proj/gentoo: Initial commit

This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
author: Robin H. Johnson <robbat2@gentoo.org> 2015-08-08 13:49:04 -0700
committer: Robin H. Johnson <robbat2@gentoo.org> 2015-08-08 17:38:18 -0700
commit: 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree: 3f91093cdb475e565ae857f1c5a7fd339e2d781e /sys-libs/pam
download: gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
17 files changed, 2129 insertions, 0 deletions
diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
new file mode 100644
index 000000000000..8cc152f7dfda
--- /dev/null
+++ b/sys-libs/pam/Manifest
@@ -0,0 +1,9 @@
+DIST Linux-PAM-1.1.5-docs.tar.bz2 498228 SHA256 e4b10ffebe2e5cc355bd37c4e17a2288eb90d1396b06961738a7e7ef848c754c SHA512 6209b3d1936e0c0aef3a7bf24d497b867995261ad227f7d0c4b28796c0b1f9262c99e3e12d7e1d37e286af39367f6e2d79e06915dff77c65b547d62ee8772c5b WHIRLPOOL a26c778be99b21c6701260871ffd7348f7a302c5e4358b8419e9436131b83650bdf0f5bc1d845dba419bab6c50c89733bea4518f619b7b75d66b2f02408c3df1
+DIST Linux-PAM-1.1.5.tar.bz2 1123524 SHA256 65def4df04254dc4c5156859d36c34ad6d7afbcf3adbf2780530ebc4dbf2a116 SHA512 c898c3db3da1856b1b16c2bfe19963c30696345982253888c2edf85317cf82ab4daaf9d105a162975d4cfd818b7bbca3d0e63ea7267af435e8f88b8fdc83ddd0 WHIRLPOOL 29ad881f6b1d908fb84e8d5802cceff70838bd0e29f6c700ad64d3c5d43c189f0c122fdddfa4333f008a8ef2828bb0e2fd68cdd479b43efac9456b6d6a5bb25a
+DIST Linux-PAM-1.1.6-docs.tar.bz2 147359 SHA256 0244321b1c4b8a71064d984880566890cc809b1c77bdd0550f121fa7d8450497 SHA512 f158116c2a3d604a9195d96263f094a1c9c0e2ba78b54e0f8a92bfa73955d8cec36d68b985eb70f1bf0958fc54be5590b61669b3b777ba6bd2138bc156cec782 WHIRLPOOL 73b42d795b3ca06c3a22ea8a91258da9bd4662e72de8a72751eec3824524a44e13dbc13a7c0e79256429f583d21c2764512363921d5709e61752e391f8227577
+DIST Linux-PAM-1.1.6.tar.bz2 1147538 SHA256 bab887d6280f47fc3963df3b95735a27a16f0f663636163ddf3acab5f1149fc2 SHA512 f68e3a0d648441eef7589efe0fad65c621d030a9425635f461f2882a5129240830a55d5a5b81d02b439c633870a96f61b4c4dea22d0eacfdd583f4fac353928a WHIRLPOOL 619214ecf859e1fc4e6f59e37045e370b98bae57ceeaed3f6a5e0732fc0caba41c040bea926830b678f6e5c243d73a607daea438f55cf28d339ce458eded7db5
+DIST Linux-PAM-1.1.8-docs.tar.bz2 147887 SHA256 c4bb6a0e8307d2ab5611457fecf20fcbd6cdfff51dea524f0f06c74e4f3b4ff8 SHA512 36aa99996f8cc0640686d2af40845e18ad4b48183f18de9e1495427550ad5b61e2f59e25f6d5e8df1277cd3f171fd69bf6c49fe7c5b31f0b290e3641b65521e8 WHIRLPOOL c4b373e59fac30a29c2b16f01419492c72fae2ceb15b157418bba4899b75cf4b97bac4559b688ef8d5a231cc972f72654c4e10d63a0b72a0d6573388f7125f87
+DIST Linux-PAM-1.1.8.tar.bz2 1148944 SHA256 c4b1f23a236d169e2496fea20721578d864ba00f7242d2b41d81050ac87a1e55 SHA512 245785ab4e187ceaab6393967352c8d2a2319c64e1e83285d0251cc02995dc2edab8e3001301b6d9f6774c441b7557d9caf4dfdf94c7cd5d44aa53ae759d9e5d WHIRLPOOL b4ec7baeb57b9d987086fe3e007e08e8b9c92b2ff86a94f8003a87c8448925835808661cd719d2445570aa8dd1c20fcbbe8bd465d73f4af8cd7edde0f650a734
+DIST Linux-PAM-1.2.0-docs.tar.bz2 490586 SHA256 3bc9ae398f759e372dbf4065ceed2df8b1ac5ab62c6688cb5f7849ce773df2c3 SHA512 028b7f9d6b0a5cf38f063e0f82ac3d0955e1e41d77c9f3fc803363d9ea710d71366e0a91f31b418cac397bb6639442de908fa00f02cd94cf612496d1b43c7e4c WHIRLPOOL 9a329b610d840c904050b2261e5ce34ac54232b0c7d51c12ee45c9e758ab6659ea8562e032fa9815c2beab0cfa1ea455dbfbf3cdef39d30d299a8bc5286f7a14
+DIST Linux-PAM-1.2.0.tar.bz2 1278831 SHA256 cd8beac5961e942e9c73b32a3cd1a3457755f8fb35d07c9ec64511e19e135ea4 SHA512 26b9ec0f8c7fcc00a04696a2208fc00dabb070593f1a420c81e2855cd2eb26ebcc993f80ccbb6a2aac88dd402b670e7800e1722c56451dfc71521c76a2f0bf9a WHIRLPOOL b3327394bb99ff02d9efba43655a2f5bfd4acbf0c75630fde19634ff575cce3fef614c188d538529673526fd88488a5493b19af30c6f69064824cbc1aad3d766
+DIST Linux-PAM-1.2.1.tar.bz2 1279523 SHA256 342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 SHA512 4572aa1eaf5a1312410c74b5ed055b2592c5efe2bb82f59981da4e9e93555ad40aee3a89f446d9dc6c6af79efc04c33f739f66db9edc07e02479475a14e426da WHIRLPOOL 562917945b3b3a407955cc5bf5cd251ff7e257a94055d7cfbf06d5c2619b58d61624f16848de3512ddf61636ad8618315de3f7bd8e4e51b3b7d109adfa212c8a
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.5+glibc-2.16.patch b/sys-libs/pam/files/Linux-PAM-1.1.5+glibc-2.16.patch
new file mode 100644
index 000000000000..114d3e47008a
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.1.5+glibc-2.16.patch
@@ -0,0 +1,20 @@
+--- a/modules/pam_unix/pam_unix_acct.c	2011-06-21 11:04:56.000000000 +0200
++++ b/modules/pam_unix/pam_unix_acct.c	2012-07-05 16:04:35.643727485 +0200
+@@ -41,6 +41,7 @@
+ #include <string.h>
+ #include <unistd.h>
+ #include <sys/types.h>
++#include <sys/resource.h>
+ #include <syslog.h>
+ #include <pwd.h>
+ #include <shadow.h>
+--- a/modules/pam_unix/pam_unix_passwd.c	2012-07-16 11:49:25.954638105 -0500
++++ b/modules/pam_unix/pam_unix_passwd.c	2012-07-16 11:50:04.408635441 -0500
+@@ -46,6 +46,7 @@
+ #include <unistd.h>
+ #include <errno.h>
+ #include <sys/types.h>
++#include <sys/resource.h>
+ #include <pwd.h>
+ #include <syslog.h>
+ #include <shadow.h>
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.6+glibc-2.16.patch b/sys-libs/pam/files/Linux-PAM-1.1.6+glibc-2.16.patch
new file mode 100644
index 000000000000..cddda35fbeb9
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.1.6+glibc-2.16.patch
@@ -0,0 +1,29 @@
+From 18da0c4763f5e079f8b2df45fa462b0b70b6fd3a Mon Sep 17 00:00:00 2001
+From: "Jory A. Pratt" <anarchy@gentoo.org>
+Date: Sun, 7 Oct 2012 11:44:17 -0700
+Subject: [PATCH] Fix building with GLIBC 2.16 and SELinux.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+
+Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
+---
+ modules/pam_unix/pam_unix_passwd.c | 1 +
+ 1 file modificato, 1 inserzione(+)
+
+diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
+index 9e1302d..b5f5ae9 100644
+--- a/modules/pam_unix/pam_unix_passwd.c
++++ b/modules/pam_unix/pam_unix_passwd.c
+@@ -46,6 +46,7 @@
+ #include <unistd.h>
+ #include <errno.h>
+ #include <sys/types.h>
++#include <sys/resource.h>
+ #include <pwd.h>
+ #include <syslog.h>
+ #include <shadow.h>
+-- 
+1.7.12
+
diff --git a/sys-libs/pam/files/Linux-PAM-1.1.6-destdir.patch b/sys-libs/pam/files/Linux-PAM-1.1.6-destdir.patch
new file mode 100644
index 000000000000..6859ccb60d3f
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.1.6-destdir.patch
@@ -0,0 +1,48 @@
+From d7e6b921cd34f7ad8fc4d05065c75d13ba330896 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Fri, 17 Aug 2012 14:46:40 +0200
+Subject: [PATCH] Add missing $(DESTDIR) when making directories on install.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+modules/pam_namespace/Makefile.am: Add missing $(DESTDIR) when making
+$(namespaceddir) on install.
+modules/pam_sepermit/Makefile.am: Add missing $(DESTDIR) when making
+$(sepermitlockdir) on install.
+
+Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
+---
+ modules/pam_namespace/Makefile.am |    2 +-
+ modules/pam_sepermit/Makefile.am  |    2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am
+index a28f196..ebb00f3 100644
+--- a/modules/pam_namespace/Makefile.am
++++ b/modules/pam_namespace/Makefile.am
+@@ -40,7 +40,7 @@ if HAVE_UNSHARE
+   secureconf_SCRIPTS = namespace.init
+ 
+ install-data-local:
+-	mkdir -p $(namespaceddir)
++	mkdir -p $(DESTDIR)$(namespaceddir)
+ endif
+ 
+ 
+diff --git a/modules/pam_sepermit/Makefile.am b/modules/pam_sepermit/Makefile.am
+index cfc5594..bc82275 100644
+--- a/modules/pam_sepermit/Makefile.am
++++ b/modules/pam_sepermit/Makefile.am
+@@ -35,7 +35,7 @@ if HAVE_LIBSELINUX
+   securelib_LTLIBRARIES = pam_sepermit.la
+ 
+ install-data-local:
+-	mkdir -p $(sepermitlockdir)
++	mkdir -p $(DESTDIR)$(sepermitlockdir)
+ endif
+ if ENABLE_REGENERATE_MAN
+ noinst_DATA = README pam_sepermit.8 sepermit.conf.5
+-- 
+1.7.8.6
+
diff --git a/sys-libs/pam/files/pam-1.1.8-CVE-2013-7041.patch b/sys-libs/pam/files/pam-1.1.8-CVE-2013-7041.patch
new file mode 100644
index 000000000000..338aa9695ae5
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.1.8-CVE-2013-7041.patch
@@ -0,0 +1,54 @@
+https://bugs.gentoo.org/493432
+
+From 57a1e2b274d0a6376d92ada9926e5c5741e7da20 Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Fri, 24 Jan 2014 22:18:32 +0000
+Subject: [PATCH] pam_userdb: fix password hash comparison
+
+Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed
+passwords support in pam_userdb, hashes are compared case-insensitively.
+This bug leads to accepting hashes for completely different passwords in
+addition to those that should be accepted.
+
+Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for
+modern password hashes with different lengths and settings, did not
+update the hash comparison accordingly, which leads to accepting
+computed hashes longer than stored hashes when the latter is a prefix
+of the former.
+
+* modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed
+hash whose length differs from the stored hash length.
+Compare computed and stored hashes case-sensitively.
+Fixes CVE-2013-7041.
+
+Bug-Debian: http://bugs.debian.org/731368
+---
+ modules/pam_userdb/pam_userdb.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
+index de8b5b1..ff040e6 100644
+--- a/modules/pam_userdb/pam_userdb.c
++++ b/modules/pam_userdb/pam_userdb.c
+@@ -222,12 +222,15 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
+ 	  } else {
+ 	    cryptpw = crypt (pass, data.dptr);
+ 
+-	    if (cryptpw) {
+-	      compare = strncasecmp (data.dptr, cryptpw, data.dsize);
++	    if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
++	      compare = memcmp(data.dptr, cryptpw, data.dsize);
+ 	    } else {
+ 	      compare = -2;
+ 	      if (ctrl & PAM_DEBUG_ARG) {
+-		pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
++		if (cryptpw)
++		  pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ");
++		else
++		  pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
+ 	      }
+ 	    };
+ 
+-- 
+2.4.0
+
diff --git a/sys-libs/pam/files/pam-1.1.8-CVE-2014-2583.patch b/sys-libs/pam/files/pam-1.1.8-CVE-2014-2583.patch
new file mode 100644
index 000000000000..7965b77b0484
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.1.8-CVE-2014-2583.patch
@@ -0,0 +1,58 @@
+https://bugs.gentoo.org/505604
+
+From 9dcead87e6d7f66d34e7a56d11a30daca367dffb Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Wed, 26 Mar 2014 22:17:23 +0000
+Subject: [PATCH] pam_timestamp: fix potential directory traversal issue
+ (ticket #27)
+
+pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of
+the timestamp pathname it creates, so extra care should be taken to
+avoid potential directory traversal issues.
+
+* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat
+"." and ".." tty values as invalid.
+(get_ruser): Treat "." and ".." ruser values, as well as any ruser
+value containing '/', as invalid.
+
+Fixes CVE-2014-2583.
+
+Reported-by: Sebastian Krahmer <krahmer@suse.de>
+---
+ modules/pam_timestamp/pam_timestamp.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
+index 5193733..b3f08b1 100644
+--- a/modules/pam_timestamp/pam_timestamp.c
++++ b/modules/pam_timestamp/pam_timestamp.c
+@@ -158,7 +158,7 @@ check_tty(const char *tty)
+ 		tty = strrchr(tty, '/') + 1;
+ 	}
+ 	/* Make sure the tty wasn't actually a directory (no basename). */
+-	if (strlen(tty) == 0) {
++	if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) {
+ 		return NULL;
+ 	}
+ 	return tty;
+@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen)
+ 		if (pwd != NULL) {
+ 			ruser = pwd->pw_name;
+ 		}
++	} else {
++		/*
++		 * This ruser is used by format_timestamp_name as a component
++		 * of constructed timestamp pathname, so ".", "..", and '/'
++		 * are disallowed to avoid potential path traversal issues.
++		 */
++		if (!strcmp(ruser, ".") ||
++		    !strcmp(ruser, "..") ||
++		    strchr(ruser, '/')) {
++			ruser = NULL;
++		}
+ 	}
+ 	if (ruser == NULL || strlen(ruser) >= ruserbuflen) {
+ 		*ruserbuf = '\0';
+-- 
+2.4.0
+
diff --git a/sys-libs/pam/files/pam-1.1.8-doc-install.patch b/sys-libs/pam/files/pam-1.1.8-doc-install.patch
new file mode 100644
index 000000000000..bdd5b9d48164
--- /dev/null
+++ b/sys-libs/pam/files/pam-1.1.8-doc-install.patch
@@ -0,0 +1,142 @@
+https://bugs.gentoo.org/473650
+https://fedorahosted.org/linux-pam/ticket/31
+
+fix doc installs when doing out of tree builds
+
+--- a/doc/adg/Makefile.in
++++ b/doc/adg/Makefile.in
+@@ -463,17 +463,17 @@ install-data-local:
+ 	$(mkinstalldirs) $(DESTDIR)$(docdir)
+ 	$(mkinstalldirs) $(DESTDIR)$(pdfdir)
+ 	$(mkinstalldirs) $(DESTDIR)$(htmldir)
+-	test -f html/Linux-PAM_ADG.html || exit 0; \
++	test -f html/Linux-PAM_ADG.html -o -f $(srcdir)/html/Linux-PAM_ADG.html || exit 0; \
+ 	    $(install_sh_DATA) html/Linux-PAM_ADG.html html/adg-*.html \
+ 		$(DESTDIR)$(htmldir)/ || \
+ 	    $(install_sh_DATA) $(srcdir)/html/Linux-PAM_ADG.html \
+-		$(srcdir)/html/sag-*.html \
++		$(srcdir)/html/adg-*.html \
+ 		$(DESTDIR)$(htmldir)/
+-	test -f Linux-PAM_ADG.txt || exit 0; \
++	test -f Linux-PAM_ADG.txt -o -f $(srcdir)/Linux-PAM_ADG.txt || exit 0; \
+ 	    $(install_sh_DATA) Linux-PAM_ADG.txt $(DESTDIR)$(docdir)/ || \
+ 	    $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.txt \
+ 		$(DESTDIR)$(docdir)/
+-	test -f Linux-PAM_ADG.pdf || exit 0; \
++	test -f Linux-PAM_ADG.pdf -o -f $(srcdir)/Linux-PAM_ADG.pdf || exit 0; \
+ 	    $(install_sh_DATA) Linux-PAM_ADG.pdf $(DESTDIR)$(pdfdir)/ || \
+ 	    $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.pdf \
+ 		$(DESTDIR)$(pdfdir)/
+@@ -486,18 +486,18 @@ uninstall-local:
+ 
+ releasedocs: all
+ 	$(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html
+-	test -f html/Linux-PAM_ADG.html || exit 0; \
++	test -f html/Linux-PAM_ADG.html -o -f $(srcdir)/html/Linux-PAM_ADG.html || exit 0; \
+ 	    cp -ap html/Linux-PAM_ADG.html html/adg-*.html \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/ || \
+ 	    cp -ap $(srcdir)/html/Linux-PAM_ADG.html \
+ 		$(srcdir)/html/adg-*.html \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/
+-	test -f Linux-PAM_ADG.txt || exit 0; \
++	test -f Linux-PAM_ADG.txt -o -f $(srcdir)/Linux-PAM_ADG.txt || exit 0; \
+ 	    cp -p Linux-PAM_ADG.txt \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \
+ 	    cp -p $(srcdir)/Linux-PAM_ADG.txt \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/
+-	test -f Linux-PAM_ADG.pdf || exit 0; \
++	test -f Linux-PAM_ADG.pdf -o -f $(srcdir)/Linux-PAM_ADG.pdf || exit 0; \
+ 	    cp -p Linux-PAM_ADG.pdf \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \
+ 	    cp -p $(srcdir)/Linux-PAM_ADG.pdf \
+--- a/doc/mwg/Makefile.in
++++ b/doc/mwg/Makefile.in
+@@ -463,17 +463,17 @@ install-data-local:
+ 	$(mkinstalldirs) $(DESTDIR)$(docdir)
+ 	$(mkinstalldirs) $(DESTDIR)$(pdfdir)
+ 	$(mkinstalldirs) $(DESTDIR)$(htmldir)
+-	test -f html/Linux-PAM_MWG.html || exit 0; \
++	test -f html/Linux-PAM_MWG.html -o -f $(srcdir)/html/Linux-PAM_MWG.html || exit 0; \
+ 	    $(install_sh_DATA) html/Linux-PAM_MWG.html html/mwg-*.html \
+ 		$(DESTDIR)$(htmldir)/ || \
+ 	    $(install_sh_DATA) $(srcdir)/html/Linux-PAM_MWG.html \
+-		$(srcdir)/html/sag-*.html \
++		$(srcdir)/html/mwg-*.html \
+ 		$(DESTDIR)$(htmldir)/
+-	test -f Linux-PAM_MWG.txt || exit 0; \
++	test -f Linux-PAM_MWG.txt -o -f $(srcdir)/Linux-PAM_MWG.txt || exit 0; \
+ 	    $(install_sh_DATA) Linux-PAM_MWG.txt $(DESTDIR)$(docdir)/ || \
+ 	    $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.txt \
+ 		$(DESTDIR)$(docdir)/
+-	test -f Linux-PAM_MWG.pdf || exit 0; \
++	test -f Linux-PAM_MWG.pdf -o -f $(srcdir)/Linux-PAM_MWG.pdf || exit 0; \
+ 	    $(install_sh_DATA) Linux-PAM_MWG.pdf $(DESTDIR)$(pdfdir)/ || \
+ 	    $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.pdf \
+ 		$(DESTDIR)$(pdfdir)/
+@@ -486,18 +486,18 @@ uninstall-local:
+ 
+ releasedocs: all
+ 	$(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html
+-	test -f html/Linux-PAM_MWG.html || exit 0; \
++	test -f html/Linux-PAM_MWG.html -o -f $(srcdir)/html/Linux-PAM_MWG.html || exit 0; \
+ 	    cp -ap html/Linux-PAM_MWG.html html/mwg-*.html \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/ || \
+ 	    cp -ap $(srcdir)/html/Linux-PAM_MWG.html \
+ 		$(srcdir)/html/mwg-*.html \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/
+-	test -f Linux-PAM_MWG.txt || exit 0; \
++	test -f Linux-PAM_MWG.txt -o -f $(srcdir)/Linux-PAM_MWG.txt || exit 0; \
+ 	    cp -p Linux-PAM_MWG.txt \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \
+ 	    cp -p $(srcdir)/Linux-PAM_MWG.txt \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/
+-	test -f Linux-PAM_MWG.pdf || exit 0; \
++	test -f Linux-PAM_MWG.pdf -o -f $(srcdir)/Linux-PAM_MWG.pdf || exit 0; \
+ 	    cp -p Linux-PAM_MWG.pdf \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \
+ 	    cp -p $(srcdir)/Linux-PAM_MWG.pdf \
+--- a/doc/sag/Makefile.in
++++ b/doc/sag/Makefile.in
+@@ -463,17 +463,17 @@ install-data-local:
+ 	$(mkinstalldirs) $(DESTDIR)$(docdir)
+ 	$(mkinstalldirs) $(DESTDIR)$(pdfdir)
+ 	$(mkinstalldirs) $(DESTDIR)$(htmldir)
+-	test -f html/Linux-PAM_SAG.html || exit 0; \
++	test -f html/Linux-PAM_SAG.html -o -f $(srcdir)/html/Linux-PAM_SAG.html || exit 0; \
+ 	    $(install_sh_DATA) html/Linux-PAM_SAG.html html/sag-*.html \
+ 		$(DESTDIR)$(htmldir)/ || \
+ 	    $(install_sh_DATA) $(srcdir)/html/Linux-PAM_SAG.html \
+ 		$(srcdir)/html/sag-*.html \
+ 		$(DESTDIR)$(htmldir)/
+-	test -f Linux-PAM_SAG.txt || exit 0; \
++	test -f Linux-PAM_SAG.txt -o -f $(srcdir)/Linux-PAM_SAG.txt || exit 0; \
+ 	    $(install_sh_DATA) Linux-PAM_SAG.txt $(DESTDIR)$(docdir)/ || \
+ 	    $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.txt \
+ 		$(DESTDIR)$(docdir)/
+-	test -f Linux-PAM_SAG.pdf || exit 0; \
++	test -f Linux-PAM_SAG.pdf -o -f $(srcdir)/Linux-PAM_SAG.pdf || exit 0; \
+ 	    $(install_sh_DATA) Linux-PAM_SAG.pdf $(DESTDIR)$(pdfdir)/ || \
+ 	    $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.pdf \
+ 		$(DESTDIR)$(pdfdir)/
+@@ -486,18 +486,18 @@ uninstall-local:
+ 
+ releasedocs: all
+ 	$(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html
+-	test -f html/Linux-PAM_SAG.html || exit 0; \
++	test -f html/Linux-PAM_SAG.html -o -f $(srcdir)/html/Linux-PAM_SAG.html || exit 0; \
+ 	    cp -ap html/Linux-PAM_SAG.html html/sag-*.html \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/ || \
+ 	    cp -ap $(srcdir)/html/Linux-PAM_SAG.html \
+ 		$(srcdir)/html/sag-*.html \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/
+-	test -f Linux-PAM_SAG.txt || exit 0; \
++	test -f Linux-PAM_SAG.txt -o -f $(srcdir)/Linux-PAM_SAG.txt || exit 0; \
+ 	    cp -p Linux-PAM_SAG.txt \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \
+ 	    cp -p $(srcdir)/Linux-PAM_SAG.txt \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/
+-	test -f Linux-PAM_SAG.pdf || exit 0; \
++	test -f Linux-PAM_SAG.pdf -o -f $(srcdir)/Linux-PAM_SAG.pdf || exit 0; \
+ 	    cp -p Linux-PAM_SAG.pdf \
+ 		$(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \
+ 	    cp -p $(srcdir)/Linux-PAM_SAG.pdf \
diff --git a/sys-libs/pam/metadata.xml b/sys-libs/pam/metadata.xml
new file mode 100644
index 000000000000..4ee5aecd2bb5
--- /dev/null
+++ b/sys-libs/pam/metadata.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <herd>pam</herd>
+  <maintainer>
+    <email>pam-bugs@gentoo.org</email>
+  </maintainer>
+  <use>
+    <flag name='audit'>Enable support for <pkg>sys-process/audit</pkg></flag>
+
+    <flag name="berkdb">
+      Build the pam_userdb module, that allows to authenticate users
+      against a Berkeley DB file. Please note that enabling this USE
+      flag will create a PAM module that links to the Berkeley DB (as
+      provided by <pkg>sys-libs/db</pkg>) installed in /usr/lib and
+      will thus not work for boot-critical services authentication.
+    </flag>
+
+    <flag name="cracklib">
+      Build the pam_cracklib module, that allows to verify the chosen
+      passwords' strength through the use of
+      <pkg>sys-libs/cracklib</pkg>. Please note that simply enabling
+      the USE flag on this package will not make use of pam_cracklib
+      by default, you should also enable it in
+      <pkg>sys-auth/pambase</pkg> as well as update your configuration
+      files.
+    </flag>
+  </use>
+  <upstream>
+    <remote-id type="cpe">cpe:/a:kernel:linux-pam</remote-id>
+  </upstream>
+</pkgmetadata>
diff --git a/sys-libs/pam/pam-1.1.5.ebuild b/sys-libs/pam/pam-1.1.5.ebuild
new file mode 100644
index 000000000000..da863addcd87
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.5.ebuild
@@ -0,0 +1,186 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+inherit libtool multilib eutils pam toolchain-funcs flag-o-matic db-use
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="https://fedorahosted.org/releases/l/i/linux-pam/${MY_P}.tar.bz2
+	https://fedorahosted.org/releases/l/i/linux-pam/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb nis"
+
+RDEPEND="nls? ( virtual/libintl )
+	cracklib? ( >=sys-libs/cracklib-2.8.3 )
+	audit? ( sys-process/audit )
+	selinux? ( >=sys-libs/libselinux-1.28 )
+	berkdb? ( sys-libs/db )
+	elibc_glibc? (
+		>=sys-libs/glibc-2.7
+		nis? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/libtool-2
+	sys-devel/flex
+	nls? ( sys-devel/gettext )
+	virtual/pkgconfig"
+PDEPEND="sys-auth/pambase
+	vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+	!sys-auth/openpam
+	!sys-auth/pam_userdb"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+	local retval="0"
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+		eerror ""
+		eerror "Your current setup is using the pam_stack module."
+		eerror "This module is deprecated and no longer supported, and since version"
+		eerror "0.99 is no longer installed, nor provided by any other package."
+		eerror "The package will be built (to allow binary package builds), but will"
+		eerror "not be installed."
+		eerror "Please replace pam_stack usage with proper include directive usage,"
+		eerror "following the PAM Upgrade guide at the following URL"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+		eerror ""
+		eerror "Your current setup is using one or more of the following modules,"
+		eerror "that are not built or supported anymore:"
+		eerror "pam_pwdb, pam_console"
+		eerror "If you are in real need for these modules, please contact the maintainers"
+		eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+		eerror "use cases."
+		eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	return $retval
+}
+
+pkg_setup() {
+	check_old_modules
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${MY_P}+glibc-2.16.patch
+
+	elibtoolize
+}
+
+src_configure() {
+	local myconf
+
+	if use hppa || use elibc_FreeBSD; then
+		myconf="${myconf} --disable-pie"
+	fi
+
+	# Disable automatic detection of libxcrypt; we _don't_ want the
+	# user to link libxcrypt in by default, since we won't track the
+	# dependency and allow to break PAM this way.
+	export ac_cv_header_xcrypt_h=no
+
+	econf \
+		--disable-dependency-tracking \
+		--enable-fast-install \
+		--libdir="${EPREFIX}"/usr/$(get_libdir) \
+		--docdir="${EPREFIX}"/usr/share/doc/${PF} \
+		--htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \
+		--enable-securedir="${EPREFIX}"/$(get_libdir)/security \
+		--enable-isadir="${EPREFIX}"/$(get_libdir)/security \
+		$(use_enable nls) \
+		$(use_enable selinux) \
+		$(use_enable cracklib) \
+		$(use_enable audit) \
+		$(use_enable debug) \
+		$(use_enable berkdb db) \
+		$(use_enable nis) \
+		--with-db-uniquename=-$(db_findver sys-libs/db) \
+		--disable-prelude \
+		${myconf}
+}
+
+src_compile() {
+	emake sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "emake failed"
+}
+
+src_test() {
+	# explicitly allow parallel-build during testing
+	emake sepermitlockdir="${EPREFIX}/var/run/sepermit" check || die "emake check failed"
+}
+
+src_install() {
+	local lib
+
+	emake DESTDIR="${D}" install \
+		 sepermitlockdir="${EPREFIX}/var/run/sepermit" || die "make install failed"
+
+	# Need to be suid
+	fperms u+s /sbin/unix_chkpwd
+
+	gen_usr_ldscript -a pam pamc pam_misc
+
+	# create extra symlinks just in case something depends on them...
+	for lib in pam pamc pam_misc; do
+		if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+			dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
+		fi
+	done
+
+	dodoc CHANGELOG ChangeLog README AUTHORS Copyright NEWS
+
+	docinto modules
+	for dir in modules/pam_*; do
+		newdoc "${dir}"/README README."$(basename "${dir}")"
+	done
+
+	# Get rid of the .la files. We certainly don't need them for PAM
+	# modules, and libpam is installed as a shared object only, so we
+	# don't need them for static linking either.
+	find "${D}" -name '*.la' -delete
+}
+
+pkg_preinst() {
+	check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+	ewarn "Some software with pre-loaded PAM libraries might experience"
+	ewarn "warnings or failures related to missing symbols and/or versions"
+	ewarn "after any update. While unfortunate this is a limit of the"
+	ewarn "implementation of PAM and the software, and it requires you to"
+	ewarn "restart the software manually after the update."
+	ewarn ""
+	ewarn "You can get a list of such software running a command like"
+	ewarn "  lsof / | egrep -i 'del.*libpam\\.so'"
+	ewarn ""
+	ewarn "Alternatively, simply reboot your system."
+	if [ -x "${ROOT}"/var/log/tallylog ] ; then
+		elog ""
+		elog "Because of a bug present up to version 1.1.1-r2, you have"
+		elog "an executable /var/log/tallylog file. You can safely"
+		elog "correct it by running the command"
+		elog "  chmod -x /var/log/tallylog"
+		elog ""
+	fi
+}
diff --git a/sys-libs/pam/pam-1.1.6-r2.ebuild b/sys-libs/pam/pam-1.1.6-r2.ebuild
new file mode 100644
index 000000000000..8cdc8f2ccd81
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.6-r2.ebuild
@@ -0,0 +1,197 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib eutils pam toolchain-funcs flag-o-matic db-use autotools
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+	http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb nis"
+
+RDEPEND="nls? ( virtual/libintl )
+	cracklib? ( >=sys-libs/cracklib-2.8.3 )
+	audit? ( sys-process/audit )
+	selinux? ( >=sys-libs/libselinux-1.28 )
+	berkdb? ( sys-libs/db )
+	elibc_glibc? (
+		>=sys-libs/glibc-2.7
+		nis? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/libtool-2
+	sys-devel/flex
+	nls? ( sys-devel/gettext )
+	virtual/pkgconfig"
+PDEPEND="sys-auth/pambase
+	vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+	!<sys-apps/openrc-0.11.8
+	!sys-auth/openpam
+	!sys-auth/pam_userdb"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+	local retval="0"
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+		eerror ""
+		eerror "Your current setup is using the pam_stack module."
+		eerror "This module is deprecated and no longer supported, and since version"
+		eerror "0.99 is no longer installed, nor provided by any other package."
+		eerror "The package will be built (to allow binary package builds), but will"
+		eerror "not be installed."
+		eerror "Please replace pam_stack usage with proper include directive usage,"
+		eerror "following the PAM Upgrade guide at the following URL"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+		eerror ""
+		eerror "Your current setup is using one or more of the following modules,"
+		eerror "that are not built or supported anymore:"
+		eerror "pam_pwdb, pam_console"
+		eerror "If you are in real need for these modules, please contact the maintainers"
+		eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+		eerror "use cases."
+		eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	return $retval
+}
+
+pkg_pretend() {
+	# do not error out, this is just a warning, one could build a binpkg
+	# with old modules enabled.
+	check_old_modules
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${MY_P}-destdir.patch
+	epatch "${FILESDIR}"/${MY_P}+glibc-2.16.patch
+
+	eautoreconf
+	elibtoolize
+}
+
+src_configure() {
+	local myconf
+
+	if use hppa || use elibc_FreeBSD; then
+		myconf="${myconf} --disable-pie"
+	fi
+
+	# Disable automatic detection of libxcrypt; we _don't_ want the
+	# user to link libxcrypt in by default, since we won't track the
+	# dependency and allow to break PAM this way.
+	export ac_cv_header_xcrypt_h=no
+
+	econf \
+		--enable-fast-install \
+		--libdir="${EPREFIX}"/usr/$(get_libdir) \
+		--docdir="${EPREFIX}"/usr/share/doc/${PF} \
+		--htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \
+		--enable-securedir="${EPREFIX}"/$(get_libdir)/security \
+		--enable-isadir="${EPREFIX}"/$(get_libdir)/security \
+		$(use_enable nls) \
+		$(use_enable selinux) \
+		$(use_enable cracklib) \
+		$(use_enable audit) \
+		$(use_enable debug) \
+		$(use_enable berkdb db) \
+		$(use_enable nis) \
+		--with-db-uniquename=-$(db_findver sys-libs/db) \
+		--disable-prelude \
+		${myconf}
+}
+
+src_compile() {
+	emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+src_test() {
+	# explicitly allow parallel-build during testing
+	emake sepermitlockdir="${EPREFIX}/run/sepermit" check
+}
+
+src_install() {
+	local lib
+
+	emake DESTDIR="${D}" install \
+		 sepermitlockdir="${EPREFIX}/run/sepermit"
+
+	# Need to be suid
+	fperms u+s /sbin/unix_chkpwd
+
+	gen_usr_ldscript -a pam pamc pam_misc
+
+	# create extra symlinks just in case something depends on them...
+	for lib in pam pamc pam_misc; do
+		if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+			dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
+		fi
+	done
+
+	dodoc CHANGELOG ChangeLog README AUTHORS Copyright NEWS
+
+	docinto modules
+	for dir in modules/pam_*; do
+		newdoc "${dir}"/README README."$(basename "${dir}")"
+	done
+
+	# Get rid of the .la files. We certainly don't need them for PAM
+	# modules, and libpam is installed as a shared object only, so we
+	# don't need them for static linking either.
+	find "${D}" -name '*.la' -delete
+
+	if use selinux; then
+		dodir /usr/lib/tmpfiles.d
+		cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+	fi
+}
+
+pkg_preinst() {
+	check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+	ewarn "Some software with pre-loaded PAM libraries might experience"
+	ewarn "warnings or failures related to missing symbols and/or versions"
+	ewarn "after any update. While unfortunate this is a limit of the"
+	ewarn "implementation of PAM and the software, and it requires you to"
+	ewarn "restart the software manually after the update."
+	ewarn ""
+	ewarn "You can get a list of such software running a command like"
+	ewarn "  lsof / | egrep -i 'del.*libpam\\.so'"
+	ewarn ""
+	ewarn "Alternatively, simply reboot your system."
+	if [ -x "${ROOT}"/var/log/tallylog ] ; then
+		elog ""
+		elog "Because of a bug present up to version 1.1.1-r2, you have"
+		elog "an executable /var/log/tallylog file. You can safely"
+		elog "correct it by running the command"
+		elog "  chmod -x /var/log/tallylog"
+		elog ""
+	fi
+}
diff --git a/sys-libs/pam/pam-1.1.8-r1.ebuild b/sys-libs/pam/pam-1.1.8-r1.ebuild
new file mode 100644
index 000000000000..e57a0cfa4a4d
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.8-r1.ebuild
@@ -0,0 +1,183 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib eutils pam toolchain-funcs flag-o-matic db-use autotools-utils
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+	http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb nis"
+
+RDEPEND="nls? ( virtual/libintl )
+	cracklib? ( >=sys-libs/cracklib-2.8.3 )
+	audit? ( sys-process/audit )
+	selinux? ( >=sys-libs/libselinux-1.28 )
+	berkdb? ( sys-libs/db )
+	elibc_glibc? (
+		>=sys-libs/glibc-2.7
+		nis? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/libtool-2
+	sys-devel/flex
+	nls? ( sys-devel/gettext )
+	virtual/pkgconfig"
+PDEPEND="sys-auth/pambase
+	vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+	!<sys-apps/openrc-0.11.8
+	!sys-auth/openpam
+	!sys-auth/pam_userdb"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+	local retval="0"
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+		eerror ""
+		eerror "Your current setup is using the pam_stack module."
+		eerror "This module is deprecated and no longer supported, and since version"
+		eerror "0.99 is no longer installed, nor provided by any other package."
+		eerror "The package will be built (to allow binary package builds), but will"
+		eerror "not be installed."
+		eerror "Please replace pam_stack usage with proper include directive usage,"
+		eerror "following the PAM Upgrade guide at the following URL"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+		eerror ""
+		eerror "Your current setup is using one or more of the following modules,"
+		eerror "that are not built or supported anymore:"
+		eerror "pam_pwdb, pam_console"
+		eerror "If you are in real need for these modules, please contact the maintainers"
+		eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+		eerror "use cases."
+		eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	return $retval
+}
+
+pkg_pretend() {
+	# do not error out, this is just a warning, one could build a binpkg
+	# with old modules enabled.
+	check_old_modules
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${PN}-1.1.8-doc-install.patch #473650
+
+	elibtoolize
+}
+
+src_configure() {
+	# Disable automatic detection of libxcrypt; we _don't_ want the
+	# user to link libxcrypt in by default, since we won't track the
+	# dependency and allow to break PAM this way.
+	export ac_cv_header_xcrypt_h=no
+
+	local myeconfargs=(
+		--htmldir="${EPREFIX}"/usr/share/doc/${PF}/html
+		--libdir="${EPREFIX}"/usr/$(get_libdir) \
+		--enable-securedir="${EPREFIX}"/$(get_libdir)/security
+		--enable-isadir="${EPREFIX}"/$(get_libdir)/security
+		$(use_enable nls)
+		$(use_enable selinux)
+		$(use_enable cracklib)
+		$(use_enable audit)
+		$(use_enable debug)
+		$(use_enable berkdb db)
+		$(use_enable nis)
+		--with-db-uniquename=-$(db_findver sys-libs/db)
+		--disable-prelude
+	)
+
+	if use hppa || use elibc_FreeBSD; then
+		myeconfargs+=( --disable-pie )
+	fi
+
+	autotools-utils_src_configure
+}
+
+src_compile() {
+	autotools-utils_src_compile sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+src_install() {
+	autotools-utils_src_install sepermitlockdir="${EPREFIX}/run/sepermit"
+
+	# Need to be suid
+	fperms u+s /sbin/unix_chkpwd
+
+	gen_usr_ldscript -a pam pamc pam_misc
+
+	# create extra symlinks just in case something depends on them...
+	local lib
+	for lib in pam pamc pam_misc; do
+		if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+			dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
+		fi
+	done
+
+	docinto modules
+	for dir in modules/pam_*; do
+		newdoc "${dir}"/README README."$(basename "${dir}")"
+	done
+
+	prune_libtool_files --all
+
+	if use selinux; then
+		dodir /usr/lib/tmpfiles.d
+		cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+	fi
+}
+
+pkg_preinst() {
+	check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+	ewarn "Some software with pre-loaded PAM libraries might experience"
+	ewarn "warnings or failures related to missing symbols and/or versions"
+	ewarn "after any update. While unfortunate this is a limit of the"
+	ewarn "implementation of PAM and the software, and it requires you to"
+	ewarn "restart the software manually after the update."
+	ewarn ""
+	ewarn "You can get a list of such software running a command like"
+	ewarn "  lsof / | egrep -i 'del.*libpam\\.so'"
+	ewarn ""
+	ewarn "Alternatively, simply reboot your system."
+	if [ -x "${EROOT}"/var/log/tallylog ] ; then
+		elog ""
+		elog "Because of a bug present up to version 1.1.1-r2, you have"
+		elog "an executable /var/log/tallylog file. You can safely"
+		elog "correct it by running the command"
+		elog "  chmod -x /var/log/tallylog"
+		elog ""
+	fi
+}
diff --git a/sys-libs/pam/pam-1.1.8-r2.ebuild b/sys-libs/pam/pam-1.1.8-r2.ebuild
new file mode 100644
index 000000000000..0cc239dd2b7f
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.8-r2.ebuild
@@ -0,0 +1,198 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+	http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb nis"
+
+RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+	cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
+	audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+	berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] )
+	elibc_glibc? (
+		>=sys-libs/glibc-2.7
+		nis? ( || ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] <sys-libs/glibc-2.14 ) )
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/libtool-2
+	>=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}]
+	nls? ( sys-devel/gettext )
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
+PDEPEND="sys-auth/pambase
+	vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+	!<sys-apps/openrc-0.11.8
+	!sys-auth/openpam
+	!sys-auth/pam_userdb
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+	local retval="0"
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+		eerror ""
+		eerror "Your current setup is using the pam_stack module."
+		eerror "This module is deprecated and no longer supported, and since version"
+		eerror "0.99 is no longer installed, nor provided by any other package."
+		eerror "The package will be built (to allow binary package builds), but will"
+		eerror "not be installed."
+		eerror "Please replace pam_stack usage with proper include directive usage,"
+		eerror "following the PAM Upgrade guide at the following URL"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+		eerror ""
+		eerror "Your current setup is using one or more of the following modules,"
+		eerror "that are not built or supported anymore:"
+		eerror "pam_pwdb, pam_console"
+		eerror "If you are in real need for these modules, please contact the maintainers"
+		eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+		eerror "use cases."
+		eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	return $retval
+}
+
+pkg_pretend() {
+	# do not error out, this is just a warning, one could build a binpkg
+	# with old modules enabled.
+	check_old_modules
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${PN}-1.1.8-doc-install.patch #473650
+
+	elibtoolize
+}
+
+multilib_src_configure() {
+	# Disable automatic detection of libxcrypt; we _don't_ want the
+	# user to link libxcrypt in by default, since we won't track the
+	# dependency and allow to break PAM this way.
+	export ac_cv_header_xcrypt_h=no
+
+	local myconf=(
+		--htmldir="${EPREFIX}"/usr/share/doc/${PF}/html
+		--libdir="${EPREFIX}"/usr/$(get_libdir) \
+		--enable-securedir="${EPREFIX}"/$(get_libdir)/security
+		--enable-isadir="${EPREFIX}"/$(get_libdir)/security
+		$(use_enable nls)
+		$(use_enable selinux)
+		$(use_enable cracklib)
+		$(use_enable audit)
+		$(use_enable debug)
+		$(use_enable berkdb db)
+		$(use_enable nis)
+		--with-db-uniquename=-$(db_findver sys-libs/db)
+		--disable-prelude
+	)
+
+	if use hppa || use elibc_FreeBSD; then
+		myconf+=( --disable-pie )
+	fi
+
+	ECONF_SOURCE=${S} \
+	econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+	emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install \
+		sepermitlockdir="${EPREFIX}/run/sepermit"
+
+	local prefix
+	if multilib_is_native_abi; then
+		prefix=
+		gen_usr_ldscript -a pam pamc pam_misc
+	else
+		prefix=/usr
+	fi
+
+	# create extra symlinks just in case something depends on them...
+	local lib
+	for lib in pam pamc pam_misc; do
+		if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+			dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
+		fi
+	done
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+multilib_src_install_all() {
+	einstalldocs
+	prune_libtool_files --all
+
+	# Need to be suid
+	fperms u+s /sbin/unix_chkpwd
+
+	docinto modules
+	for dir in modules/pam_*; do
+		newdoc "${dir}"/README README."$(basename "${dir}")"
+	done
+
+	if use selinux; then
+		dodir /usr/lib/tmpfiles.d
+		cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+	fi
+}
+
+pkg_preinst() {
+	check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+	ewarn "Some software with pre-loaded PAM libraries might experience"
+	ewarn "warnings or failures related to missing symbols and/or versions"
+	ewarn "after any update. While unfortunate this is a limit of the"
+	ewarn "implementation of PAM and the software, and it requires you to"
+	ewarn "restart the software manually after the update."
+	ewarn ""
+	ewarn "You can get a list of such software running a command like"
+	ewarn "  lsof / | egrep -i 'del.*libpam\\.so'"
+	ewarn ""
+	ewarn "Alternatively, simply reboot your system."
+	if [[ -x "${EROOT}"/var/log/tallylog ]] ; then
+		elog ""
+		elog "Because of a bug present up to version 1.1.1-r2, you have"
+		elog "an executable /var/log/tallylog file. You can safely"
+		elog "correct it by running the command"
+		elog "  chmod -x /var/log/tallylog"
+		elog ""
+	fi
+}
diff --git a/sys-libs/pam/pam-1.1.8-r3.ebuild b/sys-libs/pam/pam-1.1.8-r3.ebuild
new file mode 100644
index 000000000000..f04ef9486f24
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.8-r3.ebuild
@@ -0,0 +1,195 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+	http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="audit berkdb cracklib debug nis nls +pie selinux test vim-syntax"
+
+RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+	cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
+	audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+	berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] )
+	nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=sys-devel/libtool-2
+	>=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}]
+	nls? ( sys-devel/gettext )
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
+PDEPEND="sys-auth/pambase
+	vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+	!<sys-apps/openrc-0.11.8
+	!sys-auth/openpam
+	!sys-auth/pam_userdb
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+	local retval="0"
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+		eerror ""
+		eerror "Your current setup is using the pam_stack module."
+		eerror "This module is deprecated and no longer supported, and since version"
+		eerror "0.99 is no longer installed, nor provided by any other package."
+		eerror "The package will be built (to allow binary package builds), but will"
+		eerror "not be installed."
+		eerror "Please replace pam_stack usage with proper include directive usage,"
+		eerror "following the PAM Upgrade guide at the following URL"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+		eerror ""
+		eerror "Your current setup is using one or more of the following modules,"
+		eerror "that are not built or supported anymore:"
+		eerror "pam_pwdb, pam_console"
+		eerror "If you are in real need for these modules, please contact the maintainers"
+		eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+		eerror "use cases."
+		eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	return ${retval}
+}
+
+pkg_pretend() {
+	# do not error out, this is just a warning, one could build a binpkg
+	# with old modules enabled.
+	check_old_modules
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${PN}-1.1.8-doc-install.patch #473650
+	epatch "${FILESDIR}"/${PN}-1.1.8-CVE-2013-7041.patch #493432
+	epatch "${FILESDIR}"/${PN}-1.1.8-CVE-2014-2583.patch #505604
+
+	elibtoolize
+}
+
+multilib_src_configure() {
+	# Disable automatic detection of libxcrypt; we _don't_ want the
+	# user to link libxcrypt in by default, since we won't track the
+	# dependency and allow to break PAM this way.
+	export ac_cv_header_xcrypt_h=no
+
+	local myconf=(
+		--docdir='$(datarootdir)'/doc/${PF}
+		--htmldir='$(docdir)/html'
+		--libdir='$(prefix)'/$(get_libdir)
+		--enable-securedir="${EPREFIX}"/$(get_libdir)/security
+		--enable-isadir='.' #464016
+		$(use_enable nls)
+		$(use_enable selinux)
+		$(use_enable cracklib)
+		$(use_enable audit)
+		$(use_enable debug)
+		$(use_enable berkdb db)
+		$(use_enable nis)
+		$(use_enable pie)
+		--with-db-uniquename=-$(db_findver sys-libs/db)
+		--disable-prelude
+	)
+
+	ECONF_SOURCE=${S} \
+	econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+	emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install \
+		sepermitlockdir="${EPREFIX}/run/sepermit"
+
+	local prefix
+	if multilib_is_native_abi; then
+		prefix=
+		gen_usr_ldscript -a pam pamc pam_misc
+	else
+		prefix=/usr
+	fi
+
+	# create extra symlinks just in case something depends on them...
+	local lib
+	for lib in pam pamc pam_misc; do
+		if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+			dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
+		fi
+	done
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+multilib_src_install_all() {
+	einstalldocs
+	prune_libtool_files --all
+
+	# Need to be suid
+	fperms 4711 /sbin/unix_chkpwd
+
+	docinto modules
+	local dir
+	for dir in modules/pam_*; do
+		newdoc "${dir}"/README README."$(basename "${dir}")"
+	done
+
+	if use selinux; then
+		dodir /usr/lib/tmpfiles.d
+		cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+	fi
+}
+
+pkg_preinst() {
+	check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+	ewarn "Some software with pre-loaded PAM libraries might experience"
+	ewarn "warnings or failures related to missing symbols and/or versions"
+	ewarn "after any update. While unfortunate this is a limit of the"
+	ewarn "implementation of PAM and the software, and it requires you to"
+	ewarn "restart the software manually after the update."
+	ewarn ""
+	ewarn "You can get a list of such software running a command like"
+	ewarn "  lsof / | egrep -i 'del.*libpam\\.so'"
+	ewarn ""
+	ewarn "Alternatively, simply reboot your system."
+	if [[ -x "${EROOT}"/var/log/tallylog ]] ; then
+		elog ""
+		elog "Because of a bug present up to version 1.1.1-r2, you have"
+		elog "an executable /var/log/tallylog file. You can safely"
+		elog "correct it by running the command"
+		elog "  chmod -x /var/log/tallylog"
+		elog ""
+	fi
+}
diff --git a/sys-libs/pam/pam-1.1.8.ebuild b/sys-libs/pam/pam-1.1.8.ebuild
new file mode 100644
index 000000000000..1ebba4c8dcae
--- /dev/null
+++ b/sys-libs/pam/pam-1.1.8.ebuild
@@ -0,0 +1,181 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib eutils pam toolchain-funcs flag-o-matic db-use autotools-utils
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+	http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc debug berkdb nis"
+
+RDEPEND="nls? ( virtual/libintl )
+	cracklib? ( >=sys-libs/cracklib-2.8.3 )
+	audit? ( sys-process/audit )
+	selinux? ( >=sys-libs/libselinux-1.28 )
+	berkdb? ( sys-libs/db )
+	elibc_glibc? (
+		>=sys-libs/glibc-2.7
+		nis? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/libtool-2
+	sys-devel/flex
+	nls? ( sys-devel/gettext )
+	virtual/pkgconfig"
+PDEPEND="sys-auth/pambase
+	vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+	!<sys-apps/openrc-0.11.8
+	!sys-auth/openpam
+	!sys-auth/pam_userdb"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+	local retval="0"
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+		eerror ""
+		eerror "Your current setup is using the pam_stack module."
+		eerror "This module is deprecated and no longer supported, and since version"
+		eerror "0.99 is no longer installed, nor provided by any other package."
+		eerror "The package will be built (to allow binary package builds), but will"
+		eerror "not be installed."
+		eerror "Please replace pam_stack usage with proper include directive usage,"
+		eerror "following the PAM Upgrade guide at the following URL"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+		eerror ""
+		eerror "Your current setup is using one or more of the following modules,"
+		eerror "that are not built or supported anymore:"
+		eerror "pam_pwdb, pam_console"
+		eerror "If you are in real need for these modules, please contact the maintainers"
+		eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+		eerror "use cases."
+		eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	return $retval
+}
+
+pkg_pretend() {
+	# do not error out, this is just a warning, one could build a binpkg
+	# with old modules enabled.
+	check_old_modules
+}
+
+src_prepare() {
+	elibtoolize
+}
+
+src_configure() {
+	# Disable automatic detection of libxcrypt; we _don't_ want the
+	# user to link libxcrypt in by default, since we won't track the
+	# dependency and allow to break PAM this way.
+	export ac_cv_header_xcrypt_h=no
+
+	local myeconfargs=(
+		--htmldir="${EPREFIX}"/usr/share/doc/${PF}/html
+		--libdir="${EPREFIX}"/usr/$(get_libdir) \
+		--enable-securedir="${EPREFIX}"/$(get_libdir)/security
+		--enable-isadir="${EPREFIX}"/$(get_libdir)/security
+		$(use_enable nls)
+		$(use_enable selinux)
+		$(use_enable cracklib)
+		$(use_enable audit)
+		$(use_enable debug)
+		$(use_enable berkdb db)
+		$(use_enable nis)
+		--with-db-uniquename=-$(db_findver sys-libs/db)
+		--disable-prelude
+	)
+
+	if use hppa || use elibc_FreeBSD; then
+		myeconfargs+=( --disable-pie )
+	fi
+
+	autotools-utils_src_configure
+}
+
+src_compile() {
+	autotools-utils_src_compile sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+src_install() {
+	autotools-utils_src_install sepermitlockdir="${EPREFIX}/run/sepermit"
+
+	# Need to be suid
+	fperms u+s /sbin/unix_chkpwd
+
+	gen_usr_ldscript -a pam pamc pam_misc
+
+	# create extra symlinks just in case something depends on them...
+	local lib
+	for lib in pam pamc pam_misc; do
+		if ! [[ -f "${ED}"/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+			dosym lib${lib}$(get_libname 0) /$(get_libdir)/lib${lib}$(get_libname)
+		fi
+	done
+
+	docinto modules
+	for dir in modules/pam_*; do
+		newdoc "${dir}"/README README."$(basename "${dir}")"
+	done
+
+	prune_libtool_files --all
+
+	if use selinux; then
+		dodir /usr/lib/tmpfiles.d
+		cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+	fi
+}
+
+pkg_preinst() {
+	check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+	ewarn "Some software with pre-loaded PAM libraries might experience"
+	ewarn "warnings or failures related to missing symbols and/or versions"
+	ewarn "after any update. While unfortunate this is a limit of the"
+	ewarn "implementation of PAM and the software, and it requires you to"
+	ewarn "restart the software manually after the update."
+	ewarn ""
+	ewarn "You can get a list of such software running a command like"
+	ewarn "  lsof / | egrep -i 'del.*libpam\\.so'"
+	ewarn ""
+	ewarn "Alternatively, simply reboot your system."
+	if [ -x "${ROOT}"/var/log/tallylog ] ; then
+		elog ""
+		elog "Because of a bug present up to version 1.1.1-r2, you have"
+		elog "an executable /var/log/tallylog file. You can safely"
+		elog "correct it by running the command"
+		elog "  chmod -x /var/log/tallylog"
+		elog ""
+	fi
+}
diff --git a/sys-libs/pam/pam-1.2.0.ebuild b/sys-libs/pam/pam-1.2.0.ebuild
new file mode 100644
index 000000000000..a44d9eaea2ab
--- /dev/null
+++ b/sys-libs/pam/pam-1.2.0.ebuild
@@ -0,0 +1,194 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="https://fedorahosted.org/linux-pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+	http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="audit berkdb cracklib debug nis nls +pie selinux test vim-syntax"
+
+RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+	cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
+	audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+	berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] )
+	nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=sys-devel/libtool-2
+	>=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}]
+	nls? ( sys-devel/gettext )
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
+PDEPEND="sys-auth/pambase
+	vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+	!<sys-apps/openrc-0.11.8
+	!sys-auth/openpam
+	!sys-auth/pam_userdb
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+	local retval="0"
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+		eerror ""
+		eerror "Your current setup is using the pam_stack module."
+		eerror "This module is deprecated and no longer supported, and since version"
+		eerror "0.99 is no longer installed, nor provided by any other package."
+		eerror "The package will be built (to allow binary package builds), but will"
+		eerror "not be installed."
+		eerror "Please replace pam_stack usage with proper include directive usage,"
+		eerror "following the PAM Upgrade guide at the following URL"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+		eerror ""
+		eerror "Your current setup is using one or more of the following modules,"
+		eerror "that are not built or supported anymore:"
+		eerror "pam_pwdb, pam_console"
+		eerror "If you are in real need for these modules, please contact the maintainers"
+		eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+		eerror "use cases."
+		eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	return ${retval}
+}
+
+pkg_pretend() {
+	# do not error out, this is just a warning, one could build a binpkg
+	# with old modules enabled.
+	check_old_modules
+}
+
+src_prepare() {
+	elibtoolize
+}
+
+multilib_src_configure() {
+	# Do not let user's BROWSER setting mess us up. #549684
+	unset BROWSER
+
+	# Disable automatic detection of libxcrypt; we _don't_ want the
+	# user to link libxcrypt in by default, since we won't track the
+	# dependency and allow to break PAM this way.
+	export ac_cv_header_xcrypt_h=no
+
+	local myconf=(
+		--docdir='$(datarootdir)'/doc/${PF}
+		--htmldir='$(docdir)/html'
+		--libdir='$(prefix)'/$(get_libdir)
+		--enable-securedir="${EPREFIX}"/$(get_libdir)/security
+		--enable-isadir='.' #464016
+		$(use_enable nls)
+		$(use_enable selinux)
+		$(use_enable cracklib)
+		$(use_enable audit)
+		$(use_enable debug)
+		$(use_enable berkdb db)
+		$(use_enable nis)
+		$(use_enable pie)
+		--with-db-uniquename=-$(db_findver sys-libs/db)
+		--disable-prelude
+	)
+
+	ECONF_SOURCE=${S} \
+	econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+	emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install \
+		sepermitlockdir="${EPREFIX}/run/sepermit"
+
+	local prefix
+	if multilib_is_native_abi; then
+		prefix=
+		gen_usr_ldscript -a pam pamc pam_misc
+	else
+		prefix=/usr
+	fi
+
+	# create extra symlinks just in case something depends on them...
+	local lib
+	for lib in pam pamc pam_misc; do
+		if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+			dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
+		fi
+	done
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+multilib_src_install_all() {
+	einstalldocs
+	prune_libtool_files --all
+
+	# Need to be suid
+	fperms 4711 /sbin/unix_chkpwd
+
+	docinto modules
+	local dir
+	for dir in modules/pam_*; do
+		newdoc "${dir}"/README README."$(basename "${dir}")"
+	done
+
+	if use selinux; then
+		dodir /usr/lib/tmpfiles.d
+		cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+	fi
+}
+
+pkg_preinst() {
+	check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+	ewarn "Some software with pre-loaded PAM libraries might experience"
+	ewarn "warnings or failures related to missing symbols and/or versions"
+	ewarn "after any update. While unfortunate this is a limit of the"
+	ewarn "implementation of PAM and the software, and it requires you to"
+	ewarn "restart the software manually after the update."
+	ewarn ""
+	ewarn "You can get a list of such software running a command like"
+	ewarn "  lsof / | egrep -i 'del.*libpam\\.so'"
+	ewarn ""
+	ewarn "Alternatively, simply reboot your system."
+	if [[ -x "${EROOT}"/var/log/tallylog ]] ; then
+		elog ""
+		elog "Because of a bug present up to version 1.1.1-r2, you have"
+		elog "an executable /var/log/tallylog file. You can safely"
+		elog "correct it by running the command"
+		elog "  chmod -x /var/log/tallylog"
+		elog ""
+	fi
+}
diff --git a/sys-libs/pam/pam-1.2.1-r1.ebuild b/sys-libs/pam/pam-1.2.1-r1.ebuild
new file mode 100644
index 000000000000..0c86a62dc36d
--- /dev/null
+++ b/sys-libs/pam/pam-1.2.1-r1.ebuild
@@ -0,0 +1,202 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use fcaps
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+HOMEPAGE="http://www.linux-pam.org/ https://fedorahosted.org/linux-pam/"
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+	http://www.linux-pam.org/documentation/${MY_PN}-1.2.0-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="audit berkdb cracklib debug nis nls +pie selinux test vim-syntax"
+
+RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+	cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
+	audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+	berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] )
+	nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=sys-devel/libtool-2
+	>=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}]
+	nls? ( sys-devel/gettext )
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
+PDEPEND="sys-auth/pambase
+	vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+	!<sys-apps/openrc-0.11.8
+	!sys-auth/openpam
+	!sys-auth/pam_userdb
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+	local retval="0"
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+		eerror ""
+		eerror "Your current setup is using the pam_stack module."
+		eerror "This module is deprecated and no longer supported, and since version"
+		eerror "0.99 is no longer installed, nor provided by any other package."
+		eerror "The package will be built (to allow binary package builds), but will"
+		eerror "not be installed."
+		eerror "Please replace pam_stack usage with proper include directive usage,"
+		eerror "following the PAM Upgrade guide at the following URL"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+		eerror ""
+		eerror "Your current setup is using one or more of the following modules,"
+		eerror "that are not built or supported anymore:"
+		eerror "pam_pwdb, pam_console"
+		eerror "If you are in real need for these modules, please contact the maintainers"
+		eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+		eerror "use cases."
+		eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	return ${retval}
+}
+
+pkg_pretend() {
+	# do not error out, this is just a warning, one could build a binpkg
+	# with old modules enabled.
+	check_old_modules
+}
+
+src_unpack() {
+	# Upstream didn't release a new doc tarball (since nothing changed?).
+	unpack ${MY_PN}-1.2.0-docs.tar.bz2
+	mv Linux-PAM-1.2.{0,1} || die
+	unpack ${MY_P}.tar.bz2
+}
+
+src_prepare() {
+	elibtoolize
+}
+
+multilib_src_configure() {
+	# Do not let user's BROWSER setting mess us up. #549684
+	unset BROWSER
+
+	# Disable automatic detection of libxcrypt; we _don't_ want the
+	# user to link libxcrypt in by default, since we won't track the
+	# dependency and allow to break PAM this way.
+	export ac_cv_header_xcrypt_h=no
+
+	local myconf=(
+		--docdir='$(datarootdir)'/doc/${PF}
+		--htmldir='$(docdir)/html'
+		--libdir='$(prefix)'/$(get_libdir)
+		--enable-securedir="${EPREFIX}"/$(get_libdir)/security
+		--enable-isadir='.' #464016
+		$(use_enable nls)
+		$(use_enable selinux)
+		$(use_enable cracklib)
+		$(use_enable audit)
+		$(use_enable debug)
+		$(use_enable berkdb db)
+		$(use_enable nis)
+		$(use_enable pie)
+		--with-db-uniquename=-$(db_findver sys-libs/db)
+		--disable-prelude
+	)
+
+	ECONF_SOURCE=${S} \
+	econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+	emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install \
+		sepermitlockdir="${EPREFIX}/run/sepermit"
+
+	local prefix
+	if multilib_is_native_abi; then
+		prefix=
+		gen_usr_ldscript -a pam pamc pam_misc
+	else
+		prefix=/usr
+	fi
+
+	# create extra symlinks just in case something depends on them...
+	local lib
+	for lib in pam pamc pam_misc; do
+		if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+			dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
+		fi
+	done
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+multilib_src_install_all() {
+	einstalldocs
+	prune_libtool_files --all
+
+	docinto modules
+	local dir
+	for dir in modules/pam_*; do
+		newdoc "${dir}"/README README."$(basename "${dir}")"
+	done
+
+	if use selinux; then
+		dodir /usr/lib/tmpfiles.d
+		cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+	fi
+}
+
+pkg_preinst() {
+	check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+	ewarn "Some software with pre-loaded PAM libraries might experience"
+	ewarn "warnings or failures related to missing symbols and/or versions"
+	ewarn "after any update. While unfortunate this is a limit of the"
+	ewarn "implementation of PAM and the software, and it requires you to"
+	ewarn "restart the software manually after the update."
+	ewarn ""
+	ewarn "You can get a list of such software running a command like"
+	ewarn "  lsof / | egrep -i 'del.*libpam\\.so'"
+	ewarn ""
+	ewarn "Alternatively, simply reboot your system."
+	if [[ -x "${EROOT}"/var/log/tallylog ]] ; then
+		elog ""
+		elog "Because of a bug present up to version 1.1.1-r2, you have"
+		elog "an executable /var/log/tallylog file. You can safely"
+		elog "correct it by running the command"
+		elog "  chmod -x /var/log/tallylog"
+		elog ""
+	fi
+
+	# The pam_unix module needs to check the password of the user which requires
+	# read access to /etc/shadow only.
+	fcaps cap_dac_override sbin/unix_chkpwd
+}
diff --git a/sys-libs/pam/pam-1.2.1.ebuild b/sys-libs/pam/pam-1.2.1.ebuild
new file mode 100644
index 000000000000..67d1dd2487ac
--- /dev/null
+++ b/sys-libs/pam/pam-1.2.1.ebuild
@@ -0,0 +1,201 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+HOMEPAGE="http://www.linux-pam.org/ https://fedorahosted.org/linux-pam/"
+SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2
+	http://www.linux-pam.org/documentation/${MY_PN}-1.2.0-docs.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~ia64-linux ~x86-linux"
+IUSE="audit berkdb cracklib debug nis nls +pie selinux test vim-syntax"
+
+RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+	cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] )
+	audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] )
+	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
+	berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] )
+	nis? ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=sys-devel/libtool-2
+	>=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}]
+	nls? ( sys-devel/gettext )
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
+PDEPEND="sys-auth/pambase
+	vim-syntax? ( app-vim/pam-syntax )"
+RDEPEND="${RDEPEND}
+	!<sys-apps/openrc-0.11.8
+	!sys-auth/openpam
+	!sys-auth/pam_userdb
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+S="${WORKDIR}/${MY_P}"
+
+check_old_modules() {
+	local retval="0"
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+		eerror ""
+		eerror "Your current setup is using the pam_stack module."
+		eerror "This module is deprecated and no longer supported, and since version"
+		eerror "0.99 is no longer installed, nor provided by any other package."
+		eerror "The package will be built (to allow binary package builds), but will"
+		eerror "not be installed."
+		eerror "Please replace pam_stack usage with proper include directive usage,"
+		eerror "following the PAM Upgrade guide at the following URL"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then
+		eerror ""
+		eerror "Your current setup is using one or more of the following modules,"
+		eerror "that are not built or supported anymore:"
+		eerror "pam_pwdb, pam_console"
+		eerror "If you are in real need for these modules, please contact the maintainers"
+		eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+		eerror "use cases."
+		eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+
+		retval=1
+	fi
+
+	return ${retval}
+}
+
+pkg_pretend() {
+	# do not error out, this is just a warning, one could build a binpkg
+	# with old modules enabled.
+	check_old_modules
+}
+
+src_unpack() {
+	# Upstream didn't release a new doc tarball (since nothing changed?).
+	unpack ${MY_PN}-1.2.0-docs.tar.bz2
+	mv Linux-PAM-1.2.{0,1} || die
+	unpack ${MY_P}.tar.bz2
+}
+
+src_prepare() {
+	elibtoolize
+}
+
+multilib_src_configure() {
+	# Do not let user's BROWSER setting mess us up. #549684
+	unset BROWSER
+
+	# Disable automatic detection of libxcrypt; we _don't_ want the
+	# user to link libxcrypt in by default, since we won't track the
+	# dependency and allow to break PAM this way.
+	export ac_cv_header_xcrypt_h=no
+
+	local myconf=(
+		--docdir='$(datarootdir)'/doc/${PF}
+		--htmldir='$(docdir)/html'
+		--libdir='$(prefix)'/$(get_libdir)
+		--enable-securedir="${EPREFIX}"/$(get_libdir)/security
+		--enable-isadir='.' #464016
+		$(use_enable nls)
+		$(use_enable selinux)
+		$(use_enable cracklib)
+		$(use_enable audit)
+		$(use_enable debug)
+		$(use_enable berkdb db)
+		$(use_enable nis)
+		$(use_enable pie)
+		--with-db-uniquename=-$(db_findver sys-libs/db)
+		--disable-prelude
+	)
+
+	ECONF_SOURCE=${S} \
+	econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+	emake sepermitlockdir="${EPREFIX}/run/sepermit"
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install \
+		sepermitlockdir="${EPREFIX}/run/sepermit"
+
+	local prefix
+	if multilib_is_native_abi; then
+		prefix=
+		gen_usr_ldscript -a pam pamc pam_misc
+	else
+		prefix=/usr
+	fi
+
+	# create extra symlinks just in case something depends on them...
+	local lib
+	for lib in pam pamc pam_misc; do
+		if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
+			dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
+		fi
+	done
+}
+
+DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )
+
+multilib_src_install_all() {
+	einstalldocs
+	prune_libtool_files --all
+
+	# Need to be suid
+	fperms 4711 /sbin/unix_chkpwd
+
+	docinto modules
+	local dir
+	for dir in modules/pam_*; do
+		newdoc "${dir}"/README README."$(basename "${dir}")"
+	done
+
+	if use selinux; then
+		dodir /usr/lib/tmpfiles.d
+		cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF
+d /run/sepermit 0755 root root
+EOF
+	fi
+}
+
+pkg_preinst() {
+	check_old_modules || die "deprecated PAM modules still used"
+}
+
+pkg_postinst() {
+	ewarn "Some software with pre-loaded PAM libraries might experience"
+	ewarn "warnings or failures related to missing symbols and/or versions"
+	ewarn "after any update. While unfortunate this is a limit of the"
+	ewarn "implementation of PAM and the software, and it requires you to"
+	ewarn "restart the software manually after the update."
+	ewarn ""
+	ewarn "You can get a list of such software running a command like"
+	ewarn "  lsof / | egrep -i 'del.*libpam\\.so'"
+	ewarn ""
+	ewarn "Alternatively, simply reboot your system."
+	if [[ -x "${EROOT}"/var/log/tallylog ]] ; then
+		elog ""
+		elog "Because of a bug present up to version 1.1.1-r2, you have"
+		elog "an executable /var/log/tallylog file. You can safely"
+		elog "correct it by running the command"
+		elog "  chmod -x /var/log/tallylog"
+		elog ""
+	fi
+}
author	Robin H. Johnson <robbat2@gentoo.org>	2015-08-08 13:49:04 -0700
committer	Robin H. Johnson <robbat2@gentoo.org>	2015-08-08 17:38:18 -0700
commit	56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree	3f91093cdb475e565ae857f1c5a7fd339e2d781e /sys-libs/pam
download	gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip