[arch-commits] Commit in pam/repos/testing-x86_64 (8 files)
Date: Wednesday, August 12, 2020 @ 19:37:58
Author: tpowa
Revision: 393564
archrelease: copy trunk to testing-x86_64
Added:
pam/repos/testing-x86_64/0e9b286afe1224b91ff00936058b084ad4b776e4.patch
(from rev 393563, pam/trunk/0e9b286afe1224b91ff00936058b084ad4b776e4.patch)
pam/repos/testing-x86_64/395915dae1571e10e2766c74de864655ea3a.patch
(from rev 393563, pam/trunk/395915dae1571e10e2766c74de864655ea3a.patch)
pam/repos/testing-x86_64/PKGBUILD
(from rev 393563, pam/trunk/PKGBUILD)
pam/repos/testing-x86_64/af0faf666c5008e54dfe43684f210e3581ff1bca.patch
(from rev 393563, pam/trunk/af0faf666c5008e54dfe43684f210e3581ff1bca.patch)
pam/repos/testing-x86_64/other
(from rev 393563, pam/trunk/other)
pam/repos/testing-x86_64/pam.tmpfiles
(from rev 393563, pam/trunk/pam.tmpfiles)
Deleted:
pam/repos/testing-x86_64/PKGBUILD
pam/repos/testing-x86_64/other
+
0e9b286afe1224b91ff00936058b084ad4b776e4.patch | 31 +++
395915dae1571e10e2766c74de864655ea3a.patch | 47 ++
PKGBUILD | 99 +--
af0faf666c5008e54dfe43684f210e3581ff1bca.patch | 85 +++
other | 10 +-
pam.tmpfiles |1
6 files changed, 227 insertions(+), 46 deletions(-)
Copied: pam/repos/testing-x86_64/0e9b286afe1224b91ff00936058b084ad4b776e4.patch
(from rev 393563, pam/trunk/0e9b286afe1224b91ff00936058b084ad4b776e4.patch)
===
--- 0e9b286afe1224b91ff00936058b084ad4b776e4.patch
(rev 0)
+++ 0e9b286afe1224b91ff00936058b084ad4b776e4.patch 2020-08-12 19:37:58 UTC
(rev 393564)
@@ -0,0 +1,31 @@
+From 0e9b286afe1224b91ff00936058b084ad4b776e4 Mon Sep 17 00:00:00 2001
+From: ikerexxe
+Date: Tue, 16 Jun 2020 14:44:04 +0200
+Subject: [PATCH] pam_usertype: avoid determining if user exists
+
+Taking a look at the time for the password prompt to appear it was
+possible to determine if a user existed in a system. Solved it by
+matching the runtime until the password prompt was shown by always
+checking the password hash for an existing and a non-existing user.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1629598
+---
+ modules/pam_usertype/pam_usertype.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/modules/pam_usertype/pam_usertype.c
b/modules/pam_usertype/pam_usertype.c
+index 2807c306..d03b73b5 100644
+--- a/modules/pam_usertype/pam_usertype.c
b/modules/pam_usertype/pam_usertype.c
+@@ -139,8 +139,11 @@ pam_usertype_get_uid(struct pam_usertype_opts *opts,
+"error retrieving information about user %s",
username);
+ }
+
++pam_modutil_getpwnam(pamh, "root");
++
+ return PAM_USER_UNKNOWN;
+ }
++pam_modutil_getpwnam(pamh, "pam_usertype_non_existent:");
+
+ *_uid = pwd->pw_uid;
+
Copied: pam/repos/testing-x86_64/395915dae1571e10e2766c74de864655ea3a.patch
(from rev 393563, pam/trunk/395915dae1571e10e2766c74de864655ea3a.patch)
===
--- 395915dae1571e10e2766c74de864655ea3a.patch
(rev 0)
+++ 395915dae1571e10e2766c74de864655ea3a.patch 2020-08-12 19:37:58 UTC
(rev 393564)
@@ -0,0 +1,47 @@
+From 395915dae1571e10e2766c74de864655ea3a Mon Sep 17 00:00:00 2001
+From: ikerexxe
+Date: Mon, 15 Jun 2020 09:52:11 +0200
+Subject: [PATCH] pam_faillock: change /run/faillock/$USER permissions to 0660
+
+Nowadays, /run/faillock/$USER files have user:root ownership and 0600
+permissions. This forces the process that writes to these files to have
+CAP_DAC_OVERRIDE capabilites. Just by changing the permissions to 0660
+the capability can be removed, which leads to a more secure system.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1661822
+---
+ modules/pam_faillock/faillock.c | 14 +-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/modules/pam_faillock/faillock.c b/modules/pam_faillock/faillock.c
+index e492f5f9..4ea94cbe 100644
+--- a/modules/pam_faillock/faillock.c
b/modules/pam_faillock/faillock.c
+@@ -76,7 +76,7 @@ open_tally (const char *dir, const char *user, uid_t uid,
int create)
+ flags |= O_CREAT;
+ }
+
+- fd = open(path, flags, 0600);
++ fd = open(path, flags, 0660);
+
+ free(path);
+
+@@ -88,6 +88,18 @@ open_tally (const char *dir, const char *user, uid_t uid,
int create)
+ if (st.st_uid != uid) {
+ ignore_return(fchown(fd, uid, -1));
+ }
++
++ /*
++ * If umask is set to 022, as will probably in most
systems, then the
++ * group will not be able to write to the file. So,
change the
[arch-commits] Commit in pam/repos/testing-x86_64 (PKGBUILD PKGBUILD other other)
Date: Tuesday, July 21, 2020 @ 13:17:18
Author: tpowa
Revision: 392330
archrelease: copy trunk to testing-x86_64
Added:
pam/repos/testing-x86_64/PKGBUILD
(from rev 392329, pam/trunk/PKGBUILD)
pam/repos/testing-x86_64/other
(from rev 392329, pam/trunk/other)
Deleted:
pam/repos/testing-x86_64/PKGBUILD
pam/repos/testing-x86_64/other
--+
PKGBUILD | 82 ++---
other| 10 +++
2 files changed, 46 insertions(+), 46 deletions(-)
Deleted: PKGBUILD
===
--- PKGBUILD2020-07-21 13:17:09 UTC (rev 392329)
+++ PKGBUILD2020-07-21 13:17:18 UTC (rev 392330)
@@ -1,41 +0,0 @@
-# Maintainer: Tobias Powalowski
-# Contributor: judd
-
-pkgname=pam
-pkgver=1.4.0
-pkgrel=1
-pkgdesc="PAM (Pluggable Authentication Modules) library"
-arch=('x86_64')
-license=('GPL2')
-url="http://linux-pam.org;
-depends=('glibc' 'cracklib' 'libtirpc' 'pambase')
-makedepends=('flex' 'w3m' 'docbook-xml>=4.4' 'docbook-xsl')
-backup=(etc/security/{access.conf,group.conf,limits.conf,namespace.conf,namespace.init,pam_env.conf,time.conf}
etc/default/passwd etc/environment)
-source=(https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver.tar.xz
-
https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver.tar.xz.asc)
-validpgpkeys=(
-'296D6F29A020808E8717A8842DB5BD89A340AEB7' #Dimitry V. Levin
-)
-
-sha256sums=('cd6d928c51e64139be3bdb38692c68183a509b83d4f2c221024ccd4bcddfd034'
-'SKIP')
-
-options=('!emptydirs')
-
-build() {
- cd Linux-PAM-$pkgver
- ./configure --libdir=/usr/lib --sbindir=/usr/bin --disable-db
- make
-}
-
-package() {
- cd Linux-PAM-$pkgver
- make DESTDIR="$pkgdir" SCONFIGDIR=/etc/security install
-
- # set unix_chkpwd uid
- chmod +s "$pkgdir"/usr/bin/unix_chkpwd
-
- # remove doc which is not used anymore
- # FS #40749
- rm "$pkgdir"/usr/share/doc/Linux-PAM/sag-pam_userdb.html
-}
Copied: pam/repos/testing-x86_64/PKGBUILD (from rev 392329, pam/trunk/PKGBUILD)
===
--- PKGBUILD(rev 0)
+++ PKGBUILD2020-07-21 13:17:18 UTC (rev 392330)
@@ -0,0 +1,41 @@
+# Maintainer: Tobias Powalowski
+# Contributor: judd
+
+pkgname=pam
+pkgver=1.4.0
+pkgrel=2
+pkgdesc="PAM (Pluggable Authentication Modules) library"
+arch=('x86_64')
+license=('GPL2')
+url="http://linux-pam.org;
+depends=('glibc' 'cracklib' 'libtirpc' 'pambase' 'audit')
+makedepends=('flex' 'w3m' 'docbook-xml>=4.4' 'docbook-xsl')
+backup=(etc/security/{access.conf,group.conf,limits.conf,namespace.conf,namespace.init,pam_env.conf,time.conf}
etc/environment)
+source=(https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver.tar.xz
+
https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver.tar.xz.asc)
+validpgpkeys=(
+'296D6F29A020808E8717A8842DB5BD89A340AEB7' #Dimitry V. Levin
+)
+
+sha256sums=('cd6d928c51e64139be3bdb38692c68183a509b83d4f2c221024ccd4bcddfd034'
+'SKIP')
+
+options=('!emptydirs')
+
+build() {
+ cd Linux-PAM-$pkgver
+ ./configure --libdir=/usr/lib --sbindir=/usr/bin --disable-db
+ make
+}
+
+package() {
+ cd Linux-PAM-$pkgver
+ make DESTDIR="$pkgdir" SCONFIGDIR=/etc/security install
+
+ # set unix_chkpwd uid
+ chmod +s "$pkgdir"/usr/bin/unix_chkpwd
+
+ # remove doc which is not used anymore
+ # FS #40749
+ rm "$pkgdir"/usr/share/doc/Linux-PAM/sag-pam_userdb.html
+}
Deleted: other
===
--- other 2020-07-21 13:17:09 UTC (rev 392329)
+++ other 2020-07-21 13:17:18 UTC (rev 392330)
@@ -1,5 +0,0 @@
-#%PAM-1.0
-auth requiredpam_unix.so
-accountrequiredpam_unix.so
-password requiredpam_unix.so
-sessionrequiredpam_unix.so
Copied: pam/repos/testing-x86_64/other (from rev 392329, pam/trunk/other)
===
--- other (rev 0)
+++ other 2020-07-21 13:17:18 UTC (rev 392330)
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth requiredpam_unix.so
+accountrequiredpam_unix.so
+password requiredpam_unix.so
+sessionrequiredpam_unix.so
[arch-commits] Commit in pam/repos/testing-x86_64 (PKGBUILD PKGBUILD other other)
Date: Tuesday, July 21, 2020 @ 13:01:49
Author: tpowa
Revision: 392328
archrelease: copy trunk to testing-x86_64
Added:
pam/repos/testing-x86_64/PKGBUILD
(from rev 392327, pam/trunk/PKGBUILD)
pam/repos/testing-x86_64/other
(from rev 392327, pam/trunk/other)
Deleted:
pam/repos/testing-x86_64/PKGBUILD
pam/repos/testing-x86_64/other
--+
PKGBUILD | 82 ++---
other| 10 +++
2 files changed, 46 insertions(+), 46 deletions(-)
Deleted: PKGBUILD
===
--- PKGBUILD2020-07-21 13:00:34 UTC (rev 392327)
+++ PKGBUILD2020-07-21 13:01:49 UTC (rev 392328)
@@ -1,41 +0,0 @@
-# Maintainer: Tobias Powalowski
-# Contributor: judd
-
-pkgname=pam
-pkgver=1.4.0
-pkgrel=1
-pkgdesc="PAM (Pluggable Authentication Modules) library"
-arch=('x86_64')
-license=('GPL2')
-url="http://linux-pam.org;
-depends=('glibc' 'cracklib' 'libtirpc' 'pambase')
-makedepends=('flex' 'w3m' 'docbook-xml>=4.4' 'docbook-xsl')
-backup=(etc/security/{access.conf,group.conf,limits.conf,namespace.conf,namespace.init,pam_env.conf,time.conf}
etc/default/passwd etc/environment)
-source=(https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver.tar.xz
-
https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver.tar.xz.asc)
-validpgpkeys=(
-'296D6F29A020808E8717A8842DB5BD89A340AEB7' #Dimitry V. Levin
-)
-
-sha256sums=('cd6d928c51e64139be3bdb38692c68183a509b83d4f2c221024ccd4bcddfd034'
-'SKIP')
-
-options=('!emptydirs')
-
-build() {
- cd Linux-PAM-$pkgver
- ./configure --libdir=/usr/lib --sbindir=/usr/bin --disable-db
- make
-}
-
-package() {
- cd Linux-PAM-$pkgver
- make DESTDIR="$pkgdir" SCONFIGDIR=/etc/security install
-
- # set unix_chkpwd uid
- chmod +s "$pkgdir"/usr/bin/unix_chkpwd
-
- # remove doc which is not used anymore
- # FS #40749
- rm "$pkgdir"/usr/share/doc/Linux-PAM/sag-pam_userdb.html
-}
Copied: pam/repos/testing-x86_64/PKGBUILD (from rev 392327, pam/trunk/PKGBUILD)
===
--- PKGBUILD(rev 0)
+++ PKGBUILD2020-07-21 13:01:49 UTC (rev 392328)
@@ -0,0 +1,41 @@
+# Maintainer: Tobias Powalowski
+# Contributor: judd
+
+pkgname=pam
+pkgver=1.4.0
+pkgrel=1
+pkgdesc="PAM (Pluggable Authentication Modules) library"
+arch=('x86_64')
+license=('GPL2')
+url="http://linux-pam.org;
+depends=('glibc' 'cracklib' 'libtirpc' 'pambase')
+makedepends=('flex' 'w3m' 'docbook-xml>=4.4' 'docbook-xsl')
+backup=(etc/security/{access.conf,group.conf,limits.conf,namespace.conf,namespace.init,pam_env.conf,time.conf}
etc/default/passwd etc/environment)
+source=(https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver.tar.xz
+
https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver.tar.xz.asc)
+validpgpkeys=(
+'296D6F29A020808E8717A8842DB5BD89A340AEB7' #Dimitry V. Levin
+)
+
+sha256sums=('cd6d928c51e64139be3bdb38692c68183a509b83d4f2c221024ccd4bcddfd034'
+'SKIP')
+
+options=('!emptydirs')
+
+build() {
+ cd Linux-PAM-$pkgver
+ ./configure --libdir=/usr/lib --sbindir=/usr/bin --disable-db
+ make
+}
+
+package() {
+ cd Linux-PAM-$pkgver
+ make DESTDIR="$pkgdir" SCONFIGDIR=/etc/security install
+
+ # set unix_chkpwd uid
+ chmod +s "$pkgdir"/usr/bin/unix_chkpwd
+
+ # remove doc which is not used anymore
+ # FS #40749
+ rm "$pkgdir"/usr/share/doc/Linux-PAM/sag-pam_userdb.html
+}
Deleted: other
===
--- other 2020-07-21 13:00:34 UTC (rev 392327)
+++ other 2020-07-21 13:01:49 UTC (rev 392328)
@@ -1,5 +0,0 @@
-#%PAM-1.0
-auth requiredpam_unix.so
-accountrequiredpam_unix.so
-password requiredpam_unix.so
-sessionrequiredpam_unix.so
Copied: pam/repos/testing-x86_64/other (from rev 392327, pam/trunk/other)
===
--- other (rev 0)
+++ other 2020-07-21 13:01:49 UTC (rev 392328)
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth requiredpam_unix.so
+accountrequiredpam_unix.so
+password requiredpam_unix.so
+sessionrequiredpam_unix.so
[arch-commits] Commit in pam/repos (testing-x86_64)
Date: Sunday, August 7, 2011 @ 06:13:28 Author: tpowa Revision: 134650 archrelease: copy trunk to testing-x86_64 Added: pam/repos/testing-x86_64/
[arch-commits] Commit in pam/repos (testing-x86_64)
Date: Monday, January 3, 2011 @ 17:59:20 Author: tpowa Revision: 104546 archrelease: copy trunk to testing-x86_64 Added: pam/repos/testing-x86_64/
[arch-commits] Commit in pam/repos (testing-x86_64)
Date: Thursday, December 31, 2009 @ 05:59:48 Author: tpowa Revision: 62063 archrelease: new repo testing-x86_64 Added: pam/repos/testing-x86_64/
[arch-commits] Commit in pam/repos (testing-x86_64)
Date: Thursday, December 31, 2009 @ 06:00:05 Author: tpowa Revision: 62064 Initialized merge tracking via svnmerge with revisions 1-62062 from svn+ssh://gerolde.archlinux.org/srv/svn-packages/pam/trunk Modified: pam/repos/testing-x86_64/ (properties) Property changes on: pam/repos/testing-x86_64 ___ Added: svnmerge-integrated + /pam/trunk:1-62062
[arch-commits] Commit in pam/repos (testing-x86_64)
Date: Tuesday, November 3, 2009 @ 04:20:24 Author: tpowa Revision: 58004 archrelease: new repo testing-x86_64 Added: pam/repos/testing-x86_64/
[arch-commits] Commit in pam/repos (testing-x86_64)
Date: Tuesday, November 3, 2009 @ 04:20:56 Author: tpowa Revision: 58005 Initialized merge tracking via svnmerge with revisions 1-58003 from svn+ssh://gerolde.archlinux.org/srv/svn-packages/pam/trunk Modified: pam/repos/testing-x86_64/ (properties) Property changes on: pam/repos/testing-x86_64 ___ Added: svnmerge-integrated + /pam/trunk:1-58003
