libpam: bump to 1.2.0

- Add configure options --disable-nis, --disable-regenerate-docu - 000-OE-libpam-xtests.patch is not relevant in OpenWrt - 001-no_nis.patch was dropped because we now --disable-nis - 002-no_yywrap.patch was dropped be cause it was fixed in 1.2.0 - 003-no_doc was dropped because we ignore doc/ with --disable-regenreate-docu - 004-fix_lib64 was replaced by new 0001-build-use-host_cpu... - pam_rhosts will not be built with musl because ruserok{,_af{ are not available - pam_lastlog will not be built with musl because logwtmp is missing Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
10 years ago · 9f35f2a9e5
--- a/libs/libpam/Makefile
+++ b/libs/libpam/Makefile
@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=libpam
 PKG_VERSION:=1.1.8
 PKG_RELEASE:=5
 PKG_VERSION:=1.2.0
 PKG_RELEASE:=1

 PKG_SOURCE:=Linux-PAM-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://www.linux-pam.org/library/
@ -45,6 +45,8 @@ define Build/Configure
 		--disable-selinux \
 		--disable-nls \
 		--disable-rpath \
 		--disable-nis \
 		--disable-regenerate-docu \
 		--enable-db=no \
 	)
 endef
--- a/libs/libpam/patches/000-OE-libpam-xtests.patch
+++ b/libs/libpam/patches/000-OE-libpam-xtests.patch
@ -1,35 +0,0 @@
 This patch is used to create a new sub package libpam-xtests to do more checks.

 Upstream-Status: Pending

 Signed-off-by: Kang Kai <kai.kang@windriver.com>
 --- a/xtests/Makefile.am
 +++ b/xtests/Makefile.am
@@ -7,7 +7,7 @@ AM_CFLAGS = -DLIBPAM_COMPILE -I$(top_src
 LDADD = $(top_builddir)/libpam/libpam.la \
 	$(top_builddir)/libpam_misc/libpam_misc.la
 
 -CLEANFILES = *~ $(XTESTS)
 +CLEANFILES = *~
 
 EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
 	tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \
@@ -51,3 +51,18 @@ EXTRA_PROGRAMS = $(XTESTS)
 
 xtests: $(XTESTS) run-xtests.sh
 	"$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} ${NOSRCTESTS}
 +
 +all: $(XTESTS)
 +
 +install: install_xtests
 +
 +install_xtests:
 +	$(INSTALL) -d $(DESTDIR)$(pkgdatadir)/xtests
 +	for file in $(EXTRA_DIST) ; do \
 +		$(INSTALL) $$file $(DESTDIR)$(pkgdatadir)/xtests ; \
 +	done
 +	for file in $(XTESTS); do \
 +		$(INSTALL) .libs/$$file $(DESTDIR)$(pkgdatadir)/xtests ; \
 +	done
 +
 +.PHONY: all install_xtests
--- a/libs/libpam/patches/0001-build-use-host_cpu-for-lib64-directory-handling.patch
+++ b/libs/libpam/patches/0001-build-use-host_cpu-for-lib64-directory-handling.patch
@ -0,0 +1,28 @@
 From ee916fd0ec70eb37a97da29f6ec0c26bef7cf6f2 Mon Sep 17 00:00:00 2001
 From: Yousong Zhou <yszhou4tech@gmail.com>
 Date: Wed, 17 Jun 2015 16:11:31 +0800
 Subject: [PATCH 1/7] build: use $host_cpu for lib64 directory handling.

 * configure.ac: use $host_cpu for lib64 directory handling.

 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 ---
 configure.ac |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/configure.ac b/configure.ac
 index fd0e310..1bc2591 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -27,7 +27,7 @@ dnl If we use /usr as prefix, use /etc for config files
         fi
 	if test ${libdir} = '${exec_prefix}/lib'
 	then
 -		case "`uname -m`" in
 +		case "$host_cpu" in
 		    x86_64|ppc64|s390x|sparc64)
 			libdir="/lib64" ;;
 		    *)
 -- 
 1.7.10.4

--- a/libs/libpam/patches/0002-build-ignore-pam_rhosts-if-neither-ruserok-nor-ruser.patch
+++ b/libs/libpam/patches/0002-build-ignore-pam_rhosts-if-neither-ruserok-nor-ruser.patch
@ -0,0 +1,77 @@
 From e985c1ef2c739a597b2d7a2efc3c310c02e40c1f Mon Sep 17 00:00:00 2001
 From: Yousong Zhou <yszhou4tech@gmail.com>
 Date: Wed, 17 Jun 2015 18:19:23 +0800
 Subject: [PATCH 2/7] build: ignore pam_rhosts if neither ruserok nor
 ruserok_af is available.

 * configure.ac: check for ruserok and ruserok_af
 * modules/Makefile.am: ignore pam_rhosts/ if it's disabled
 * modules/pam_rhosts/pam_rhosts.c: include stdlib.h for malloc and free

 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 ---
 configure.ac                    |    5 ++++-
 modules/Makefile.am             |   11 ++++++++---
 modules/pam_rhosts/pam_rhosts.c |    1 +
 3 files changed, 13 insertions(+), 4 deletions(-)

 diff --git a/configure.ac b/configure.ac
 index 1bc2591..3c4d8bb 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -542,7 +542,10 @@ AC_CHECK_FUNCS(fseeko getdomainname gethostname gettimeofday lckpwdf mkdir selec
 AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
 AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
 AC_CHECK_FUNCS(getgrouplist getline getdelim)
 -AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af)
 +AC_CHECK_FUNCS(inet_ntop inet_pton innetgr)
 +AC_CHECK_FUNCS([ruserok_af ruserok], [break])
 +
 +AM_CONDITIONAL([COND_BUILD_PAM_RHOSTS], [test "$ac_cv_func_ruserok_af" = yes -o "$ac_cv_func_ruserok" = yes])
 
 AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
 AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
 diff --git a/modules/Makefile.am b/modules/Makefile.am
 index 0c80cea..9ad26a9 100644
 --- a/modules/Makefile.am
 +++ b/modules/Makefile.am
@@ -2,16 +2,21 @@
 # Copyright (c) 2005, 2006, 2008 Thorsten Kukuk <kukuk@thkukuk.de>
 #
 
 -SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
 +if COND_BUILD_PAM_RHOSTS
 +	MAYBE_PAM_RHOSTS = pam_rhosts
 +endif
 +
 +SUBDIRS := pam_access pam_cracklib pam_debug pam_deny pam_echo \
 	pam_env pam_exec pam_faildelay pam_filter pam_ftp \
 	pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
 	pam_listfile pam_localuser pam_loginuid pam_mail \
 	pam_mkhomedir pam_motd pam_namespace pam_nologin \
 -	pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
 +	pam_permit pam_pwhistory pam_rootok pam_securetty \
 	pam_selinux pam_sepermit pam_shells pam_stress \
 	pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
 	pam_tty_audit pam_umask \
 -	pam_unix pam_userdb pam_warn pam_wheel pam_xauth
 +	pam_unix pam_userdb pam_warn pam_wheel pam_xauth \
 +	$(MAYBE_PAM_RHOSTS)
 
 CLEANFILES = *~
 
 diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c
 index bc9e76f..51ef13e 100644
 --- a/modules/pam_rhosts/pam_rhosts.c
 +++ b/modules/pam_rhosts/pam_rhosts.c
@@ -35,6 +35,7 @@
 #include <pwd.h>
 #include <netdb.h>
 #include <string.h>
 +#include <stdlib.h>
 #include <syslog.h>
 
 #define PAM_SM_AUTH  /* only defines this management group */
 -- 
 1.7.10.4

--- a/libs/libpam/patches/0003-build-ignore-pam_lastlog-when-logwtmp-is-not-availab.patch
+++ b/libs/libpam/patches/0003-build-ignore-pam_lastlog-when-logwtmp-is-not-availab.patch
@ -0,0 +1,60 @@
 From 173164996ca7daf3fa705f2a0bb2991b0d5d2083 Mon Sep 17 00:00:00 2001
 From: Yousong Zhou <yszhou4tech@gmail.com>
 Date: Wed, 17 Jun 2015 21:18:05 +0800
 Subject: [PATCH 3/7] build: ignore pam_lastlog when logwtmp is not available.

 * configure.ac: check logwtmp and set COND_BUILD_PAM_LASTLOG
 * modules/pam_lastlog/Makefile.am: check COND_BUILD_PAM_LASTLOG

 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 ---
 configure.ac        |    2 ++
 modules/Makefile.am |    8 ++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

 diff --git a/configure.ac b/configure.ac
 index 3c4d8bb..8de6edf 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -544,8 +544,10 @@ AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r
 AC_CHECK_FUNCS(getgrouplist getline getdelim)
 AC_CHECK_FUNCS(inet_ntop inet_pton innetgr)
 AC_CHECK_FUNCS([ruserok_af ruserok], [break])
 +AC_CHECK_FUNCS([logwtmp])
 
 AM_CONDITIONAL([COND_BUILD_PAM_RHOSTS], [test "$ac_cv_func_ruserok_af" = yes -o "$ac_cv_func_ruserok" = yes])
 +AM_CONDITIONAL([COND_BUILD_PAM_LASTLOG], [test "$ac_cv_func_logwtmp" = yes])
 
 AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
 AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
 diff --git a/modules/Makefile.am b/modules/Makefile.am
 index 9ad26a9..b98dc5c 100644
 --- a/modules/Makefile.am
 +++ b/modules/Makefile.am
@@ -6,9 +6,13 @@ if COND_BUILD_PAM_RHOSTS
 	MAYBE_PAM_RHOSTS = pam_rhosts
 endif
 
 +if COND_BUILD_PAM_LASTLOG
 +	MAYBE_PAM_LASTLOG = pam_lastlog
 +endif
 +
 SUBDIRS := pam_access pam_cracklib pam_debug pam_deny pam_echo \
 	pam_env pam_exec pam_faildelay pam_filter pam_ftp \
 -	pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
 +	pam_group pam_issue pam_keyinit pam_limits \
 	pam_listfile pam_localuser pam_loginuid pam_mail \
 	pam_mkhomedir pam_motd pam_namespace pam_nologin \
 	pam_permit pam_pwhistory pam_rootok pam_securetty \
@@ -16,7 +20,7 @@ SUBDIRS := pam_access pam_cracklib pam_debug pam_deny pam_echo \
 	pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
 	pam_tty_audit pam_umask \
 	pam_unix pam_userdb pam_warn pam_wheel pam_xauth \
 -	$(MAYBE_PAM_RHOSTS)
 +	$(MAYBE_PAM_RHOSTS) $(MAYBE_PAM_LASTLOG)
 
 CLEANFILES = *~
 
 -- 
 1.7.10.4

--- a/libs/libpam/patches/0004-build-fix-build-when-crypt-is-not-part-of-crypt_libs.patch
+++ b/libs/libpam/patches/0004-build-fix-build-when-crypt-is-not-part-of-crypt_libs.patch
@ -0,0 +1,28 @@
 From 20e5efe4b2a8471bc52e480e53cff68a4de19c56 Mon Sep 17 00:00:00 2001
 From: Yousong Zhou <yszhou4tech@gmail.com>
 Date: Wed, 17 Jun 2015 18:22:31 +0800
 Subject: [PATCH 4/7] build: fix build when crypt() is not part of crypt_libs.

 * configure.ac: ditto.

 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 ---
 configure.ac |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/configure.ac b/configure.ac
 index 8de6edf..c15441b 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -416,7 +416,7 @@ AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"],
   [crypt_libs="crypt"])
 
 BACKUP_LIBS=$LIBS
 -AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="-l$ac_lib", LIBCRYPT="")
 +AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="${ac_lib:+-l$ac_lib}", LIBCRYPT="")
 AC_CHECK_FUNCS(crypt_r crypt_gensalt_r)
 LIBS=$BACKUP_LIBS
 AC_SUBST(LIBCRYPT)
 -- 
 1.7.10.4

--- a/libs/libpam/patches/0005-build-fix-doc-build.patch
+++ b/libs/libpam/patches/0005-build-fix-doc-build.patch
@ -0,0 +1,133 @@
 From df7abf333d19aefd166f613b696345732ae4c9c8 Mon Sep 17 00:00:00 2001
 From: Yousong Zhou <yszhou4tech@gmail.com>
 Date: Wed, 17 Jun 2015 20:38:41 +0800
 Subject: [PATCH 5/7] build: fix doc build.

 * Makefile.am: ignore doc/ directory if not ENABLE_REGENERATE_MAN
 * doc/adg/Makefile.am: remove check on ENABLE_REGENERATE_MAN
 * doc/man/Makefile.am: ditto
 * doc/mwg/Makefile.am: ditto
 * doc/sag/Makefile.am: ditto
 * doc/specs/Makefile.am: ignore CC from command line

 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 ---
 Makefile.am           |    5 ++++-
 doc/adg/Makefile.am   |    3 ---
 doc/man/Makefile.am   |    2 --
 doc/mwg/Makefile.am   |    3 ---
 doc/sag/Makefile.am   |    2 --
 doc/specs/Makefile.am |    2 +-
 6 files changed, 5 insertions(+), 12 deletions(-)

 diff --git a/Makefile.am b/Makefile.am
 index 3db4e37..5e6592a 100644
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -4,7 +4,10 @@
 
 AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 check-news
 
 -SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests
 +if ENABLE_REGENERATE_MAN
 +	MAYBE_DOC = doc
 +endif
 +SUBDIRS = libpam tests libpamc libpam_misc modules po conf examples xtests $(MAYBE_DOC)
 
 CLEANFILES = *~
 
 diff --git a/doc/adg/Makefile.am b/doc/adg/Makefile.am
 index 77bd7a9..bec5edc 100644
 --- a/doc/adg/Makefile.am
 +++ b/doc/adg/Makefile.am
@@ -9,7 +9,6 @@ EXTRA_DIST = $(XMLS)
 XMLS = Linux-PAM_ADG.xml $(shell ls $(srcdir)/pam_*.xml)
 DEP_XMLS = $(shell ls $(top_srcdir)/doc/man/pam_*.xml)
 
 -if ENABLE_REGENERATE_MAN
 MAINTAINERCLEANFILES = Linux-PAM_ADG.txt Linux-PAM_ADG.pdf html/*.html
 
 all: Linux-PAM_ADG.txt html/Linux-PAM_ADG.html Linux-PAM_ADG.pdf
@@ -51,8 +50,6 @@ html/Linux-PAM_ADG.html: $(XMLS) $(DEP_XMLS)
 distclean-local:
 	-rm -rf html Linux-PAM_ADG.txt Linux-PAM_ADG.pdf
 
 -endif
 -
 install-data-local:
 	$(mkinstalldirs) $(DESTDIR)$(docdir)
 	$(mkinstalldirs) $(DESTDIR)$(pdfdir)
 diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
 index 78c891d..b1dc421 100644
 --- a/doc/man/Makefile.am
 +++ b/doc/man/Makefile.am
@@ -45,7 +45,6 @@ XMLS = pam.3.xml pam.8.xml \
 	misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \
 	pam_misc_setenv.3.xml
 
 -if ENABLE_REGENERATE_MAN
 PAM.8: pam.8
 pam_get_authtok_noverify.3: pam_get_authtok.3
 pam_get_authtok_verify.3: pam_get_authtok.3
@@ -60,4 +59,3 @@ pam_get_item.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml
 pam_set_data.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml
 pam.conf.5: pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml
 -include $(top_srcdir)/Make.xml.rules
 -endif
 diff --git a/doc/mwg/Makefile.am b/doc/mwg/Makefile.am
 index 2bbb2d0..f57e297 100644
 --- a/doc/mwg/Makefile.am
 +++ b/doc/mwg/Makefile.am
@@ -9,7 +9,6 @@ EXTRA_DIST = $(XMLS)
 XMLS = Linux-PAM_MWG.xml $(shell ls $(srcdir)/pam_*.xml)
 DEP_XMLS = $(shell ls $(top_srcdir)/doc/man/pam_*.xml)
 
 -if ENABLE_REGENERATE_MAN
 MAINTAINERCLEANFILES = Linux-PAM_MWG.txt Linux-PAM_MWG.pdf html/*.html
 
 all: Linux-PAM_MWG.txt html/Linux-PAM_MWG.html Linux-PAM_MWG.pdf
@@ -51,8 +50,6 @@ html/Linux-PAM_MWG.html: $(XMLS) $(DEP_XMLS)
 distclean-local:
 	-rm -rf html Linux-PAM_MWG.txt Linux-PAM_MWG.pdf
 
 -endif
 -
 install-data-local:
 	$(mkinstalldirs) $(DESTDIR)$(docdir)
 	$(mkinstalldirs) $(DESTDIR)$(pdfdir)
 diff --git a/doc/sag/Makefile.am b/doc/sag/Makefile.am
 index 31816aa..a8b655f 100644
 --- a/doc/sag/Makefile.am
 +++ b/doc/sag/Makefile.am
@@ -10,7 +10,6 @@ XMLS = Linux-PAM_SAG.xml $(shell ls $(srcdir)/pam_*.xml)
 
 DEP_XMLS = $(shell ls $(top_srcdir)/modules/pam_*/pam_*.xml)
 
 -if ENABLE_REGENERATE_MAN
 MAINTAINERCLEANFILES = Linux-PAM_SAG.txt Linux-PAM_SAG.pdf html/*.html
 
 all: Linux-PAM_SAG.txt html/Linux-PAM_SAG.html Linux-PAM_SAG.pdf
@@ -51,7 +50,6 @@ html/Linux-PAM_SAG.html: $(XMLS) $(DEP_XMLS)
 
 distclean-local:
 	-rm -rf html Linux-PAM_SAG.txt Linux-PAM_SAG.pdf
 -endif
 
 install-data-local:
 	$(mkinstalldirs) $(DESTDIR)$(docdir)
 diff --git a/doc/specs/Makefile.am b/doc/specs/Makefile.am
 index 99ecc70..39c850f 100644
 --- a/doc/specs/Makefile.am
 +++ b/doc/specs/Makefile.am
@@ -11,7 +11,7 @@ draft-morgan-pam-current.txt: padout draft-morgan-pam.raw
 
 AM_YFLAGS = -d
 
 -CC = @CC_FOR_BUILD@
 +override CC = @CC_FOR_BUILD@
 CPPFLAGS = @BUILD_CPPFLAGS@
 CFLAGS = @BUILD_CFLAGS@
 LDFLAGS = @BUILD_LDFLAGS@
 -- 
 1.7.10.4

--- a/libs/libpam/patches/0006-pam_unix-fix-compilation-in-case-rpc-rpc.h-is-missin.patch
+++ b/libs/libpam/patches/0006-pam_unix-fix-compilation-in-case-rpc-rpc.h-is-missin.patch
@ -0,0 +1,29 @@
 From 596797ab7f46fb4d0338e75db7c0d1019cd4df87 Mon Sep 17 00:00:00 2001
 From: Yousong Zhou <yszhou4tech@gmail.com>
 Date: Wed, 17 Jun 2015 18:16:18 +0800
 Subject: [PATCH 6/7] pam_unix: fix compilation in case rpc/rpc.h is missing.

 * modules/pam_unix/pam_unix_passwd.c: conditional compile on the
  availability of rpc/rpc.h

 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 ---
 modules/pam_unix/pam_unix_passwd.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
 index 2d330e5..970724a 100644
 --- a/modules/pam_unix/pam_unix_passwd.c
 +++ b/modules/pam_unix/pam_unix_passwd.c
@@ -336,7 +336,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho,
 	}
 
 	if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
 -#ifdef HAVE_NIS
 +#if defined(HAVE_NIS) && defined(HAVE_RPC_RPC_H)
 	  if ((master=getNISserver(pamh, ctrl)) != NULL) {
 		struct timeval timeout;
 		struct yppasswd yppwd;
 -- 
 1.7.10.4

--- a/libs/libpam/patches/0007-Check-if-innetgr-is-available-at-compile-time.patch
+++ b/libs/libpam/patches/0007-Check-if-innetgr-is-available-at-compile-time.patch
--- a/libs/libpam/patches/001-no_nis.patch
+++ b/libs/libpam/patches/001-no_nis.patch
@ -1,68 +0,0 @@
 --- a/modules/pam_access/pam_access.c
 +++ b/modules/pam_access/pam_access.c
@@ -44,7 +44,7 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <sys/socket.h>
 -#ifdef HAVE_RPCSVC_YPCLNT_H
 +#ifdef HAVE_RPCSVC_YPCLNT_H && USE_NIS
 #include <rpcsvc/ypclnt.h>
 #endif
 #ifdef HAVE_LIBAUDIT
 --- a/modules/pam_unix/pam_unix_passwd.c
 +++ b/modules/pam_unix/pam_unix_passwd.c
@@ -79,18 +79,18 @@
 #include "passverify.h"
 #include "bigcrypt.h"
 
 -#if (HAVE_YP_GET_DEFAULT_DOMAIN || HAVE_GETDOMAINNAME) && HAVE_YP_MASTER
 +#if (HAVE_YP_GET_DEFAULT_DOMAIN || HAVE_GETDOMAINNAME) && HAVE_YP_MASTER && USE_NIS
 # define HAVE_NIS
 #endif
 
 #ifdef HAVE_NIS
 # include <rpc/rpc.h>
 
 -# if HAVE_RPCSVC_YP_PROT_H
 +# if HAVE_RPCSVC_YP_PROT_H && USE_NIS
 #  include <rpcsvc/yp_prot.h>
 # endif
 
 -# if HAVE_RPCSVC_YPCLNT_H
 +# if HAVE_RPCSVC_YPCLNT_H && USE_NIS
 #  include <rpcsvc/ypclnt.h>
 # endif
 
 --- a/modules/pam_unix/support.c
 +++ b/modules/pam_unix/support.c
@@ -19,7 +19,7 @@
 #include <ctype.h>
 #include <syslog.h>
 #include <sys/resource.h>
 -#ifdef HAVE_RPCSVC_YPCLNT_H
 +#ifdef HAVE_RPCSVC_YPCLNT_H && USE_NIS
 #include <rpcsvc/ypclnt.h>
 #endif
 
@@ -402,7 +402,7 @@ int _unix_getpwnam(pam_handle_t *pamh, c
 		}
 	}
 
 -#if defined(HAVE_YP_GET_DEFAULT_DOMAIN) && defined (HAVE_YP_BIND) && defined (HAVE_YP_MATCH) && defined (HAVE_YP_UNBIND)
 +#if defined(HAVE_YP_GET_DEFAULT_DOMAIN) && defined (HAVE_YP_BIND) && defined (HAVE_YP_MATCH) && defined (HAVE_YP_UNBIND) && (USE_NIS)
 	if (!matched && nis) {
 		char *userinfo = NULL, *domain = NULL;
 		int len = 0, i;
 --- a/modules/pam_unix/yppasswd_xdr.c
 +++ b/modules/pam_unix/yppasswd_xdr.c
@@ -15,6 +15,10 @@
 #ifdef HAVE_RPC_RPC_H
 
 #include <rpc/rpc.h>
 +#ifdef USE_NIS
 +#include <rpcsvc/yp_prot.h>
 +#include <rpcsvc/ypclnt.h>
 +#endif
 #include "yppasswd.h"
 
 bool_t
--- a/libs/libpam/patches/002-no_yywrap.patch
+++ b/libs/libpam/patches/002-no_yywrap.patch
@ -1,26 +0,0 @@
 --- a/conf/pam_conv1/pam_conv_l.c
 +++ b/conf/pam_conv1/pam_conv_l.c
@@ -534,7 +534,9 @@ void yyset_lineno (int line_number  );
 #ifdef __cplusplus
 extern "C" int yywrap (void );
 #else
 -extern int yywrap (void );
 +int yywrap (void ) {
 +	return 1;
 +}
 #endif
 #endif
 
 --- a/doc/specs/parse_l.c
 +++ b/doc/specs/parse_l.c
@@ -520,7 +520,9 @@ void yyset_lineno (int line_number  );
 #ifdef __cplusplus
 extern "C" int yywrap (void );
 #else
 -extern int yywrap (void );
 +int yywrap (void ) {
 +	return 1;
 +}
 #endif
 #endif
 
--- a/libs/libpam/patches/003-no_doc.patch
+++ b/libs/libpam/patches/003-no_doc.patch
@ -1,22 +0,0 @@
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -4,7 +4,7 @@
 
 AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 check-news
 
 -SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests
 +SUBDIRS = libpam tests libpamc libpam_misc modules po conf examples xtests
 
 CLEANFILES = *~
 
 --- a/Makefile.in
 +++ b/Makefile.in
@@ -288,7 +288,7 @@ top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 check-news
 -SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests
 +SUBDIRS = libpam tests libpamc libpam_misc modules po conf examples xtests
 CLEANFILES = *~
 EXTRA_DIST = pgp.keys.asc CHANGELOG ChangeLog-CVS Copyright Make.xml.rules
 ACLOCAL_AMFLAGS = -I m4
--- a/libs/libpam/patches/004-fix_lib64.patch
+++ b/libs/libpam/patches/004-fix_lib64.patch
@ -1,16 +0,0 @@
 --- a/configure.in
 +++ b/configure.in
@@ -28,12 +28,7 @@ dnl If we use /usr as prefix, use /etc f
         fi
 	if test ${libdir} = '${exec_prefix}/lib'
 	then
 -		case "`uname -m`" in
 -		    x86_64|ppc64|s390x|sparc64)
 -			libdir="/lib64" ;;
 -		    *)
 -			libdir="/lib" ;;
 -		esac
 +		libdir="/lib"
 	fi
 	if test ${sbindir} = '${exec_prefix}/sbin'
         then
--- a/libs/libpam/patches/005-fix_ruserok.patch
+++ b/libs/libpam/patches/005-fix_ruserok.patch
@ -1,364 +0,0 @@
 --- a/modules/pam_rhosts/pam_rhosts.c
 +++ b/modules/pam_rhosts/pam_rhosts.c
@@ -43,6 +43,361 @@
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 +#ifdef __UCLIBC__
 +
 +#include <stdio.h>
 +#include <sys/stat.h>
 +
 +
 +int  __check_rhosts_file = 1;
 +
 +/* Extremely paranoid file open function. */
 +static FILE *
 +iruserfopen (const char *file, uid_t okuser)
 +{
 +  struct stat st;
 +  char *cp = NULL;
 +  FILE *res = NULL;
 +
 +  /* If not a regular file, if owned by someone other than user or
 +     root, if writeable by anyone but the owner, or if hardlinked
 +     anywhere, quit.  */
 +  if (lstat (file, &st))
 +    cp = "lstat failed";
 +  else if (!S_ISREG (st.st_mode))
 +    cp = "not regular file";
 +  else
 +    {
 +      res = fopen (file, "r");
 +      if (!res)
 +	cp = "cannot open";
 +      else if (fstat (fileno (res), &st) < 0)
 +	cp = "fstat failed";
 +      else if (st.st_uid && st.st_uid != okuser)
 +	cp = "bad owner";
 +      else if (st.st_mode & (S_IWGRP|S_IWOTH))
 +	cp = "writeable by other than owner";
 +      else if (st.st_nlink > 1)
 +	cp = "hard linked somewhere";
 +    }
 +
 +  /* If there were any problems, quit.  */
 +  if (cp != NULL)
 +    {
 +      if (res)
 +	fclose (res);
 +      return NULL;
 +    }
 +
 +  return res;
 +}
 +
 +/*
 + * Returns 1 for blank lines (or only comment lines) and 0 otherwise
 + */
 +static int
 +__isempty(char *p)
 +{
 +    while (*p && isspace (*p)) {
 +	++p;
 +    }
 +
 +    return (*p == '\0' || *p == '#') ? 1 : 0 ;
 +}
 +
 +/* Returns 1 on positive match, 0 on no match, -1 on negative match.  */
 +static int
 +__icheckhost (u_int32_t raddr, char *lhost, const char *rhost)
 +{
 +	struct hostent *hp;
 +	u_int32_t laddr;
 +	int negate=1;    /* Multiply return with this to get -1 instead of 1 */
 +	char **pp;
 +
 +#ifdef __UCLIBC_HAS_REENTRANT_RPC__
 +	int save_errno;
 +	size_t buflen;
 +	char *buffer;
 +	struct hostent hostbuf;
 +	int herr;
 +#endif
 +
 +#ifdef HAVE_NETGROUP
 +	/* Check nis netgroup.  */
 +	if (strncmp ("+@", lhost, 2) == 0)
 +		return innetgr (&lhost[2], rhost, NULL, NULL);
 +
 +	if (strncmp ("-@", lhost, 2) == 0)
 +		return -innetgr (&lhost[2], rhost, NULL, NULL);
 +#endif /* HAVE_NETGROUP */
 +
 +	/* -host */
 +	if (strncmp ("-", lhost,1) == 0) {
 +		negate = -1;
 +		lhost++;
 +	} else if (strcmp ("+",lhost) == 0) {
 +		return 1;                    /* asking for trouble, but ok.. */
 +	}
 +
 +	/* Try for raw ip address first. */
 +	if (isdigit (*lhost) && (laddr = inet_addr (lhost)) != INADDR_NONE)
 +		return negate * (! (raddr ^ laddr));
 +
 +	/* Better be a hostname. */
 +#ifdef __UCLIBC_HAS_REENTRANT_RPC__
 +	buflen = 1024;
 +	buffer = malloc(buflen);
 +	save_errno = errno;
 +
 +	while (gethostbyname_r (lhost, &hostbuf, buffer, buflen, &hp, &herr)
 +	       != 0) {
 +	    free(buffer);
 +	    return (0);
 +	}
 +	free(buffer);
 +	__set_errno (save_errno);
 +#else
 +	hp = gethostbyname(lhost);
 +#endif /* __UCLIBC_HAS_REENTRANT_RPC__ */
 +
 +	if (hp == NULL)
 +		return 0;
 +
 +	/* Spin through ip addresses. */
 +	for (pp = hp->h_addr_list; *pp; ++pp)
 +		if (!memcmp (&raddr, *pp, sizeof (u_int32_t)))
 +			return negate;
 +
 +	/* No match. */
 +	return (0);
 +}
 +
 +/* Returns 1 on positive match, 0 on no match, -1 on negative match.  */
 +static int
 +__icheckuser (const char *luser, const char *ruser)
 +{
 +
 +    /*
 +      luser is user entry from .rhosts/hosts.equiv file
 +      ruser is user id on remote host
 +      */
 +
 +#ifdef HAVE_NETGROUP
 +    /* [-+]@netgroup */
 +    if (strncmp ("+@", luser, 2) == 0)
 +	return innetgr (&luser[2], NULL, ruser, NULL);
 +
 +    if (strncmp ("-@", luser,2) == 0)
 +	return -innetgr (&luser[2], NULL, ruser, NULL);
 +#endif /* HAVE_NETGROUP */
 +
 +    /* -user */
 +    if (strncmp ("-", luser, 1) == 0)
 +	return -(strcmp (&luser[1], ruser) == 0);
 +
 +    /* + */
 +    if (strcmp ("+", luser) == 0)
 +	return 1;
 +
 +    /* simple string match */
 +    return strcmp (ruser, luser) == 0;
 +}
 +
 +/*
 + * Returns 0 if positive match, -1 if _not_ ok.
 + */
 +static int
 +__ivaliduser2(FILE *hostf, u_int32_t raddr,	const char *luser,
 +			  const char *ruser, const char *rhost)
 +{
 +    register const char *user;
 +    register char *p;
 +    int hcheck, ucheck;
 +    char *buf = NULL;
 +    size_t bufsize = 0;
 +    int retval = -1;
 +
 +    while (getline (&buf, &bufsize, hostf) > 0) {
 +	buf[bufsize - 1] = '\0'; /* Make sure it's terminated.  */
 +        p = buf;
 +
 +	/* Skip empty or comment lines */
 +	if (__isempty (p)) {
 +	    continue;
 +	}
 +
 +	/* Skip lines that are too long. */
 +	if (strchr (p, '\n') == NULL) {
 +	    int ch = getc_unlocked (hostf);
 +
 +	    while (ch != '\n' && ch != EOF)
 +	      ch = getc_unlocked (hostf);
 +	    continue;
 +	}
 +
 +	for (;*p && !isspace(*p); ++p) {
 +	    *p = tolower (*p);
 +	}
 +
 +	/* Next we want to find the permitted name for the remote user.  */
 +	if (*p == ' ' || *p == '\t') {
 +	    /* <nul> terminate hostname and skip spaces */
 +	    for (*p++='\0'; *p && isspace (*p); ++p);
 +
 +	    user = p;                   /* this is the user's name */
 +	    while (*p && !isspace (*p))
 +		++p;                    /* find end of user's name */
 +	} else
 +	    user = p;
 +
 +	*p = '\0';              /* <nul> terminate username (+host?) */
 +
 +	/* buf -> host(?) ; user -> username(?) */
 +
 +	/* First check host part */
 +	hcheck = __icheckhost (raddr, buf, rhost);
 +
 +	if (hcheck < 0)
 +	    break;
 +
 +	if (hcheck) {
 +	    /* Then check user part */
 +	    if (! (*user))
 +		user = luser;
 +
 +	    ucheck = __icheckuser (user, ruser);
 +
 +	    /* Positive 'host user' match? */
 +	    if (ucheck > 0) {
 +		retval = 0;
 +		break;
 +	    }
 +
 +	    /* Negative 'host -user' match? */
 +	    if (ucheck < 0)
 +		break;
 +
 +	    /* Neither, go on looking for match */
 +	}
 +    }
 +
 +    free (buf);
 +
 +    return retval;
 +}
 +
 +static int
 +iruserok2 (u_int32_t raddr, int superuser, const char *ruser, const char *luser,
 +		   const char *rhost)
 +{
 +	FILE *hostf = NULL;
 +	int isbad = -1;
 +
 +	if (!superuser)
 +		hostf = iruserfopen (_PATH_HEQUIV, 0);
 +
 +	if (hostf) {
 +		isbad = __ivaliduser2 (hostf, raddr, luser, ruser, rhost);
 +		fclose (hostf);
 +
 +		if (!isbad)
 +			return 0;
 +	}
 +
 +	if (__check_rhosts_file || superuser) {
 +		char *pbuf;
 +		struct passwd *pwd;
 +		size_t dirlen;
 +		uid_t uid;
 +
 +#ifdef __UCLIBC_HAS_REENTRANT_RPC__
 +		size_t buflen = sysconf (_SC_GETPW_R_SIZE_MAX);
 +		struct passwd pwdbuf;
 +		char *buffer = stack_heap_alloc(buflen);
 +
 +		if (getpwnam_r (luser, &pwdbuf, buffer,
 +			    buflen, &pwd) != 0 || pwd == NULL)
 +		{
 +			stack_heap_free(buffer);
 +			return -1;
 +		}
 +		stack_heap_free(buffer);
 +#else
 +		if ((pwd = getpwnam(luser)) == NULL)
 +			return -1;
 +#endif
 +
 +		dirlen = strlen (pwd->pw_dir);
 +		pbuf = malloc (dirlen + sizeof "/.rhosts");
 +		strcpy (pbuf, pwd->pw_dir);
 +		strcat (pbuf, "/.rhosts");
 +
 +		/* Change effective uid while reading .rhosts.  If root and
 +		   reading an NFS mounted file system, can't read files that
 +		   are protected read/write owner only.  */
 +		uid = geteuid ();
 +		seteuid (pwd->pw_uid);
 +		hostf = iruserfopen (pbuf, pwd->pw_uid);
 +		free(pbuf);
 +
 +		if (hostf != NULL) {
 +			isbad = __ivaliduser2 (hostf, raddr, luser, ruser, rhost);
 +			fclose (hostf);
 +		}
 +
 +		seteuid (uid);
 +		return isbad;
 +	}
 +	return -1;
 +}
 +
 +int ruserok(const char *rhost, int superuser, const char *ruser,
 +			const char *luser)
 +{
 +        struct hostent *hp;
 +	u_int32_t addr;
 +	char **ap;
 +#ifdef __UCLIBC_HAS_REENTRANT_RPC__
 +	size_t buflen;
 +	char *buffer;
 +	int herr;
 +	struct hostent hostbuf;
 +#endif
 +
 +#ifdef __UCLIBC_HAS_REENTRANT_RPC__
 +	buflen = 1024;
 +	buffer = stack_heap_alloc(buflen);
 +
 +	while (gethostbyname_r (rhost, &hostbuf, buffer,
 +		    buflen, &hp, &herr) != 0 || hp == NULL)
 +	{
 +	    if (herr != NETDB_INTERNAL || errno != ERANGE) {
 +		stack_heap_free(buffer);
 +		return -1;
 +	    } else
 +	    {
 +		/* Enlarge the buffer.  */
 +		buflen *= 2;
 +		stack_heap_free(buffer);
 +		buffer = stack_heap_alloc(buflen);
 +	    }
 +	}
 +	stack_heap_free(buffer);
 +#else
 +	if ((hp = gethostbyname(rhost)) == NULL) {
 +		return -1;
 +	}
 +#endif
 +	for (ap = hp->h_addr_list; *ap; ++ap) {
 +		memmove(&addr, *ap, sizeof(addr));
 +		if (iruserok2(addr, superuser, ruser, luser, rhost) == 0)
 +			return 0;
 +	}
 +	return -1;
 +}
 +
 +#endif /* __UCLIBC__ */
 +
 PAM_EXTERN
 int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,
 			 const char **argv)
--- a/libs/libpam/patches/006-fix_xdr.patch
+++ b/libs/libpam/patches/006-fix_xdr.patch
@ -1,271 +0,0 @@
 --- a/modules/pam_unix/yppasswd_xdr.c
 +++ b/modules/pam_unix/yppasswd_xdr.c
@@ -21,6 +21,268 @@
 #endif
 #include "yppasswd.h"
 
 +#ifdef __UCLIBC__
 +
 +static const char xdr_zero[BYTES_PER_XDR_UNIT] = {0, 0, 0, 0};
 +
 +/*
 + * XDR integers
 + */
 +bool_t
 +xdr_int (XDR *xdrs, int *ip)
 +{
 +
 +#if INT_MAX < LONG_MAX
 +  long l;
 +
 +  switch (xdrs->x_op)
 +    {
 +    case XDR_ENCODE:
 +      l = (long) *ip;
 +      return XDR_PUTLONG (xdrs, &l);
 +
 +    case XDR_DECODE:
 +      if (!XDR_GETLONG (xdrs, &l))
 +	{
 +	  return FALSE;
 +	}
 +      *ip = (int) l;
 +    case XDR_FREE:
 +      return TRUE;
 +    }
 +  return FALSE;
 +#elif INT_MAX == LONG_MAX
 +  return xdr_long (xdrs, (long *) ip);
 +#elif INT_MAX == SHRT_MAX
 +  return xdr_short (xdrs, (short *) ip);
 +#else
 +#error unexpected integer sizes in xdr_int()
 +#endif
 +}
 +
 +/*
 + * XDR null terminated ASCII strings
 + * xdr_string deals with "C strings" - arrays of bytes that are
 + * terminated by a NULL character.  The parameter cpp references a
 + * pointer to storage; If the pointer is null, then the necessary
 + * storage is allocated.  The last parameter is the max allowed length
 + * of the string as specified by a protocol.
 + */
 +bool_t
 +xdr_string (XDR *xdrs, char **cpp, u_int maxsize)
 +{
 +  char *sp = *cpp;	/* sp is the actual string pointer */
 +  u_int size;
 +  u_int nodesize;
 +
 +  /*
 +   * first deal with the length since xdr strings are counted-strings
 +   */
 +  switch (xdrs->x_op)
 +    {
 +    case XDR_FREE:
 +      if (sp == NULL)
 +	{
 +	  return TRUE;		/* already free */
 +	}
 +      /* fall through... */
 +    case XDR_ENCODE:
 +      if (sp == NULL)
 +	return FALSE;
 +      size = strlen (sp);
 +      break;
 +    case XDR_DECODE:
 +      break;
 +    }
 +  if (!xdr_u_int (xdrs, &size))
 +    {
 +      return FALSE;
 +    }
 +  if (size > maxsize)
 +    {
 +      return FALSE;
 +    }
 +  nodesize = size + 1;
 +
 +  /*
 +   * now deal with the actual bytes
 +   */
 +  switch (xdrs->x_op)
 +    {
 +    case XDR_DECODE:
 +      if (nodesize == 0)
 +	{
 +	  return TRUE;
 +	}
 +      if (sp == NULL)
 +	*cpp = sp = (char *) mem_alloc (nodesize);
 +      if (sp == NULL)
 +	{
 +#ifdef USE_IN_LIBIO
 +	  if (_IO_fwide (stderr, 0) > 0)
 +	    (void) fwprintf (stderr, L"%s",
 +			       _("xdr_string: out of memory\n"));
 +	  else
 +#endif
 +	    (void) fputs (_("xdr_string: out of memory\n"), stderr);
 +	  return FALSE;
 +	}
 +      sp[size] = 0;
 +      /* fall into ... */
 +
 +    case XDR_ENCODE:
 +      return xdr_opaque (xdrs, sp, size);
 +
 +    case XDR_FREE:
 +      mem_free (sp, nodesize);
 +      *cpp = NULL;
 +      return TRUE;
 +    }
 +  return FALSE;
 +}
 +
 +/*
 + * XDR long integers
 + * The definition of xdr_long() is kept for backward
 + * compatibility. Instead xdr_int() should be used.
 + */
 +bool_t
 +xdr_long (XDR *xdrs, long *lp)
 +{
 +  if (xdrs->x_op == XDR_ENCODE
 +      && (sizeof (int32_t) == sizeof (long)
 +	  || (int32_t) *lp == *lp))
 +    return XDR_PUTLONG (xdrs, lp);
 +
 +  if (xdrs->x_op == XDR_DECODE)
 +    return XDR_GETLONG (xdrs, lp);
 +
 +  if (xdrs->x_op == XDR_FREE)
 +    return TRUE;
 +
 +  return FALSE;
 +}
 +
 +/*
 + * XDR unsigned integers
 + */
 +bool_t
 +xdr_u_int (XDR *xdrs, u_int *up)
 +{
 +#if UINT_MAX < ULONG_MAX
 +  u_long l;
 +
 +  switch (xdrs->x_op)
 +    {
 +    case XDR_ENCODE:
 +      l = (u_long) * up;
 +      return XDR_PUTLONG (xdrs, (long *) &l);
 +
 +    case XDR_DECODE:
 +      if (!XDR_GETLONG (xdrs, (long *) &l))
 +	{
 +	  return FALSE;
 +	}
 +      *up = (u_int) l;
 +    case XDR_FREE:
 +      return TRUE;
 +    }
 +  return FALSE;
 +#elif UINT_MAX == ULONG_MAX
 +  return xdr_u_long (xdrs, (u_long *) up);
 +#elif UINT_MAX == USHRT_MAX
 +  return xdr_short (xdrs, (short *) up);
 +#else
 +#error unexpected integer sizes in xdr_u_int()
 +#endif
 +}
 +
 +/*
 + * XDR opaque data
 + * Allows the specification of a fixed size sequence of opaque bytes.
 + * cp points to the opaque object and cnt gives the byte length.
 + */
 +bool_t
 +xdr_opaque (XDR *xdrs, caddr_t cp, u_int cnt)
 +{
 +  u_int rndup;
 +  static char crud[BYTES_PER_XDR_UNIT];
 +
 +  /*
 +   * if no data we are done
 +   */
 +  if (cnt == 0)
 +    return TRUE;
 +
 +  /*
 +   * round byte count to full xdr units
 +   */
 +  rndup = cnt % BYTES_PER_XDR_UNIT;
 +  if (rndup > 0)
 +    rndup = BYTES_PER_XDR_UNIT - rndup;
 +
 +  switch (xdrs->x_op)
 +    {
 +    case XDR_DECODE:
 +      if (!XDR_GETBYTES (xdrs, cp, cnt))
 +	{
 +	  return FALSE;
 +	}
 +      if (rndup == 0)
 +	return TRUE;
 +      return XDR_GETBYTES (xdrs, (caddr_t)crud, rndup);
 +
 +    case XDR_ENCODE:
 +      if (!XDR_PUTBYTES (xdrs, cp, cnt))
 +	{
 +	  return FALSE;
 +	}
 +      if (rndup == 0)
 +	return TRUE;
 +      return XDR_PUTBYTES (xdrs, xdr_zero, rndup);
 +
 +    case XDR_FREE:
 +      return TRUE;
 +    }
 +  return FALSE;
 +}
 +
 +/*
 + * XDR unsigned long integers
 + * The definition of xdr_u_long() is kept for backward
 + * compatibility. Instead xdr_u_int() should be used.
 + */
 +bool_t
 +xdr_u_long (XDR *xdrs, u_long *ulp)
 +{
 +  switch (xdrs->x_op)
 +    {
 +    case XDR_DECODE:
 +      {
 +	long int tmp;
 +
 +	if (XDR_GETLONG (xdrs, &tmp) == FALSE)
 +	  return FALSE;
 +
 +	*ulp = (uint32_t) tmp;
 +	return TRUE;
 +      }
 +
 +    case XDR_ENCODE:
 +      if (sizeof (uint32_t) != sizeof (u_long)
 +	  && (uint32_t) *ulp != *ulp)
 +	return FALSE;
 +
 +      return XDR_PUTLONG (xdrs, (long *) ulp);
 +
 +    case XDR_FREE:
 +      return TRUE;
 +    }
 +  return FALSE;
 +}
 +
 +#endif /* UCLIBC */
 +
 bool_t
 xdr_xpasswd(XDR * xdrs, xpasswd * objp)
 {
--- a/libs/libpam/patches/007-cve-2014-2583.patch
+++ b/libs/libpam/patches/007-cve-2014-2583.patch
@ -1,52 +0,0 @@
 From 9dcead87e6d7f66d34e7a56d11a30daca367dffb Mon Sep 17 00:00:00 2001
 From: "Dmitry V. Levin" <ldv@altlinux.org>
 Date: Wed, 26 Mar 2014 22:17:23 +0000
 Subject: pam_timestamp: fix potential directory traversal issue (ticket #27)

 pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of
 the timestamp pathname it creates, so extra care should be taken to
 avoid potential directory traversal issues.

 * modules/pam_timestamp/pam_timestamp.c (check_tty): Treat
 "." and ".." tty values as invalid.
 (get_ruser): Treat "." and ".." ruser values, as well as any ruser
 value containing '/', as invalid.

 Fixes CVE-2014-2583.

 Reported-by: Sebastian Krahmer <krahmer@suse.de>

 diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
 index 5193733..b3f08b1 100644
 --- a/modules/pam_timestamp/pam_timestamp.c
 +++ b/modules/pam_timestamp/pam_timestamp.c
@@ -158,7 +158,7 @@ check_tty(const char *tty)
 		tty = strrchr(tty, '/') + 1;
 	}
 	/* Make sure the tty wasn't actually a directory (no basename). */
 -	if (strlen(tty) == 0) {
 +	if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) {
 		return NULL;
 	}
 	return tty;
@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen)
 		if (pwd != NULL) {
 			ruser = pwd->pw_name;
 		}
 +	} else {
 +		/*
 +		 * This ruser is used by format_timestamp_name as a component
 +		 * of constructed timestamp pathname, so ".", "..", and '/'
 +		 * are disallowed to avoid potential path traversal issues.
 +		 */
 +		if (!strcmp(ruser, ".") ||
 +		    !strcmp(ruser, "..") ||
 +		    strchr(ruser, '/')) {
 +			ruser = NULL;
 +		}
 	}
 	if (ruser == NULL || strlen(ruser) >= ruserbuflen) {
 		*ruserbuf = '\0';
 -- 
 cgit v0.10.2

--- a/libs/libpam/patches/008-LIBCRYPT-fix.patch
+++ b/libs/libpam/patches/008-LIBCRYPT-fix.patch
@ -1,11 +0,0 @@
 --- a/configure.in.orig	2015-06-16 20:40:02.938216001 +0800
 +++ b/configure.in	2015-06-16 20:40:16.198216001 +0800
@@ -399,7 +399,7 @@ AS_IF([test "x$ac_cv_header_xcrypt_h" =
   [crypt_libs="crypt"])
 
 BACKUP_LIBS=$LIBS
 -AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="-l$ac_lib", LIBCRYPT="")
 +AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="${ac_lib:+-l$ac_lib}", LIBCRYPT="")
 AC_CHECK_FUNCS(crypt_r crypt_gensalt_r)
 LIBS=$BACKUP_LIBS
 AC_SUBST(LIBCRYPT)
--- a/libs/libpam/patches/009-pam_rhosts-fix.patch
+++ b/libs/libpam/patches/009-pam_rhosts-fix.patch
@ -1,51 +0,0 @@
 --- a/configure.in.orig	2015-06-16 21:05:09.938216001 +0800
 +++ b/configure.in	2015-06-16 21:05:29.374216001 +0800
@@ -525,7 +525,8 @@ AC_CHECK_FUNCS(fseeko getdomainname geth
 AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
 AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
 AC_CHECK_FUNCS(getgrouplist getline getdelim)
 -AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af)
 +AC_CHECK_FUNCS(inet_ntop inet_pton innetgr)
 +AC_CHECK_FUNCS(ruserok ruserok_af)
 
 AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
 AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
 --- a/modules/pam_rhosts/pam_rhosts.c.orig	2015-06-16 20:58:20.002216001 +0800
 +++ b/modules/pam_rhosts/pam_rhosts.c	2015-06-16 21:10:10.026216001 +0800
@@ -35,6 +35,7 @@
 #include <pwd.h>
 #include <netdb.h>
 #include <string.h>
 +#include <stdlib.h>
 #include <syslog.h>
 
 #define PAM_SM_AUTH  /* only defines this management group */
@@ -43,7 +43,7 @@
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 -#ifdef __UCLIBC__
 +#if defined(__UCLIBC__) || (!defined(HAVE_RUSEROK) && !defined(HAVE_RUSEROK_AF))
 
 #include <stdio.h>
 #include <sys/stat.h>
@@ -293,8 +294,10 @@ iruserok2 (u_int32_t raddr, int superuse
 	FILE *hostf = NULL;
 	int isbad = -1;
 
 +#ifdef _PATH_HEQUIV
 	if (!superuser)
 		hostf = iruserfopen (_PATH_HEQUIV, 0);
 +#endif
 
 	if (hostf) {
 		isbad = __ivaliduser2 (hostf, raddr, luser, ruser, rhost);
@@ -396,7 +396,7 @@ int ruserok(const char *rhost, int super
 	return -1;
 }
 
 -#endif /* __UCLIBC__ */
 +#endif /* __UCLIBC__ || (!defined(HAVE_RUSEROK) && !defined(HAVE_RUSEROK_AF)) */
 
 PAM_EXTERN
 int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,