main/linux-pam: avoid deadlock with opendir and fork/exec

This adds a patch to conditionally disable calling opendir in
pam_modutil_sanitize. Some applications (Phosh) run PAM with fork/exec
and end up deadlocking on this.
The upstream patch that changed this behavior between PAM 1.3.1 and
1.4.0 is here:
https://github.com/linux-pam/linux-pam/commit/1b087edc7f05237bf5eccc405704cd82b848e761

2 files changed, 37 insertions, 1 deletions

diff --git a/main/linux-pam/0001-avoid-opendir-since-it-may-be-called-during-fork-exe.patch b/main/linux-pam/0001-avoid-opendir-since-it-may-be-called-during-fork-exe.patch
new file mode 100644
index 00000000000..d0de27b7e55
--- /dev/null
+++ b/main/linux-pam/0001-avoid-opendir-since-it-may-be-called-during-fork-exe.patch
@@ -0,0 +1,34 @@
+From fc3af2492a42eb042d6ae1ee816224f951a30c64 Mon Sep 17 00:00:00 2001
+From: Clayton Craft <clayton@craftyguy.net>
+Date: Sun, 6 Sep 2020 15:23:43 -0700
+Subject: [PATCH] avoid opendir since it may be called during fork exec
+
+Some applications (e.g. Phosh) call PAM from a thread for async
+unlocking, and opendir causes deadlocks.
+---
+ libpam/pam_modutil_sanitize.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libpam/pam_modutil_sanitize.c b/libpam/pam_modutil_sanitize.c
+index 58b9537..fb58a72 100644
+--- a/libpam/pam_modutil_sanitize.c
++++ b/libpam/pam_modutil_sanitize.c
+@@ -128,6 +128,7 @@ close_fds(void)
+ 	/* The lower limit is the same as for _POSIX_OPEN_MAX. */
+ 	const unsigned int MIN_FD_NO = 20;
+ 
++#if defined(__GLIBC__)
+ 	/* If /proc is mounted, we can optimize which fd can be closed. */
+ 	if ((dir = opendir("/proc/self/fd")) != NULL) {
+ 		if ((dfd = dirfd(dir)) >= 0 && is_in_procfs(dfd) > 0) {
+@@ -141,6 +142,7 @@ close_fds(void)
+ 		}
+ 		closedir(dir);
+ 	}
++#endif
+ 
+ 	/* If /proc isn't available, fallback to the previous behavior. */
+ 	if (dfd < 0) {
+-- 
+2.28.0
+
diff --git a/main/linux-pam/APKBUILD b/main/linux-pam/APKBUILD
index ed5f1d79985..28c7f21245a 100644
--- a/main/linux-pam/APKBUILD
+++ b/main/linux-pam/APKBUILD
@@ -3,7 +3,7 @@
 # Maintainer: Rasmus Thomsen <oss@cogitri.dev>
 pkgname=linux-pam
 pkgver=1.4.0
-pkgrel=0
+pkgrel=1
 pkgdesc="Linux PAM (Pluggable Authentication Modules for Linux)"
 url="https://www.kernel.org/pub/linux/libs/pam"
 arch="all"
@@ -16,6 +16,7 @@ source="
 	https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver.tar.xz
 	c9593778a6133bf29eb2f47c24cc6d2f5d729fc8.patch
 	0adbaeb273da1d45213134aa271e95987103281c.patch
+	0001-avoid-opendir-since-it-may-be-called-during-fork-exe.patch
 
 	base-auth.pamd
 	base-account.pamd
@@ -75,6 +76,7 @@ package() {
 sha512sums="26eda95c45598a500bc142da4d1abf93d03b3bbb0f2390fa87c72dcbffa208dbfa115c0b411095c31ee9955e36422ccf3e2df3bd486818fafffef8c4310798c4  Linux-PAM-1.4.0.tar.xz
 8a324d01d23e882a9aa5f35cb15c428d2056af24c289e7c831f68adcac9321385671a50db6702406b487dbfc71763ad8de4d41effb9da0b1133c9f2fdeba0251  c9593778a6133bf29eb2f47c24cc6d2f5d729fc8.patch
 1c6859bead65eefbdce4de8672f4532ac358b271ff73aed973d3d02e9410d1312f2bec0d98cc2e3cda789a59481737a7466d9cb71562a027e13a0c53623aaa52  0adbaeb273da1d45213134aa271e95987103281c.patch
+f5607691950082a72aeb6b74b5e2d7679641baeafc8f53e9173b2606489401f09f66e2e7bc9cc04088953be2a8a4baa4253e23e9c07cf9b3721079847ea34148  0001-avoid-opendir-since-it-may-be-called-during-fork-exe.patch
 ea6a10957ba9ec50d982bfabafb35060426ac797936f874097b4fa7620b89fd2ba3be9757401f9b787956fb23879d8ef73676f7703e75fcef3dca0b9559c4167  base-auth.pamd
 85462201a4044c7e170e617d39b0eceb4790abc6c0504999117548030a16d80a9d2078d1ad97690d7d346e6374201f0c52e792ccb08ce2b1c4bbf0cc2be96f5b  base-account.pamd
 da5d9a361abfc5b705e01a8da3a2e6de3ba394a0814307a65ec5b6c88ddae199d54b4d443204bf770f8daccb990777b68a5da716fb756932cf21f9046c839540  base-password.pamd