+height 297 -+width 210 -+END LC_PAPER -+ -+LC_NAME -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_NAME category. -+% "%p%t%g%t%m%t%f" -+% (also used in the built in C/POSIX locale in glibc/locale/C-name.c) -+name_fmt "<U0025><U0070><U0025><U0074><U0025><U0067><U0025><U0074>/ -+<U0025><U006D><U0025><U0074><U0025><U0066>" -+END LC_NAME -+ -+LC_ADDRESS -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_ADDRESS category. -+% "%a%N%f%N%d%N%b%N%s %h %e %r%N%C-%z %T%N%c%N" -+% (also used in the built in C/POSIX locale in glibc/locale/C-address.c) -+postal_fmt "<U0025><U0061><U0025><U004E><U0025><U0066><U0025><U004E>/ -+<U0025><U0064><U0025><U004E><U0025><U0062><U0025><U004E><U0025><U0073>/ -+<U0020><U0025><U0068><U0020><U0025><U0065><U0020><U0025><U0072><U0025>/ -+<U004E><U0025><U0043><U002D><U0025><U007A><U0020><U0025><U0054><U0025>/ -+<U004E><U0025><U0063><U0025><U004E>" -+END LC_ADDRESS -+ -+LC_TELEPHONE -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_TELEPHONE category. -+% "+%c %a %l" -+tel_int_fmt "<U002B><U0025><U0063><U0020><U0025><U0061><U0020><U0025>/ -+<U006C>" -+% (also used in the built in C/POSIX locale in glibc/locale/C-telephone.c) -+END LC_TELEPHONE -+ -+LC_MEASUREMENT -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_MEASUREMENT category. -+% (same as in the built in C/POSIX locale in glibc/locale/C-measurement.c) -+%metric -+measurement 1 -+END LC_MEASUREMENT -+ --- -2.4.3 - diff --git a/testing/source/glibc/glibc-cvs-checkout.sh b/testing/source/glibc/glibc-cvs-checkout.sh deleted file mode 100755 index 022d0117b..000000000 --- a/testing/source/glibc/glibc-cvs-checkout.sh +++ /dev/null @@ -1,3 +0,0 @@ -echo "The password below is \"anoncvs\":" -cvs -z 9 -d :pserver:anoncvs@sources.redhat.com:/cvs/glibc login -cvs -z 9 -d :pserver:anoncvs@sources.redhat.com:/cvs/glibc co libc diff --git a/testing/source/glibc/glibc.SlackBuild b/testing/source/glibc/glibc.SlackBuild deleted file mode 100755 index fbe08804c..000000000 --- a/testing/source/glibc/glibc.SlackBuild +++ /dev/null @@ -1,467 +0,0 @@ -#!/bin/bash - -# Copyright 2006, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 Patrick J. Volkerding, Sebeka, MN, USA -# All rights reserved. -# -# Redistribution and use of this script, with or without modification, is -# permitted provided that the following conditions are met: -# -# 1. Redistributions of this script must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO -# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -cd $(dirname $0) ; CWD=$(pwd) - -PKGNAM=glibc -VERSION=${VERSION:-$(echo glibc-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -CHECKOUT=${CHECKOUT:-""} -BUILD=${BUILD:-1} - -# I was considering disabling NSCD, but MoZes talked me out of it. :) -#DISABLE_NSCD=" --disable-nscd " - -# $ARCH may be preset, otherwise i586 compatibility with i686 binary -# structuring is the Slackware default. -if [ -z "$ARCH" ]; then - case "$( uname -m )" in - i?86) export ARCH=i586 ;; - arm*) export ARCH=arm ;; - # Unless $ARCH is already set, use uname -m for all other archs: - *) export ARCH=$( uname -m ) ;; - esac -fi - -# If the variable PRINT_PACKAGE_NAME is set, then this script will report what -# the name of the created package would be, and then exit. This information -# could be useful to other scripts. -if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then - echo "glibc-$VERSION-$ARCH-$BUILD.txz" - echo "glibc-i18n-$VERSION-$ARCH-$BUILD.txz" - echo "glibc-profile-$VERSION-$ARCH-$BUILD.txz" - echo "glibc-solibs-$VERSION-$ARCH-$BUILD.txz" - exit 0 -fi - -NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} - -# Work around -Werror failure with gcc-8.2.0. -# NOTE: Until the next glibc release takes care of this issue, this will -# likely need to be updated with every new gcc release's version. Yes, we -# could pass --disable-werror by default, but I'd rather not just shove a -# stick in it like that. -if [ "$(gcc -dumpversion)" = "8.2.0" ]; then - if [ "$VERSION" = "2.27" ]; then - WERROR="--disable-werror" - fi -fi - -# I'll break this out as an option for fun :-) -case $ARCH in - i386) - OPTIMIZ="-O3 -march=i386 -mcpu=i686" - LIBDIRSUFFIX="" - ;; - i486) - OPTIMIZ="-O3 -march=i486 -mtune=i686" - LIBDIRSUFFIX="" - ;; - i586) - OPTIMIZ="-O3 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" - ;; - i686) - OPTIMIZ="-O3 -march=i686" - LIBDIRSUFFIX="" - ;; - athlon) - OPTIMIZ="-O3 -march=athlon" - LIBDIRSUFFIX="" - ;; - s390) - OPTIMIZ="-O3" - LIBDIRSUFFIX="" - ;; - x86_64) - OPTIMIZ="-O3 -fPIC" - LIBDIRSUFFIX="64" - ;; - *) - OPTIMIZ="-O3" - LIBDIRSUFFIX="" - ;; -esac - -case $ARCH in - x86_64) - TARGET=${TARGET:-x86_64} - ;; - i586) - # This should be i586 for all 32-bit x86 arch: - TARGET=${TARGET:-i586} - ;; -esac - -# Hand off the $ARCH variable to $SLACKWARE_ARCH to avoid confusing glibc: -SLACKWARE_ARCH=$ARCH -unset ARCH - -CVSVER=${VERSION}${CHECKOUT} - -# NOTE!!! glibc needs to be built against the sanitized kernel headers, -# which will be installed under /usr/include by the kernel-headers package. -# Be sure the correct version of the headers package is installed BEFORE -# building glibc! - -TMP=${TMP:-/tmp} -mkdir -p $TMP - -# This function fixes a doinst.sh file for x86_64. -# With thanks to Fred Emmott. -fix_doinst() { - if [ "x$LIBDIRSUFFIX" = "x" ]; then - return; - fi; - # Fix "( cd usr/lib ;" occurrences - sed -i "s#lib ;#lib${LIBDIRSUFFIX} ;#" install/doinst.sh - # Fix "lib/" occurrences - sed -i "s#lib/#lib${LIBDIRSUFFIX}/#g" install/doinst.sh - # Fix "( cd lib" occurrences - sed -i "s#( cd lib\$#( cd lib${LIBDIRSUFFIX}#" install/doinst.sh - - if [ "$SLACKWARE_ARCH" = "x86_64" ]; then - sed -i 's#ld-linux.so.2#ld-linux-x86-64.so.2#' install/doinst.sh - fi -} - -# This is a patch function to put all glibc patches in the build script -# up near the top. -apply_patches() { - # Use old-style locale directories rather than a single (and strangely - # formatted) /usr/lib/locale/locale-archive file: - zcat $CWD/glibc.locale.no-archive.diff.gz | patch -p1 --verbose || exit 1 - # Support ru_RU.CP1251 locale: - zcat $CWD/glibc.ru_RU.CP1251.diff.gz | patch -p1 --verbose || exit 1 - # Add a C.UTF-8 locale: - zcat $CWD/glibc-c-utf8-locale.patch.gz | patch -p1 --verbose || exit 1 - # Don't use AM/PM format for date(1). That's just plain crazy. - zcat $CWD/glibc-2.29.en_US.no.am.pm.date.format.diff.gz | patch -p1 --verbose || exit 1 - # Other regression fixes from git: - for git_patch in $CWD/patches/*.patch.gz ; do - zcat $git_patch | patch -p1 --verbose || exit 1 - done -} - -# This is going to be the initial $DESTDIR: -export PKG=$TMP/package-glibc-incoming-tree -PGLIBC=$TMP/package-glibc -PSOLIBS=$TMP/package-glibc-solibs -PI18N=$TMP/package-glibc-i18n -PPROFILE=$TMP/package-glibc-profile -PDEBUG=$TMP/package-glibc-debug - -# Empty these locations first: -for dir in $PKG $PGLIBC $PSOLIBS $PZONE $PI18N $PPROFILE $PDEBUG ; do - if [ -d $dir ]; then - rm -rf $dir - fi - mkdir -p $dir -done -if [ -d $TMP/glibc-$VERSION ]; then - rm -rf $TMP/glibc-$VERSION -fi - -# Create an incoming directory structure for glibc to be built into: -mkdir -p $PKG/lib${LIBDIRSUFFIX} -mkdir -p $PKG/sbin -mkdir -p $PKG/usr/bin -mkdir -p $PKG/usr/lib${LIBDIRSUFFIX} -mkdir -p $PKG/usr/sbin -mkdir -p $PKG/usr/include -mkdir -p $PKG/usr/doc -mkdir -p $PKG/usr/man -mkdir -p $PKG/usr/share -mkdir -p $PKG/var/db/nscd -mkdir -p $PKG/var/run/nscd - -# Begin extract/compile: -cd $TMP -rm -rf glibc-$CVSVER -tar xvf $CWD/glibc-$CVSVER.tar.xz \ - || tar xvf $CWD/glibc-$CVSVER.tar.lz \ - || tar xvf $CWD/glibc-$CVSVER.tar.bz2 \ - || tar xvf $CWD/glibc-$CVSVER.tar.gz -cd glibc-$CVSVER - -# Apply patches; exit if any fail. -apply_patches -if [ ! $? = 0 ]; then - exit 1 -fi - -# Clean up leftover CVS directories: -find . -type d -name CVS -exec rm -r {} \+ 2> /dev/null - -chown -R root:root . -find . \ - \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ - -exec chmod 755 {} \+ -o \ - \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ - -exec chmod 644 {} \+ - -# Make build directory: -mkdir build-glibc-$VERSION -cd build-glibc-$VERSION || exit 1 - -echo "BUILDING DAS NPTL GLIBC" -CFLAGS="-g $OPTIMIZ" \ -../configure \ - --prefix=/usr \ - --libdir=/usr/lib${LIBDIRSUFFIX} \ - --enable-kernel=2.6.32 \ - --with-headers=/usr/include \ - --enable-add-ons \ - --enable-obsolete-nsl \ - --enable-obsolete-rpc \ - --enable-profile \ - $DISABLE_NSCD \ - $WERROR \ - --infodir=/usr/info \ - --mandir=/usr/man \ - --with-tls \ - --with-__thread \ - --without-cvs \ - $TARGET-slackware-linux - -make $NUMJOBS || exit 1 -make $NUMJOBS install install_root=$PKG || exit 1 -# Don't use this, as it makes the i18n package WAY bigger: -#make localedata/install-locale-files DESTDIR=$PKG || exit 1 -# This is ugly run in parallel, and seems to hang at the end. But it actually -# completes much faster. :) -make $NUMJOBS localedata/install-locales install_root=$PKG DESTDIR=$PKG || exit 1 - -# We've always had an sln symlink in /bin, so let's make sure it -# remains there so as not to break any scripts that might need it: -mkdir -p $PKG/bin -( cd $PKG/bin ; ln -sf /sbin/sln sln ) - -# This bit was mostly copped from Fedora Rawhide's .spec file. I'm not -# entirely sure how important it is, since I'm not aware of anything -# we ship trying to link libpthread as static. What it does is make sure -# that anything linking libpthread static includes all of the functions -# so that the resulting binary doesn't rely on parts of the library that -# were not linked in. Optimizing actually working over binary size, so -# to speak. -( cd $PKG/usr/lib${LIBDIRSUFFIX} - gcc -r -nostdlib -o libpthread.o -Wl,--whole-archive ./libpthread.a - rm libpthread.a - ar rcs libpthread.a libpthread.o - rm libpthread.o -) - -# The prevailing standard seems to be putting unstripped libraries in -# /usr/lib/debug/ and stripping the debugging symbols from all the other -# libraries. -mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/debug -cp -a $PKG/lib${LIBDIRSUFFIX}/l*.so* $PKG/usr/lib${LIBDIRSUFFIX}/debug -cp -a $PKG/usr/lib${LIBDIRSUFFIX}/*.a $PKG/usr/lib${LIBDIRSUFFIX}/debug -# Don't need debug+profile: -( cd $PKG/usr/lib${LIBDIRSUFFIX}/debug ; rm -f *_p.* ) -# NOTE: Is there really a reason for the glibc-debug package? -# If you're debugging glibc, you can also compile it, right? - -## COMMENTED OUT: There's no reason for profile libs to include -g information. -## Put back unstripped profiling libraries: -#mv $PKG/usr/lib${LIBDIRSUFFIX}/debug/*_p.a $PKG/usr/lib${LIBDIRSUFFIX} -# It might be best to put the unstripped and profiling libraries in glibc-debug and glibc-profile. - -# I don't think "strip -g" causes the pthread problems. It's --strip-unneeded that does. -strip -g $PKG/lib${LIBDIRSUFFIX}/l*.so* -strip -g $PKG/usr/lib${LIBDIRSUFFIX}/l*.so* -strip -g $PKG/usr/lib${LIBDIRSUFFIX}/lib*.a - -# Remove the rquota.x and rquota.h include files, as they are provided by -# the quota package: -rm -f $PKG/usr/include/rpcsvc/rquota.{h,x} - -# Back to the sources dir to add some files/docs: -cd $TMP/glibc-$CVSVER - -# We'll automatically install the config file for the Name Server Cache Daemon. -# Perhaps this should also have some commented-out startup code in rc.inet2... -mkdir -p $PKG/etc -cat nscd/nscd.conf > $PKG/etc/nscd.conf.new - -# Install docs: -( mkdir -p $PKG/usr/doc/glibc-$VERSION - cp -a \ - BUGS CONFORMANCE COPYING* FAQ INSTALL LICENSES NAMESPACE \ - NEWS NOTES PROJECTS README* \ - $PKG/usr/doc/glibc-$VERSION -) - -# Trim the NEWS file to omit ancient history: -if [ -r NEWS ]; then - DOCSDIR=$(echo $PKG/usr/doc/glibc-$VERSION) - cat NEWS | head -n 1000 > $DOCSDIR/NEWS - touch -r NEWS $DOCSDIR/NEWS -fi - -# OK, there are some very old Linux standards that say that any binaries in a /bin or -# /sbin directory (and the directories themselves) should be group bin rather than -# group root, unless a specific group is really needed for some reason. -# -# I can't find any mention of this in more recent standards docs, and always thought -# that it was pretty cosmetic anyway (hey, if there's a reason -- fill me in!), so -# it's possible that this ownership change won't be followed in the near future -# (it's a PITA, and causes many bug reports when the perms change is occasionally -# forgotten). -# -# But, it's hard to get me to break old habits, so we'll continue the tradition here: -# -# No, no we won't. You know how we love to break traditions. - -# Strip most binaries: -( cd $PKG - find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-debug 2> /dev/null - find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip -g 2> /dev/null -) - -# Fix info dir: -rm $PKG/usr/info/dir -gzip -9 $PKG/usr/info/* - -# This is junk -rm $PKG/etc/ld.so.cache -( cd $PKG - find . -name "*.orig" -exec rm {} \+ -) - -################################## -# OK, time to make some packages # -################################## - -# glibc-profile: -cd $PPROFILE -mkdir -p usr/lib${LIBDIRSUFFIX} -# Might as well just grab these with 'mv' to simplify things later: -mv $PKG/usr/lib${LIBDIRSUFFIX}/lib*_p.a usr/lib${LIBDIRSUFFIX} -# Profile libs should be stripped. Use the debug libs to debug... -( cd usr/lib${LIBDIRSUFFIX} ; strip -g *.a ) -mkdir install -cp -a $CWD/slack-desc.glibc-profile install/slack-desc -makepkg -l y -c n $TMP/glibc-profile-$VERSION-$SLACKWARE_ARCH-$BUILD.txz - -# THIS IS NO LONGER PACKAGED (or is it? might be better to let it be made, and then ship it or not...) -# glibc-debug: -cd $PDEBUG -mkdir -p usr/lib${LIBDIRSUFFIX} -# Might as well just grab these with 'mv' to simplify things later: -mv $PKG/usr/lib${LIBDIRSUFFIX}/debug usr/lib${LIBDIRSUFFIX} -mkdir install -cp -a $CWD/slack-desc.glibc-debug install/slack-desc -## Don't package this: -#makepkg -l y -c n $TMP/glibc-debug-$VERSION-$SLACKWARE_ARCH-$BUILD.txz -## INSTEAD, NUKE THESE LIBS -#rm -rf $PKG/usr/lib${LIBDIRSUFFIX}/debug - -# glibc-i18n: -cd $PI18N -mkdir -p usr/lib${LIBDIRSUFFIX}/locale -mv $PKG/usr/lib${LIBDIRSUFFIX}/locale/* usr/lib${LIBDIRSUFFIX}/locale -mkdir -p usr/share/{i18n,locale} -mv $PKG/usr/share/i18n/* usr/share/i18n -mv $PKG/usr/share/locale/* usr/share/locale -# Leave copies of the C, POSIX, and en_US locales in the main glibc package: -cp -a usr/lib${LIBDIRSUFFIX}/locale/{C,en_US}* $PKG/usr/lib${LIBDIRSUFFIX}/locale -mkdir -p $PKG/usr/share/i18n/locales -cp -a usr/share/i18n/locales/{C,POSIX,en_US} $PKG/usr/share/i18n/locales -mkdir install -cp -a $CWD/slack-desc.glibc-i18n install/slack-desc -makepkg -l y -c n $TMP/glibc-i18n-$VERSION-$SLACKWARE_ARCH-$BUILD.txz - -# glibc-solibs: -cd $PSOLIBS -mkdir -p etc/profile.d -cp -a $CWD/profile.d/* etc/profile.d -chown -R root:root etc -chmod 755 etc/profile.d/* -mkdir -p lib${LIBDIRSUFFIX} -cp -a $PKG/lib${LIBDIRSUFFIX}/* lib${LIBDIRSUFFIX} -( cd lib${LIBDIRSUFFIX} - mkdir incoming - mv *so* incoming - mv incoming/libSegFault.so . -) -mkdir -p usr -cp -a $PKG/usr/bin usr -mv usr/bin/ldd . -rm usr/bin/* -mv ldd usr/bin -mkdir -p usr/lib${LIBDIRSUFFIX} -# The gconv directory has a lot of stuff, but including it here will save some problems. -# Seems standard elsewhere. -cp -a $PKG/usr/lib${LIBDIRSUFFIX}/gconv usr/lib${LIBDIRSUFFIX} -mkdir -p usr/libexec -cp -a $PKG/usr/libexec/pt_chown usr/libexec -# Same usr.bin deal: -cp -a $PKG/sbin . -mv sbin/ldconfig . -rm sbin/* -mv ldconfig sbin -mkdir install -cp -a $CWD/slack-desc.glibc-solibs install/slack-desc -cp -a $CWD/doinst.sh-glibc-solibs install/doinst.sh -# Fix specific versioning for the symlink creation script. This part of the -# script would only be used in the case where there is no ldconfig on the -# running system that's used to install the package. That should never be the -# case, but we'll leave the code in place anyway just in case. -sed -i "s/@@VERSION@@/$VERSION/g" install/doinst.sh -# Call the function to fix doinst.sh where $LIBDIRSUFFIX is needed: -fix_doinst -# Only scrub the links in /lib{,64} that will be created by ldconfig: -find lib${LIBDIRSUFFIX} -type l -exec rm {} \+ -# Build the package: -makepkg -l y -c n $TMP/glibc-solibs-$VERSION-$SLACKWARE_ARCH-$BUILD.txz - -# And finally, the complete "all-in-one" glibc package is created -# from whatever was leftover: -cd $PGLIBC -mv $PKG/* . -mkdir -p etc/profile.d -cp -a $CWD/profile.d/* etc/profile.d -chown -R root:root etc -chmod 755 etc/profile.d/* -# Only scrub the links in /lib{,64} that will be created by ldconfig: -find lib${LIBDIRSUFFIX} -type l -exec rm {} \+ -mkdir install -cp -a $CWD/slack-desc.glibc install/slack-desc -cp -a $CWD/doinst.sh-glibc install/doinst.sh -# Fix specific versioning for the symlink creation script. This part of the -# script would only be used in the case where there is no ldconfig on the -# running system that's used to install the package. That should never be the -# case, but we'll leave the code in place anyway just in case. -sed -i "s/@@VERSION@@/$VERSION/g" install/doinst.sh -# Call the function to fix doinst.sh where $LIBDIRSUFFIX is needed: -fix_doinst -( cd lib${LIBDIRSUFFIX} - mkdir incoming - mv *so* incoming - mv incoming/libSegFault.so . -) -# Build the package: -/sbin/makepkg -l y -c n $TMP/glibc-$VERSION-$SLACKWARE_ARCH-$BUILD.txz - -# Done! -echo -echo "glibc packages built in $TMP!" diff --git a/testing/source/glibc/glibc.locale.no-archive.diff b/testing/source/glibc/glibc.locale.no-archive.diff deleted file mode 100644 index 173bafc72..000000000 --- a/testing/source/glibc/glibc.locale.no-archive.diff +++ /dev/null @@ -1,10 +0,0 @@ ---- ./localedata/Makefile.orig 2019-02-16 14:05:01.794154302 -0600 -+++ ./localedata/Makefile 2019-02-16 14:06:25.744146460 -0600 -@@ -413,6 +413,7 @@ - echo -n '...'; \ - input=`echo $$locale | sed 's/\([^.]*\)[^@]*\(.*\)/\1\2/'`; \ - $(LOCALEDEF) $$flags --alias-file=../intl/locale.alias \ -+ --no-archive \ - -i locales/$$input -f charmaps/$$charset \ - $(addprefix --prefix=,$(install_root)) $$locale \ - && echo ' done'; diff --git a/testing/source/glibc/glibc.ru_RU.CP1251.diff b/testing/source/glibc/glibc.ru_RU.CP1251.diff deleted file mode 100644 index 376cf76a7..000000000 --- a/testing/source/glibc/glibc.ru_RU.CP1251.diff +++ /dev/null @@ -1,10 +0,0 @@ ---- ./localedata/SUPPORTED.orig 2005-07-17 20:50:35.000000000 -0500 -+++ ./localedata/SUPPORTED 2006-08-22 01:33:09.000000000 -0500 -@@ -270,6 +270,7 @@ - ro_RO/ISO-8859-2 \ - ru_RU.KOI8-R/KOI8-R \ - ru_RU.UTF-8/UTF-8 \ -+ru_RU.CP1251/CP1251 \ - ru_RU/ISO-8859-5 \ - ru_UA.UTF-8/UTF-8 \ - ru_UA/KOI8-U \ diff --git a/testing/source/glibc/profile.d/glibc.csh.new b/testing/source/glibc/profile.d/glibc.csh.new deleted file mode 100755 index 1f33e9663..000000000 --- a/testing/source/glibc/profile.d/glibc.csh.new +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/csh -# Set more relaxed (glibc-2.3.5 like) malloc() checking. -# -# This relaxes the default paranoia level so that it reports -# bugs, but does not kill the questionable process. You can -# get away with running broken programs with this setting, -# but at a possible performance and security cost. -# -#setenv MALLOC_CHECK_ 1 diff --git a/testing/source/glibc/profile.d/glibc.sh.new b/testing/source/glibc/profile.d/glibc.sh.new deleted file mode 100755 index 979f4879e..000000000 --- a/testing/source/glibc/profile.d/glibc.sh.new +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -# Set more relaxed (glibc-2.3.5 like) malloc() checking. -# -# This relaxes the default paranoia level so that it reports -# bugs, but does not kill the questionable process. You can -# get away with running broken programs with this setting, -# but at a possible performance and security cost. -#export MALLOC_CHECK_=1 diff --git a/testing/source/glibc/slack-desc.glibc b/testing/source/glibc/slack-desc.glibc deleted file mode 100644 index 63992d6b4..000000000 --- a/testing/source/glibc/slack-desc.glibc +++ /dev/null @@ -1,19 +0,0 @@ -# HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line -# up the first '|' above the ':' following the base package name, and the '|' on -# the right side marks the last column you can put a character in. You must make -# exactly 11 lines for the formatting to be correct. It's also customary to -# leave one space after the ':'. - - |-----handy-ruler------------------------------------------------------| -glibc: glibc (GNU C libraries) -glibc: -glibc: This package contains the GNU C libraries and header files. You'll -glibc: need this package to compile programs. -glibc: -glibc: The GNU C library was originally authored by Roland McGrath. -glibc: -glibc: Homepage: https://www.gnu.org/software/libc/ -glibc: -glibc: -glibc: diff --git a/testing/source/glibc/slack-desc.glibc-debug b/testing/source/glibc/slack-desc.glibc-debug deleted file mode 100644 index 8cb64d59a..000000000 --- a/testing/source/glibc/slack-desc.glibc-debug +++ /dev/null @@ -1,19 +0,0 @@ -# HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line -# up the first '|' above the ':' following the base package name, and the '|' on -# the right side marks the last column you can put a character in. You must make -# exactly 11 lines for the formatting to be correct. It's also customary to -# leave one space after the ':'. - - |-----handy-ruler------------------------------------------------------| -glibc-debug: glibc-debug (GNU C libraries with debugging symbols) -glibc-debug: -glibc-debug: This package contains versions of the GNU C libraries with debugging -glibc-debug: information. These are needed only if you wish to be able to step -glibc-debug: through C library routines while debugging programs. Most debugging -glibc-debug: efforts will not require these. -glibc-debug: To use these libraries, set LD_LIBRARY_PATH when calling the debugger: -glibc-debug: LD_LIBRARY_PATH=/usr/lib/debug gdb <executable> -glibc-debug: -glibc-debug: Or, use this approach if you need to debug a setuid binary: -glibc-debug: su user -c "LD_LIBRARY_PATH=/usr/lib/debug gdb <executable>" diff --git a/testing/source/glibc/slack-desc.glibc-i18n b/testing/source/glibc/slack-desc.glibc-i18n deleted file mode 100644 index a697bc3db..000000000 --- a/testing/source/glibc/slack-desc.glibc-i18n +++ /dev/null @@ -1,19 +0,0 @@ -# HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line -# up the first '|' above the ':' following the base package name, and the '|' on -# the right side marks the last column you can put a character in. You must make -# exactly 11 lines for the formatting to be correct. It's also customary to -# leave one space after the ':'. - - |-----handy-ruler------------------------------------------------------| -glibc-i18n: glibc-i18n (locale files from glibc) -glibc-i18n: -glibc-i18n: These files go in /usr/lib/locale, /usr/share/i18n/, and -glibc-i18n: /usr/share/locale/ to provide internationalization support. -glibc-i18n: You'll need this package unless you will be using US English only. -glibc-i18n: -glibc-i18n: -glibc-i18n: -glibc-i18n: -glibc-i18n: -glibc-i18n: diff --git a/testing/source/glibc/slack-desc.glibc-profile b/testing/source/glibc/slack-desc.glibc-profile deleted file mode 100644 index 4b4100e08..000000000 --- a/testing/source/glibc/slack-desc.glibc-profile +++ /dev/null @@ -1,19 +0,0 @@ -# HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line -# up the first '|' above the ':' following the base package name, and the '|' on -# the right side marks the last column you can put a character in. You must make -# exactly 11 lines for the formatting to be correct. It's also customary to -# leave one space after the ':'. - - |-----handy-ruler------------------------------------------------------| -glibc-profile: glibc-profile (GNU C libraries with profiling support) -glibc-profile: -glibc-profile: This package contains static versions of the GNU C libraries with -glibc-profile: support for profiling binaries using gprof. gprof calculates how -glibc-profile: much time a program spends in each routine which can suggest where -glibc-profile: to concentrate efforts to improve performance. -glibc-profile: -glibc-profile: See the gprof man page for more details. -glibc-profile: -glibc-profile: -glibc-profile: diff --git a/testing/source/glibc/slack-desc.glibc-solibs b/testing/source/glibc/slack-desc.glibc-solibs deleted file mode 100644 index a538452f7..000000000 --- a/testing/source/glibc/slack-desc.glibc-solibs +++ /dev/null @@ -1,19 +0,0 @@ -# HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line -# up the first '|' above the ':' following the base package name, and the '|' on -# the right side marks the last column you can put a character in. You must make -# exactly 11 lines for the formatting to be correct. It's also customary to -# leave one space after the ':'. - - |-----handy-ruler------------------------------------------------------| -glibc-solibs: glibc-solibs (shared GNU C libraries) -glibc-solibs: -glibc-solibs: This package contains the shared libraries, binaries, and support -glibc-solibs: files required to run most Linux applications linked with glibc. -glibc-solibs: -glibc-solibs: -glibc-solibs: -glibc-solibs: -glibc-solibs: -glibc-solibs: -glibc-solibs: |