Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2011-10-25 16:47:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam", Maintainer is "m...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/pam/pam.changes 2011-09-23 12:21:33.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2011-10-25 16:47:31.000000000 +0200 @@ -1,0 +2,7 @@ +Tue Oct 25 14:24:27 CEST 2011 - m...@suse.de + +- pam_tally2: remove invalid options from manpage (bnc#726071) +- fix possible overflow and DOS in pam_env (bnc#724480) + CVE-2011-3148, CVE-2011-3149 + +------------------------------------------------------------------- New: ---- bug-724480_pam_env-fix-dos.patch bug-724480_pam_env-fix-overflow.patch pam_tally2-man.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam.spec ++++++ --- /var/tmp/diff_new_pack.OwaaM8/_old 2011-10-25 16:47:36.000000000 +0200 +++ /var/tmp/diff_new_pack.OwaaM8/_new 2011-10-25 16:47:36.000000000 +0200 @@ -52,6 +52,9 @@ Source8: etc.environment Source9: baselibs.conf Patch0: pam_tally-deprecated.diff +Patch1: bug-724480_pam_env-fix-overflow.patch +Patch2: bug-724480_pam_env-fix-dos.patch +Patch3: pam_tally2-man.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -101,6 +104,9 @@ %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p0 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 %build CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \ ++++++ bug-724480_pam_env-fix-dos.patch ++++++ Description: abort when encountering an overflowed environment variable expansion (CVE-2011-3149). Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565 Author: Kees Cook <k...@debian.org> Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c =================================================================== --- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c +++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c @@ -570,6 +570,7 @@ static int _expand_arg(pam_handle_t *pam D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); pam_syslog (pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr); + return PAM_ABORT; } continue; } @@ -631,6 +632,7 @@ static int _expand_arg(pam_handle_t *pam D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); pam_syslog (pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr); + return PAM_ABORT; } } } /* if ('{' != *orig++) */ @@ -642,6 +644,7 @@ static int _expand_arg(pam_handle_t *pam D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); pam_syslog(pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr); + return PAM_ABORT; } } } /* for (;*orig;) */ ++++++ bug-724480_pam_env-fix-overflow.patch ++++++ Description: correctly count leading whitespace when parsing environment file (CVE-2011-3148). Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469 Author: Kees Cook <k...@debian.org> Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c =================================================================== --- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c +++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c @@ -290,6 +290,7 @@ static int _assemble_line(FILE *f, char char *p = buffer; char *s, *os; int used = 0; + int whitespace; /* loop broken with a 'break' when a non-'\\n' ended line is read */ @@ -312,8 +313,10 @@ static int _assemble_line(FILE *f, char /* skip leading spaces --- line may be blank */ - s = p + strspn(p, " \n\t"); + whitespace = strspn(p, " \n\t"); + s = p + whitespace; if (*s && (*s != '#')) { + used += whitespace; os = s; /* ++++++ pam_tally2-man.dif ++++++ Index: Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8 =================================================================== --- Linux-PAM-1.1.4.orig/modules/pam_tally2/pam_tally2.8 +++ Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8 @@ -269,13 +269,6 @@ If the module is invoked by a user with \fBsu\fR, otherwise this argument should be omitted\&. .RE .PP -\fBno_lock_time\fR -.RS 4 -Do not use the \&.fail_locktime field in -\FC/var/log/faillog\F[] -for this user\&. -.RE -.PP \fBeven_deny_root\fR .RS 4 Root account can become unavailable\&. Index: Linux-PAM-1.1.4/modules/pam_tally2/README =================================================================== --- Linux-PAM-1.1.4.orig/modules/pam_tally2/README +++ Linux-PAM-1.1.4/modules/pam_tally2/README @@ -76,10 +76,6 @@ AUTH OPTIONS incremented. The sysadmin should use this for user launched services, like su, otherwise this argument should be omitted. - no_lock_time - - Do not use the .fail_locktime field in /var/log/faillog for this user. - even_deny_root Root account can become unavailable. Index: Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8.xml =================================================================== --- Linux-PAM-1.1.4.orig/modules/pam_tally2/pam_tally2.8.xml +++ Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8.xml @@ -238,17 +238,6 @@ </varlistentry> <varlistentry> <term> - <option>no_lock_time</option> - </term> - <listitem> - <para> - Do not use the .fail_locktime field in - <filename>/var/log/faillog</filename> for this user. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> <option>even_deny_root</option> </term> <listitem> -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org