commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2020-10-19 09:48:15
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new.3486 (New)
Package is "pam"
Mon Oct 19 09:48:15 2020 rev:104 rq: version:1.4.0
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2020-10-15 13:43:38.629135263
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new.3486/pam.changes2020-10-19
09:48:18.633286682 +0200
@@ -2,28 +1,0 @@
-Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers
-
-- /usr/bin/xauth chokes on the old user's $HOME being on an NFS
- file system. Run /usr/bin/xauth using the old user's uid/gid
- Patch courtesy of Dr. Werner Fink.
- [bsc#1174593, pam-xauth_ownership.patch]
-
-Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec
-
-- pam-login_defs-check.sh: Fix the regexp to get a real variable
- list (boo#1164274).
-
-Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers
-
-- Revert the previous change [SR#815713].
- The group is not necessary for PAM functionality but used only
- during testing. The test system should therefore create this group.
- [bsc#1171016, pam.spec]
-
-Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers
-
-- Add requirement for group "wheel" to spec file.
- [bsc#1171016, pam.spec]
-
Old:
pam-xauth_ownership.patch
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.EG4YhX/_old 2020-10-19 09:48:19.301286994 +0200
+++ /var/tmp/diff_new_pack.EG4YhX/_new 2020-10-19 09:48:19.305286995 +0200
@@ -47,7 +47,6 @@
Source12: pam-login_defs-check.sh
Patch2: pam-limit-nproc.patch
Patch4: pam-hostnames-in-access_conf.patch
-Patch5: pam-xauth_ownership.patch
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: cracklib-devel
@@ -140,7 +139,6 @@
cp -a %{SOURCE12} .
%patch2 -p1
%patch4 -p1
-%patch5 -p1
%build
bash ./pam-login_defs-check.sh
++ pam-login_defs-check.sh ++
--- /var/tmp/diff_new_pack.EG4YhX/_old 2020-10-19 09:48:19.453287064 +0200
+++ /var/tmp/diff_new_pack.EG4YhX/_new 2020-10-19 09:48:19.453287064 +0200
@@ -9,10 +9,10 @@
echo -n "Checking login.defs variables in pam... " >&2
grep -rh LOGIN_DEFS . |
- sed -n 's/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS,
*"\([A-Z0-9_]*\)").*$/\1/p' |
+ sed -n 's/^.*search_key *("\([A-Z0-9_]*\)", *LOGIN_DEFS).*$/\1/p' |
LC_ALL=C sort -u >pam-login_defs-vars.lst
-if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') !=
3c6e0020c31609690b69ef391654df930b74151d ; then
+if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') !=
da39a3ee5e6b4b0d3255bfef95601890afd80709 ; then
echo "does not match!" >&2
echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')"
>&2
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2020-10-15 13:43:32
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new.3486 (New)
Package is "pam"
Thu Oct 15 13:43:32 2020 rev:103 rq:840210 version:1.4.0
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2020-06-14 18:13:16.662434314
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new.3486/pam.changes2020-10-15
13:43:38.629135263 +0200
@@ -1,0 +2,28 @@
+Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers
+
+- /usr/bin/xauth chokes on the old user's $HOME being on an NFS
+ file system. Run /usr/bin/xauth using the old user's uid/gid
+ Patch courtesy of Dr. Werner Fink.
+ [bsc#1174593, pam-xauth_ownership.patch]
+
+---
+Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec
+
+- pam-login_defs-check.sh: Fix the regexp to get a real variable
+ list (boo#1164274).
+
+---
+Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers
+
+- Revert the previous change [SR#815713].
+ The group is not necessary for PAM functionality but used only
+ during testing. The test system should therefore create this group.
+ [bsc#1171016, pam.spec]
+
+---
+Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers
+
+- Add requirement for group "wheel" to spec file.
+ [bsc#1171016, pam.spec]
+
+---
New:
pam-xauth_ownership.patch
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.KhsNqt/_old 2020-10-15 13:43:39.669135669 +0200
+++ /var/tmp/diff_new_pack.KhsNqt/_new 2020-10-15 13:43:39.673135670 +0200
@@ -47,6 +47,7 @@
Source12: pam-login_defs-check.sh
Patch2: pam-limit-nproc.patch
Patch4: pam-hostnames-in-access_conf.patch
+Patch5: pam-xauth_ownership.patch
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: cracklib-devel
@@ -139,6 +140,7 @@
cp -a %{SOURCE12} .
%patch2 -p1
%patch4 -p1
+%patch5 -p1
%build
bash ./pam-login_defs-check.sh
++ pam-login_defs-check.sh ++
--- /var/tmp/diff_new_pack.KhsNqt/_old 2020-10-15 13:43:39.817135727 +0200
+++ /var/tmp/diff_new_pack.KhsNqt/_new 2020-10-15 13:43:39.817135727 +0200
@@ -9,10 +9,10 @@
echo -n "Checking login.defs variables in pam... " >&2
grep -rh LOGIN_DEFS . |
- sed -n 's/^.*search_key *("\([A-Z0-9_]*\)", *LOGIN_DEFS).*$/\1/p' |
+ sed -n 's/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS,
*"\([A-Z0-9_]*\)").*$/\1/p' |
LC_ALL=C sort -u >pam-login_defs-vars.lst
-if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') !=
da39a3ee5e6b4b0d3255bfef95601890afd80709 ; then
+if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') !=
3c6e0020c31609690b69ef391654df930b74151d ; then
echo "does not match!" >&2
echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')"
>&2
++ pam-xauth_ownership.patch ++
Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
===
--- Linux-PAM-1.4.0.orig/modules/pam_xauth/pam_xauth.c
+++ Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
@@ -355,11 +355,13 @@ pam_sm_open_session (pam_handle_t *pamh,
char *cookiefile = NULL, *xauthority = NULL,
*cookie = NULL, *display = NULL, *tmp = NULL,
*xauthlocalhostname = NULL;
- const char *user, *xauth = NULL;
+ const char *user, *xauth = NULL, *login_name;
struct passwd *tpwd, *rpwd;
int fd, i, debug = 0;
int retval = PAM_SUCCESS;
- uid_t systemuser = 499, targetuser = 0;
+ uid_t systemuser = 499, targetuser = 0, uid;
+ gid_t gid;
+ struct stat st;
/* Parse arguments. We don't understand many, so no sense in breaking
* this into a separate function. */
@@ -429,7 +431,16 @@ pam_sm_open_session (pam_handle_t *pamh,
retval = PAM_SESSION_ERR;
goto cleanup;
}
- rpwd = pam_modutil_getpwuid(pamh, getuid());
+
+ login_name = pam_modutil_getlogin(pamh);
+ if (login_name == NULL) {
+ login_name = "";
+ }
+ if (*login_name)
+ rpwd = pam_modutil_getpwnam(pamh, login_name);
+ else
+ rpwd = pam_modutil_getpwuid(pamh, getuid());
+
if (rpwd == NULL) {
pam_syslog(pamh, LOG_ERR,
"error determining invoking user's name");
@@ -518,18 +529,26 @@ pam_sm_open_session (pam_handle_t *pamh,
commit pam for openSUSE:Factory
Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2020-06-14 18:13:10 Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new.3606 (New) Package is "pam" Sun Jun 14 18:13:10 2020 rev:102 rq:812631 version:1.4.0 Changes: --- /work/SRC/openSUSE:Factory/pam/pam.changes 2020-04-08 19:54:03.585008383 +0200 +++ /work/SRC/openSUSE:Factory/.pam.new.3606/pam.changes2020-06-14 18:13:16.662434314 +0200 @@ -1,0 +2,79 @@ +Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk + +- Update to final 1.4.0 release + - includes pam-check-user-home-dir.patch + - obsoletes fix-man-links.dif + +--- +Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk + +- common-password: remove pam_cracklib, as that is deprecated. + +--- +Thu May 28 12:36:33 UTC 2020 - Josef Möllers + +- pam_setquota.so: + When setting quota, don't apply any quota if the user's $HOME is + a mountpoint (ie the user has a partition of his/her own). + [bsc#1171721, pam-check-user-home-dir.patch] + +--- +Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - pam_tally* and pam_cracklib got deprecated +- Disable pam_faillock and pam_setquota until they are whitelisted + +--- +Tue May 12 11:44:19 UTC 2020 - Josef Möllers + +- Adapted patch pam-hostnames-in-access_conf.patch for new version + New version obsoleted patch use-correct-IP-address.patch + [pam-hostnames-in-access_conf.patch, + use-correct-IP-address.patch] + +--- +Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Obsoletes pam_namespace-systemd.diff + +--- +Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Add pam_faillock + - Multiple minor bug fixes and documentation improvements + - Fixed grammar of messages printed via pam_prompt + - Added support for a vendor directory and libeconf + - configure: Allowed disabling documentation through --disable-doc + - pam_get_authtok_verify: Avoid duplicate password verification + - pam_env: Changed the default to not read the user .pam_environment file + - pam_group, pam_time: Fixed logical error with multiple ! operators + - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session + - pam_lastlog: Do not log info about failed login if the session was opened + with PAM_SILENT flag + - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs + - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' + limit + - pam_motd: Export MOTD_SHOWN=pam after showing MOTD + - pam_motd: Support multiple motd paths specified, with filename overrides + - pam_namespace: Added a systemd service, which creates the namespaced + instance parent directories during boot + - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts + - pam_shells: Recognize /bin/sh as the default shell + - pam_succeed_if: Support lists in group membership checks + - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE + - pam_umask: Added new 'nousergroups' module argument and allowed specifying + the default for usergroups at build-time + - pam_unix: Added 'nullresetok' option to allow resetting blank passwords + - pam_unix: Report unusable hashes found by checksalt to syslog + - pam_unix: Support for (gost-)yescrypt hashing methods + - pam_unix: Use bcrypt b-variant when it bcrypt is chosen + - pam_usertype: New module to tell if uid is in login.defs ranges + - Added new API call pam_start_confdir() for special applications that +cannot use the system-default PAM configuration paths and need to +explicitly specify another path +- pam_namespace-systemd.diff: fix path of pam_namespace.services + +--- Old: Linux-PAM-1.3.1-docs.tar.xz fix-man-links.dif linux-pam-1.3.1+git20190923.ea78d67.tar.xz use-correct-IP-address.patch New: Linux-PAM-1.4.0-docs.tar.xz Linux-PAM-1.4.0.tar.xz Other differences: -- ++ pam.spec ++ --- /var/tmp/diff_new_pack.YMQap2/_old 2020-06-14 18:13:17.270436356 +0200 +++ /var/tmp/diff_new_pack.YMQap2/_new 2020-06-14 18:13:17.274436369 +0200 @@ -16,26 +16,25 @@ # -%if !
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2020-04-08 19:54:02
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new.3248 (New)
Package is "pam"
Wed Apr 8 19:54:02 2020 rev:101 rq:791095 version:1.3.1+git20190923.ea78d67
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2020-03-31 17:31:21.468229303
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new.3248/pam.changes2020-04-08
19:54:03.585008383 +0200
@@ -1,0 +2,5 @@
+Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel
+
+- own /usr/lib/motd.d/ so other packages can add files there
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.S2pxYW/_old 2020-04-08 19:54:04.873009324 +0200
+++ /var/tmp/diff_new_pack.S2pxYW/_new 2020-04-08 19:54:04.877009327 +0200
@@ -186,6 +186,7 @@
ln -sf ../../%{_lib}/libpamc.so.%{libpamc_so_version}
%{buildroot}%{_libdir}/libpamc.so
rm %{buildroot}/%{_lib}/libpam_misc.so
ln -sf ../../%{_lib}/libpam_misc.so.%{libpam_misc_so_version}
%{buildroot}%{_libdir}/libpam_misc.so
+mkdir -p %{buildroot}%{_prefix}/lib/motd.d
#
# Remove crap
#
@@ -244,6 +245,7 @@
%dir %{_distconfdir}/pam.d
%dir %{_sysconfdir}/security
%dir %{_sysconfdir}/security/limits.d
+%dir %{_prefix}/lib/motd.d
%if %{defined config_noreplace}
%config(noreplace) %{_sysconfdir}/pam.d/other
%config(noreplace) %{_sysconfdir}/pam.d/common-*
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2020-03-31 17:31:17
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new.3160 (New)
Package is "pam"
Tue Mar 31 17:31:17 2020 rev:100 rq:788480 version:1.3.1+git20190923.ea78d67
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2020-03-18 12:22:25.220085241
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new.3160/pam.changes2020-03-31
17:31:21.468229303 +0200
@@ -1,0 +2,16 @@
+Tue Mar 24 07:09:55 UTC 2020 - Josef Möllers
+
+- Listed all manual pages seperately as pam_userdb.8 has been moved
+ to pam-extra.
+ Also %exclude %{_defaultdocdir}/pam as the docs are in a separate
+ package.
+ [pam.spec]
+
+---
+Mon Mar 16 13:26:27 UTC 2020 - Josef Möllers
+
+- pam_userdb moved to a new package pam-extra as pam-modules
+ is obsolete and not part of SLE.
+ [bsc#1166510, pam.spec]
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.OV2Rac/_old 2020-03-31 17:31:22.132229691 +0200
+++ /var/tmp/diff_new_pack.OV2Rac/_new 2020-03-31 17:31:22.136229694 +0200
@@ -82,6 +82,21 @@
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
+%package extra
+Summary:PAM module to authenticate against a separate database
+Group: System/Libraries%description
+BuildRequires: libdb-4_8-devel
+BuildRequires: pam-devel
+
+%description extra
+PAM (Pluggable Authentication Modules) is a system security tool that
+allows system administrators to set authentication policies without
+having to recompile programs that do authentication.
+
+This package contains useful extra modules eg pam_userdb which is
+used to verify a username/password pair against values stored in
+a Berkeley DB database.
+
%package doc
Summary:Documentation for Pluggable Authentication Modules
Group: Documentation/HTML
@@ -224,11 +239,11 @@
done
%files -f Linux-PAM.lang
+%exclude %{_defaultdocdir}/pam
%dir %{_sysconfdir}/pam.d
%dir %{_distconfdir}/pam.d
%dir %{_sysconfdir}/security
%dir %{_sysconfdir}/security/limits.d
-%dir %{_defaultdocdir}/pam
%if %{defined config_noreplace}
%config(noreplace) %{_sysconfdir}/pam.d/other
%config(noreplace) %{_sysconfdir}/pam.d/common-*
@@ -255,7 +270,54 @@
%{_mandir}/man5/environment.5%{?ext_man}
%{_mandir}/man5/*.conf.5%{?ext_man}
%{_mandir}/man5/pam.d.5%{?ext_man}
-%{_mandir}/man8/*
+%{_mandir}/man8/mkhomedir_helper.8.gz
+%{_mandir}/man8/pam.8.gz
+%{_mandir}/man8/PAM.8.gz
+%{_mandir}/man8/pam_access.8.gz
+%{_mandir}/man8/pam_cracklib.8.gz
+%{_mandir}/man8/pam_debug.8.gz
+%{_mandir}/man8/pam_deny.8.gz
+%{_mandir}/man8/pam_echo.8.gz
+%{_mandir}/man8/pam_env.8.gz
+%{_mandir}/man8/pam_exec.8.gz
+%{_mandir}/man8/pam_faildelay.8.gz
+%{_mandir}/man8/pam_filter.8.gz
+%{_mandir}/man8/pam_ftp.8.gz
+%{_mandir}/man8/pam_group.8.gz
+%{_mandir}/man8/pam_issue.8.gz
+%{_mandir}/man8/pam_keyinit.8.gz
+%{_mandir}/man8/pam_lastlog.8.gz
+%{_mandir}/man8/pam_limits.8.gz
+%{_mandir}/man8/pam_listfile.8.gz
+%{_mandir}/man8/pam_localuser.8.gz
+%{_mandir}/man8/pam_loginuid.8.gz
+%{_mandir}/man8/pam_mail.8.gz
+%{_mandir}/man8/pam_mkhomedir.8.gz
+%{_mandir}/man8/pam_motd.8.gz
+%{_mandir}/man8/pam_namespace.8.gz
+%{_mandir}/man8/pam_nologin.8.gz
+%{_mandir}/man8/pam_permit.8.gz
+%{_mandir}/man8/pam_pwhistory.8.gz
+%{_mandir}/man8/pam_rhosts.8.gz
+%{_mandir}/man8/pam_rootok.8.gz
+%{_mandir}/man8/pam_securetty.8.gz
+%{_mandir}/man8/pam_selinux.8.gz
+%{_mandir}/man8/pam_sepermit.8.gz
+%{_mandir}/man8/pam_shells.8.gz
+%{_mandir}/man8/pam_succeed_if.8.gz
+%{_mandir}/man8/pam_tally2.8.gz
+%{_mandir}/man8/pam_time.8.gz
+%{_mandir}/man8/pam_timestamp.8.gz
+%{_mandir}/man8/pam_timestamp_check.8.gz
+%{_mandir}/man8/pam_tty_audit.8.gz
+%{_mandir}/man8/pam_umask.8.gz
+%{_mandir}/man8/pam_unix.8.gz
+%{_mandir}/man8/pam_warn.8.gz
+%{_mandir}/man8/pam_wheel.8.gz
+%{_mandir}/man8/pam_xauth.8.gz
+%{_mandir}/man8/unix_chkpwd.8.gz
+%{_mandir}/man8/unix2_chkpwd.8.gz
+%{_mandir}/man8/unix_update.8.gz
/%{_lib}/libpam.so.0
/%{_lib}/libpam.so.%{libpam_so_version}
/%{_lib}/libpamc.so.0
@@ -320,6 +382,11 @@
%verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd
%attr(0700,root,root) /sbin/unix_update
+%files extra
+%defattr(-,root,root,755)
+%attr(755,root,root) /%{_lib}/security/pam_userdb.so
+%attr(644,root,root) %doc %{_mandir}/man8/pam_userdb.8.gz
+
%files doc
%defattr(644,root,root,755)
%dir %{_defaultdocdir}/pam
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2020-03-18 12:16:59
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new.3160 (New)
Package is "pam"
Wed Mar 18 12:16:59 2020 rev:99 rq:784597 version:1.3.1+git20190923.ea78d67
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2020-03-01 21:25:50.312291326
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new.3160/pam.changes2020-03-18
12:22:25.220085241 +0100
@@ -1,0 +2,9 @@
+Thu Mar 12 16:01:46 UTC 2020 - Josef Möllers
+
+- Removed pam_userdb from this package and moved to pam-modules.
+ This removed the requirement for libdb.
+ Also made "xz" required for all releases.
+ Remove limits for nproc from /etc/security/limits.conf
+ [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec]
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.2qk51c/_old 2020-03-18 12:22:33.452090407 +0100
+++ /var/tmp/diff_new_pack.2qk51c/_new 2020-03-18 12:22:33.452090407 +0100
@@ -57,16 +57,14 @@
BuildRequires: bison
BuildRequires: cracklib-devel
BuildRequires: flex
-BuildRequires: libdb-4_8-devel
BuildRequires: libtool
# All login.defs variables require support from shadow side.
# Upgrade this symbol version only if new variables appear!
# Verify by shadow-login_defs-check.sh from shadow source package.
Recommends: login_defs-support-for-pam >= 1.3.1
Requires(post): permissions
-%if 0%{?suse_version} > 1320
-BuildRequires: libdb-4_8-devel
BuildRequires: xz
+%if 0%{?suse_version} > 1320
BuildRequires: pkgconfig(libeconf)
BuildRequires: pkgconfig(libnsl)
BuildRequires: pkgconfig(libtirpc)
@@ -312,7 +310,6 @@
/%{_lib}/security/pam_unix_auth.so
/%{_lib}/security/pam_unix_passwd.so
/%{_lib}/security/pam_unix_session.so
-/%{_lib}/security/pam_userdb.so
/%{_lib}/security/pam_warn.so
/%{_lib}/security/pam_wheel.so
/%{_lib}/security/pam_xauth.so
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2020-03-01 21:25:49
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new.26092 (New)
Package is "pam"
Sun Mar 1 21:25:49 2020 rev:98 rq:779952 version:1.3.1+git20190923.ea78d67
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2019-10-04 11:19:00.853473284
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new.26092/pam.changes 2020-03-01
21:25:50.312291326 +0100
@@ -1,0 +2,5 @@
+Wed Feb 19 10:04:09 CET 2020 - ku...@suse.de
+
+- Recommend login.defs only (no hard requirement)
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.D3eQ4Q/_old 2020-03-01 21:25:52.172295103 +0100
+++ /var/tmp/diff_new_pack.D3eQ4Q/_new 2020-03-01 21:25:52.184295128 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pam
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -62,7 +62,7 @@
# All login.defs variables require support from shadow side.
# Upgrade this symbol version only if new variables appear!
# Verify by shadow-login_defs-check.sh from shadow source package.
-Requires: login_defs-support-for-pam >= 1.3.1
+Recommends: login_defs-support-for-pam >= 1.3.1
Requires(post): permissions
%if 0%{?suse_version} > 1320
BuildRequires: libdb-4_8-devel
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2019-10-04 11:18:59
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new.2352 (New)
Package is "pam"
Fri Oct 4 11:18:59 2019 rev:97 rq:733124 version:1.3.1+git20190923.ea78d67
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2019-09-07 11:24:04.642506175
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new.2352/pam.changes2019-10-04
11:19:00.853473284 +0200
@@ -1,0 +2,31 @@
+Tue Sep 24 11:15:19 UTC 2019 - ku...@suse.com
+
+- Update to version 1.3.1+git20190923.ea78d67:
+ * Fixed missing quotes in configure script
+ * Add support for a vendor directory and libeconf (#136)
+ * pam_lastlog: document the 'unlimited' option
+ * pam_lastlog: prevent crash due to reduced 'fsize' limit
+ * pam_unix_sess.c add uid for opening session
+ * Fix the man page for "pam_fail_delay()"
+ * Fix a typo
+ * Update a function comment
+- drop usr-etc-support.patch (accepted upstream)
+
+---
+Thu Sep 5 10:09:05 CEST 2019 - ku...@suse.de
+
+- Add migration support from /etc to /usr/etc during upgrade
+
+---
+Wed Sep 04 19:06:01 UTC 2019 - ku...@suse.com
+
+- Update to version 1.3.1+git20190902.9de67ee:
+ * pwhistory: fix read of uninitialized data and memory leak when modifying
opasswd
+
+---
+Tue Aug 27 18:41:10 UTC 2019 - ku...@suse.com
+
+- Update to version 1.3.1+git20190826.1b087ed:
+ * libpam/pam_modutil_sanitize.c: optimize the way to close fds
+
+---
Old:
linux-pam-1.3.1+git20190807.e31dd6c.tar.xz
linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz
usr-etc-support.patch
New:
linux-pam-1.3.1+git20190923.ea78d67.tar.xz
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.ap579R/_old 2019-10-04 11:19:02.945467998 +0200
+++ /var/tmp/diff_new_pack.ap579R/_new 2019-10-04 11:19:02.949467988 +0200
@@ -16,6 +16,11 @@
#
+%if ! %{defined _distconfdir}
+ %define _distconfdir %{_sysconfdir}
+ %define config_noreplace 1
+%endif
+
#
%define enable_selinux 1
%define libpam_so_version 0.84.2
@@ -23,7 +28,7 @@
%define libpamc_so_version 0.82.1
Name: pam
#
-Version:1.3.1+git20190807.e31dd6c
+Version:1.3.1+git20190923.ea78d67
Release:0
Summary:A Security Tool that Provides Authentication for Applications
License:GPL-2.0-or-later OR BSD-3-Clause
@@ -31,7 +36,6 @@
URL:http://www.linux-pam.org/
Source: linux-pam-%{version}.tar.xz
Source1:Linux-PAM-1.3.1-docs.tar.xz
-Source2:linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz
Source3:other.pamd
Source4:common-auth.pamd
Source5:common-account.pamd
@@ -46,7 +50,6 @@
Patch2: pam-limit-nproc.patch
Patch4: pam-hostnames-in-access_conf.patch
Patch5: use-correct-IP-address.patch
-Patch6: usr-etc-support.patch
BuildRequires: audit-devel
# Remove with next version update:
BuildRequires: autoconf
@@ -64,6 +67,7 @@
%if 0%{?suse_version} > 1320
BuildRequires: libdb-4_8-devel
BuildRequires: xz
+BuildRequires: pkgconfig(libeconf)
BuildRequires: pkgconfig(libnsl)
BuildRequires: pkgconfig(libtirpc)
%endif
@@ -109,14 +113,13 @@
building both PAM-aware applications and modules for use with PAM.
%prep
-%setup -q -n linux-pam-%{version} -b 1 -a 2
+%setup -q -n linux-pam-%{version} -b 1
cp -av ../Linux-PAM-1.3.1/* .
cp -a %{SOURCE12} .
%patch0 -p1
%patch2 -p1
%patch4
%patch5 -p1
-%patch6
%build
bash ./pam-login_defs-check.sh
@@ -130,7 +133,8 @@
--pdfdir=%{_docdir}/pam/pdf \
--libdir=/%{_lib} \
--enable-isadir=../../%{_lib}/security \
---enable-securedir=/%{_lib}/security
+--enable-securedir=/%{_lib}/security \
+ --enable-vendordir=%{_distconfdir}
make %{?_smp_mflags}
gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
%{optflags} -I%{_builddir}/linux-pam-%{version}/libpam/include %{SOURCE10} -o
%{_builddir}/unix2_chkpwd -L%{_builddir}/linux-pam-%{version}/libpam/.libs/
-lpam
@@ -139,7 +143,7 @@
%install
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
-mkdir -p %{buildroot}%{_prefix}%{_sysconfdir}/pam.d
+mkdir -p %{buildroot}%{_distconfdir}/pam.d
mkdir -p %{buildroot}%{_includedir}/security
mkdir -p %{buildroot}/%{_lib}/security
mkdir -p %{buildroot}/sbin
@@ -149,20 +153,20 @@
# Install documentation
%make_install -C doc
# install securetty
-install -m
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2019-09-07 11:24:03
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new.7948 (New)
Package is "pam"
Sat Sep 7 11:24:03 2019 rev:96 rq:725565 version:1.3.1+git20190807.e31dd6c
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2019-05-12 11:31:19.545505816
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new.7948/pam.changes2019-09-07
11:24:04.642506175 +0200
@@ -1,0 +2,61 @@
+Thu Aug 22 20:29:24 UTC 2019 - Jan Engelhardt
+
+- Replace old $RPM_* shell vars by macros.
+- Avoid unnecessary invocation of subshells.
+- Shorten recipe for constructing securetty contents on s390.
+
+---
+Mon Aug 19 14:45:43 CEST 2019 - ku...@suse.de
+
+- usr-etc-support.patch: Add support for /usr/etc/pam.d
+
+---
+Mon Aug 19 13:33:49 CEST 2019 - ku...@suse.de
+
+- encryption_method_nis.diff: obsolete, NIS clients shouldn't
+ require DES anymore.
+- etc.environment: removed, the sources contain the same
+
+---
+Mon Aug 19 11:28:31 UTC 2019 - ku...@suse.com
+
+- Update to version 1.3.1+git20190807.e31dd6c:
+ * pam_tty_audit: Manual page clarification about password logging
+ * pam_get_authtok_verify: Avoid duplicate password verification
+ * Mention that ./autogen.sh is needeed to be run if you check out the
sources from git
+ * pam_unix: Correct MAXPASS define name in the previous two commits.
+ * Restrict password length when changing password
+ * Trim password at PAM_MAX_RESP_SIZE chars
+ * pam_succeed_if: Request user data only when needed
+ * pam_tally2: Remove unnecessary fsync()
+ * Fixed a grammer mistake
+ * Fix documentation for pam_wheel
+ * Fix a typo in the documentation
+ * pam_lastlog: Improve silent option documentation
+ * pam_lastlog: Respect PAM_SILENT flag
+ * Fix regressions from the last commits.
+ * Replace strndupa with strncpy
+ * build: ignore pam_lastlog when logwtmp is not available.
+ * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available.
+ * pam_motd: Cleanup the code and avoid unnecessary logging
+ * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in
login.defs.
+ * Move the duplicated search_key function to pam_modutil.
+ * pam_unix: Use pam_syslog instead of helper_log_err.
+ * pam_unix: Report unusable hashes found by checksalt to syslog.
+ * Revert "pam_unix: Add crypt_default method, if supported."
+ * pam_unix: Add crypt_default method, if supported.
+ * Revert part of the commit 4da9febc
+ * pam_unix: Add support for (gost-)yescrypt hashing methods.
+ * pam_unix: Fix closing curly brace. (#77)
+ * pam_unix: Add support for crypt_checksalt, if libcrypt supports it.
+ * pam_unix: Prefer a gensalt function, that supports auto entropy.
+ * pam_motd: Fix segmentation fault when no motd_dir specified (#76)
+ * pam_motd: Support multiple motd paths specified, with filename overrides
(#69)
+ * pam_unix: Use bcrypt b-variant for computing new hashes.
+ * pam_tally, pam_tally2: fix grammar and spelling (#54)
+ * Fix grammar of messages printed via pam_prompt
+ * pam_stress: do not mark messages for translation
+ * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and
_UNIX_NEW_AUTHTOK macros
+ * pam_unix: remove obsolete _unix_read_password prototype
+
+---
Old:
Linux-PAM-1.3.1.tar.xz
encryption_method_nis.diff
etc.environment
New:
_service
_servicedata
linux-pam-1.3.1+git20190807.e31dd6c.tar.xz
linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz
usr-etc-support.patch
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.8gTkOD/_old 2019-09-07 11:24:07.034505844 +0200
+++ /var/tmp/diff_new_pack.8gTkOD/_new 2019-09-07 11:24:07.074505838 +0200
@@ -18,75 +18,68 @@
#
%define enable_selinux 1
-
-Name: pam
-Url:http://www.linux-pam.org/
-BuildRequires: audit-devel
-BuildRequires: bison
-BuildRequires: cracklib-devel
-BuildRequires: flex
-%if 0%{?suse_version} > 1320
-BuildRequires: libdb-4_8-devel
-BuildRequires: xz
-BuildRequires: pkgconfig(libnsl)
-BuildRequires: pkgconfig(libtirpc)
-%endif
-%if %{enable_selinux}
-BuildRequires: libselinux-devel
-%endif
%define libpam_so_version 0.84.2
%define libpam_misc_so_version 0.82.1
%define libpamc_so_version 0.82.1
+Name: pam
#
-Version:1.3.1
+Version:1.3.1+git20190807.e31dd6c
Release:0
Summary:A Security
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2019-05-12 11:31:14
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new.5148 (New)
Package is "pam"
Sun May 12 11:31:14 2019 rev:95 rq:700960 version:1.3.1
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2018-12-03 10:02:42.544131686
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new.5148/pam.changes2019-05-12
11:31:19.545505816 +0200
@@ -1,0 +2,7 @@
+Thu May 2 23:55:30 CEST 2019 - sbra...@suse.com
+
+- Add virtual symbols for login.defs compatibility (bsc#1121197).
+- Add login.defs safety check pam-login_defs-check.sh
+ (bsc#1121197).
+
+---
New:
pam-login_defs-check.sh
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.tSUogA/_old 2019-05-12 11:31:20.277507959 +0200
+++ /var/tmp/diff_new_pack.tSUogA/_new 2019-05-12 11:31:20.277507959 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pam
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -48,6 +48,11 @@
Requires(pre): group(shadow)
Requires(pre): user(root)
%endif
+# All login.defs variables require support from shadow side.
+# Upgrade this symbol version only if new variables appear!
+# Verify by shadow-login_defs-check.sh from shadow source package.
+# Recent symbol includes variable from encryption_method_nis.diff.
+Requires: login_defs-support-for-pam >= 1.3.1
#DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/
Source: Linux-PAM-%{version}.tar.xz
@@ -62,6 +67,7 @@
Source9:baselibs.conf
Source10: unix2_chkpwd.c
Source11: unix2_chkpwd.8
+Source12: pam-login_defs-check.sh
Patch0: fix-man-links.dif
Patch2: pam-limit-nproc.patch
Patch3: encryption_method_nis.diff
@@ -115,6 +121,7 @@
%prep
%setup -q -n Linux-PAM-%{version} -b 1
+cp -a %{S:12} .
%patch0 -p1
%patch2 -p1
%patch3 -p0
@@ -122,6 +129,7 @@
%patch5 -p1
%build
+bash ./pam-login_defs-check.sh
autoreconf -fiv
export CFLAGS="%optflags -DNDEBUG"
%configure \
++ pam-login_defs-check.sh ++
#!/bin/bash
# Extract list of variables supported by su/runuser.
#
# If you edit this file, you will probably need to edit
# shadow-login_defs-check.sh from shadow sources in a similar way.
set -o errexit
echo -n "Checking login.defs variables in pam... " >&2
grep -rh LOGIN_DEFS . |
sed -n 's/^.*search_key *("\([A-Z0-9_]*\)", *LOGIN_DEFS).*$/\1/p' |
LC_ALL=C sort -u >pam-login_defs-vars.lst
if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') !=
3e1ae01b1e928c53c828f64ab412be6267eb1018 ; then
echo "does not match!" >&2
echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')"
>&2
cat >&2 <&2
fi
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2018-12-03 10:02:42
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new.19453 (New)
Package is "pam"
Mon Dec 3 10:02:42 2018 rev:94 rq:651302 version:1.3.1
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2018-11-05 22:47:03.592688065
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new.19453/pam.changes 2018-12-03
10:02:42.544131686 +0100
@@ -1,0 +2,10 @@
+Thu Nov 15 15:41:08 UTC 2018 - josef.moell...@suse.com
+
+- When comparing an incoming IP address with an entry in
+ access.conf that only specified a single host (ie no netmask),
+ the incoming IP address was used rather than the IP address from
+ access.conf, effectively comparing the incoming address with
+ itself. (Also fixed a small typo while I was at it)
+ {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953]
+
+---
New:
use-correct-IP-address.patch
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.w53hbT/_old 2018-12-03 10:02:43.468130845 +0100
+++ /var/tmp/diff_new_pack.w53hbT/_new 2018-12-03 10:02:43.468130845 +0100
@@ -66,6 +66,7 @@
Patch2: pam-limit-nproc.patch
Patch3: encryption_method_nis.diff
Patch4: pam-hostnames-in-access_conf.patch
+Patch5: use-correct-IP-address.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: libdb-4_8-devel
# Remove with next version update:
@@ -118,6 +119,7 @@
%patch2 -p1
%patch3 -p0
%patch4 -p0
+%patch5 -p1
%build
autoreconf -fiv
++ use-correct-IP-address.patch ++
Index: Linux-PAM-1.3.1/modules/pam_access/pam_access.c
===
--- Linux-PAM-1.3.1.orig/modules/pam_access/pam_access.c
+++ Linux-PAM-1.3.1/modules/pam_access/pam_access.c
@@ -716,7 +716,7 @@ network_netmask_match (pam_handle_t *pam
if (item->debug)
pam_syslog (pamh, LOG_DEBUG,
- "network_netmask_match: tok=%s, item=%s", tok, string);
+ "network_netmask_match: tok=%s, string=%s", tok, string);
/* OK, check if tok is of type addr/mask */
if ((netmask_ptr = strchr(tok, '/')) != NULL)
@@ -734,7 +734,7 @@ network_netmask_match (pam_handle_t *pam
/* check netmask */
if (isipaddr(netmask_ptr, NULL, NULL) == NO)
- { /* netmask as integre value */
+ { /* netmask as integer value */
char *endptr = NULL;
netmask = strtol(netmask_ptr, , 0);
if ((endptr == netmask_ptr) || (*endptr != '\0'))
@@ -778,9 +778,9 @@ network_netmask_match (pam_handle_t *pam
ai = NULL; /* just to be on the safe side */
- if (getaddrinfo (string, NULL, , ) != 0)
+ if (getaddrinfo (tok, NULL, , ) != 0)
{
- pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", string);
+ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok);
return NO;
}
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2018-11-05 22:46:56
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is "pam"
Mon Nov 5 22:46:56 2018 rev:93 rq:643706 version:1.3.1
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2018-09-03 10:32:25.288255207
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2018-11-05
22:47:03.592688065 +0100
@@ -1,0 +2,22 @@
+Mon Oct 22 07:42:19 UTC 2018 - josef.moell...@suse.com
+
+- Upgrade to 1.3.1
+ * pam_motd: add support for a motd.d directory
+ * pam_umask: Fix documentation to align with order of loading umask
+ * pam_get_user.3: Fix missing word in documentation
+ * pam_tally2 --reset: avoid creating a missing tallylog file
+ * pam_mkhomedir: Allow creating parent of homedir under /
+ * access.conf.5: Add note about spaces around ':'
+ * pam.8: Workaround formatting problem
+ * pam_unix: Check return value of malloc used for setcred data
+ * pam_cracklib: Drop unused prompt macros
+ * pam_tty_audit: Support matching users by uid range
+ * pam_access: support parsing files in /etc/security/access.d/*.conf
+ * pam_localuser: Correct documentation
+ * pam_issue: Fix no prompting in parse escape codes mode
+ * Unification and cleanup of syslog log levels
+ Also: removed nproc limit, referred to systemd instead.
+ Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more.
+ [bsc#1112508, pam-fix-config-order-in-manpage.patch]
+
+---
Old:
Linux-PAM-1.3.0-docs.tar.bz2
Linux-PAM-1.3.0.tar.bz2
pam-fix-config-order-in-manpage.patch
New:
Linux-PAM-1.3.1-docs.tar.xz
Linux-PAM-1.3.1.tar.xz
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.qC81AK/_old 2018-11-05 22:47:05.164686077 +0100
+++ /var/tmp/diff_new_pack.qC81AK/_new 2018-11-05 22:47:05.164686077 +0100
@@ -27,6 +27,7 @@
BuildRequires: flex
%if 0%{?suse_version} > 1320
BuildRequires: libdb-4_8-devel
+BuildRequires: xz
BuildRequires: pkgconfig(libnsl)
BuildRequires: pkgconfig(libtirpc)
%endif
@@ -37,7 +38,7 @@
%define libpam_misc_so_version 0.82.1
%define libpamc_so_version 0.82.1
#
-Version:1.3.0
+Version:1.3.1
Release:0
Summary:A Security Tool that Provides Authentication for Applications
License:GPL-2.0-or-later OR BSD-3-Clause
@@ -49,8 +50,8 @@
%endif
#DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/
-Source: Linux-PAM-%{version}.tar.bz2
-Source1:Linux-PAM-%{version}-docs.tar.bz2
+Source: Linux-PAM-%{version}.tar.xz
+Source1:Linux-PAM-%{version}-docs.tar.xz
Source2:securetty
Source3:other.pamd
Source4:common-auth.pamd
@@ -65,7 +66,6 @@
Patch2: pam-limit-nproc.patch
Patch3: encryption_method_nis.diff
Patch4: pam-hostnames-in-access_conf.patch
-Patch5: pam-fix-config-order-in-manpage.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: libdb-4_8-devel
# Remove with next version update:
@@ -118,7 +118,6 @@
%patch2 -p1
%patch3 -p0
%patch4 -p0
-%patch5 -p1
%build
autoreconf -fiv
++ pam-limit-nproc.patch ++
--- /var/tmp/diff_new_pack.qC81AK/_old 2018-11-05 22:47:05.288685920 +0100
+++ /var/tmp/diff_new_pack.qC81AK/_new 2018-11-05 22:47:05.292685915 +0100
@@ -1,15 +1,11 @@
-Index: Linux-PAM-1.3.0/modules/pam_limits/limits.conf
+Index: Linux-PAM-1.3.1/modules/pam_limits/limits.conf
===
Linux-PAM-1.3.0.orig/modules/pam_limits/limits.conf
-+++ Linux-PAM-1.3.0/modules/pam_limits/limits.conf
-@@ -47,4 +47,10 @@
+--- Linux-PAM-1.3.1.orig/modules/pam_limits/limits.conf
Linux-PAM-1.3.1/modules/pam_limits/limits.conf
+@@ -47,4 +47,6 @@
#ftp hardnproc 0
#@student- maxlogins 4
-+# harden against fork-bombs
-+* hardnproc 16384
-+* softnproc 4096
-+# roothardnproc 3000
-+# rootsoftnproc 1850
++# No limits for nproc, use systemd configuration instead
+
# End of file
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2018-09-03 10:32:24
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is "pam"
Mon Sep 3 10:32:24 2018 rev:92 rq:631392 version:1.3.0
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2018-07-18 22:37:01.522324904
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2018-09-03
10:32:25.288255207 +0200
@@ -1,0 +2,7 @@
+Fri Aug 24 09:35:18 UTC 2018 - psim...@suse.com
+
+- Add libdb as build-time dependency to enable pam_userdb module.
+ This module is useful for implementing virtual user support for
+ vsftpd and possibly other daemons, too. [bsc#929711, fate#322538]
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.bstISt/_old 2018-09-03 10:32:25.900256780 +0200
+++ /var/tmp/diff_new_pack.bstISt/_new 2018-09-03 10:32:25.904256789 +0200
@@ -26,6 +26,7 @@
BuildRequires: cracklib-devel
BuildRequires: flex
%if 0%{?suse_version} > 1320
+BuildRequires: libdb-4_8-devel
BuildRequires: pkgconfig(libnsl)
BuildRequires: pkgconfig(libtirpc)
%endif
@@ -66,6 +67,7 @@
Patch4: pam-hostnames-in-access_conf.patch
Patch5: pam-fix-config-order-in-manpage.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
+BuildRequires: libdb-4_8-devel
# Remove with next version update:
BuildRequires: autoconf
BuildRequires: automake
@@ -301,7 +303,7 @@
/%{_lib}/security/pam_unix_auth.so
/%{_lib}/security/pam_unix_passwd.so
/%{_lib}/security/pam_unix_session.so
-#/%{_lib}/security/pam_userdb.so
+/%{_lib}/security/pam_userdb.so
/%{_lib}/security/pam_warn.so
/%{_lib}/security/pam_wheel.so
/%{_lib}/security/pam_xauth.so
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2018-07-18 22:36:59
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is "pam"
Wed Jul 18 22:36:59 2018 rev:91 rq:622485 version:1.3.0
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2018-05-07 14:53:27.414454493
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2018-07-18
22:37:01.522324904 +0200
@@ -1,0 +2,6 @@
+Fri Jul 13 15:48:58 CEST 2018 - sbra...@suse.com
+
+- Install empty directory /etc/security/namespace.d for
+ pam_namespace.so iscript.
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.UZW8ZZ/_old 2018-07-18 22:37:04.690314408 +0200
+++ /var/tmp/diff_new_pack.UZW8ZZ/_new 2018-07-18 22:37:04.698314381 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pam
#
-# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -39,7 +39,7 @@
Version:1.3.0
Release:0
Summary:A Security Tool that Provides Authentication for Applications
-License:GPL-2.0+ or BSD-3-Clause
+License:GPL-2.0-or-later OR BSD-3-Clause
Group: System/Libraries
PreReq: permissions
%if 0%{?suse_version} >= 1330
@@ -164,6 +164,8 @@
echo "sclp_line0" >> $RPM_BUILD_ROOT/etc/securetty
echo "ttysclp0" >> $RPM_BUILD_ROOT/etc/securetty
%endif
+# install /etc/security/namespace.d used by pam_namespace.so for
namespace.conf iscript
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/security/namespace.d
# install other.pamd and common-*.pamd
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/common-auth
@@ -238,6 +240,7 @@
%config(noreplace) %{_sysconfdir}/security/time.conf
%config(noreplace) %{_sysconfdir}/security/namespace.conf
%config(noreplace) %{_sysconfdir}/security/namespace.init
+%dir %{_sysconfdir}/security/namespace.d
%doc NEWS
%license COPYING
%doc %{_mandir}/man5/environment.5*
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2018-05-07 14:53:24
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is "pam"
Mon May 7 14:53:24 2018 rev:90 rq:603563 version:1.3.0
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2018-03-12 12:03:37.620861479
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2018-05-07
14:53:27.414454493 +0200
@@ -1,0 +2,12 @@
+Thu May 3 07:08:50 UTC 2018 - josef.moell...@suse.com
+
+- pam_umask.8 needed to be patched as well.
+ [bsc#1089884, pam-fix-config-order-in-manpage.patch]
+
+---
+Wed May 2 12:32:40 UTC 2018 - josef.moell...@suse.com
+
+- Changed order of configuration files to reflect actual code.
+ [bsc#1089884, pam-fix-config-order-in-manpage.patch]
+
+---
New:
pam-fix-config-order-in-manpage.patch
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.qv4Rds/_old 2018-05-07 14:53:28.370424656 +0200
+++ /var/tmp/diff_new_pack.qv4Rds/_new 2018-05-07 14:53:28.374424531 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pam
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -64,6 +64,7 @@
Patch2: pam-limit-nproc.patch
Patch3: encryption_method_nis.diff
Patch4: pam-hostnames-in-access_conf.patch
+Patch5: pam-fix-config-order-in-manpage.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# Remove with next version update:
BuildRequires: autoconf
@@ -115,6 +116,7 @@
%patch2 -p1
%patch3 -p0
%patch4 -p0
+%patch5 -p1
%build
autoreconf -fiv
++ pam-fix-config-order-in-manpage.patch ++
Index: Linux-PAM-1.3.0/modules/pam_umask/pam_umask.8.xml
===
--- Linux-PAM-1.3.0.orig/modules/pam_umask/pam_umask.8.xml
+++ Linux-PAM-1.3.0/modules/pam_umask/pam_umask.8.xml
@@ -48,22 +48,22 @@
-umask= argument
+umask= entry in the user's GECOS field
-umask= entry in the user's GECOS field
+umask= argument
-UMASK= entry from /etc/default/login
+UMASK= entry from /etc/login.defs
-UMASK entry from /etc/login.defs
+UMASK= entry from /etc/default/login
Index: Linux-PAM-1.3.0/modules/pam_umask/pam_umask.8
===
--- Linux-PAM-1.3.0.orig/modules/pam_umask/pam_umask.8
+++ Linux-PAM-1.3.0/modules/pam_umask/pam_umask.8
@@ -46,7 +46,7 @@ The PAM module tries to get the umask va
.sp -1
.IP \(bu 2.3
.\}
-umask= argument
+umask= entry in the user\*(Aqs GECOS field
.RE
.sp
.RS 4
@@ -57,7 +57,7 @@ umask= argument
.sp -1
.IP \(bu 2.3
.\}
-umask= entry in the user\*(Aqs GECOS field
+umask= argument
.RE
.sp
.RS 4
@@ -68,7 +68,7 @@ umask= entry in the user\*(Aqs GECOS fie
.sp -1
.IP \(bu 2.3
.\}
-UMASK= entry from /etc/default/login
+UMASK= entry from /etc/login\&.defs
.RE
.sp
.RS 4
@@ -79,7 +79,7 @@ UMASK= entry from /etc/default/login
.sp -1
.IP \(bu 2.3
.\}
-UMASK entry from /etc/login\&.defs
+UMASK= entry from /etc/default/login
.RE
.PP
The GECOS field is split on comma \*(Aq,\*(Aq characters\&. The module also in
addition to the umask= entry recognizes pri= entry, which sets the nice
priority value for the session, and ulimit= entry, which sets the maximum size
of files the processes in the session can create\&.
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2018-03-12 12:03:36
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is "pam"
Mon Mar 12 12:03:36 2018 rev:89 rq:583385 version:1.3.0
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2017-11-15 16:48:22.884739353
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2018-03-12
12:03:37.620861479 +0100
@@ -1,0 +2,5 @@
+Thu Feb 22 15:10:42 UTC 2018 - fv...@suse.com
+
+- Use %license (boo#1082318)
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.rXu4oK/_old 2018-03-12 12:03:39.300801273 +0100
+++ /var/tmp/diff_new_pack.rXu4oK/_new 2018-03-12 12:03:39.316800699 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pam
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -199,10 +199,6 @@
rm -f $RPM_BUILD_ROOT/sbin/pam_tally
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_tally.8*
rm -f $RPM_BUILD_ROOT%{_defaultdocdir}/pam/modules/README.pam_tally
-#
-# Install misc docu
-#
-install -m 644 NEWS COPYING $DOC
# Install unix2_chkpwd
install -m 755 $RPM_BUILD_DIR/unix2_chkpwd $RPM_BUILD_ROOT/sbin/
install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/
@@ -240,8 +236,8 @@
%config(noreplace) %{_sysconfdir}/security/time.conf
%config(noreplace) %{_sysconfdir}/security/namespace.conf
%config(noreplace) %{_sysconfdir}/security/namespace.init
-%doc %{_defaultdocdir}/pam/NEWS
-%doc %{_defaultdocdir}/pam/COPYING
+%doc NEWS
+%license COPYING
%doc %{_mandir}/man5/environment.5*
%doc %{_mandir}/man5/*.conf.5*
%doc %{_mandir}/man5/pam.d.5*
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2017-11-15 16:48:22
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is "pam"
Wed Nov 15 16:48:22 2017 rev:88 rq:539328 version:1.3.0
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2017-03-08 00:44:34.320275725
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2017-11-15
16:48:22.884739353 +0100
@@ -1,0 +2,5 @@
+Thu Oct 12 08:55:29 UTC 2017 - sch...@suse.de
+
+- Prerequire group(shadow), user(root)
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.SomRpv/_old 2017-11-15 16:48:23.740707990 +0100
+++ /var/tmp/diff_new_pack.SomRpv/_new 2017-11-15 16:48:23.744707843 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pam
#
-# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -42,6 +42,10 @@
License:GPL-2.0+ or BSD-3-Clause
Group: System/Libraries
PreReq: permissions
+%if 0%{?suse_version} >= 1330
+Requires(pre): group(shadow)
+Requires(pre): user(root)
+%endif
#DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/
Source: Linux-PAM-%{version}.tar.bz2
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2017-03-08 00:44:33
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is "pam"
Wed Mar 8 00:44:33 2017 rev:87 rq:476831 version:1.3.0
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2016-12-22 15:43:52.673863337
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2017-03-08
00:44:34.320275725 +0100
@@ -1,0 +2,6 @@
+Fri Jan 27 10:35:29 UTC 2017 - josef.moell...@suse.com
+
+- Allow symbolic hostnames in access.conf file.
+ [pam-hostnames-in-access_conf.patch, boo#1019866]
+
+---
New:
pam-hostnames-in-access_conf.patch
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.2xhZWO/_old 2017-03-08 00:44:35.316134970 +0100
+++ /var/tmp/diff_new_pack.2xhZWO/_new 2017-03-08 00:44:35.316134970 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pam
#
-# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -59,6 +59,7 @@
Patch0: fix-man-links.dif
Patch2: pam-limit-nproc.patch
Patch3: encryption_method_nis.diff
+Patch4: pam-hostnames-in-access_conf.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# Remove with next version update:
BuildRequires: autoconf
@@ -109,6 +110,7 @@
%patch0 -p1
%patch2 -p1
%patch3 -p0
+%patch4 -p0
%build
autoreconf -fiv
++ pam-hostnames-in-access_conf.patch ++
Index: modules/pam_access/pam_access.c
===
--- modules/pam_access/pam_access.c.orig
+++ modules/pam_access/pam_access.c
@@ -692,10 +692,10 @@ string_match (pam_handle_t *pamh, const
return (NO);
}
-
/* network_netmask_match - match a string against one token
* where string is a hostname or ip (v4,v6) address and tok
- * represents either a single ip (v4,v6) address or a network/netmask
+ * represents either a hostname, a single ip (v4,v6) address
+ * or a network/netmask
*/
static int
network_netmask_match (pam_handle_t *pamh,
@@ -704,10 +704,14 @@ network_netmask_match (pam_handle_t *pam
char *netmask_ptr;
char netmask_string[MAXHOSTNAMELEN + 1];
int addr_type;
+struct addrinfo *ai;
+struct sockaddr_storage tok_addr;
+struct addrinfo hint;
if (item->debug)
-pam_syslog (pamh, LOG_DEBUG,
+ pam_syslog (pamh, LOG_DEBUG,
"network_netmask_match: tok=%s, item=%s", tok, string);
+
/* OK, check if tok is of type addr/mask */
if ((netmask_ptr = strchr(tok, '/')) != NULL)
{
@@ -717,7 +721,7 @@ network_netmask_match (pam_handle_t *pam
*netmask_ptr = 0;
netmask_ptr++;
- if (isipaddr(tok, _type, NULL) == NO)
+ if (isipaddr(tok, _type, _addr) == NO)
{ /* no netaddr */
return NO;
}
@@ -739,19 +743,47 @@ network_netmask_match (pam_handle_t *pam
netmask_ptr = number_to_netmask(netmask, addr_type,
netmask_string, MAXHOSTNAMELEN);
}
- }
+
+ /*
+* Although isipaddr() has already converted the IP address,
+* we call getaddrinfo here to properly construct an addrinfo list
+*/
+ memset (, '\0', sizeof (hint));
+ hint.ai_flags = 0;
+ hint.ai_family = AF_UNSPEC;
+
+ ai = NULL; /* just to be on the safe side */
+
+ /* The following should not fail ... */
+ if (getaddrinfo (tok, NULL, , ) != 0)
+ {
+ return NO;
+ }
+ }
else
- /* NO, then check if it is only an addr */
- if (isipaddr(tok, NULL, NULL) != YES)
+ {
+/*
+* It is either an IP address or a hostname.
+* Let getaddrinfo sort everything out
+*/
+ memset (, '\0', sizeof (hint));
+ hint.ai_flags = 0;
+ hint.ai_family = AF_UNSPEC;
+
+ ai = NULL; /* just to be on the safe side */
+
+ if (getaddrinfo (string, NULL, , ) != 0)
{
+ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", string);
+
return NO;
}
+ netmask_ptr = NULL;
+ }
if (isipaddr(string, NULL, NULL) != YES)
{
/* Assume network/netmask with a name of a host. */
- struct addrinfo hint;
-
memset (, '\0', sizeof (hint));
hint.ai_flags = AI_CANONNAME;
hint.ai_family = AF_UNSPEC;
@@ -764,27
commit pam for openSUSE:Factory
Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2016-09-05 21:11:42 Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new (New) Package is "pam" Changes: --- /work/SRC/openSUSE:Factory/pam/pam.changes 2016-08-16 13:00:37.0 +0200 +++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2016-09-05 21:11:45.0 +0200 @@ -1,0 +2,7 @@ +Sun Jul 31 11:08:19 UTC 2016 - devel...@develop7.info + +- pam-limit-nproc.patch: increased process limit to help + Chrome/Chromuim users with really lots of tabs. New limit gets + closer to UserTasksMax parameter in logind.conf + +--- Other differences: -- ++ pam-limit-nproc.patch ++ --- /var/tmp/diff_new_pack.TBzR5k/_old 2016-09-05 21:11:46.0 +0200 +++ /var/tmp/diff_new_pack.TBzR5k/_new 2016-09-05 21:11:46.0 +0200 @@ -7,8 +7,8 @@ #@student- maxlogins 4 +# harden against fork-bombs -+* hardnproc 1700 -+* softnproc 1200 ++* hardnproc 4000 ++* softnproc 3500 +roothardnproc 3000 +rootsoftnproc 1850 +
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2016-08-16 13:00:36
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is "pam"
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2016-05-14 12:23:09.0
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2016-08-16
13:00:37.0 +0200
@@ -1,0 +2,5 @@
+Thu Jul 28 14:29:09 CEST 2016 - ku...@suse.de
+
+- Add doc directory to filelist.
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.1LmgU3/_old 2016-08-16 13:00:39.0 +0200
+++ /var/tmp/diff_new_pack.1LmgU3/_new 2016-08-16 13:00:39.0 +0200
@@ -219,6 +219,7 @@
%dir %{_sysconfdir}/pam.d
%dir %{_sysconfdir}/security
%dir %{_sysconfdir}/security/limits.d
+%dir %{_defaultdocdir}/pam
%config(noreplace) %{_sysconfdir}/pam.d/other
%config(noreplace) %{_sysconfdir}/pam.d/common-*
%config(noreplace) %{_sysconfdir}/securetty
@@ -306,6 +307,7 @@
%files doc
%defattr(644,root,root,755)
+%dir %{_defaultdocdir}/pam
%doc %{_defaultdocdir}/pam/html
%doc %{_defaultdocdir}/pam/modules
%doc %{_defaultdocdir}/pam/pdf
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2016-05-14 12:23:08
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is "pam"
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2015-08-21 07:35:16.0
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2016-05-14
12:23:09.0 +0200
@@ -1,0 +2,52 @@
+Mon May 2 10:44:38 CEST 2016 - ku...@suse.de
+
+- Remove obsolete README.pam_tally [bsc#977973]
+
+---
+Thu Apr 28 13:51:59 CEST 2016 - ku...@suse.de
+
+- Update Linux-PAM to version 1.3.0
+- Rediff encryption_method_nis.diff
+- Link pam_unix against libtirpc and external libnsl to enable
+ IPv6 support.
+
+---
+Thu Apr 14 14:06:18 CEST 2016 - ku...@suse.de
+
+- Add /sbin/unix2_chkpwd (moved from pam-modules)
+
+---
+Mon Apr 11 15:09:04 CEST 2016 - ku...@suse.de
+
+- Remove (since accepted upstream):
+ - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch
+ - 0002-Remove-enable-static-modules-option-and-support-from.patch
+ - 0003-fix-nis-checks.patch
+ - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch
+ - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch
+
+---
+Fri Apr 1 15:32:37 CEST 2016 - ku...@suse.de
+
+- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch
+ - Replace IPv4 only functions
+
+---
+Fri Apr 1 10:37:58 CEST 2016 - ku...@suse.de
+
+- Fix typo in common-account.pamd [bnc#959439]
+
+---
+Tue Mar 29 14:25:02 CEST 2016 - ku...@suse.de
+
+- Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch
+ - readd PAM_EXTERN for external PAM modules
+
+---
+Wed Mar 23 11:21:16 CET 2016 - ku...@suse.de
+
+- Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch
+- Add 0002-Remove-enable-static-modules-option-and-support-from.patch
+- Add 0003-fix-nis-checks.patch
+
+---
Old:
Linux-PAM-1.2.1-docs.tar.bz2
Linux-PAM-1.2.1.tar.bz2
New:
Linux-PAM-1.3.0-docs.tar.bz2
Linux-PAM-1.3.0.tar.bz2
unix2_chkpwd.8
unix2_chkpwd.c
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.N6l9NH/_old 2016-05-14 12:23:10.0 +0200
+++ /var/tmp/diff_new_pack.N6l9NH/_new 2016-05-14 12:23:10.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pam
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -25,15 +25,18 @@
BuildRequires: bison
BuildRequires: cracklib-devel
BuildRequires: flex
-#BuildRequires: pkgconfig(libtirpc)
+%if 0%{?suse_version} > 1320
+BuildRequires: pkgconfig(libnsl)
+BuildRequires: pkgconfig(libtirpc)
+%endif
%if %{enable_selinux}
BuildRequires: libselinux-devel
%endif
-%define libpam_so_version 0.84.1
+%define libpam_so_version 0.84.2
%define libpam_misc_so_version 0.82.1
%define libpamc_so_version 0.82.1
#
-Version:1.2.1
+Version:1.3.0
Release:0
Summary:A Security Tool that Provides Authentication for Applications
License:GPL-2.0+ or BSD-3-Clause
@@ -51,6 +54,8 @@
Source7:common-session.pamd
Source8:etc.environment
Source9:baselibs.conf
+Source10: unix2_chkpwd.c
+Source11: unix2_chkpwd.8
Patch0: fix-man-links.dif
Patch2: pam-limit-nproc.patch
Patch3: encryption_method_nis.diff
@@ -103,7 +108,7 @@
%setup -q -n Linux-PAM-%{version} -b 1
%patch0 -p1
%patch2 -p1
-%patch3 -p1
+%patch3 -p0
%build
autoreconf -fiv
@@ -117,7 +122,8 @@
--libdir=/%{_lib} \
--enable-isadir=../../%{_lib}/security \
--enable-securedir=/%{_lib}/security
-make %{?_smp_mflags};
+make %{?_smp_mflags}
+%__cc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
%{optflags} -I$RPM_BUILD_DIR/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o
$RPM_BUILD_DIR/unix2_chkpwd -L$RPM_BUILD_DIR/Linux-PAM-%{version}/libpam/.libs/
-lpam
%check
make %{?_smp_mflags} check
@@ -170,12 +176,6 @@
ln -f
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2015-08-21 07:35:14
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2015-07-21 13:23:05.0
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2015-08-21
07:35:16.0 +0200
@@ -1,0 +2,5 @@
+Sat Jul 25 16:03:33 UTC 2015 - joschibrauc...@gmx.de
+
+- Add folder /etc/security/limits.d as mentioned in 'man pam_limits'
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.DHjXxE/_old 2015-08-21 07:35:17.0 +0200
+++ /var/tmp/diff_new_pack.DHjXxE/_new 2015-08-21 07:35:17.0 +0200
@@ -206,6 +206,7 @@
%defattr(-,root,root)
%dir %{_sysconfdir}/pam.d
%dir %{_sysconfdir}/security
+%dir %{_sysconfdir}/security/limits.d
%config(noreplace) %{_sysconfdir}/pam.d/other
%config(noreplace) %{_sysconfdir}/pam.d/common-*
%config(noreplace) %{_sysconfdir}/securetty
commit pam for openSUSE:Factory
Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2015-07-21 13:23:03 Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new (New) Package is pam Changes: --- /work/SRC/openSUSE:Factory/pam/pam.changes 2015-05-06 11:21:58.0 +0200 +++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2015-07-21 13:23:05.0 +0200 @@ -1,0 +2,6 @@ +Fri Jun 26 09:39:42 CEST 2015 - ku...@suse.de + +- Update to version 1.2.1 + - security update for CVE-2015-3238 + +--- Old: Linux-PAM-1.2.0-docs.tar.bz2 Linux-PAM-1.2.0.tar.bz2 New: Linux-PAM-1.2.1-docs.tar.bz2 Linux-PAM-1.2.1.tar.bz2 Other differences: -- ++ pam.spec ++ --- /var/tmp/diff_new_pack.707L8i/_old 2015-07-21 13:23:06.0 +0200 +++ /var/tmp/diff_new_pack.707L8i/_new 2015-07-21 13:23:07.0 +0200 @@ -33,7 +33,7 @@ %define libpam_misc_so_version 0.82.1 %define libpamc_so_version 0.82.1 # -Version:1.2.0 +Version:1.2.1 Release:0 Summary:A Security Tool that Provides Authentication for Applications License:GPL-2.0+ or BSD-3-Clause ++ Linux-PAM-1.2.0-docs.tar.bz2 - Linux-PAM-1.2.1-docs.tar.bz2 ++ Files old/Linux-PAM-1.2.0/doc/adg/Linux-PAM_ADG.pdf and new/Linux-PAM-1.2.1/doc/adg/Linux-PAM_ADG.pdf differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/adg/Linux-PAM_ADG.txt new/Linux-PAM-1.2.1/doc/adg/Linux-PAM_ADG.txt --- old/Linux-PAM-1.2.0/doc/adg/Linux-PAM_ADG.txt 2015-03-24 14:08:22.0 +0100 +++ new/Linux-PAM-1.2.1/doc/adg/Linux-PAM_ADG.txt 2015-06-22 14:32:48.0 +0200 @@ -198,8 +198,8 @@ pam_chauthtok(), although some applications are not suited to this task (ftp for example) and in this case the application should deny access to the user. -PAM is also capable of setting and deleting the users credentials with the call -pam_setcred(). This function should always be called after the user is +PAM is also capable of setting and deleting the user's credentials with the +call pam_setcred(). This function should always be called after the user is authenticated and before service is offered to the user. By convention, this should be the last call to the PAM library before the PAM session is opened. What exactly a credential is, is not well defined. However, some examples are @@ -849,7 +849,7 @@ 3.1.9.1. DESCRIPTION -The pam_acct_mgmt function is used to determine if the users account is valid. +The pam_acct_mgmt function is used to determine if the user's account is valid. It checks for authentication token and account expiration and verifies access restrictions. It is typically called after the user has been authenticated. @@ -922,7 +922,7 @@ PAM_CHANGE_EXPIRED_AUTHTOK -This argument indicates to the modules that the users authentication token +This argument indicates to the modules that the user's authentication token (password) should only be changed if it has expired. If this argument is not passed, the application requires that all authentication tokens are to be changed. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/adg/html/adg-interface-by-app-expected.html new/Linux-PAM-1.2.1/doc/adg/html/adg-interface-by-app-expected.html --- old/Linux-PAM-1.2.0/doc/adg/html/adg-interface-by-app-expected.html 2015-03-24 14:08:24.0 +0100 +++ new/Linux-PAM-1.2.1/doc/adg/html/adg-interface-by-app-expected.html 2015-06-22 14:32:50.0 +0200 @@ -460,7 +460,7 @@ User is not known to an authentication module. /p/dd/dl/div/div/divdiv class=sectiondiv class=titlepagedivdivh3 class=titlea name=adg-pam_acct_mgmt/a3.1.9. Account validation management/h3/div/div/divdiv class=funcsynopsispre class=funcsynopsisinfo#include lt;security/pam_appl.hgt;/pretable border=0 class=funcprototype-table summary=Function synopsis style=cellspacing: 0; cellpadding: 0;trtdcode class=funcdefint b class=fsfuncpam_acct_mgmt/b(/code/tdtdvar class=pdparampamh/var, /tdtd /td/trtrtd /tdtdvar class=pdparamflags/varcode)/code;/tdtd /td/tr/tablediv class=paramdef-listcodepam_handle_t *var class=pdparampamh/var/code;brcodeint var class=pdparamflags/var/code;/divdiv class=funcprototype-spacer /div/divdiv class=sectiondiv class=titlepagedivdivh4 class=titlea name=adg-pam_acct_mgmt-description/a3.1.9.1. DESCRIPTION/h4/div/div/divp The code class=functionpam_acct_mgmt/code function is used to determine - if the users account is valid. It checks
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2015-05-06 11:21:57
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2015-01-30 06:02:46.0
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2015-05-06
11:21:58.0 +0200
@@ -1,0 +2,6 @@
+Mon Apr 27 17:14:40 CEST 2015 - ku...@suse.de
+
+- Update to version 1.2.0
+ - obsoletes Linux-PAM-git-20150109.diff
+
+---
Old:
Linux-PAM-1.1.8-docs.tar.bz2
Linux-PAM-1.1.8.tar.bz2
Linux-PAM-git-20150109.diff
New:
Linux-PAM-1.2.0-docs.tar.bz2
Linux-PAM-1.2.0.tar.bz2
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.widPZ0/_old 2015-05-06 11:21:59.0 +0200
+++ /var/tmp/diff_new_pack.widPZ0/_new 2015-05-06 11:21:59.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pam
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,11 +29,11 @@
%if %{enable_selinux}
BuildRequires: libselinux-devel
%endif
-%define libpam_so_version 0.83.1
-%define libpam_misc_so_version 0.82.0
+%define libpam_so_version 0.84.1
+%define libpam_misc_so_version 0.82.1
%define libpamc_so_version 0.82.1
#
-Version:1.1.8
+Version:1.2.0
Release:0
Summary:A Security Tool that Provides Authentication for Applications
License:GPL-2.0+ or BSD-3-Clause
@@ -52,7 +52,6 @@
Source8:etc.environment
Source9:baselibs.conf
Patch0: fix-man-links.dif
-Patch1: Linux-PAM-git-20150109.diff
Patch2: pam-limit-nproc.patch
Patch3: encryption_method_nis.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -103,7 +102,6 @@
%prep
%setup -q -n Linux-PAM-%{version} -b 1
%patch0 -p1
-%patch1 -p2
%patch2 -p1
%patch3 -p1
++ Linux-PAM-1.1.8-docs.tar.bz2 - Linux-PAM-1.2.0-docs.tar.bz2 ++
Files old/Linux-PAM-1.1.8/doc/adg/Linux-PAM_ADG.pdf and
new/Linux-PAM-1.2.0/doc/adg/Linux-PAM_ADG.pdf differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/adg/Linux-PAM_ADG.txt
new/Linux-PAM-1.2.0/doc/adg/Linux-PAM_ADG.txt
--- old/Linux-PAM-1.1.8/doc/adg/Linux-PAM_ADG.txt 2013-09-19
10:06:41.0 +0200
+++ new/Linux-PAM-1.2.0/doc/adg/Linux-PAM_ADG.txt 2015-03-24
14:08:22.0 +0100
@@ -12,7 +12,7 @@
Abstract
-This manual documents what an application developer needs to know about the
+This manual documents what an application developer needs to know about the
Linux-PAM library. It describes how an application might use the Linux-PAM
library to authenticate users. In addition it contains a description of the
functions to be found in libpam_misc library, that can be used in general
@@ -303,7 +303,7 @@
callback function, cleanup() (See pam_set_data(3) and pam_get_data(3)). In this
way the module can be given notification of the pass/fail nature of the
tear-down process, and perform any last minute tasks that are appropriate to
-the module before it is unlinked. This argument can be logically OR'd with
+the module before it is unlinked. This argument can be logically OR'd with
PAM_DATA_SILENT to indicate to indicate that the module should not treat the
call too seriously. It is generally used to indicate that the current closing
of the library is in a fork(2)ed process, and that the parent will take care of
@@ -387,7 +387,7 @@
PAM_RHOST
-The requesting hostname (the hostname of the machine from which the
+The requesting hostname (the hostname of the machine from which the
PAM_RUSER entity is requesting service). That is PAM_RUSER@PAM_RHOST does
identify the requesting user. In some applications, PAM_RHOST may be NULL.
In such situations, it is unclear where the authentication request is
@@ -416,7 +416,7 @@
PAM_FAIL_DELAY
-A function pointer to redirect centrally managed failure delays. See
+A function pointer to redirect centrally managed failure delays. See
pam_fail_delay(3).
PAM_XDISPLAY
@@ -529,7 +529,7 @@
PAM_RHOST
-The requesting hostname (the hostname of the machine from which the
+The requesting hostname (the hostname of the machine from which the
PAM_RUSER entity is requesting service). That is PAM_RUSER@PAM_RHOST does
identify the requesting user.
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2015-01-30 06:02:44
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2014-12-29 00:29:43.0
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2015-01-30
06:02:46.0 +0100
@@ -1,0 +2,19 @@
+Fri Jan 9 15:37:28 CET 2015 - ku...@suse.de
+
+- Re-add lost patch encryption_method_nis.diff [bnc#906660]
+
+---
+Fri Jan 9 14:53:50 CET 2015 - ku...@suse.de
+
+- Update to current git:
+ - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff
+ - obsoletes pam_loginuid-log_write_errors.diff
+ - obsoletes pam_xauth-sigpipe.diff
+ - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch
+
+---
+Fri Jan 9 11:10:45 UTC 2015 - bwiedem...@suse.com
+
+- increase process limit to 1200 to help chromium users with many tabs
+
+---
Old:
Linux-PAM-git-20140127.diff
bug-870433_pam_timestamp-fix-directory-traversal.patch
pam_loginuid-log_write_errors.diff
pam_xauth-sigpipe.diff
New:
Linux-PAM-git-20150109.diff
encryption_method_nis.diff
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.UUvIN9/_old 2015-01-30 06:02:47.0 +0100
+++ /var/tmp/diff_new_pack.UUvIN9/_new 2015-01-30 06:02:47.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pam
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -52,12 +52,14 @@
Source8:etc.environment
Source9:baselibs.conf
Patch0: fix-man-links.dif
-Patch1: Linux-PAM-git-20140127.diff
-Patch2: pam_loginuid-log_write_errors.diff
-Patch3: pam_xauth-sigpipe.diff
-Patch4: bug-870433_pam_timestamp-fix-directory-traversal.patch
-Patch5: pam-limit-nproc.patch
+Patch1: Linux-PAM-git-20150109.diff
+Patch2: pam-limit-nproc.patch
+Patch3: encryption_method_nis.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
+# Remove with next version update:
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: libtool
%description
PAM (Pluggable Authentication Modules) is a system security tool that
@@ -104,10 +106,9 @@
%patch1 -p2
%patch2 -p1
%patch3 -p1
-%patch4 -p1
-%patch5 -p1
%build
+autoreconf -fiv
export CFLAGS=%optflags -DNDEBUG
%configure \
--sbindir=/sbin \
++ Linux-PAM-git-20140127.diff - Linux-PAM-git-20150109.diff ++
38145 lines (skipped)
between /work/SRC/openSUSE:Factory/pam/Linux-PAM-git-20140127.diff
and /work/SRC/openSUSE:Factory/.pam.new/Linux-PAM-git-20150109.diff
++ encryption_method_nis.diff ++
diff --git a/modules/pam_unix/pam_unix_passwd.c
b/modules/pam_unix/pam_unix_passwd.c
index 0cfc0f4..2239206 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -796,6 +796,29 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
const char **argv)
* rebuild the password database file.
*/
+
+ /* if it is a NIS account, check for special hash algo */
+ if (on(UNIX_NIS, ctrl) _unix_comesfromsource(pamh, user, 0,
1)) {
+ /* preset encryption method with value from /etc/login.defs */
+ int j;
+ char *val = _unix_search_key (ENCRYPT_METHOD_NIS,
LOGIN_DEFS);
+ if (val) {
+ for (j = 0; j UNIX_CTRLS_; ++j) {
+ if (unix_args[j].token unix_args[j].is_hash_algo
+ !strncasecmp(val, unix_args[j].token,
strlen(unix_args[j].token))) {
+ break;
+ }
+ }
+ if (j = UNIX_CTRLS_) {
+ pam_syslog(pamh, LOG_WARNING, unrecognized
ENCRYPT_METHOD_NIS value [%s], val);
+ } else {
+ ctrl = unix_args[j].mask; /* for turning things off */
+ ctrl |= unix_args[j].flag; /* for turning things on */
+ }
+ free (val);
+ }
+ }
+
/*
* First we encrypt the new password.
*/
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2014-12-29 00:29:39
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2014-04-22 07:49:16.0
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2014-12-29
00:29:43.0 +0100
@@ -1,0 +2,6 @@
+Tue May 6 14:31:36 UTC 2014 - bwiedem...@suse.com
+
+- limit number of processes to 700 to harden against fork-bombs
+ Add pam-limit-nproc.patch
+
+---
New:
pam-limit-nproc.patch
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.40j0dz/_old 2014-12-29 00:29:44.0 +0100
+++ /var/tmp/diff_new_pack.40j0dz/_new 2014-12-29 00:29:44.0 +0100
@@ -56,6 +56,7 @@
Patch2: pam_loginuid-log_write_errors.diff
Patch3: pam_xauth-sigpipe.diff
Patch4: bug-870433_pam_timestamp-fix-directory-traversal.patch
+Patch5: pam-limit-nproc.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -104,6 +105,7 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%build
export CFLAGS=%optflags -DNDEBUG
++ pam-limit-nproc.patch ++
Index: Linux-PAM-1.1.8/modules/pam_limits/limits.conf
===
--- Linux-PAM-1.1.8.orig/modules/pam_limits/limits.conf
+++ Linux-PAM-1.1.8/modules/pam_limits/limits.conf
@@ -47,4 +47,10 @@
#ftp hardnproc 0
#@student- maxlogins 4
+# harden against fork-bombs
+* hardnproc 800
+* softnproc 700
+roothardnproc 900
+rootsoftnproc 850
+
# End of file
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2014-04-22 07:49:15
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2014-04-09 13:15:15.0
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2014-04-22
07:49:16.0 +0200
@@ -1,0 +2,6 @@
+Wed Apr 9 16:02:17 UTC 2014 - ckornac...@suse.com
+
+- Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433)
+ bug-870433_pam_timestamp-fix-directory-traversal.patch
+
+---
New:
bug-870433_pam_timestamp-fix-directory-traversal.patch
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.hhrxbV/_old 2014-04-22 07:49:16.0 +0200
+++ /var/tmp/diff_new_pack.hhrxbV/_new 2014-04-22 07:49:16.0 +0200
@@ -55,6 +55,7 @@
Patch1: Linux-PAM-git-20140127.diff
Patch2: pam_loginuid-log_write_errors.diff
Patch3: pam_xauth-sigpipe.diff
+Patch4: bug-870433_pam_timestamp-fix-directory-traversal.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -102,6 +103,7 @@
%patch1 -p2
%patch2 -p1
%patch3 -p1
+%patch4 -p1
%build
export CFLAGS=%optflags -DNDEBUG
++ bug-870433_pam_timestamp-fix-directory-traversal.patch ++
From 9dcead87e6d7f66d34e7a56d11a30daca367dffb Mon Sep 17 00:00:00 2001
From: Dmitry V. Levin l...@altlinux.org
Date: Wed, 26 Mar 2014 22:17:23 +
Subject: [PATCH] pam_timestamp: fix potential directory traversal issue
(ticket #27)
pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of
the timestamp pathname it creates, so extra care should be taken to
avoid potential directory traversal issues.
* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat
. and .. tty values as invalid.
(get_ruser): Treat . and .. ruser values, as well as any ruser
value containing '/', as invalid.
Fixes CVE-2014-2583.
Reported-by: Sebastian Krahmer krah...@suse.de
---
modules/pam_timestamp/pam_timestamp.c | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/modules/pam_timestamp/pam_timestamp.c
b/modules/pam_timestamp/pam_timestamp.c
index 5193733..b3f08b1 100644
--- a/modules/pam_timestamp/pam_timestamp.c
+++ b/modules/pam_timestamp/pam_timestamp.c
@@ -158,7 +158,7 @@ check_tty(const char *tty)
tty = strrchr(tty, '/') + 1;
}
/* Make sure the tty wasn't actually a directory (no basename). */
- if (strlen(tty) == 0) {
+ if (!strlen(tty) || !strcmp(tty, .) || !strcmp(tty, ..)) {
return NULL;
}
return tty;
@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t
ruserbuflen)
if (pwd != NULL) {
ruser = pwd-pw_name;
}
+ } else {
+ /*
+* This ruser is used by format_timestamp_name as a component
+* of constructed timestamp pathname, so ., .., and '/'
+* are disallowed to avoid potential path traversal issues.
+*/
+ if (!strcmp(ruser, .) ||
+ !strcmp(ruser, ..) ||
+ strchr(ruser, '/')) {
+ ruser = NULL;
+ }
}
if (ruser == NULL || strlen(ruser) = ruserbuflen) {
*ruserbuf = '\0';
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2014-04-09 13:15:13
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2014-01-30 19:24:26.0
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2014-04-09
13:15:15.0 +0200
@@ -1,0 +2,5 @@
+Tue Apr 1 15:35:56 UTC 2014 - ckornac...@suse.com
+
+- adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664)
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.F4JJQq/_old 2014-04-09 13:15:15.0 +0200
+++ /var/tmp/diff_new_pack.F4JJQq/_new 2014-04-09 13:15:15.0 +0200
@@ -144,6 +144,8 @@
echo hvc5 $RPM_BUILD_ROOT/etc/securetty
echo hvc6 $RPM_BUILD_ROOT/etc/securetty
echo hvc7 $RPM_BUILD_ROOT/etc/securetty
+echo sclp_line0 $RPM_BUILD_ROOT/etc/securetty
+echo ttysclp0 $RPM_BUILD_ROOT/etc/securetty
%endif
# install other.pamd and common-*.pamd
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2014-01-30 19:24:25
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2014-01-11 11:12:12.0
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2014-01-30
19:24:26.0 +0100
@@ -1,0 +2,23 @@
+Mon Jan 27 17:05:11 CET 2014 - ku...@suse.de
+
+- Add pam_loginuid-log_write_errors.diff: log significant loginuid
+ write errors
+- pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to
+ xauth process
+
+---
+Mon Jan 27 15:14:34 CET 2014 - ku...@suse.de
+
+- Update to current git (Linux-PAM-git-20140127.diff), which
+ obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and
+ Linux-PAM-git-20140109.diff.
+ - Fix gratuitous use of strdup and x_strdup
+ - pam_xauth: log fatal errors preventing xauth process execution
+ - pam_loginuid: cleanup loginuid buffer initialization
+ - libpam_misc: fix an inconsistency in handling memory allocation errors
+ - pam_limits: fix utmp-ut_user handling
+ - pam_mkhomedir: check and create home directory for the same user
+ - pam_limits: detect and ignore stale utmp entries
+- Disable pam_userdb (remove db-devel from build requires)
+
+---
Old:
Linux-PAM-git-20140109.diff
pam_loginuid-part1.diff
pam_loginuid-part2.diff
New:
Linux-PAM-git-20140127.diff
pam_loginuid-log_write_errors.diff
pam_xauth-sigpipe.diff
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.fuNH3t/_old 2014-01-30 19:24:27.0 +0100
+++ /var/tmp/diff_new_pack.fuNH3t/_new 2014-01-30 19:24:27.0 +0100
@@ -24,7 +24,6 @@
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: cracklib-devel
-BuildRequires: db-devel
BuildRequires: flex
#BuildRequires: pkgconfig(libtirpc)
%if %{enable_selinux}
@@ -53,9 +52,9 @@
Source8:etc.environment
Source9:baselibs.conf
Patch0: fix-man-links.dif
-Patch1: Linux-PAM-git-20140109.diff
-Patch2: pam_loginuid-part1.diff
-Patch3: pam_loginuid-part2.diff
+Patch1: Linux-PAM-git-20140127.diff
+Patch2: pam_loginuid-log_write_errors.diff
+Patch3: pam_xauth-sigpipe.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -275,7 +274,7 @@
/%{_lib}/security/pam_unix_auth.so
/%{_lib}/security/pam_unix_passwd.so
/%{_lib}/security/pam_unix_session.so
-/%{_lib}/security/pam_userdb.so
+#/%{_lib}/security/pam_userdb.so
/%{_lib}/security/pam_warn.so
/%{_lib}/security/pam_wheel.so
/%{_lib}/security/pam_xauth.so
++ Linux-PAM-git-20140109.diff - Linux-PAM-git-20140127.diff ++
992 lines (skipped)
between /work/SRC/openSUSE:Factory/pam/Linux-PAM-git-20140109.diff
and /work/SRC/openSUSE:Factory/.pam.new/Linux-PAM-git-20140127.diff
++ pam_loginuid-log_write_errors.diff ++
commit 256b50e1fce2f785f1032a1949dd2d1dbc17e250
Author: Dmitry V. Levin l...@altlinux.org
Date: Sun Jan 19 14:12:59 2014 +
pam_loginuid: log significant loginuid write errors
* modules/pam_loginuid/pam_loginuid.c (set_loginuid): Log those errors
during /proc/self/loginuid update that are not ignored.
modules/pam_loginuid/pam_loginuid.c | 12 +---
1 files changed, 9 insertions(+), 3 deletions(-)
---
diff --git a/modules/pam_loginuid/pam_loginuid.c
b/modules/pam_loginuid/pam_loginuid.c
index c476f7b..73c42f9 100644
--- a/modules/pam_loginuid/pam_loginuid.c
+++ b/modules/pam_loginuid/pam_loginuid.c
@@ -75,8 +75,8 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid)
rc = PAM_IGNORE;
}
if (rc != PAM_IGNORE) {
- pam_syslog(pamh, LOG_ERR,
- Cannot open /proc/self/loginuid: %m);
+ pam_syslog(pamh, LOG_ERR, Cannot open %s: %m,
+ /proc/self/loginuid);
}
return rc;
}
@@ -88,8 +88,14 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid)
goto done; /* already correct */
}
if (lseek(fd, 0, SEEK_SET) == 0 ftruncate(fd, 0) == 0
- pam_modutil_write(fd, loginuid, count) == count)
+ pam_modutil_write(fd, loginuid, count) == count) {
rc = PAM_SUCCESS;
+ } else {
+ if (rc != PAM_IGNORE) {
+ pam_syslog(pamh, LOG_ERR, Error writing %s: %m,
+
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2014-01-11 11:12:10
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-12-19 13:35:18.0
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2014-01-11
11:12:12.0 +0100
@@ -1,0 +2,17 @@
+Fri Jan 10 10:56:24 UTC 2014 - ku...@suse.com
+
+- Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid
+- Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc
+
+---
+Thu Jan 9 17:31:27 CET 2014 - ku...@suse.de
+
+- Update to current git (Linux-PAM-git-20140109.diff, which
+ replaces pam_unix.diff and encryption_method_nis.diff)
+ - pam_access: fix debug level logging
+ - pam_warn: log flags passed to the module
+ - pam_securetty: check return value of fgets
+ - pam_lastlog: fix format string
+ - pam_loginuid: If the correct loginuid is already set, skip writing it
+
+---
Old:
encryption_method_nis.diff
pam_unix.diff
New:
Linux-PAM-git-20140109.diff
pam_loginuid-part1.diff
pam_loginuid-part2.diff
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.8yCJ2P/_old 2014-01-11 11:12:13.0 +0100
+++ /var/tmp/diff_new_pack.8yCJ2P/_new 2014-01-11 11:12:13.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pam
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -53,8 +53,9 @@
Source8:etc.environment
Source9:baselibs.conf
Patch0: fix-man-links.dif
-Patch1: pam_unix.diff
-Patch2: encryption_method_nis.diff
+Patch1: Linux-PAM-git-20140109.diff
+Patch2: pam_loginuid-part1.diff
+Patch3: pam_loginuid-part2.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -99,8 +100,9 @@
%prep
%setup -q -n Linux-PAM-%{version} -b 1
%patch0 -p1
-%patch1 -p1
+%patch1 -p2
%patch2 -p1
+%patch3 -p1
%build
export CFLAGS=%optflags -DNDEBUG
++ Linux-PAM-git-20140109.diff ++
--- old/Linux-PAM-1.1.8/modules/pam_access/pam_access.c 2013-06-18
16:11:21.0 +0200
+++ new/linux-pam-1.1.8/modules/pam_access/pam_access.c 2014-01-09
16:28:39.0 +0100
@@ -573,7 +573,7 @@
if (debug)
pam_syslog (pamh, LOG_DEBUG,
- group_match: grp=%s, user=%s, grptok, usr);
+ group_match: grp=%s, user=%s, tok, usr);
if (strlen(tok) 3)
return NO;
--- old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c 2013-06-18
16:11:21.0 +0200
+++ new/linux-pam-1.1.8/modules/pam_lastlog/pam_lastlog.c 2013-11-28
11:37:54.0 +0100
@@ -628,7 +628,8 @@
lltime = (time(NULL) - lltime) / (24*60*60);
if (lltime inactive_days) {
-pam_syslog(pamh, LOG_INFO, user %s inactive for %d days - denied,
user, lltime);
+pam_syslog(pamh, LOG_INFO, user %s inactive for %ld days - denied,
+ user, (long) lltime);
return PAM_AUTH_ERR;
}
--- old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c 2013-06-18
16:11:21.0 +0200
+++ new/linux-pam-1.1.8/modules/pam_loginuid/pam_loginuid.c 2013-11-28
11:37:54.0 +0100
@@ -52,10 +52,10 @@
static int set_loginuid(pam_handle_t *pamh, uid_t uid)
{
int fd, count, rc = 0;
- char loginuid[24];
+ char loginuid[24], buf[24];
count = snprintf(loginuid, sizeof(loginuid), %lu, (unsigned long)uid);
- fd = open(/proc/self/loginuid, O_NOFOLLOW|O_WRONLY|O_TRUNC);
+ fd = open(/proc/self/loginuid, O_NOFOLLOW|O_RDWR);
if (fd 0) {
if (errno != ENOENT) {
rc = 1;
@@ -64,8 +64,13 @@
}
return rc;
}
- if (pam_modutil_write(fd, loginuid, count) != count)
+ if (pam_modutil_read(fd, buf, sizeof(buf)) == count
+ memcmp(buf, loginuid, count) == 0)
+ goto done; /* already correct */
+ if (lseek(fd, 0, SEEK_SET) == -1 || (ftruncate(fd, 0) == -1 ||
+ pam_modutil_write(fd, loginuid, count) != count))
rc = 1;
+ done:
close(fd);
return rc;
}
--- old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c 2013-06-18
16:11:21.0 +0200
+++
commit pam for openSUSE:Factory
Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2013-12-19 13:35:16 Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new (New) Package is pam Changes: --- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-11-28 16:52:09.0 +0100 +++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-12-19 13:35:18.0 +0100 @@ -1,0 +2,5 @@ +Fri Nov 29 20:25:32 UTC 2013 - sch...@linux-m68k.org + +- common-session.pamd: add missing newline + +--- Other differences: -- ++ common-session.pamd ++ --- /var/tmp/diff_new_pack.AJ24QB/_old 2013-12-19 13:35:19.0 +0100 +++ /var/tmp/diff_new_pack.AJ24QB/_new 2013-12-19 13:35:19.0 +0100 @@ -10,4 +10,4 @@ sessionrequiredpam_unix.so try_first_pass session optional pam_umask.so session optional pam_env.so -session optionalpam_systemd.so \ No newline at end of file +session optional pam_systemd.so -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2013-11-28 16:52:08
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-11-12 16:36:45.0
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-11-28
16:52:09.0 +0100
@@ -1,0 +2,6 @@
+Thu Nov 28 12:00:09 CET 2013 - ku...@suse.de
+
+- Remove libtrpc support to solve dependency/build cycles, plain
+ glibc is enough for now.
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.O736BD/_old 2013-11-28 16:52:09.0 +0100
+++ /var/tmp/diff_new_pack.O736BD/_new 2013-11-28 16:52:09.0 +0100
@@ -26,7 +26,7 @@
BuildRequires: cracklib-devel
BuildRequires: db-devel
BuildRequires: flex
-BuildRequires: pkgconfig(libtirpc)
+#BuildRequires: pkgconfig(libtirpc)
%if %{enable_selinux}
BuildRequires: libselinux-devel
%endif
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2013-11-12 16:36:44
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-09-29 17:50:46.0
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-11-12
16:36:45.0 +0100
@@ -1,0 +2,14 @@
+Tue Nov 12 13:08:44 CET 2013 - ku...@suse.de
+
+- Add encryption_method_nis.diff:
+ - implement pam_unix2 functionality to use another hash for
+NIS passwords.
+
+---
+Fri Nov 8 16:01:35 CET 2013 - ku...@suse.de
+
+- Add pam_unix.diff:
+ - fix if /etc/login.defs uses DES
+ - ask always for old password if a NIS password will be changed
+
+---
New:
encryption_method_nis.diff
pam_unix.diff
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.MemVTR/_old 2013-11-12 16:36:46.0 +0100
+++ /var/tmp/diff_new_pack.MemVTR/_new 2013-11-12 16:36:46.0 +0100
@@ -53,6 +53,8 @@
Source8:etc.environment
Source9:baselibs.conf
Patch0: fix-man-links.dif
+Patch1: pam_unix.diff
+Patch2: encryption_method_nis.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -97,6 +99,8 @@
%prep
%setup -q -n Linux-PAM-%{version} -b 1
%patch0 -p1
+%patch1 -p1
+%patch2 -p1
%build
export CFLAGS=%optflags -DNDEBUG
++ encryption_method_nis.diff ++
diff --git a/modules/pam_unix/pam_unix_passwd.c
b/modules/pam_unix/pam_unix_passwd.c
index 0cfc0f4..2239206 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -796,6 +796,29 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
const char **argv)
* rebuild the password database file.
*/
+
+ /* if it is a NIS account, check for special hash algo */
+ if (on(UNIX_NIS, ctrl) _unix_comesfromsource(pamh, user, 0,
1)) {
+ /* preset encryption method with value from /etc/login.defs */
+ int j;
+ char *val = _unix_search_key (ENCRYPT_METHOD_NIS,
LOGIN_DEFS);
+ if (val) {
+ for (j = 0; j UNIX_CTRLS_; ++j) {
+ if (unix_args[j].token unix_args[j].is_hash_algo
+ !strncasecmp(val, unix_args[j].token,
strlen(unix_args[j].token))) {
+ break;
+ }
+ }
+ if (j = UNIX_CTRLS_) {
+ pam_syslog(pamh, LOG_WARNING, unrecognized
ENCRYPT_METHOD_NIS value [%s], val);
+ } else {
+ ctrl = unix_args[j].mask; /* for turning things off */
+ ctrl |= unix_args[j].flag; /* for turning things on */
+ }
+ free (val);
+ }
+ }
+
/*
* First we encrypt the new password.
*/
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 19d72e6..dafa9f0 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -37,8 +37,8 @@
#define SELINUX_ENABLED 0
#endif
-static char *
-search_key (const char *key, const char *filename)
+char *
+_unix_search_key (const char *key, const char *filename)
{
FILE *fp;
char *buf = NULL;
@@ -159,7 +159,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
int *rounds,
}
/* preset encryption method with value from /etc/login.defs */
- val = search_key (ENCRYPT_METHOD, LOGIN_DEFS);
+ val = _unix_search_key (ENCRYPT_METHOD, LOGIN_DEFS);
if (val) {
for (j = 0; j UNIX_CTRLS_; ++j) {
if (unix_args[j].token unix_args[j].is_hash_algo
@@ -177,7 +177,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
int *rounds,
/* read number of rounds for crypt algo */
if (rounds (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS,
ctrl))) {
- val=search_key (SHA_CRYPT_MAX_ROUNDS, LOGIN_DEFS);
+ val=_unix_search_key (SHA_CRYPT_MAX_ROUNDS, LOGIN_DEFS);
if (val) {
*rounds = strtol(val, NULL, 10);
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
index 6f5b2eb..a35a8a8 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
@@ -174,4 +174,5 @@ extern int _unix_read_password(pam_handle_t * pamh
extern int _unix_run_verify_binary(pam_handle_t *pamh,
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2013-09-29 17:50:45
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-09-26 19:39:50.0
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-09-29
17:50:46.0 +0200
@@ -1,0 +2,5 @@
+Sat Sep 28 09:26:21 UTC 2013 - m...@suse.com
+
+- fix manpages links (bnc#842872) [fix-man-links.dif]
+
+---
New:
fix-man-links.dif
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.gBnbLB/_old 2013-09-29 17:50:47.0 +0200
+++ /var/tmp/diff_new_pack.gBnbLB/_new 2013-09-29 17:50:47.0 +0200
@@ -52,6 +52,7 @@
Source7:common-session.pamd
Source8:etc.environment
Source9:baselibs.conf
+Patch0: fix-man-links.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -95,6 +96,7 @@
%prep
%setup -q -n Linux-PAM-%{version} -b 1
+%patch0 -p1
%build
export CFLAGS=%optflags -DNDEBUG
++ fix-man-links.dif ++
Index: Linux-PAM-1.1.8/doc/man/pam.8
===
--- Linux-PAM-1.1.8.orig/doc/man/pam.8
+++ Linux-PAM-1.1.8/doc/man/pam.8
@@ -1 +1 @@
-.so PAM.8
+.so man8/PAM.8
Index: Linux-PAM-1.1.8/doc/man/pam.d.5
===
--- Linux-PAM-1.1.8.orig/doc/man/pam.d.5
+++ Linux-PAM-1.1.8/doc/man/pam.d.5
@@ -1 +1 @@
-.so pam.conf.5
+.so man5/pam.conf.5
Index: Linux-PAM-1.1.8/doc/man/pam_get_authtok_noverify.3
===
--- Linux-PAM-1.1.8.orig/doc/man/pam_get_authtok_noverify.3
+++ Linux-PAM-1.1.8/doc/man/pam_get_authtok_noverify.3
@@ -1 +1 @@
-.so pam_get_authtok.3
+.so man3/pam_get_authtok.3
Index: Linux-PAM-1.1.8/doc/man/pam_get_authtok_verify.3
===
--- Linux-PAM-1.1.8.orig/doc/man/pam_get_authtok_verify.3
+++ Linux-PAM-1.1.8/doc/man/pam_get_authtok_verify.3
@@ -1 +1 @@
-.so pam_get_authtok.3
+.so man3/pam_get_authtok.3
Index: Linux-PAM-1.1.8/doc/man/pam_verror.3
===
--- Linux-PAM-1.1.8.orig/doc/man/pam_verror.3
+++ Linux-PAM-1.1.8/doc/man/pam_verror.3
@@ -1 +1 @@
-.so pam_error.3
+.so man3/pam_error.3
Index: Linux-PAM-1.1.8/doc/man/pam_vinfo.3
===
--- Linux-PAM-1.1.8.orig/doc/man/pam_vinfo.3
+++ Linux-PAM-1.1.8/doc/man/pam_vinfo.3
@@ -1 +1 @@
-.so pam_info.3
+.so man3/pam_info.3
Index: Linux-PAM-1.1.8/doc/man/pam_vprompt.3
===
--- Linux-PAM-1.1.8.orig/doc/man/pam_vprompt.3
+++ Linux-PAM-1.1.8/doc/man/pam_vprompt.3
@@ -1 +1 @@
-.so pam_prompt.3
+.so man3/pam_prompt.3
Index: Linux-PAM-1.1.8/doc/man/pam_vsyslog.3
===
--- Linux-PAM-1.1.8.orig/doc/man/pam_vsyslog.3
+++ Linux-PAM-1.1.8/doc/man/pam_vsyslog.3
@@ -1 +1 @@
-.so pam_syslog.3
+.so man3/pam_syslog.3
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2013-09-26 19:39:49 Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new (New) Package is pam Changes: --- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-09-23 11:17:35.0 +0200 +++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-09-26 19:39:50.0 +0200 @@ -1,0 +2,6 @@ +Fri Sep 20 21:42:54 UTC 2013 - hrvoje.sen...@gmail.com + +- Explicitly add pam_systemd.so to list of modules in + common-session.pamd (bnc#812462) + +--- Other differences: -- ++ common-session.pamd ++ --- /var/tmp/diff_new_pack.y8IRDU/_old 2013-09-26 19:39:51.0 +0200 +++ /var/tmp/diff_new_pack.y8IRDU/_new 2013-09-26 19:39:51.0 +0200 @@ -10,3 +10,4 @@ sessionrequiredpam_unix.so try_first_pass session optional pam_umask.so session optional pam_env.so +session optionalpam_systemd.so \ No newline at end of file -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2013-09-23 10:41:26
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-09-16 16:24:02.0
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-09-23
11:17:35.0 +0200
@@ -1,0 +2,6 @@
+Fri Sep 20 09:43:38 CEST 2013 - ku...@suse.de
+
+- Update to official release 1.1.8 (1.1.7 + git-20130916.diff)
+- Remove needless pam_tally-deprecated.diff patch
+
+---
Old:
Linux-PAM-1.1.7-docs.tar.bz2
Linux-PAM-1.1.7.tar.bz2
git-20130916.diff
pam_tally-deprecated.diff
New:
Linux-PAM-1.1.8-docs.tar.bz2
Linux-PAM-1.1.8.tar.bz2
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.RexKDK/_old 2013-09-23 11:17:36.0 +0200
+++ /var/tmp/diff_new_pack.RexKDK/_new 2013-09-23 11:17:36.0 +0200
@@ -34,7 +34,7 @@
%define libpam_misc_so_version 0.82.0
%define libpamc_so_version 0.82.1
#
-Version:1.1.7
+Version:1.1.8
Release:0
Summary:A Security Tool that Provides Authentication for Applications
License:GPL-2.0+ or BSD-3-Clause
@@ -52,8 +52,6 @@
Source7:common-session.pamd
Source8:etc.environment
Source9:baselibs.conf
-Patch0: pam_tally-deprecated.diff
-Patch1: git-20130916.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -97,8 +95,6 @@
%prep
%setup -q -n Linux-PAM-%{version} -b 1
-%patch0 -p0
-%patch1 -p1
%build
export CFLAGS=%optflags -DNDEBUG
++ Linux-PAM-1.1.7-docs.tar.bz2 - Linux-PAM-1.1.8-docs.tar.bz2 ++
++ Linux-PAM-1.1.7-docs.tar.bz2 - Linux-PAM-1.1.8.tar.bz2 ++
263436 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2013-09-16 16:24:01
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-09-14 12:54:15.0
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-09-16
16:24:02.0 +0200
@@ -1,0 +2,9 @@
+Mon Sep 16 11:54:15 CEST 2013 - ku...@suse.de
+
+- Replace fix-compiler-warnings.diff with current git snapshot
+ (git-20130916.diff) for pam_unix.so:
+ - fix glibc warnings
+ - fix syntax error in SELinux code
+ - fix crash at login
+
+---
Old:
fix-compiler-warnings.diff
New:
git-20130916.diff
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.CXJQ06/_old 2013-09-16 16:24:04.0 +0200
+++ /var/tmp/diff_new_pack.CXJQ06/_new 2013-09-16 16:24:04.0 +0200
@@ -53,7 +53,7 @@
Source8:etc.environment
Source9:baselibs.conf
Patch0: pam_tally-deprecated.diff
-Patch1: fix-compiler-warnings.diff
+Patch1: git-20130916.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -98,7 +98,7 @@
%prep
%setup -q -n Linux-PAM-%{version} -b 1
%patch0 -p0
-%patch1 -p0
+%patch1 -p1
%build
export CFLAGS=%optflags -DNDEBUG
++ git-20130916.diff ++
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 865dc29..8ec4449 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -121,7 +121,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned
int ctrl,
if (geteuid() == 0) {
/* must set the real uid to 0 so the helper will not error
out if pam is called from setuid binary (su, sudo...) */
- setuid(0);
+ if (setuid(0) == -1) {
+ pam_syslog(pamh, LOG_ERR, setuid failed: %m);
+ printf(-1\n);
+ fflush(stdout);
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ }
}
/* exec binary helper */
diff --git a/modules/pam_unix/pam_unix_passwd.c
b/modules/pam_unix/pam_unix_passwd.c
index 9bc1cd9..9aae3b0 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -255,7 +255,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh,
unsigned int ctrl, const
close(fds[0]); /* close here to avoid possible SIGPIPE above */
close(fds[1]);
/* wait for helper to complete: */
- while ((rc=waitpid(child, retval, 0) 0 errno == EINTR);
+ while ((rc=waitpid(child, retval, 0)) 0 errno == EINTR);
if (rc0) {
pam_syslog(pamh, LOG_ERR, unix_update waitpid failed: %m);
retval = PAM_AUTHTOK_ERR;
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index d8f4a6f..19d72e6 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -176,7 +176,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
int *rounds,
free (val);
/* read number of rounds for crypt algo */
- if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) {
+ if (rounds (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS,
ctrl))) {
val=search_key (SHA_CRYPT_MAX_ROUNDS, LOGIN_DEFS);
if (val) {
@@ -586,7 +586,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh,
const char *passwd,
if (geteuid() == 0) {
/* must set the real uid to 0 so the helper will not error
out if pam is called from setuid binary (su, sudo...) */
- setuid(0);
+ if (setuid(0) == -1) {
+ D((setuid failed));
+_exit(PAM_AUTHINFO_UNAVAIL);
+ }
}
/* exec binary helper */
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2013-09-14 12:54:12
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-08-13 11:06:16.0
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-09-14
12:54:15.0 +0200
@@ -1,0 +2,12 @@
+Thu Sep 12 10:05:53 CEST 2013 - ku...@suse.de
+
+- Remove pam_unix-login.defs.diff, not needed anymore
+
+---
+Thu Sep 12 09:47:52 CEST 2013 - ku...@suse.de
+
+- Update to version 1.1.7 (bugfix release)
+ - Drop missing-DESTDIR.diff and pam-fix-includes.patch
+ - fix-compiler-warnings.diff: fix unchecked setuid return code
+
+---
Old:
Linux-PAM-1.1.6-docs.tar.bz2
Linux-PAM-1.1.6.tar.bz2
missing-DESTDIR.diff
pam-fix-includes.patch
pam_unix-login.defs.diff
New:
Linux-PAM-1.1.7-docs.tar.bz2
Linux-PAM-1.1.7.tar.bz2
fix-compiler-warnings.diff
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.drX7IF/_old 2013-09-14 12:54:16.0 +0200
+++ /var/tmp/diff_new_pack.drX7IF/_new 2013-09-14 12:54:16.0 +0200
@@ -30,14 +30,11 @@
%if %{enable_selinux}
BuildRequires: libselinux-devel
%endif
-BuildRequires: autoconf
-BuildRequires: automake
-BuildRequires: libtool
%define libpam_so_version 0.83.1
%define libpam_misc_so_version 0.82.0
%define libpamc_so_version 0.82.1
-
-Version:1.1.6
+#
+Version:1.1.7
Release:0
Summary:A Security Tool that Provides Authentication for Applications
License:GPL-2.0+ or BSD-3-Clause
@@ -56,9 +53,7 @@
Source8:etc.environment
Source9:baselibs.conf
Patch0: pam_tally-deprecated.diff
-Patch1: pam-fix-includes.patch
-Patch2: missing-DESTDIR.diff
-Patch3: pam_unix-login.defs.diff
+Patch1: fix-compiler-warnings.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -104,11 +99,8 @@
%setup -q -n Linux-PAM-%{version} -b 1
%patch0 -p0
%patch1 -p0
-%patch2 -p1
-%patch3 -p1
%build
-autoreconf -i
export CFLAGS=%optflags -DNDEBUG
%configure \
--sbindir=/sbin \
++ Linux-PAM-1.1.6-docs.tar.bz2 - Linux-PAM-1.1.7-docs.tar.bz2 ++
4582 lines of diff (skipped)
++ Linux-PAM-1.1.6-docs.tar.bz2 - Linux-PAM-1.1.7.tar.bz2 ++
263325 lines of diff (skipped)
++ fix-compiler-warnings.diff ++
--- modules/pam_unix/pam_unix_acct.c
+++ modules/pam_unix/pam_unix_acct.c2013/09/12 07:19:05
@@ -121,7 +121,12 @@
if (geteuid() == 0) {
/* must set the real uid to 0 so the helper will not error
out if pam is called from setuid binary (su, sudo...) */
- setuid(0);
+ if (setuid(0) == -1) {
+ pam_syslog(pamh, LOG_ERR, setuid failed: %m);
+ printf(-1\n);
+ fflush(stdout);
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ }
}
/* exec binary helper */
--- modules/pam_unix/pam_unix_passwd.c
+++ modules/pam_unix/pam_unix_passwd.c 2013/09/12 07:24:40
@@ -255,7 +255,7 @@
close(fds[0]); /* close here to avoid possible SIGPIPE above */
close(fds[1]);
/* wait for helper to complete: */
- while ((rc=waitpid(child, retval, 0) 0 errno == EINTR);
+ while ((rc=waitpid(child, retval, 0) 0) errno == EINTR);
if (rc0) {
pam_syslog(pamh, LOG_ERR, unix_update waitpid failed: %m);
retval = PAM_AUTHTOK_ERR;
--- modules/pam_unix/support.c
+++ modules/pam_unix/support.c 2013/09/12 07:20:51
@@ -586,7 +586,10 @@
if (geteuid() == 0) {
/* must set the real uid to 0 so the helper will not error
out if pam is called from setuid binary (su, sudo...) */
- setuid(0);
+ if (setuid(0) == -1) {
+ D((setuid failed));
+_exit(PAM_AUTHINFO_UNAVAIL);
+ }
}
/* exec binary helper */
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2013-08-13 11:06:15
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-06-05 13:31:23.0
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-08-13
11:06:16.0 +0200
@@ -1,0 +2,5 @@
+Tue Aug 6 10:30:13 CEST 2013 - m...@suse.de
+
+- adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516)
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.Du1ttL/_old 2013-08-13 11:06:16.0 +0200
+++ /var/tmp/diff_new_pack.Du1ttL/_new 2013-08-13 11:06:17.0 +0200
@@ -141,6 +141,14 @@
%ifarch s390 s390x
echo ttyS0 $RPM_BUILD_ROOT/etc/securetty
echo ttyS1 $RPM_BUILD_ROOT/etc/securetty
+echo hvc0 $RPM_BUILD_ROOT/etc/securetty
+echo hvc1 $RPM_BUILD_ROOT/etc/securetty
+echo hvc2 $RPM_BUILD_ROOT/etc/securetty
+echo hvc3 $RPM_BUILD_ROOT/etc/securetty
+echo hvc4 $RPM_BUILD_ROOT/etc/securetty
+echo hvc5 $RPM_BUILD_ROOT/etc/securetty
+echo hvc6 $RPM_BUILD_ROOT/etc/securetty
+echo hvc7 $RPM_BUILD_ROOT/etc/securetty
%endif
# install other.pamd and common-*.pamd
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2013-06-05 13:31:22 Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new (New) Package is pam Changes: --- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-04-29 09:54:43.0 +0200 +++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-06-05 13:31:23.0 +0200 @@ -1,0 +2,5 @@ +Mon May 27 12:26:53 CEST 2013 - ku...@suse.de + +- Fix typo in common-password [bnc#821526] + +--- Other differences: -- ++ common-password.pamd ++ --- /var/tmp/diff_new_pack.QgVxC7/_old 2013-06-05 13:31:23.0 +0200 +++ /var/tmp/diff_new_pack.QgVxC7/_new 2013-06-05 13:31:23.0 +0200 @@ -9,4 +9,4 @@ # empty passwords are treated as locked accounts. # passwordrequisite pam_cracklib.so -passwordrequiredpam_unix.so use_authtok nullok try_first_pas +passwordrequiredpam_unix.so use_authtok nullok try_first_pass -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2013-04-29 09:54:42 Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new (New) Package is pam, Maintainer is m...@suse.com Changes: --- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-02-07 10:45:08.0 +0100 +++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-04-29 09:54:43.0 +0200 @@ -1,0 +2,6 @@ +Fri Apr 26 10:25:06 UTC 2013 - mmeis...@suse.com + +- Added libtool as BuildRequire, and autoreconf -i option to fix + build with new automake + +--- Other differences: -- ++ pam.spec ++ --- /var/tmp/diff_new_pack.88wHju/_old 2013-04-29 09:54:46.0 +0200 +++ /var/tmp/diff_new_pack.88wHju/_new 2013-04-29 09:54:46.0 +0200 @@ -32,6 +32,7 @@ %endif BuildRequires: autoconf BuildRequires: automake +BuildRequires: libtool %define libpam_so_version 0.83.1 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 @@ -107,7 +108,7 @@ %patch3 -p1 %build -autoreconf +autoreconf -i export CFLAGS=%optflags -DNDEBUG %configure \ --sbindir=/sbin \ -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2013-02-07 10:45:07
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam, Maintainer is m...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-01-29 11:30:16.0
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-02-07
10:45:08.0 +0100
@@ -1,0 +2,14 @@
+Tue Feb 5 17:28:25 CET 2013 - ku...@suse.de
+
+- Update pam_unix-login.defs.diff patch to the final upstream
+ version.
+
+---
+Tue Feb 5 14:09:06 CET 2013 - ku...@suse.de
+
+- Adjust URL
+- Add set_permission macro and PreReq
+- Read default encryption method from /etc/login.defs
+ (pam_unix-login.defs.diff)
+
+---
New:
pam_unix-login.defs.diff
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.EIEvTe/_old 2013-02-07 10:45:09.0 +0100
+++ /var/tmp/diff_new_pack.EIEvTe/_new 2013-02-07 10:45:09.0 +0100
@@ -20,7 +20,7 @@
%define enable_selinux 1
Name: pam
-Url:http://fedorahosted.org/linux-pam/
+Url:http://www.linux-pam.org/
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: cracklib-devel
@@ -35,18 +35,14 @@
%define libpam_so_version 0.83.1
%define libpam_misc_so_version 0.82.0
%define libpamc_so_version 0.82.1
-# bug437293
-%ifarch ppc64
-Obsoletes: pam-64bit
-%endif
-#
+
Version:1.1.6
Release:0
Summary:A Security Tool that Provides Authentication for Applications
License:GPL-2.0+ or BSD-3-Clause
Group: System/Libraries
+PreReq: permissions
-###DL-URL: http://www.kernel.org/pub/linux/libs/pam/library/
#DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/
Source: Linux-PAM-%{version}.tar.bz2
Source1:Linux-PAM-%{version}-docs.tar.bz2
@@ -61,6 +57,7 @@
Patch0: pam_tally-deprecated.diff
Patch1: pam-fix-includes.patch
Patch2: missing-DESTDIR.diff
+Patch3: pam_unix-login.defs.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -91,11 +88,6 @@
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: pam = %{version}
-# bug437293
-%ifarch ppc64
-Obsoletes: pam-devel-64bit
-%endif
-#
%description devel
PAM (Pluggable Authentication Modules) is a system security tool which
@@ -112,6 +104,7 @@
%patch0 -p0
%patch1 -p0
%patch2 -p1
+%patch3 -p1
%build
autoreconf
@@ -194,7 +187,9 @@
%verifyscript
%verify_permissions -e /sbin/unix_chkpwd
-%post -p /sbin/ldconfig
+%post
+/sbin/ldconfig
+%set_permissions /sbin/unix_chkpwd
%postun -p /sbin/ldconfig
++ pam_unix-login.defs.diff ++
Use hash from /etc/login.defs as default if no
other one is specified as argument.
* modules/pam_unix/support.c: Add search_key, call from __set_ctrl
* modules/pam_unix/support.h: Add define for /etc/login.defs
* modules/pam_unix/pam_unix.8.xml: Document new behavior.
* modules/pam_umask/pam_umask.c: Add missing NULL pointer check
diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c
index 6d2ec1a..863f038 100644
--- a/modules/pam_umask/pam_umask.c
+++ b/modules/pam_umask/pam_umask.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2006, 2007, 2010 Thorsten Kukuk ku...@thkukuk.de
+ * Copyright (c) 2005, 2006, 2007, 2010, 2013 Thorsten Kukuk ku...@thkukuk.de
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -112,6 +112,10 @@ search_key (const char *filename)
{
buflen = BUF_SIZE;
buf = malloc (buflen);
+ if (buf == NULL) {
+ fclose (fp);
+ return NULL;
+ }
}
buf[0] = '\0';
if (fgets (buf, buflen - 1, fp) == NULL)
diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
index 0a42d7a..9ce084e 100644
--- a/modules/pam_unix/pam_unix.8.xml
+++ b/modules/pam_unix/pam_unix.8.xml
@@ -81,7 +81,9 @@
para
The password component of this module performs the task of updating
- the user's password.
+ the user's password. The default encryption hash is taken from the
+ emphasis remap='B'ENCRYPT_METHOD/emphasis variable from
+ emphasis/etc/login.defs/emphasis
/para
para
@@ -393,6 +395,9 @@ sessionrequired pam_unix.so
titleSEE ALSO/title
para
citerefentry
+
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2013-01-29 11:30:14
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam, Maintainer is m...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2012-11-13 09:42:04.0
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-01-29
11:30:16.0 +0100
@@ -1,0 +2,6 @@
+Fri Jan 25 13:49:36 UTC 2013 - ku...@suse.com
+
+- Remove deprecated pam_tally.so module, it's too buggy and can
+ destroy config and log files.
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.dzaRd4/_old 2013-01-29 11:30:18.0 +0100
+++ /var/tmp/diff_new_pack.dzaRd4/_new 2013-01-29 11:30:18.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pam
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -168,6 +168,12 @@
ln -f $RPM_BUILD_ROOT/%{_lib}/security/pam_unix.so
$RPM_BUILD_ROOT/%{_lib}/security/$x.so
done
#
+# pam_tally is deprecated since ages
+#
+rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_tally.so
+rm -f $RPM_BUILD_ROOT/sbin/pam_tally
+rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_tally.8*
+#
# Install READMEs of PAM modules
#
DOC=$RPM_BUILD_ROOT%{_defaultdocdir}/pam
@@ -259,7 +265,6 @@
/%{_lib}/security/pam_shells.so
/%{_lib}/security/pam_stress.so
/%{_lib}/security/pam_succeed_if.so
-/%{_lib}/security/pam_tally.so
/%{_lib}/security/pam_tally2.so
/%{_lib}/security/pam_time.so
/%{_lib}/security/pam_timestamp.so
@@ -275,7 +280,6 @@
/%{_lib}/security/pam_wheel.so
/%{_lib}/security/pam_xauth.so
/sbin/mkhomedir_helper
-/sbin/pam_tally
/sbin/pam_tally2
/sbin/pam_timestamp_check
%verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2012-11-13 09:42:03 Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new (New) Package is pam, Maintainer is m...@suse.com Changes: --- /work/SRC/openSUSE:Factory/pam/pam.changes 2012-09-26 16:25:25.0 +0200 +++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2012-11-13 09:42:04.0 +0100 @@ -1,0 +2,6 @@ +Mon Nov 12 14:42:53 CET 2012 - ku...@suse.de + +- Sync common-*.pamd config with pam-config (use pam_unix.so as + default). + +--- Other differences: -- ++ common-account.pamd ++ --- /var/tmp/diff_new_pack.rl6NGL/_old 2012-11-13 09:42:05.0 +0100 +++ /var/tmp/diff_new_pack.rl6NGL/_new 2012-11-13 09:42:05.0 +0100 @@ -6,4 +6,4 @@ # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired. # -accountrequiredpam_unix2.so +accountrequiredpam_unix.so try_first_pass ++ common-auth.pamd ++ --- /var/tmp/diff_new_pack.rl6NGL/_old 2012-11-13 09:42:05.0 +0100 +++ /var/tmp/diff_new_pack.rl6NGL/_new 2012-11-13 09:42:05.0 +0100 @@ -8,4 +8,4 @@ # traditional Unix authentication mechanisms. # auth requiredpam_env.so -auth requiredpam_unix2.so +auth requiredpam_unix.so try_first_pass ++ common-password.pamd ++ --- /var/tmp/diff_new_pack.rl6NGL/_old 2012-11-13 09:42:05.0 +0100 +++ /var/tmp/diff_new_pack.rl6NGL/_new 2012-11-13 09:42:05.0 +0100 @@ -3,21 +3,10 @@ # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be -# used to change user passwords. The default is pam_unix2 in combination -# with pam_pwcheck. - +# used to change user passwords. +# # The nullok option allows users to change an empty password, else # empty passwords are treated as locked accounts. # -# To enable Blowfish or MD5 passwords, you should edit -# /etc/default/passwd. -# -# Alternate strength checking for passwords should be configured -# in /etc/security/pam_pwcheck.conf. -# -# pam_make can be used to rebuild NIS maps after password change. -# -password required pam_pwcheck.so nullok cracklib -password required pam_unix2.sonullok use_authtok -#password required pam_make.so /var/yp - +passwordrequisite pam_cracklib.so +passwordrequiredpam_unix.so use_authtok nullok try_first_pas ++ common-session.pamd ++ --- /var/tmp/diff_new_pack.rl6NGL/_old 2012-11-13 09:42:05.0 +0100 +++ /var/tmp/diff_new_pack.rl6NGL/_new 2012-11-13 09:42:05.0 +0100 @@ -4,8 +4,9 @@ # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and -# non-interactive). The default is pam_unix2. +# non-interactive). # sessionrequiredpam_limits.so -sessionrequiredpam_unix2.so +sessionrequiredpam_unix.so try_first_pass session optional pam_umask.so +session optional pam_env.so -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2012-06-25 14:21:07
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam, Maintainer is m...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2012-05-10 14:34:32.0
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2012-06-25
14:30:32.0 +0200
@@ -1,0 +2,5 @@
+Thu Jun 21 11:59:52 UTC 2012 - a...@suse.de
+
+- Include correct headers for getrlimit.
+
+---
New:
pam-fix-includes.patch
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.aEbn25/_old 2012-06-25 14:30:34.0 +0200
+++ /var/tmp/diff_new_pack.aEbn25/_new 2012-06-25 14:30:34.0 +0200
@@ -57,6 +57,7 @@
Source8:etc.environment
Source9:baselibs.conf
Patch0: pam_tally-deprecated.diff
+Patch1: pam-fix-includes.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -106,6 +107,7 @@
%prep
%setup -q -n Linux-PAM-%{version} -b 1
%patch0 -p0
+%patch1 -p1
%build
export CFLAGS=%optflags -DNDEBUG
++ pam-fix-includes.patch ++
Index: Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c
===
--- Linux-PAM-1.1.5.orig/modules/pam_unix/pam_unix_acct.c
+++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c
@@ -47,6 +47,8 @@
#include time.h /* for time() */
#include errno.h
#include sys/wait.h
+#include sys/time.h
+#include sys/resource.h
#include security/_pam_macros.h
Index: Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c
===
--- Linux-PAM-1.1.5.orig/modules/pam_unix/pam_unix_passwd.c
+++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c
@@ -54,6 +54,7 @@
#include ctype.h
#include sys/time.h
#include sys/stat.h
+#include sys/resource.h
#include signal.h
#include errno.h
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2012-05-10 14:33:49
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam, Maintainer is m...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2012-03-20 17:47:42.0
+0100
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2012-05-10
14:34:32.0 +0200
@@ -1,0 +2,5 @@
+Mon Apr 23 15:30:02 UTC 2012 - jeng...@medozas.de
+
+- Update homepage URL in specfile
+
+---
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.TygsUH/_old 2012-05-10 14:34:34.0 +0200
+++ /var/tmp/diff_new_pack.TygsUH/_new 2012-05-10 14:34:34.0 +0200
@@ -16,10 +16,11 @@
#
+#
%define enable_selinux 1
Name: pam
-Url:http://www.kernel.org/pub/linux/libs/pam/
+Url:http://fedorahosted.org/linux-pam/
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: cracklib-devel
@@ -84,7 +85,8 @@
%package devel
Summary:Include Files and Libraries for PAM-Development
Group: Development/Libraries/C and C++
-Requires: pam = %{version} glibc-devel
+Requires: glibc-devel
+Requires: pam = %{version}
# bug437293
%ifarch ppc64
Obsoletes: pam-devel-64bit
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2012-03-20 17:47:35
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam, Maintainer is m...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2011-10-25 16:47:31.0
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2012-03-20
17:47:42.0 +0100
@@ -1,0 +2,10 @@
+Sat Mar 3 15:16:42 UTC 2012 - jeng...@medozas.de
+
+- Update to new upstream release 1.1.5
+* pam_env: Fix CVE-2011-3148: correctly count leading whitespace
+ when parsing environment file in pam_env
+* Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in
+ pam_env
+* pam_access: Add hostname resolution cache
+
+---
Old:
Linux-PAM-1.1.4-docs.tar.bz2
Linux-PAM-1.1.4.tar.bz2
bug-724480_pam_env-fix-dos.patch
bug-724480_pam_env-fix-overflow.patch
pam_tally2-man.dif
New:
Linux-PAM-1.1.5-docs.tar.bz2
Linux-PAM-1.1.5.tar.bz2
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.j8Fn62/_old 2012-03-20 17:47:44.0 +0100
+++ /var/tmp/diff_new_pack.j8Fn62/_new 2012-03-20 17:47:44.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pam
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,32 +15,36 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
%define enable_selinux 1
Name: pam
Url:http://www.kernel.org/pub/linux/libs/pam/
-BuildRequires: bison cracklib-devel db-devel flex
BuildRequires: audit-devel
-BuildRequires: libtirpc-devel
+BuildRequires: bison
+BuildRequires: cracklib-devel
+BuildRequires: db-devel
+BuildRequires: flex
+BuildRequires: pkgconfig(libtirpc)
%if %{enable_selinux}
BuildRequires: libselinux-devel
%endif
%define libpam_so_version 0.83.1
%define libpam_misc_so_version 0.82.0
%define libpamc_so_version 0.82.1
-License:GPL-2.0+ or BSD-3-Clause
-Group: System/Libraries
-AutoReqProv:on
# bug437293
%ifarch ppc64
Obsoletes: pam-64bit
%endif
#
-Version:1.1.4
-Release:1
+Version:1.1.5
+Release:0
Summary:A Security Tool that Provides Authentication for Applications
+License:GPL-2.0+ or BSD-3-Clause
+Group: System/Libraries
+
+###DL-URL: http://www.kernel.org/pub/linux/libs/pam/library/
+#DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/
Source: Linux-PAM-%{version}.tar.bz2
Source1:Linux-PAM-%{version}-docs.tar.bz2
Source2:securetty
@@ -52,9 +56,6 @@
Source8:etc.environment
Source9:baselibs.conf
Patch0: pam_tally-deprecated.diff
-Patch1: bug-724480_pam_env-fix-overflow.patch
-Patch2: bug-724480_pam_env-fix-dos.patch
-Patch3: pam_tally2-man.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -65,10 +66,11 @@
%package doc
-License:GPL-2.0+ or BSD-3-Clause
Summary:Documentation for Pluggable Authentication Modules
Group: Documentation/HTML
-###BuildArch: noarch
+%if 0%{?suse_version} = 1140
+BuildArch: noarch
+%endif
%description doc
PAM (Pluggable Authentication Modules) is a system security tool that
@@ -80,11 +82,9 @@
%package devel
-License:GPL-2.0+ or BSD-3-Clause
Summary:Include Files and Libraries for PAM-Development
Group: Development/Libraries/C and C++
Requires: pam = %{version} glibc-devel
-AutoReqProv:on
# bug437293
%ifarch ppc64
Obsoletes: pam-devel-64bit
@@ -104,15 +104,12 @@
%prep
%setup -q -n Linux-PAM-%{version} -b 1
%patch0 -p0
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
%build
-CFLAGS=$RPM_OPT_FLAGS -DNDEBUG \
-./configure \
---infodir=%{_infodir} \
---mandir=%{_mandir} \
+export CFLAGS=%optflags -DNDEBUG
+%configure \
+ --sbindir=/sbin \
+ --includedir=%_includedir/security \
--docdir=%{_docdir}/pam \
--htmldir=%{_docdir}/pam/html \
--pdfdir=%{_docdir}/pam/pdf \
@@ -179,15 +176,12 @@
# Create filelist with translatins
%{find_lang} Linux-PAM
-%clean
-rm -rf $RPM_BUILD_ROOT
+%verifyscript
+%verify_permissions -e /sbin/unix_chkpwd
%post -p /sbin/ldconfig
-%postun
-/sbin/ldconfig
-%verifyscript
-%verify_permissions -e /sbin/unix_chkpwd
+%postun -p /sbin/ldconfig
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2011-10-25 16:47:30
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
Package is pam, Maintainer is m...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2011-09-23 12:21:33.0
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2011-10-25
16:47:31.0 +0200
@@ -1,0 +2,7 @@
+Tue Oct 25 14:24:27 CEST 2011 - m...@suse.de
+
+- pam_tally2: remove invalid options from manpage (bnc#726071)
+- fix possible overflow and DOS in pam_env (bnc#724480)
+ CVE-2011-3148, CVE-2011-3149
+
+---
New:
bug-724480_pam_env-fix-dos.patch
bug-724480_pam_env-fix-overflow.patch
pam_tally2-man.dif
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.OwaaM8/_old 2011-10-25 16:47:36.0 +0200
+++ /var/tmp/diff_new_pack.OwaaM8/_new 2011-10-25 16:47:36.0 +0200
@@ -52,6 +52,9 @@
Source8:etc.environment
Source9:baselibs.conf
Patch0: pam_tally-deprecated.diff
+Patch1: bug-724480_pam_env-fix-overflow.patch
+Patch2: bug-724480_pam_env-fix-dos.patch
+Patch3: pam_tally2-man.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -101,6 +104,9 @@
%prep
%setup -q -n Linux-PAM-%{version} -b 1
%patch0 -p0
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
%build
CFLAGS=$RPM_OPT_FLAGS -DNDEBUG \
++ bug-724480_pam_env-fix-dos.patch ++
Description: abort when encountering an overflowed environment variable
expansion (CVE-2011-3149).
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565
Author: Kees Cook k...@debian.org
Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c
===
--- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c
+++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c
@@ -570,6 +570,7 @@ static int _expand_arg(pam_handle_t *pam
D((Variable buffer overflow: %s + %s, tmp, tmpptr));
pam_syslog (pamh, LOG_ERR, Variable buffer overflow: %s + %s,
tmp, tmpptr);
+ return PAM_ABORT;
}
continue;
}
@@ -631,6 +632,7 @@ static int _expand_arg(pam_handle_t *pam
D((Variable buffer overflow: %s + %s, tmp, tmpptr));
pam_syslog (pamh, LOG_ERR,
Variable buffer overflow: %s + %s, tmp, tmpptr);
+ return PAM_ABORT;
}
}
} /* if ('{' != *orig++) */
@@ -642,6 +644,7 @@ static int _expand_arg(pam_handle_t *pam
D((Variable buffer overflow: %s + %s, tmp, tmpptr));
pam_syslog(pamh, LOG_ERR,
Variable buffer overflow: %s + %s, tmp, tmpptr);
+ return PAM_ABORT;
}
}
} /* for (;*orig;) */
++ bug-724480_pam_env-fix-overflow.patch ++
Description: correctly count leading whitespace when parsing environment
file (CVE-2011-3148).
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469
Author: Kees Cook k...@debian.org
Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c
===
--- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c
+++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c
@@ -290,6 +290,7 @@ static int _assemble_line(FILE *f, char
char *p = buffer;
char *s, *os;
int used = 0;
+int whitespace;
/* loop broken with a 'break' when a non-'\\n' ended line is read */
@@ -312,8 +313,10 @@ static int _assemble_line(FILE *f, char
/* skip leading spaces --- line may be blank */
- s = p + strspn(p, \n\t);
+ whitespace = strspn(p, \n\t);
+ s = p + whitespace;
if (*s (*s != '#')) {
+ used += whitespace;
os = s;
/*
++ pam_tally2-man.dif ++
Index: Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8
===
--- Linux-PAM-1.1.4.orig/modules/pam_tally2/pam_tally2.8
+++ Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8
@@ -269,13 +269,6 @@ If the module is invoked by a user with
\fBsu\fR, otherwise this argument should be omitted\.
.RE
.PP
-\fBno_lock_time\fR
-.RS 4
-Do not use the \.fail_locktime field in
-\FC/var/log/faillog\F[]
-for this user\.
-.RE
-.PP
\fBeven_deny_root\fR
.RS 4
Root account can become unavailable\.
Index: Linux-PAM-1.1.4/modules/pam_tally2/README
===
--- Linux-PAM-1.1.4.orig/modules/pam_tally2/README
+++ Linux-PAM-1.1.4/modules/pam_tally2/README
@@ -76,10 +76,6 @@
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory
checked in at Mon Jul 11 08:52:41 CEST 2011.
--- pam/pam.changes 2011-05-26 11:37:35.0 +0200
+++ /mounts/work_src_done/STABLE/pam/pam.changes2011-06-27
15:45:47.0 +0200
@@ -1,0 +2,10 @@
+Mon Jun 27 15:29:11 CEST 2011 - ku...@suse.de
+
+- Update to version 1.1.4
+ * pam_securetty: Honour console= kernel option, add noconsole option
+ * pam_limits: Add %group syntax, drop change_uid option, add set_all option
+ * Lot of small bug fixes
+ * Add support for libtirpc
+- Build against libtirpc
+
+---
calling whatdependson for head-i586
Old:
Linux-PAM-1.1.3-docs.tar.bz2
Linux-PAM-1.1.3.tar.bz2
pam_listfile-quiet.patch
New:
Linux-PAM-1.1.4-docs.tar.bz2
Linux-PAM-1.1.4.tar.bz2
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.JhWJC0/_old 2011-07-11 08:52:16.0 +0200
+++ /var/tmp/diff_new_pack.JhWJC0/_new 2011-07-11 08:52:16.0 +0200
@@ -23,10 +23,11 @@
Url:http://www.kernel.org/pub/linux/libs/pam/
BuildRequires: bison cracklib-devel db-devel flex
BuildRequires: audit-devel
+BuildRequires: libtirpc-devel
%if %{enable_selinux}
BuildRequires: libselinux-devel
%endif
-%define libpam_so_version 0.83.0
+%define libpam_so_version 0.83.1
%define libpam_misc_so_version 0.82.0
%define libpamc_so_version 0.82.1
License:GPL-2.0+ or BSD-3-Clause
@@ -37,8 +38,8 @@
Obsoletes: pam-64bit
%endif
#
-Version:1.1.3
-Release:7
+Version:1.1.4
+Release:1
Summary:A Security Tool that Provides Authentication for Applications
Source: Linux-PAM-%{version}.tar.bz2
Source1:Linux-PAM-%{version}-docs.tar.bz2
@@ -51,8 +52,6 @@
Source8:etc.environment
Source9:baselibs.conf
Patch0: pam_tally-deprecated.diff
-# fix for bnc#673826 (pam_listfile logging)
-Patch1: pam_listfile-quiet.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -102,7 +101,6 @@
%prep
%setup -q -n Linux-PAM-%{version} -b 1
%patch0 -p0
-%patch1 -p1
%build
CFLAGS=$RPM_OPT_FLAGS -DNDEBUG \
++ Linux-PAM-1.1.3-docs.tar.bz2 - Linux-PAM-1.1.4-docs.tar.bz2 ++
Files old/Linux-PAM-1.1.3/doc/adg/Linux-PAM_ADG.pdf and
new/Linux-PAM-1.1.4/doc/adg/Linux-PAM_ADG.pdf differ
Files old/Linux-PAM-1.1.3/doc/mwg/Linux-PAM_MWG.pdf and
new/Linux-PAM-1.1.4/doc/mwg/Linux-PAM_MWG.pdf differ
Files old/Linux-PAM-1.1.3/doc/sag/Linux-PAM_SAG.pdf and
new/Linux-PAM-1.1.4/doc/sag/Linux-PAM_SAG.pdf differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Linux-PAM-1.1.3/doc/sag/Linux-PAM_SAG.txt
new/Linux-PAM-1.1.4/doc/sag/Linux-PAM_SAG.txt
--- old/Linux-PAM-1.1.3/doc/sag/Linux-PAM_SAG.txt 2010-10-27
16:01:32.0 +0200
+++ new/Linux-PAM-1.1.4/doc/sag/Linux-PAM_SAG.txt 2011-06-21
13:09:33.0 +0200
@@ -2150,8 +2150,8 @@
6.15. pam_limits - limit resources
-pam_limits.so [ change_uid ] [ conf=/path/to/limits.conf ] [ debug ] [
-utmp_early ] [ noaudit ]
+pam_limits.so [ conf=/path/to/limits.conf ] [ debug ] [ set_all ] [ utmp_early
+] [ noaudit ]
6.15.1. DESCRIPTION
@@ -2188,7 +2188,23 @@
● the wildcard *, for default entry.
● the wildcard %, for maxlogins limit only, can also be used with %group
-syntax.
+syntax. If the % wildcard is used alone it is identical to using * with
+maxsyslogins limit. With a group specified after % it limits the total
+number of logins of all users that are member of the group.
+
+ ● an uid range specified as min_uid:max_uid. If min_uid is omitted,
+the match is exact for the max_uid. If max_uid is omitted, all uids
+greater than or equal min_uid match.
+
+ ● a gid range specified as @min_gid:max_gid. If min_gid is omitted,
+the match is exact for the max_gid. If max_gid is omitted, all gids
+greater than or equal min_gid match. For the exact match all groups
+including the user's supplementary groups are examined. For the range
+matches only the user's primary group is examined.
+
+ ● a gid specified as %:gid applicable to maxlogins limit only. It
+limits the total number of logins of all users that are member of the
+group with the specified gid.
type
@@ -2261,7 +2277,7 @@
maxsyslogins
-maximum number of logins on system
+maximum number of all logins on system
priority
@@ -2276,7 +2292,7 @@
maximum number of pending signals (Linux 2.6 and higher)
-msqqueue
+msgqueue
maximum memory used by POSIX message queues (bytes) (Linux 2.6 and
higher)
@@ -2314,12 +2330,6 @@
6.15.3. OPTIONS
commit pam for openSUSE:Factory
Hello community,
here is the log from the commit of package pam for openSUSE:Factory
checked in at Thu May 26 16:17:41 CEST 2011.
--- pam/pam.changes 2011-02-23 13:46:27.0 +0100
+++ /mounts/work_src_done/STABLE/pam/pam.changes2011-05-26
11:37:35.0 +0200
@@ -1,0 +2,12 @@
+Thu May 26 09:37:34 UTC 2011 - cfarr...@novell.com
+
+- license update: GPL-2.0+ or BSD-3-Clause
+ Updating to spdx.org/licenses syntax as legal-auto for some reason did
+ not accept the previous spec file license
+
+---
+Wed May 25 16:15:30 CEST 2011 - ku...@suse.de
+
+- Remove libxcrypt-devel from BuildRequires
+
+---
calling whatdependson for head-i586
Other differences:
--
++ pam.spec ++
--- /var/tmp/diff_new_pack.ov7FSc/_old 2011-05-26 16:15:28.0 +0200
+++ /var/tmp/diff_new_pack.ov7FSc/_new 2011-05-26 16:15:28.0 +0200
@@ -21,7 +21,7 @@
Name: pam
Url:http://www.kernel.org/pub/linux/libs/pam/
-BuildRequires: bison cracklib-devel db-devel flex libxcrypt-devel
+BuildRequires: bison cracklib-devel db-devel flex
BuildRequires: audit-devel
%if %{enable_selinux}
BuildRequires: libselinux-devel
@@ -29,7 +29,7 @@
%define libpam_so_version 0.83.0
%define libpam_misc_so_version 0.82.0
%define libpamc_so_version 0.82.1
-License:Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+
+License:GPL-2.0+ or BSD-3-Clause
Group: System/Libraries
AutoReqProv:on
# bug437293
@@ -38,7 +38,7 @@
%endif
#
Version:1.1.3
-Release:6
+Release:7
Summary:A Security Tool that Provides Authentication for Applications
Source: Linux-PAM-%{version}.tar.bz2
Source1:Linux-PAM-%{version}-docs.tar.bz2
@@ -63,7 +63,7 @@
%package doc
-License:Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+
+License:GPL-2.0+ or BSD-3-Clause
Summary:Documentation for Pluggable Authentication Modules
Group: Documentation/HTML
###BuildArch: noarch
@@ -78,7 +78,7 @@
%package devel
-License:Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+
+License:GPL-2.0+ or BSD-3-Clause
Summary:Include Files and Libraries for PAM-Development
Group: Development/Libraries/C and C++
Requires: pam = %{version} glibc-devel
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
