[DSE-Dev] Bug#1063329: libselinux1t64: breaks system in upgrade from unstable

[Michael Tokarev]

07.02.2024 11:06, Helmut Grohne :
..
> pam seems difficult:
> | extern time_t pam_misc_conv_warn_time; /* time that we should warn user */
> | extern time_t pam_misc_conv_die_time;         /* cut-off time for input */

Attached is a sketch to make pam compatible.

I had a more complete and *tested* fix 2 days ago but I forgot
it was in /tmp and I rebooted the machine, so had to do it again
yesterday.

The idea is to have both die_time and die_time64, and keep them
in sync (using minimum between two values which is !=0).

This is a sketch using a #define, though better is to use symbol
versioning here and have time32 compat stuff for old programs
and 64bit time stuff for new, using redirection at the link time,
instead of the #defines which makes whole thing rather difficult
to read, - that's extra several lines of code, also to the .map
file.

What the whole thing needs is the criteria to use to enable the
trick.  Right now I used #ifdef NEED_TIME64_COMPAT which should
be defined somehow, - since I don't know the precise list of
architectures where this has to be done.  This is an externally-
controlled thing, there's no way to determine this directly from
the .c code (short of using architecture list in the .h file),
so it must be some symbol substituted at the package build time,
like Provides: t64:Compat (or whatever it is) is substituted in
d/control.

This is a less-intrusve-to-original-code version of the sketch,
ie, I tried to keep all changes outside of the original code as
possible, keeping all the original logic as it is.

/mjt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libpam_misc-t64-compat.diff
Type: text/x-patch
Size: 2972 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/selinux-devel/attachments/20240208/4419549b/attachment.bin>