This is a patch for linux-pam, at compile on the Hurd system searches
the file fsuid.h. The patch was taken from the Debian project.
* This patch is prerequisite for lsh/openssh packages.
* The patch was build and installed on Linux and the Hurd systems.
Thanks
From c7ddf09a79ad33d69b5ac8080b6131763e836ae5 Mon Sep 17 00:00:00 2001
From: Rene Saavedra <ren...@openmailbox.org>
Date: Fri, 26 Aug 2016 23:19:14 -0500
Subject: [PATCH] gnu: Add linux-pam.
* gnu/packages/linux.scm (linux-pam): Use it.
* gnu/packages/patches/linux-pam-no-setfsuid.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
---
gnu/local.mk | 2 +
gnu/packages/linux.scm | 6 +-
gnu/packages/patches/linux-pam-no-setfsuid.patch | 79 ++++++++++++++++++++++++
3 files changed, 86 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/linux-pam-no-setfsuid.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index b8c5378..391aa8a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -5,6 +5,7 @@
# Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <m...@netris.org>
# Copyright © 2016 Chris Marusich <cmmarus...@gmail.com>
# Copyright © 2016 Kei Kebreau <k...@openmailbox.org>
+# Copyright © 2016 Rene Saavedra <ren...@openmailbox.org>
#
# This file is part of GNU Guix.
#
@@ -644,6 +645,7 @@ dist_patch_DATA = \
%D%/packages/patches/libwmf-CVE-2015-4695.patch \
%D%/packages/patches/libwmf-CVE-2015-4696.patch \
%D%/packages/patches/libxslt-generated-ids.patch \
+ %D%/packages/patches/linux-pam-no-setfsuid.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/lm-sensors-hwmon-attrs.patch \
%D%/packages/patches/lua-CVE-2014-5461.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 1fd792d..8d7ff4c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -14,6 +14,7 @@
;;; Copyright © 2016 Nicolas Goaziou <m...@nicolasgoaziou.fr>
;;; Copyright © 2016 Ricardo Wurmus <rek...@elephly.net>
;;; Copyright © 2016 David Craven <da...@craven.ch>
+;;; Copyright © 2016 Rene Saavedra <ren...@openmailbox.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -390,7 +391,10 @@ It has been modified to remove all non-free binary blobs.")
version ".tar.bz2")))
(sha256
(base32
- "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))))
+ "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))
+ ;; On the Hurd system in the 'build' phase seeks fsuid.h file.
+ (patches (search-patches
+ "linux-pam-no-setfsuid.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("flex" ,flex)
diff --git a/gnu/packages/patches/linux-pam-no-setfsuid.patch b/gnu/packages/patches/linux-pam-no-setfsuid.patch
new file mode 100644
index 0000000..7940c5a
--- /dev/null
+++ b/gnu/packages/patches/linux-pam-no-setfsuid.patch
@@ -0,0 +1,79 @@
+The patch originates from the Debian project for the Hurd system.
+
+On systems without setfsuid(), use setreuid() instead.
+
+Authors: Steve Langasek <vor...@debian.org>
+
+Upstream status: to be forwarded, now that pam_modutil_{drop,regain}_priv
+ are implemented
+
+Index: pam.debian/libpam/pam_modutil_priv.c
+===================================================================
+--- pam.debian.orig/libpam/pam_modutil_priv.c
++++ pam.debian/libpam/pam_modutil_priv.c
+@@ -14,7 +14,9 @@
+ #include <syslog.h>
+ #include <pwd.h>
+ #include <grp.h>
++#ifdef HAVE_SYS_FSUID_H
+ #include <sys/fsuid.h>
++#endif /* HAVE_SYS_FSUID_H */
+
+ /*
+ * Two setfsuid() calls in a row are necessary to check
+@@ -22,17 +24,55 @@
+ */
+ static int change_uid(uid_t uid, uid_t *save)
+ {
++#ifdef HAVE_SYS_FSUID_H
+ uid_t tmp = setfsuid(uid);
+ if (save)
+ *save = tmp;
+ return (uid_t) setfsuid(uid) == uid ? 0 : -1;
++#else
++ uid_t euid = geteuid();
++ uid_t ruid = getuid();
++ if (save)
++ *save = ruid;
++ if (ruid == uid && uid != 0)
++ if (setreuid(euid, uid))
++ return -1;
++ else {
++ setreuid(0, -1);
++ if (setreuid(-1, uid)) {
++ setreuid(-1, 0);
++ setreuid(0, -1);
++ if (setreuid(-1, uid))
++ return -1;
++ }
++ }
++#endif
+ }
+ static int change_gid(gid_t gid, gid_t *save)
+ {
++#ifdef HAVE_SYS_FSUID_H
+ gid_t tmp = setfsgid(gid);
+ if (save)
+ *save = tmp;
+ return (gid_t) setfsgid(gid) == gid ? 0 : -1;
++#else
++ gid_t egid = getegid();
++ gid_t rgid = getgid();
++ if (save)
++ *save = rgid;
++ if (rgid == gid)
++ if (setregid(egid, gid))
++ return -1;
++ else {
++ setregid(0, -1);
++ if (setregid(-1, gid)) {
++ setregid(-1, 0);
++ setregid(0, -1);
++ if (setregid(-1, gid))
++ return -1;
++ }
++ }
++#endif
+ }
+
+ static int cleanup(struct pam_modutil_privs *p)
--
2.6.3
