Hello community, here is the log from the commit of package pam_yubico for openSUSE:Factory checked in at 2018-04-22 14:40:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam_yubico (Old) and /work/SRC/openSUSE:Factory/.pam_yubico.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam_yubico" Sun Apr 22 14:40:46 2018 rev:8 rq:599493 version:2.26 Changes: -------- --- /work/SRC/openSUSE:Factory/pam_yubico/pam_yubico.changes 2018-04-16 12:49:22.832257882 +0200 +++ /work/SRC/openSUSE:Factory/.pam_yubico.new/pam_yubico.changes 2018-04-22 14:40:47.926451120 +0200 @@ -1,0 +2,15 @@ +Fri Apr 20 11:58:00 UTC 2018 - [email protected] + +- Version 2.26 (released 2018-04-20) + - Make sure to close authfile (CVE-2018-9275 bsc#1088027). + - Fix compiler warnings. + - Open file descriptors with O_CLOEXEC. + - Use mkostemp() instead of mkstemp(). +- Dropped patches that are included upstream: + - cloexec.patch + - compiler-warnings-format-strings.patch + - compiler-warnings-pointer.patch + - leaking-file-descriptor.patch + - util_test-mkdtemp.patch + +------------------------------------------------------------------- Old: ---- cloexec.patch compiler-warnings-format-strings.patch compiler-warnings-pointer.patch leaking-file-descriptor.patch pam_yubico-2.25.tar.gz pam_yubico-2.25.tar.gz.sig util_test-mkdtemp.patch New: ---- pam_yubico-2.26.tar.gz pam_yubico-2.26.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_yubico.spec ++++++ --- /var/tmp/diff_new_pack.AbKv38/_old 2018-04-22 14:40:48.806419280 +0200 +++ /var/tmp/diff_new_pack.AbKv38/_new 2018-04-22 14:40:48.810419135 +0200 @@ -17,7 +17,7 @@ Name: pam_yubico -Version: 2.25 +Version: 2.26 Release: 0 Summary: Yubico Pluggable Authentication Module (PAM) License: BSD-2-Clause @@ -26,11 +26,6 @@ Source: https://developers.yubico.com/yubico-pam/Releases/pam_yubico-%{version}.tar.gz Source1: https://developers.yubico.com/yubico-pam/Releases/pam_yubico-%{version}.tar.gz.sig Source2: baselib.conf -Patch0: leaking-file-descriptor.patch -Patch1: util_test-mkdtemp.patch -Patch2: compiler-warnings-format-strings.patch -Patch3: compiler-warnings-pointer.patch -Patch4: cloexec.patch BuildRequires: libykclient-devel >= 2.15 BuildRequires: libyubikey-devel BuildRequires: openldap2-devel @@ -44,11 +39,6 @@ %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 %build %configure --bindir=%{_bindir} --with-pam-dir=/%{_lib}/security --disable-static --disable-silent-rules @@ -59,7 +49,8 @@ find %{buildroot} -type f -name "*.la" -delete -print %files -%doc README COPYING AUTHORS NEWS doc/* +%license COPYING* +%doc README AUTHORS NEWS doc/* %{_bindir}/ykpamcfg /%{_lib}/security/pam_yubico.so %{_mandir}/man1/ykpamcfg.1* ++++++ pam_yubico-2.25.tar.gz -> pam_yubico-2.26.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_yubico-2.25/ChangeLog new/pam_yubico-2.26/ChangeLog --- old/pam_yubico-2.25/ChangeLog 2018-03-27 12:41:18.000000000 +0200 +++ new/pam_yubico-2.26/ChangeLog 2018-04-20 13:03:44.000000000 +0200 @@ -1,3 +1,92 @@ +2018-04-20 Klas Lindfors <[email protected]> + + * NEWS: NEWS for 2.26 + +2018-04-18 Klas Lindfors <[email protected]> + + * README: Drop the blurb about rewriting of this project + +2018-04-13 Klas Lindfors <[email protected]> + + * : commit e5bd2ef8449799d06f6f8dad3e602cc047e3c1af Author: Karol + Babioch <[email protected]> Date: Wed Apr 11 13:37:17 2018 +0200 + +2018-04-05 Karol Babioch <[email protected]> + + * pam_yubico.c: Use mkotemp() instead of mkstemp() This uses mkostemp() instead of mkstemp(), passing along the + `O_CLOEXEC` flag, which makes sure that the file descriptor is + closed and won't be leaked into any child process, which was + previously an issue due to a missing fclose() (#136). + +2018-04-05 Karol Babioch <[email protected]> + + * pam_yubico.c, util.c, ykpamcfg.c: Add "e" flag to fopen() calls This adds the `e` flag to fopen() calls, making sure the `O_CLOEXEC` + flag is used. This makes sure that the file descriptor is being + closed and not leaked into child processes. This was an issues + previously due to a missing fclose() (#136). + +2018-04-05 Karol Babioch <[email protected]> + + * pam_yubico.c, util.c: Open file descriptors with O_CLOEXEC This opens any file descriptors with the O_CLOEXEC flag, which will + make sure that file descriptors won't be leaked into any child + process. This was previously an issue due to a forgotten fclose() + (#136). + +2018-04-10 Klas Lindfors <[email protected]> + + * : commit c845c63aecb31f10859ac177f2848c74abcaef73 Merge: 6fe39d6 + 1aacb11 Author: Klas Lindfors <[email protected]> Date: Tue Apr 10 + 10:29:51 2018 +0200 + +2018-04-09 Karol Babioch <[email protected]> + + * tests/pam_test.c: tests: Fix compiler warnings due to wrong + pointer casts This fixes a couple of compiler warnings due to wrong pointer casts + in regards to the pamh structure, which is a bit of a hackery way to + access the test data. + +2018-04-09 Karol Babioch <[email protected]> + + * pam_yubico.c, util.c: Fix several format string specifiers This fixes several specifiers to better represent the data type, + which fixes multiple compiler warnings. + +2018-04-09 Klas Lindfors <[email protected]> + + * : commit d63c2f2890f65ccbc3ee7b213f7a0ea60a632708 Merge: 0f6ceab + 8c740c1 Author: Klas Lindfors <[email protected]> Date: Mon Apr 9 + 09:08:34 2018 +0200 + +2018-04-06 Karol Babioch <[email protected]> + + * tests/util_test.c: util_test: Use mkdtemp() instead of tempnam() The latter function is considered insecure and deprecated on some + platforms. This will create the directory with 0700 implicitely, + where it was 0755 beforehand. Since this is a more secure default + and the test suite runs fine, we don't bother to chmod the + directory. + +2018-04-06 Karol Babioch <[email protected]> + + * .travis.yml: Require sudo in .travis.yml Since the install script currently requires sudo, we should state so + explicetely in the .travis.yml file to make sure we get a + sudo-enabled environment and not a container-based one, as there is + no sudo available in the latter one. The default was changed in + August 2017, so when forking this repository, the Travis CI won't + work out-of-the box without this modification. This is described in + some details here [1]. [1]: https://docs.travis-ci.com/user/reference/overview/ + +2018-04-03 Klas Lindfors <[email protected]> + + * util.c: util: make sure to close the authfile before returning + success fixes #136 + +2018-03-27 Klas Lindfors <[email protected]> + + * mac.mk: bump ykpers version for mac build + +2018-03-27 Klas Lindfors <[email protected]> + + * NEWS, configure.ac: bump version to 2.26 + 2018-03-27 Klas Lindfors <[email protected]> * NEWS: NEWS for 2.25 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_yubico-2.25/NEWS new/pam_yubico-2.26/NEWS --- old/pam_yubico-2.25/NEWS 2018-03-27 12:37:14.000000000 +0200 +++ new/pam_yubico-2.26/NEWS 2018-04-20 12:56:53.000000000 +0200 @@ -1,5 +1,15 @@ pam_yubico NEWS -- History of user-visible changes. -*- outline -*- +* Version 2.26 (released 2018-04-20) + +** Make sure to close authfile (CVE-2018-9275). + +** Fix compiler warnings. + +** Open file descriptors with O_CLOEXEC. + +** Use mkostemp() instead of mkstemp(). + * Version 2.25 (released 2018-03-27) ** Documentation updates. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_yubico-2.25/README new/pam_yubico-2.26/README --- old/pam_yubico-2.25/README 2017-12-15 08:08:55.000000000 +0100 +++ new/pam_yubico-2.26/README 2018-04-18 09:05:20.000000000 +0200 @@ -5,8 +5,6 @@ GNU/Linux, Solaris and Mac OS X for user authentication, and by other specialized applications such as NCSA MyProxy. -IMPORTANT: This project is being rewritten and will only receive security updates. - Status and Roadmap ------------------ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_yubico-2.25/configure new/pam_yubico-2.26/configure --- old/pam_yubico-2.25/configure 2017-08-30 08:31:49.000000000 +0200 +++ new/pam_yubico-2.26/configure 2018-04-10 10:29:32.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for pam_yubico 2.25. +# Generated by GNU Autoconf 2.69 for pam_yubico 2.26. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='pam_yubico' PACKAGE_TARNAME='pam_yubico' -PACKAGE_VERSION='2.25' -PACKAGE_STRING='pam_yubico 2.25' +PACKAGE_VERSION='2.26' +PACKAGE_STRING='pam_yubico 2.26' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1357,7 +1357,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pam_yubico 2.25 to adapt to many kinds of systems. +\`configure' configures pam_yubico 2.26 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1428,7 +1428,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of pam_yubico 2.25:";; + short | recursive ) echo "Configuration of pam_yubico 2.26:";; esac cat <<\_ACEOF @@ -1553,7 +1553,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -pam_yubico configure 2.25 +pam_yubico configure 2.26 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1918,7 +1918,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pam_yubico $as_me 2.25, which was +It was created by pam_yubico $as_me 2.26, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2782,7 +2782,7 @@ # Define the identity of the package. PACKAGE='pam_yubico' - VERSION='2.25' + VERSION='2.26' cat >>confdefs.h <<_ACEOF @@ -14750,7 +14750,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by pam_yubico $as_me 2.25, which was +This file was extended by pam_yubico $as_me 2.26, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14807,7 +14807,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -pam_yubico config.status 2.25 +pam_yubico config.status 2.26 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_yubico-2.25/configure.ac new/pam_yubico-2.26/configure.ac --- old/pam_yubico-2.25/configure.ac 2017-08-30 08:24:30.000000000 +0200 +++ new/pam_yubico-2.26/configure.ac 2018-04-09 09:10:15.000000000 +0200 @@ -26,7 +26,7 @@ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -AC_INIT([pam_yubico], [2.25]) +AC_INIT([pam_yubico], [2.26]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE([1.11 foreign -Wall -Werror]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_yubico-2.25/pam_yubico.8 new/pam_yubico-2.26/pam_yubico.8 --- old/pam_yubico-2.25/pam_yubico.8 2018-03-27 12:41:18.000000000 +0200 +++ new/pam_yubico-2.26/pam_yubico.8 2018-04-10 10:29:39.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: pam_yubico .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: Version 2.25 +.\" Date: Version 2.26 .\" Manual: Yubico PAM Module Manual .\" Source: yubico-pam .\" Language: English .\" -.TH "PAM_YUBICO" "8" "Version 2\&.25" "yubico\-pam" "Yubico PAM Module Manual" +.TH "PAM_YUBICO" "8" "Version 2\&.26" "yubico\-pam" "Yubico PAM Module Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_yubico-2.25/pam_yubico.c new/pam_yubico-2.26/pam_yubico.c --- old/pam_yubico-2.25/pam_yubico.c 2018-03-20 14:09:06.000000000 +0100 +++ new/pam_yubico-2.26/pam_yubico.c 2018-04-13 15:03:11.000000000 +0200 @@ -362,7 +362,7 @@ /* Compare each value for the attribute against the token id. */ for (i = 0; vals[i] != NULL; i++) { - DBG("LDAP : Checking value %i: %s:%s", + DBG("LDAP : Checking value %zu: %s:%s", i + 1, cfg->yubi_attr_prefix ? cfg->yubi_attr_prefix : "", vals[i]->bv_val); @@ -535,7 +535,7 @@ } } - fd = open(userfile, O_RDONLY, 0); + fd = open(userfile, O_RDONLY | O_CLOEXEC, 0); if (fd < 0) { DBG ("Cannot open file: %s (%s)", userfile, strerror(errno)); goto restpriv_out; @@ -654,7 +654,7 @@ strcpy(tmpfile, userfile); strcat(tmpfile, TMPFILE_SUFFIX); - fd = mkstemp(tmpfile); + fd = mkostemp(tmpfile, O_CLOEXEC); if (fd < 0) { DBG ("Cannot open file: %s (%s)", tmpfile, strerror(errno)); goto restpriv_out; @@ -745,7 +745,7 @@ for (i = 0; i < argc; i++) { if (strncmp (argv[i], "id=", 3) == 0) - sscanf (argv[i], "id=%d", &cfg->client_id); + sscanf (argv[i], "id=%u", &cfg->client_id); if (strncmp (argv[i], "key=", 4) == 0) cfg->client_key = argv[i] + 4; if (strcmp (argv[i], "debug") == 0) @@ -814,15 +814,20 @@ else { struct stat st; + int fd; FILE *file; if(lstat(filename, &st) == 0) { if(S_ISREG(st.st_mode)) { - file = fopen(filename, "a"); - if(file) + fd = open(filename, O_WRONLY | O_CREAT | O_APPEND | O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP); + if (fd >= 0) { - cfg->debug_file = file; + file = fdopen(fd, "a"); + if (file) + { + cfg->debug_file = file; + } } } } @@ -859,7 +864,7 @@ DBG ("capath=%s", cfg->capath ? cfg->capath : "(null)"); DBG ("cainfo=%s", cfg->cainfo ? cfg->cainfo : "(null)"); DBG ("proxy=%s", cfg->proxy ? cfg->proxy : "(null)"); - DBG ("token_id_length=%d", cfg->token_id_length); + DBG ("token_id_length=%u", cfg->token_id_length); DBG ("mode=%s", cfg->mode == CLIENT ? "client" : "chresp" ); DBG ("chalresp_path=%s", cfg->chalresp_path ? cfg->chalresp_path : "(null)"); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_yubico-2.25/tests/pam_test.c new/pam_yubico-2.26/tests/pam_test.c --- old/pam_yubico-2.25/tests/pam_test.c 2017-08-30 08:24:30.000000000 +0200 +++ new/pam_yubico-2.26/tests/pam_test.c 2018-04-10 13:55:36.000000000 +0200 @@ -28,6 +28,7 @@ */ #include <stdio.h> +#include <stdint.h> #include <stdlib.h> #include <string.h> @@ -146,13 +147,13 @@ }; int pam_get_item(const pam_handle_t *pamh, int item_type, const void **item) { - fprintf(stderr, "in pam_get_item() %d for %d\n", item_type, (int)pamh); + fprintf(stderr, "in pam_get_item() %d for %d\n", item_type, (int)(uintptr_t)pamh); if(item_type == PAM_CONV) { pam_conversation.appdata_ptr = (void*)pamh; *item = &pam_conversation; } - if(item_type == PAM_AUTHTOK && pamh >= 8) { - *item = (void*)_data[(int)pamh].otp; + if(item_type == PAM_AUTHTOK && pamh >= (pam_handle_t*)8) { + *item = (void*)_data[(int)(uintptr_t)pamh].otp; } return PAM_SUCCESS; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_yubico-2.25/tests/util_test.c new/pam_yubico-2.26/tests/util_test.c --- old/pam_yubico-2.25/tests/util_test.c 2017-08-30 08:24:30.000000000 +0200 +++ new/pam_yubico-2.26/tests/util_test.c 2018-04-09 09:10:19.000000000 +0200 @@ -180,12 +180,10 @@ unlink(buf); /* create temporary directory */ - tmpdir_path = tempnam(NULL, "pamtest"); + char template[] = "/tmp/pamtest.XXXXXX"; + tmpdir_path = mkdtemp(template); assert(tmpdir_path != NULL); - ret = mkdir(tmpdir_path, 0755); - assert(ret == 0); - /* set user data */ user.pw_name = "tester"; user.pw_dir = tmpdir_path; @@ -242,7 +240,6 @@ /* remove temporary directory */ ret = rmdir(tmpdir_path); assert(ret == 0); - free(tmpdir_path); free(buf); /* check test results */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_yubico-2.25/util.c new/pam_yubico-2.26/util.c --- old/pam_yubico-2.25/util.c 2017-08-30 08:24:30.000000000 +0200 +++ new/pam_yubico-2.26/util.c 2018-04-13 15:03:11.000000000 +0200 @@ -109,7 +109,7 @@ struct stat st; FILE *opwfile; - fd = open(authfile, O_RDONLY, 0); + fd = open(authfile, O_RDONLY | O_CLOEXEC, 0); if (fd < 0) { if(verbose) D (debug_file, "Cannot open file: %s (%s)", authfile, strerror(errno)); @@ -167,6 +167,8 @@ { if(verbose) D (debug_file, "Match user/token as %s/%s", username, otp_id); + + fclose(opwfile); return AUTH_FOUND; } } @@ -185,8 +187,14 @@ { FILE *u; int res; + int fd; + + fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC); + if (fd < 0) { + return -1; + } - u = fopen("/dev/urandom", "r"); + u = fdopen(fd, "r"); if (!u) { return -1; } @@ -417,7 +425,7 @@ * 40 is twice the size of CR_RESPONSE_SIZE * (twice because we hex encode the challenge and response) */ - r = fscanf(f, "v2:%126[0-9a-z]:%40[0-9a-z]:%64[0-9a-z]:%d:%d", challenge_hex, response_hex, salt_hex, &iterations, &slot); + r = fscanf(f, "v2:%126[0-9a-z]:%40[0-9a-z]:%64[0-9a-z]:%u:%d", challenge_hex, response_hex, salt_hex, &iterations, &slot); if(r == 5) { if (! yubikey_hex_p(salt_hex)) { D(debug_file, "Invalid salt hex input : %s", salt_hex); @@ -425,7 +433,7 @@ } if(verbose) { - D(debug_file, "Challenge: %s, hashed response: %s, salt: %s, iterations: %d, slot: %d", + D(debug_file, "Challenge: %s, hashed response: %s, salt: %s, iterations: %u, slot: %d", challenge_hex, response_hex, salt_hex, iterations, slot); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_yubico-2.25/ykpamcfg.c new/pam_yubico-2.26/ykpamcfg.c --- old/pam_yubico-2.25/ykpamcfg.c 2017-08-30 08:24:30.000000000 +0200 +++ new/pam_yubico-2.26/ykpamcfg.c 2018-04-13 15:03:11.000000000 +0200 @@ -38,6 +38,7 @@ #include <errno.h> #include <sys/stat.h> #include <sys/types.h> +#include <fcntl.h> #include <ykpers.h> @@ -143,6 +144,7 @@ unsigned int response_len; char *fn; struct passwd *p; + int fd; FILE *f = NULL; struct stat st; @@ -237,11 +239,16 @@ umask(077); - f = fopen (fn, "w"); - if (! f) { + fd = open (fn, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR); + if (fd < 0) { fprintf (stderr, "Failed opening '%s' for writing : %s\n", fn, strerror (errno)); goto out; } + f = fdopen (fd, "w"); + if (! f) { + fprintf (stderr, "fdopen: %s\n", strerror (errno)); + goto out; + } if (! write_chalresp_state (f, &state)) goto out;
