Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2015-01-30 06:02:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam" Changes: -------- --- /work/SRC/openSUSE:Factory/pam/pam.changes 2014-12-29 00:29:43.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2015-01-30 06:02:46.000000000 +0100 @@ -1,0 +2,19 @@ +Fri Jan 9 15:37:28 CET 2015 - [email protected] + +- Re-add lost patch encryption_method_nis.diff [bnc#906660] + +------------------------------------------------------------------- +Fri Jan 9 14:53:50 CET 2015 - [email protected] + +- Update to current git: + - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff + - obsoletes pam_loginuid-log_write_errors.diff + - obsoletes pam_xauth-sigpipe.diff + - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Fri Jan 9 11:10:45 UTC 2015 - [email protected] + +- increase process limit to 1200 to help chromium users with many tabs + +------------------------------------------------------------------- Old: ---- Linux-PAM-git-20140127.diff bug-870433_pam_timestamp-fix-directory-traversal.patch pam_loginuid-log_write_errors.diff pam_xauth-sigpipe.diff New: ---- Linux-PAM-git-20150109.diff encryption_method_nis.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam.spec ++++++ --- /var/tmp/diff_new_pack.UUvIN9/_old 2015-01-30 06:02:47.000000000 +0100 +++ /var/tmp/diff_new_pack.UUvIN9/_new 2015-01-30 06:02:47.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -52,12 +52,14 @@ Source8: etc.environment Source9: baselibs.conf Patch0: fix-man-links.dif -Patch1: Linux-PAM-git-20140127.diff -Patch2: pam_loginuid-log_write_errors.diff -Patch3: pam_xauth-sigpipe.diff -Patch4: bug-870433_pam_timestamp-fix-directory-traversal.patch -Patch5: pam-limit-nproc.patch +Patch1: Linux-PAM-git-20150109.diff +Patch2: pam-limit-nproc.patch +Patch3: encryption_method_nis.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build +# Remove with next version update: +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool %description PAM (Pluggable Authentication Modules) is a system security tool that @@ -104,10 +106,9 @@ %patch1 -p2 %patch2 -p1 %patch3 -p1 -%patch4 -p1 -%patch5 -p1 %build +autoreconf -fiv export CFLAGS="%optflags -DNDEBUG" %configure \ --sbindir=/sbin \ ++++++ Linux-PAM-git-20140127.diff -> Linux-PAM-git-20150109.diff ++++++ ++++ 38145 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/pam/Linux-PAM-git-20140127.diff ++++ and /work/SRC/openSUSE:Factory/.pam.new/Linux-PAM-git-20150109.diff ++++++ encryption_method_nis.diff ++++++ diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 0cfc0f4..2239206 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -796,6 +796,29 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) * rebuild the password database file. */ + + /* if it is a NIS account, check for special hash algo */ + if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1)) { + /* preset encryption method with value from /etc/login.defs */ + int j; + char *val = _unix_search_key ("ENCRYPT_METHOD_NIS", LOGIN_DEFS); + if (val) { + for (j = 0; j < UNIX_CTRLS_; ++j) { + if (unix_args[j].token && unix_args[j].is_hash_algo + && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) { + break; + } + } + if (j >= UNIX_CTRLS_) { + pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD_NIS value [%s]", val); + } else { + ctrl &= unix_args[j].mask; /* for turning things off */ + ctrl |= unix_args[j].flag; /* for turning things on */ + } + free (val); + } + } + /* * First we encrypt the new password. */ diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 19d72e6..dafa9f0 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -37,8 +37,8 @@ #define SELINUX_ENABLED 0 #endif -static char * -search_key (const char *key, const char *filename) +char * +_unix_search_key (const char *key, const char *filename) { FILE *fp; char *buf = NULL; @@ -159,7 +159,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, } /* preset encryption method with value from /etc/login.defs */ - val = search_key ("ENCRYPT_METHOD", LOGIN_DEFS); + val = _unix_search_key ("ENCRYPT_METHOD", LOGIN_DEFS); if (val) { for (j = 0; j < UNIX_CTRLS_; ++j) { if (unix_args[j].token && unix_args[j].is_hash_algo @@ -177,7 +177,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, /* read number of rounds for crypt algo */ if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { - val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); + val=_unix_search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); if (val) { *rounds = strtol(val, NULL, 10); diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index 6f5b2eb..a35a8a8 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -174,4 +174,5 @@ extern int _unix_read_password(pam_handle_t * pamh extern int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user, int *daysleft); +extern char *_unix_search_key(const char *key, const char *filename); #endif /* _PAM_UNIX_SUPPORT_H */ ++++++ pam-limit-nproc.patch ++++++ --- /var/tmp/diff_new_pack.UUvIN9/_old 2015-01-30 06:02:48.000000000 +0100 +++ /var/tmp/diff_new_pack.UUvIN9/_new 2015-01-30 06:02:48.000000000 +0100 @@ -7,9 +7,9 @@ #@student - maxlogins 4 +# harden against fork-bombs -+* hard nproc 800 -+* soft nproc 700 -+root hard nproc 900 -+root soft nproc 850 ++* hard nproc 1700 ++* soft nproc 1200 ++root hard nproc 3000 ++root soft nproc 1850 + # End of file -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
