From c2e6d1a771c30e282596e9ba23175d9b6d48be25 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Fri, 26 Jan 2024 20:59:27 +0000 Subject: [PATCH] Fri Jan 26 20:59:27 UTC 2024 a/pam-1.6.0-x86_64-1.txz: Upgraded. pam_namespace.so: fixed a possible local denial-of-service vulnerability. For more information, see: https://seclists.org/oss-sec/2024/q1/31 https://www.cve.org/CVERecord?id=CVE-2024-22365 (* Security fix *) a/xz-5.4.6-x86_64-1.txz: Upgraded. l/python-hatchling-1.21.1-x86_64-1.txz: Upgraded. --- ChangeLog.rss | 22 +- ChangeLog.txt | 10 + FILELIST.TXT | 161 ++-- recompress.sh | 23 +- .../fedora-patches/pam-1.1.3-nouserenv.patch | 27 - .../pam-1.1.6-limits-user.patch | 20 - .../pam-1.1.8-audit-user-mgmt.patch | 31 - .../fedora-patches/pam-1.1.8-full-relro.patch | 67 -- .../pam-1.3.0-pwhistory-helper.patch | 806 ------------------ .../fedora-patches/pam-1.3.1-coverity.patch | 185 ---- .../pam-1.3.1-motd-multiple-paths.patch | 755 ---------------- .../pam/fedora-patches/pam-1.3.1-noflex.patch | 24 - .../pam-1.3.1-redhat-modules.patch | 78 -- .../pam-1.3.1-unix-bcrypt_b.patch | 34 - .../pam-1.3.1-unix-checksalt_syslog.patch | 73 -- .../pam-1.3.1-unix-crypt_checksalt.patch | 40 - .../pam-1.3.1-unix-fix_checksalt_syslog.patch | 104 --- .../pam-1.3.1-unix-gensalt-autoentropy.patch | 95 --- .../pam-1.3.1-unix-no-fallback.patch | 105 --- ...solete-_unix_read_password-prototype.patch | 34 - .../pam-1.3.1-unix-yescrypt.patch | 479 ----------- .../pam-1.4.0-redhat-modules.patch | 29 - .../pam-1.5.0-redhat-modules.patch | 95 --- ...nomsg.patch => pam-1.5.3-unix-nomsg.patch} | 9 +- .../pam/fedora-patches/pam-1.6.0-noflex.patch | 24 + .../pam-1.6.0-redhat-modules.patch | 24 + source/a/pam/pam.SlackBuild | 30 +- 27 files changed, 165 insertions(+), 3219 deletions(-) delete mode 100644 source/a/pam/fedora-patches/pam-1.1.3-nouserenv.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.1.6-limits-user.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.1.8-audit-user-mgmt.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.1.8-full-relro.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.3.0-pwhistory-helper.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.3.1-coverity.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.3.1-motd-multiple-paths.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.3.1-noflex.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.3.1-redhat-modules.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.3.1-unix-yescrypt.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.4.0-redhat-modules.patch delete mode 100644 source/a/pam/fedora-patches/pam-1.5.0-redhat-modules.patch rename source/a/pam/fedora-patches/{pam-1.3.0-unix-nomsg.patch => pam-1.5.3-unix-nomsg.patch} (54%) create mode 100644 source/a/pam/fedora-patches/pam-1.6.0-noflex.patch create mode 100644 source/a/pam/fedora-patches/pam-1.6.0-redhat-modules.patch diff --git a/ChangeLog.rss b/ChangeLog.rss index c66ebb46f..f70b4cd96 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,9 +11,27 @@ Tracking Slackware development in git. en-us urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f - Fri, 26 Jan 2024 01:49:20 GMT - Fri, 26 Jan 2024 02:50:10 GMT + Fri, 26 Jan 2024 20:59:27 GMT + Fri, 26 Jan 2024 21:29:20 GMT maintain_current_git.sh v 1.17 + + Fri, 26 Jan 2024 20:59:27 GMT + Fri, 26 Jan 2024 20:59:27 GMT + https://git.slackware.nl/current/tag/?h=20240126205927 + 20240126205927 + + +a/pam-1.6.0-x86_64-1.txz: Upgraded. + pam_namespace.so: fixed a possible local denial-of-service vulnerability. + For more information, see: + https://seclists.org/oss-sec/2024/q1/31 + https://www.cve.org/CVERecord?id=CVE-2024-22365 + (* Security fix *) +a/xz-5.4.6-x86_64-1.txz: Upgraded. +l/python-hatchling-1.21.1-x86_64-1.txz: Upgraded. + ]]> + + Fri, 26 Jan 2024 01:49:20 GMT Fri, 26 Jan 2024 01:49:20 GMT diff --git a/ChangeLog.txt b/ChangeLog.txt index 1840a42f0..58af69219 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,13 @@ +Fri Jan 26 20:59:27 UTC 2024 +a/pam-1.6.0-x86_64-1.txz: Upgraded. + pam_namespace.so: fixed a possible local denial-of-service vulnerability. + For more information, see: + https://seclists.org/oss-sec/2024/q1/31 + https://www.cve.org/CVERecord?id=CVE-2024-22365 + (* Security fix *) +a/xz-5.4.6-x86_64-1.txz: Upgraded. +l/python-hatchling-1.21.1-x86_64-1.txz: Upgraded. ++--------------------------+ Fri Jan 26 01:49:20 UTC 2024 a/acl-2.3.2-x86_64-1.txz: Upgraded. a/btrfs-progs-6.7-x86_64-1.txz: Upgraded. diff --git a/FILELIST.TXT b/FILELIST.TXT index efa5b6621..f5377b565 100644 --- a/FILELIST.TXT +++ b/FILELIST.TXT @@ -1,20 +1,20 @@ -Fri Jan 26 01:54:02 UTC 2024 +Fri Jan 26 21:03:48 UTC 2024 Here is the file list for this directory. If you are using a mirror site and find missing or extra files in the disk subdirectories, please have the archive administrator refresh the mirror. -drwxr-xr-x 12 root root 4096 2024-01-26 01:49 . +drwxr-xr-x 12 root root 4096 2024-01-26 20:59 . -rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0 -rw-r--r-- 1 root root 16617 2022-02-02 23:27 ./CHANGES_AND_HINTS.TXT --rw-r--r-- 1 root root 1130774 2024-01-24 05:01 ./CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2024-01-24 05:01 ./CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 1134297 2024-01-26 01:54 ./CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2024-01-26 01:54 ./CHECKSUMS.md5.asc -rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING -rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3 -rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT -rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT --rw-r--r-- 1 root root 935038 2024-01-26 01:49 ./ChangeLog.txt +-rw-r--r-- 1 root root 935442 2024-01-26 20:59 ./ChangeLog.txt drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI drwxr-xr-x 2 root root 4096 2024-01-26 01:48 ./EFI/BOOT -rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi @@ -25,9 +25,9 @@ drwxr-xr-x 2 root root 4096 2024-01-26 01:48 ./EFI/BOOT -rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh -rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg -rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg --rw-r--r-- 1 root root 1475616 2024-01-24 05:01 ./FILELIST.TXT +-rw-r--r-- 1 root root 1480332 2024-01-26 01:54 ./FILELIST.TXT -rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY --rw-r--r-- 1 root root 894028 2024-01-26 01:53 ./PACKAGES.TXT +-rw-r--r-- 1 root root 894028 2024-01-26 21:03 ./PACKAGES.TXT -rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT -rw-r--r-- 1 root root 3629 2024-01-26 01:38 ./README.initrd -rw-r--r-- 1 root root 34114 2023-12-11 20:35 ./README_CRYPT.TXT @@ -666,13 +666,13 @@ drwxr-xr-x 2 root root 4096 2022-02-03 07:02 ./patches -rw-r--r-- 1 root root 575 2022-02-03 07:02 ./patches/FILE_LIST -rw-r--r-- 1 root root 14 2022-02-03 07:02 ./patches/MANIFEST.bz2 -rw-r--r-- 1 root root 224 2022-02-03 07:02 ./patches/PACKAGES.TXT -drwxr-xr-x 17 root root 4096 2024-01-26 01:53 ./slackware64 --rw-r--r-- 1 root root 348384 2024-01-26 01:53 ./slackware64/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2024-01-26 01:53 ./slackware64/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 431609 2024-01-26 01:52 ./slackware64/FILE_LIST --rw-r--r-- 1 root root 4407380 2024-01-26 01:52 ./slackware64/MANIFEST.bz2 +drwxr-xr-x 17 root root 4096 2024-01-26 21:03 ./slackware64 +-rw-r--r-- 1 root root 348384 2024-01-26 21:03 ./slackware64/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2024-01-26 21:03 ./slackware64/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 431609 2024-01-26 21:02 ./slackware64/FILE_LIST +-rw-r--r-- 1 root root 4408729 2024-01-26 21:02 ./slackware64/MANIFEST.bz2 lrwxrwxrwx 1 root root 15 2009-08-23 23:34 ./slackware64/PACKAGES.TXT -> ../PACKAGES.TXT -drwxr-xr-x 2 root root 32768 2024-01-26 01:52 ./slackware64/a +drwxr-xr-x 2 root root 32768 2024-01-26 21:02 ./slackware64/a -rw-r--r-- 1 root root 327 2022-02-15 18:16 ./slackware64/a/aaa_base-15.1-x86_64-2.txt -rw-r--r-- 1 root root 10720 2022-02-15 18:16 ./slackware64/a/aaa_base-15.1-x86_64-2.txz -rw-r--r-- 1 root root 163 2022-02-15 18:16 ./slackware64/a/aaa_base-15.1-x86_64-2.txz.asc @@ -938,9 +938,9 @@ drwxr-xr-x 2 root root 32768 2024-01-26 01:52 ./slackware64/a -rw-r--r-- 1 root root 417 2023-10-20 17:22 ./slackware64/a/os-prober-1.81-x86_64-1.txt -rw-r--r-- 1 root root 16964 2023-10-20 17:22 ./slackware64/a/os-prober-1.81-x86_64-1.txz -rw-r--r-- 1 root root 163 2023-10-20 17:22 ./slackware64/a/os-prober-1.81-x86_64-1.txz.asc --rw-r--r-- 1 root root 422 2023-11-14 20:56 ./slackware64/a/pam-1.5.3-x86_64-2.txt --rw-r--r-- 1 root root 498844 2023-11-14 20:56 ./slackware64/a/pam-1.5.3-x86_64-2.txz --rw-r--r-- 1 root root 163 2023-11-14 20:56 ./slackware64/a/pam-1.5.3-x86_64-2.txz.asc +-rw-r--r-- 1 root root 422 2024-01-26 20:27 ./slackware64/a/pam-1.6.0-x86_64-1.txt +-rw-r--r-- 1 root root 450188 2024-01-26 20:27 ./slackware64/a/pam-1.6.0-x86_64-1.txz +-rw-r--r-- 1 root root 163 2024-01-26 20:27 ./slackware64/a/pam-1.6.0-x86_64-1.txz.asc -rw-r--r-- 1 root root 563 2021-02-13 11:13 ./slackware64/a/patch-2.7.6-x86_64-5.txt -rw-r--r-- 1 root root 120112 2021-02-13 11:13 ./slackware64/a/patch-2.7.6-x86_64-5.txz -rw-r--r-- 1 root root 163 2021-02-13 11:13 ./slackware64/a/patch-2.7.6-x86_64-5.txz.asc @@ -1053,9 +1053,9 @@ drwxr-xr-x 2 root root 32768 2024-01-26 01:52 ./slackware64/a -rw-r--r-- 1 root root 494 2023-11-01 21:04 ./slackware64/a/xfsprogs-6.5.0-x86_64-2.txt -rw-r--r-- 1 root root 1076172 2023-11-01 21:04 ./slackware64/a/xfsprogs-6.5.0-x86_64-2.txz -rw-r--r-- 1 root root 163 2023-11-01 21:04 ./slackware64/a/xfsprogs-6.5.0-x86_64-2.txz.asc --rw-r--r-- 1 root root 489 2023-11-01 19:50 ./slackware64/a/xz-5.4.5-x86_64-1.txt --rw-r--r-- 1 root root 628980 2023-11-01 19:50 ./slackware64/a/xz-5.4.5-x86_64-1.txz --rw-r--r-- 1 root root 163 2023-11-01 19:50 ./slackware64/a/xz-5.4.5-x86_64-1.txz.asc +-rw-r--r-- 1 root root 489 2024-01-26 19:20 ./slackware64/a/xz-5.4.6-x86_64-1.txt +-rw-r--r-- 1 root root 629424 2024-01-26 19:20 ./slackware64/a/xz-5.4.6-x86_64-1.txz +-rw-r--r-- 1 root root 163 2024-01-26 19:20 ./slackware64/a/xz-5.4.6-x86_64-1.txz.asc -rw-r--r-- 1 root root 540 2021-02-13 11:21 ./slackware64/a/zerofree-1.1.1-x86_64-3.txt -rw-r--r-- 1 root root 6964 2021-02-13 11:21 ./slackware64/a/zerofree-1.1.1-x86_64-3.txz -rw-r--r-- 1 root root 163 2021-02-13 11:21 ./slackware64/a/zerofree-1.1.1-x86_64-3.txz.asc @@ -2754,7 +2754,7 @@ drwxr-xr-x 2 root root 86016 2024-01-14 19:19 ./slackware64/kde -rw-r--r-- 1 root root 517 2023-12-07 21:02 ./slackware64/kde/zanshin-23.08.4-x86_64-1.txt -rw-r--r-- 1 root root 683696 2023-12-07 21:02 ./slackware64/kde/zanshin-23.08.4-x86_64-1.txz -rw-r--r-- 1 root root 163 2023-12-07 21:02 ./slackware64/kde/zanshin-23.08.4-x86_64-1.txz.asc -drwxr-xr-x 2 root root 90112 2024-01-26 01:52 ./slackware64/l +drwxr-xr-x 2 root root 90112 2024-01-26 21:02 ./slackware64/l -rw-r--r-- 1 root root 329 2022-03-06 20:00 ./slackware64/l/GConf-3.2.6-x86_64-8.txt -rw-r--r-- 1 root root 928144 2022-03-06 20:00 ./slackware64/l/GConf-3.2.6-x86_64-8.txz -rw-r--r-- 1 root root 163 2022-03-06 20:00 ./slackware64/l/GConf-3.2.6-x86_64-8.txz.asc @@ -3755,9 +3755,9 @@ drwxr-xr-x 2 root root 90112 2024-01-26 01:52 ./slackware64/l -rw-r--r-- 1 root root 316 2023-08-10 19:46 ./slackware64/l/python-glad2-2.0.4-x86_64-1.txt -rw-r--r-- 1 root root 421860 2023-08-10 19:46 ./slackware64/l/python-glad2-2.0.4-x86_64-1.txz -rw-r--r-- 1 root root 163 2023-08-10 19:46 ./slackware64/l/python-glad2-2.0.4-x86_64-1.txz.asc --rw-r--r-- 1 root root 356 2024-01-24 20:56 ./slackware64/l/python-hatchling-1.21.0-x86_64-1.txt --rw-r--r-- 1 root root 106496 2024-01-24 20:56 ./slackware64/l/python-hatchling-1.21.0-x86_64-1.txz --rw-r--r-- 1 root root 163 2024-01-24 20:56 ./slackware64/l/python-hatchling-1.21.0-x86_64-1.txz.asc +-rw-r--r-- 1 root root 356 2024-01-26 19:11 ./slackware64/l/python-hatchling-1.21.1-x86_64-1.txt +-rw-r--r-- 1 root root 106424 2024-01-26 19:11 ./slackware64/l/python-hatchling-1.21.1-x86_64-1.txz +-rw-r--r-- 1 root root 163 2024-01-26 19:11 ./slackware64/l/python-hatchling-1.21.1-x86_64-1.txz.asc -rw-r--r-- 1 root root 381 2024-01-18 20:29 ./slackware64/l/python-html5lib-1.1-x86_64-1.txt -rw-r--r-- 1 root root 177896 2024-01-18 20:29 ./slackware64/l/python-html5lib-1.1-x86_64-1.txz -rw-r--r-- 1 root root 163 2024-01-18 20:29 ./slackware64/l/python-html5lib-1.1-x86_64-1.txz.asc @@ -5682,13 +5682,13 @@ drwxr-xr-x 2 root root 4096 2023-03-08 20:34 ./slackware64/y -rw-r--r-- 1 root root 1491108 2023-02-19 18:31 ./slackware64/y/nethack-3.6.7-x86_64-1.txz -rw-r--r-- 1 root root 163 2023-02-19 18:31 ./slackware64/y/nethack-3.6.7-x86_64-1.txz.asc -rw-r--r-- 1 root root 26 2020-12-30 21:55 ./slackware64/y/tagfile -drwxr-xr-x 18 root root 4096 2024-01-26 01:54 ./source --rw-r--r-- 1 root root 610414 2024-01-26 01:54 ./source/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2024-01-26 01:54 ./source/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 849588 2024-01-26 01:53 ./source/FILE_LIST --rw-r--r-- 1 root root 25206626 2024-01-26 01:53 ./source/MANIFEST.bz2 +drwxr-xr-x 18 root root 4096 2024-01-26 21:03 ./source +-rw-r--r-- 1 root root 608807 2024-01-26 21:03 ./source/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2024-01-26 21:03 ./source/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 847710 2024-01-26 21:03 ./source/FILE_LIST +-rw-r--r-- 1 root root 25222495 2024-01-26 21:03 ./source/MANIFEST.bz2 -rw-r--r-- 1 root root 828 2022-02-02 04:43 ./source/README.TXT -drwxr-xr-x 124 root root 4096 2024-01-20 19:20 ./source/a +drwxr-xr-x 124 root root 4096 2024-01-26 20:27 ./source/a -rw-r--r-- 1 root root 339 2023-09-28 19:06 ./source/a/FTBFSlog drwxr-xr-x 2 root root 4096 2022-02-15 18:15 ./source/a/aaa_base -rw-r--r-- 1 root root 11041 2022-02-15 04:49 ./source/a/aaa_base/_aaa_base.tar.gz @@ -6444,34 +6444,17 @@ drwxr-xr-x 2 root root 4096 2023-10-20 17:22 ./source/a/os-prober -rw-r--r-- 1 root root 338 2013-08-30 20:22 ./source/a/os-prober/os-prober.reiserfs.diff.gz -rw-r--r-- 1 root root 27448 2022-07-18 13:32 ./source/a/os-prober/os-prober_1.81.tar.xz -rw-r--r-- 1 root root 874 2018-02-27 06:13 ./source/a/os-prober/slack-desc -drwxr-xr-x 4 root root 4096 2023-05-19 18:20 ./source/a/pam --rw-r--r-- 1 root root 1020076 2023-05-08 21:44 ./source/a/pam/Linux-PAM-1.5.3.tar.xz --rw-r--r-- 1 root root 801 2023-05-08 21:44 ./source/a/pam/Linux-PAM-1.5.3.tar.xz.asc +drwxr-xr-x 4 root root 4096 2024-01-26 20:14 ./source/a/pam +-rw-r--r-- 1 root root 1048296 2024-01-17 15:16 ./source/a/pam/Linux-PAM-1.6.0.tar.xz +-rw-r--r-- 1 root root 801 2024-01-17 15:16 ./source/a/pam/Linux-PAM-1.6.0.tar.xz.asc -rw-r--r-- 1 root root 252 2014-07-26 06:55 ./source/a/pam/doinst.sh.gz -drwxr-xr-x 2 root root 4096 2023-05-19 18:24 ./source/a/pam/fedora-patches --rw-r--r-- 1 root root 487 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.1.3-nouserenv.patch.gz --rw-r--r-- 1 root root 534 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.1.6-limits-user.patch.gz --rw-r--r-- 1 root root 541 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.1.8-audit-user-mgmt.patch.gz --rw-r--r-- 1 root root 923 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.1.8-full-relro.patch.gz --rw-r--r-- 1 root root 6901 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.3.0-pwhistory-helper.patch.gz --rw-r--r-- 1 root root 464 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.3.0-unix-nomsg.patch.gz --rw-r--r-- 1 root root 2291 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.3.1-coverity.patch.gz --rw-r--r-- 1 root root 6056 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.3.1-motd-multiple-paths.patch.gz --rw-r--r-- 1 root root 416 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.3.1-noflex.patch.gz --rw-r--r-- 1 root root 1153 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.3.1-redhat-modules.patch.gz --rw-r--r-- 1 root root 783 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch.gz --rw-r--r-- 1 root root 1309 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch.gz --rw-r--r-- 1 root root 910 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch.gz --rw-r--r-- 1 root root 1410 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch.gz --rw-r--r-- 1 root root 1373 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch.gz --rw-r--r-- 1 root root 887 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch.gz --rw-r--r-- 1 root root 698 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch.gz --rw-r--r-- 1 root root 4944 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.3.1-unix-yescrypt.patch.gz --rw-r--r-- 1 root root 390 2020-06-13 19:12 ./source/a/pam/fedora-patches/pam-1.4.0-redhat-modules.patch.gz --rw-r--r-- 1 root root 995 2023-05-19 18:24 ./source/a/pam/fedora-patches/pam-1.5.0-redhat-modules.patch.gz --rw-r--r-- 1 root root 36626 2020-12-01 19:27 ./source/a/pam/pam-redhat-1.1.4.tar.lz +drwxr-xr-x 2 root root 4096 2024-01-26 20:16 ./source/a/pam/fedora-patches +-rw-r--r-- 1 root root 415 2024-01-23 00:00 ./source/a/pam/fedora-patches/pam-1.5.3-unix-nomsg.patch.gz +-rw-r--r-- 1 root root 436 2024-01-23 00:00 ./source/a/pam/fedora-patches/pam-1.6.0-noflex.patch.gz +-rw-r--r-- 1 root root 406 2024-01-23 00:00 ./source/a/pam/fedora-patches/pam-1.6.0-redhat-modules.patch.gz +-rw-r--r-- 1 root root 7280 2023-02-09 15:42 ./source/a/pam/pam-redhat-1.2.0.tar.xz -rw-r--r-- 1 root root 29 2020-12-01 19:30 ./source/a/pam/pam-redhat.url --rwxr-xr-x 1 root root 8859 2023-11-14 20:55 ./source/a/pam/pam.SlackBuild +-rwxr-xr-x 1 root root 7208 2024-01-26 20:17 ./source/a/pam/pam.SlackBuild -rw-r--r-- 1 root root 106 2023-05-19 18:18 ./source/a/pam/pam.url drwxr-xr-x 2 root root 4096 2020-12-01 19:29 ./source/a/pam/patches -rw-r--r-- 1 root root 386 2020-01-02 20:41 ./source/a/pam/patches/pam.etc.environment.better.comments.diff.gz @@ -6811,10 +6794,10 @@ drwxr-xr-x 2 root root 4096 2023-11-01 19:28 ./source/a/xfsprogs -rw-r--r-- 1 root root 1348452 2023-10-12 20:52 ./source/a/xfsprogs/xfsprogs-6.5.0.tar.xz -rwxr-xr-x 1 root root 5032 2023-11-01 19:28 ./source/a/xfsprogs/xfsprogs.SlackBuild -rw-r--r-- 1 root root 42 2017-09-27 22:21 ./source/a/xfsprogs/xfsprogs.url -drwxr-xr-x 2 root root 4096 2023-11-01 19:47 ./source/a/xz +drwxr-xr-x 2 root root 4096 2024-01-26 19:19 ./source/a/xz -rw-r--r-- 1 root root 939 2020-03-18 18:04 ./source/a/xz/slack-desc --rw-r--r-- 1 root root 1680520 2023-11-01 13:14 ./source/a/xz/xz-5.4.5.tar.xz --rw-r--r-- 1 root root 566 2023-11-01 13:23 ./source/a/xz/xz-5.4.5.tar.xz.sig +-rw-r--r-- 1 root root 1684368 2024-01-26 12:19 ./source/a/xz/xz-5.4.6.tar.xz +-rw-r--r-- 1 root root 566 2024-01-26 12:19 ./source/a/xz/xz-5.4.6.tar.xz.sig -rwxr-xr-x 1 root root 5469 2023-03-20 15:34 ./source/a/xz/xz.SlackBuild -rw-r--r-- 1 root root 253 2023-01-19 19:53 ./source/a/xz/xz.default.verbosity.V_ERROR.diff.gz drwxr-xr-x 2 root root 4096 2022-09-06 18:27 ./source/a/zerofree @@ -11736,8 +11719,8 @@ drwxr-xr-x 2 root root 4096 2024-01-24 21:12 ./source/l/python-glad2 -rw-r--r-- 1 root root 31 2024-01-24 21:16 ./source/l/python-glad2/glad2.url -rwxr-xr-x 1 root root 3094 2022-11-17 18:48 ./source/l/python-glad2/python-glad2.SlackBuild -rw-r--r-- 1 root root 776 2022-11-17 18:47 ./source/l/python-glad2/slack-desc -drwxr-xr-x 2 root root 4096 2024-01-24 20:41 ./source/l/python-hatchling --rw-r--r-- 1 root root 58055 2023-12-18 05:18 ./source/l/python-hatchling/hatchling-1.21.0.tar.gz +drwxr-xr-x 2 root root 4096 2024-01-26 19:11 ./source/l/python-hatchling +-rw-r--r-- 1 root root 58059 2024-01-25 00:58 ./source/l/python-hatchling/hatchling-1.21.1.tar.gz -rw-r--r-- 1 root root 35 2024-01-24 20:36 ./source/l/python-hatchling/hatchling.url -rwxr-xr-x 1 root root 3123 2023-01-08 19:08 ./source/l/python-hatchling/python-hatchling.SlackBuild -rw-r--r-- 1 root root 820 2024-01-24 20:37 ./source/l/python-hatchling/slack-desc @@ -15240,35 +15223,35 @@ drwxr-xr-x 2 root root 4096 2016-07-03 18:05 ./source/xap/mozilla-thunder drwxr-xr-x 2 root root 4096 2024-01-19 19:47 ./source/xap/network-manager-applet -rw-r--r-- 1 root root 173 2021-09-10 17:57 ./source/xap/network-manager-applet/doinst.sh.gz -rw-r--r-- 1 root root 1923064 2024-01-19 12:15 ./source/xap/network-manager-applet/network-manager-applet-1.36.0.tar.xz --rwxr-xr-x 1 root root 4317 2023-10-04 20:14 ./source/xap/network-manager-applet/network-manager-applet.SlackBuild --rw-r--r-- 1 root root 829 2018-02-27 06:13 ./source/xap/network-manager-applet/slack-desc -drwxr-xr-x 2 root root 4096 2023-11-16 18:11 ./source/xap/pan --rw-r--r-- 1 root root 1502476 2023-11-01 16:44 ./source/xap/pan/pan-v0.155.tar.lz --rwxr-xr-x 1 root root 4591 2023-06-11 19:25 ./source/xap/pan/pan.SlackBuild --rw-r--r-- 1 root root 36 2023-01-13 20:10 ./source/xap/pan/pan.url --rw-r--r-- 1 root root 752 2018-02-27 06:13 ./source/xap/pan/slack-desc -drwxr-xr-x 2 root root 4096 2021-08-21 03:26 ./source/xap/pavucontrol --rw-r--r-- 1 root root 120 2013-11-05 03:45 ./source/xap/pavucontrol/doinst.sh.gz --rw-r--r-- 1 root root 193451 2021-08-15 18:40 ./source/xap/pavucontrol/pavucontrol-5.0.tar.lz --rwxr-xr-x 1 root root 3343 2021-08-21 03:25 ./source/xap/pavucontrol/pavucontrol.SlackBuild --rw-r--r-- 1 root root 970 2021-08-21 03:26 ./source/xap/pavucontrol/slack-desc -drwxr-xr-x 2 root root 4096 2023-03-05 20:50 ./source/xap/pidgin --rw-r--r-- 1 root root 172 2016-01-04 03:06 ./source/xap/pidgin/doinst.sh.gz --rw-r--r-- 1 root root 355 2012-05-02 03:59 ./source/xap/pidgin/fix-gmain_h-compile-error.diff.gz --rw-r--r-- 1 root root 6110167 2023-01-01 04:23 ./source/xap/pidgin/pidgin-2.14.12.tar.lz --rw-r--r-- 1 root root 604129 2010-05-18 16:51 ./source/xap/pidgin/pidgin-encryption-3.1.tar.gz --rwxr-xr-x 1 root root 7564 2023-03-05 20:50 ./source/xap/pidgin/pidgin.SlackBuild --rw-r--r-- 1 root root 911 2021-04-30 17:42 ./source/xap/pidgin/slack-desc -drwxr-xr-x 2 root root 4096 2021-02-13 05:32 ./source/xap/rdesktop --rw-r--r-- 1 root root 282274 2019-10-11 08:22 ./source/xap/rdesktop/rdesktop-1.9.0.tar.lz --rwxr-xr-x 1 root root 3868 2021-02-13 05:32 ./source/xap/rdesktop/rdesktop.SlackBuild --rw-r--r-- 1 root root 834 2019-10-11 16:26 ./source/xap/rdesktop/slack-desc -drwxr-xr-x 2 root root 4096 2023-07-20 18:52 ./source/xap/rxvt-unicode --rw-r--r-- 1 root root 222 2018-03-31 17:18 ./source/xap/rxvt-unicode/rxvt-unicode-256color.desktop --rw-r--r-- 1 root root 715318 2023-01-02 22:42 ./source/xap/rxvt-unicode/rxvt-unicode-9.31.tar.lz --rwxr-xr-x 1 root root 5458 2023-07-20 18:53 ./source/xap/rxvt-unicode/rxvt-unicode.SlackBuild --rw-r--r-- 1 root root 207 2018-03-31 17:17 ./source/xap/rxvt-unicode/rxvt-unicode.desktop --rw-r--r-- 1 root root 229 2023-07-08 18:38 ./source/xap/rxvt-unicode/rxvt-unicode.perl5.38.0.diff.gz +-rwxr-xr-x 1 root root 4317 2023-10-04 20:14 ./source/xap/network-manager-applet/network-manager-applet.SlackBuild +-rw-r--r-- 1 root root 829 2018-02-27 06:13 ./source/xap/network-manager-applet/slack-desc +drwxr-xr-x 2 root root 4096 2023-11-16 18:11 ./source/xap/pan +-rw-r--r-- 1 root root 1502476 2023-11-01 16:44 ./source/xap/pan/pan-v0.155.tar.lz +-rwxr-xr-x 1 root root 4591 2023-06-11 19:25 ./source/xap/pan/pan.SlackBuild +-rw-r--r-- 1 root root 36 2023-01-13 20:10 ./source/xap/pan/pan.url +-rw-r--r-- 1 root root 752 2018-02-27 06:13 ./source/xap/pan/slack-desc +drwxr-xr-x 2 root root 4096 2021-08-21 03:26 ./source/xap/pavucontrol +-rw-r--r-- 1 root root 120 2013-11-05 03:45 ./source/xap/pavucontrol/doinst.sh.gz +-rw-r--r-- 1 root root 193451 2021-08-15 18:40 ./source/xap/pavucontrol/pavucontrol-5.0.tar.lz +-rwxr-xr-x 1 root root 3343 2021-08-21 03:25 ./source/xap/pavucontrol/pavucontrol.SlackBuild +-rw-r--r-- 1 root root 970 2021-08-21 03:26 ./source/xap/pavucontrol/slack-desc +drwxr-xr-x 2 root root 4096 2023-03-05 20:50 ./source/xap/pidgin +-rw-r--r-- 1 root root 172 2016-01-04 03:06 ./source/xap/pidgin/doinst.sh.gz +-rw-r--r-- 1 root root 355 2012-05-02 03:59 ./source/xap/pidgin/fix-gmain_h-compile-error.diff.gz +-rw-r--r-- 1 root root 6110167 2023-01-01 04:23 ./source/xap/pidgin/pidgin-2.14.12.tar.lz +-rw-r--r-- 1 root root 604129 2010-05-18 16:51 ./source/xap/pidgin/pidgin-encryption-3.1.tar.gz +-rwxr-xr-x 1 root root 7564 2023-03-05 20:50 ./source/xap/pidgin/pidgin.SlackBuild +-rw-r--r-- 1 root root 911 2021-04-30 17:42 ./source/xap/pidgin/slack-desc +drwxr-xr-x 2 root root 4096 2021-02-13 05:32 ./source/xap/rdesktop +-rw-r--r-- 1 root root 282274 2019-10-11 08:22 ./source/xap/rdesktop/rdesktop-1.9.0.tar.lz +-rwxr-xr-x 1 root root 3868 2021-02-13 05:32 ./source/xap/rdesktop/rdesktop.SlackBuild +-rw-r--r-- 1 root root 834 2019-10-11 16:26 ./source/xap/rdesktop/slack-desc +drwxr-xr-x 2 root root 4096 2023-07-20 18:52 ./source/xap/rxvt-unicode +-rw-r--r-- 1 root root 222 2018-03-31 17:18 ./source/xap/rxvt-unicode/rxvt-unicode-256color.desktop +-rw-r--r-- 1 root root 715318 2023-01-02 22:42 ./source/xap/rxvt-unicode/rxvt-unicode-9.31.tar.lz +-rwxr-xr-x 1 root root 5458 2023-07-20 18:53 ./source/xap/rxvt-unicode/rxvt-unicode.SlackBuild +-rw-r--r-- 1 root root 207 2018-03-31 17:17 ./source/xap/rxvt-unicode/rxvt-unicode.desktop +-rw-r--r-- 1 root root 229 2023-07-08 18:38 ./source/xap/rxvt-unicode/rxvt-unicode.perl5.38.0.diff.gz -rw-r--r-- 1 root root 38 2023-07-20 18:32 ./source/xap/rxvt-unicode/rxvt-unicode.url -rw-r--r-- 1 root root 940 2018-03-31 16:58 ./source/xap/rxvt-unicode/slack-desc drwxr-xr-x 2 root root 4096 2023-12-05 20:57 ./source/xap/sane diff --git a/recompress.sh b/recompress.sh index 1cbadf691..0c898d70b 100755 --- a/recompress.sh +++ b/recompress.sh @@ -178,26 +178,9 @@ gzip ./source/a/tar/tar.nolonezero.diff gzip ./source/a/genpower/genpower.halt.diff gzip ./source/a/genpower/genpower.var.diff gzip ./source/a/pam/patches/pam.etc.environment.better.comments.diff -gzip ./source/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch -gzip ./source/a/pam/fedora-patches/pam-1.3.1-redhat-modules.patch -gzip ./source/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch -gzip ./source/a/pam/fedora-patches/pam-1.3.1-motd-multiple-paths.patch -gzip ./source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch -gzip ./source/a/pam/fedora-patches/pam-1.1.8-audit-user-mgmt.patch -gzip ./source/a/pam/fedora-patches/pam-1.1.8-full-relro.patch -gzip ./source/a/pam/fedora-patches/pam-1.1.3-nouserenv.patch -gzip ./source/a/pam/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch -gzip ./source/a/pam/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch -gzip ./source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch -gzip ./source/a/pam/fedora-patches/pam-1.4.0-redhat-modules.patch -gzip ./source/a/pam/fedora-patches/pam-1.3.1-noflex.patch -gzip ./source/a/pam/fedora-patches/pam-1.5.0-redhat-modules.patch -gzip ./source/a/pam/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch -gzip ./source/a/pam/fedora-patches/pam-1.3.1-unix-yescrypt.patch -gzip ./source/a/pam/fedora-patches/pam-1.3.1-coverity.patch -gzip ./source/a/pam/fedora-patches/pam-1.1.6-limits-user.patch -gzip ./source/a/pam/fedora-patches/pam-1.3.0-pwhistory-helper.patch -gzip ./source/a/pam/fedora-patches/pam-1.3.0-unix-nomsg.patch +gzip ./source/a/pam/fedora-patches/pam-1.6.0-redhat-modules.patch +gzip ./source/a/pam/fedora-patches/pam-1.6.0-noflex.patch +gzip ./source/a/pam/fedora-patches/pam-1.5.3-unix-nomsg.patch gzip ./source/a/pam/doinst.sh gzip ./source/a/glibc-zoneinfo/doinst.sh gzip ./source/a/glibc-zoneinfo/zic.default.fat.diff diff --git a/source/a/pam/fedora-patches/pam-1.1.3-nouserenv.patch b/source/a/pam/fedora-patches/pam-1.1.3-nouserenv.patch deleted file mode 100644 index f3a742c8d..000000000 --- a/source/a/pam/fedora-patches/pam-1.1.3-nouserenv.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -up pam/modules/pam_env/pam_env.c.nouserenv pam/modules/pam_env/pam_env.c ---- pam/modules/pam_env/pam_env.c.nouserenv 2010-10-20 09:59:30.000000000 +0200 -+++ pam/modules/pam_env/pam_env.c 2010-11-01 14:42:01.000000000 +0100 -@@ -10,7 +10,7 @@ - #define DEFAULT_READ_ENVFILE 1 - - #define DEFAULT_USER_ENVFILE ".pam_environment" --#define DEFAULT_USER_READ_ENVFILE 1 -+#define DEFAULT_USER_READ_ENVFILE 0 - - #include "config.h" - -diff -up pam/modules/pam_env/pam_env.8.xml.nouserenv pam/modules/pam_env/pam_env.8.xml ---- pam/modules/pam_env/pam_env.8.xml.nouserenv 2010-10-20 09:59:30.000000000 +0200 -+++ pam/modules/pam_env/pam_env.8.xml 2010-11-01 14:42:01.000000000 +0100 -@@ -147,7 +147,10 @@ - - - Turns on or off the reading of the user specific environment -- file. 0 is off, 1 is on. By default this option is on. -+ file. 0 is off, 1 is on. By default this option is off as user -+ supplied environment variables in the PAM environment could affect -+ behavior of subsequent modules in the stack without the consent -+ of the system administrator. - - - diff --git a/source/a/pam/fedora-patches/pam-1.1.6-limits-user.patch b/source/a/pam/fedora-patches/pam-1.1.6-limits-user.patch deleted file mode 100644 index 3c17b781a..000000000 --- a/source/a/pam/fedora-patches/pam-1.1.6-limits-user.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff -up Linux-PAM-1.1.6/modules/pam_limits/limits.conf.limits Linux-PAM-1.1.6/modules/pam_limits/limits.conf ---- Linux-PAM-1.1.6/modules/pam_limits/limits.conf.limits 2012-08-15 13:08:43.000000000 +0200 -+++ Linux-PAM-1.1.6/modules/pam_limits/limits.conf 2013-03-14 16:43:37.615087671 +0100 -@@ -1,5 +1,16 @@ - # /etc/security/limits.conf - # -+#This file sets the resource limits for the users logged in via PAM. -+#It does not affect resource limits of the system services. -+# -+#Also note that configuration files in /etc/security/limits.d directory, -+#which are read in alphabetical order, override the settings in this -+#file in case the domain is the same or more specific. -+#That means for example that setting a limit for wildcard domain here -+#can be overriden with a wildcard setting in a config file in the -+#subdirectory, but a user specific setting here can be overriden only -+#with a user specific setting in the subdirectory. -+# - #Each line describes a limit for a user in the form: - # - # diff --git a/source/a/pam/fedora-patches/pam-1.1.8-audit-user-mgmt.patch b/source/a/pam/fedora-patches/pam-1.1.8-audit-user-mgmt.patch deleted file mode 100644 index 277a5699f..000000000 --- a/source/a/pam/fedora-patches/pam-1.1.8-audit-user-mgmt.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff -up Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c ---- Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt 2013-06-18 16:11:21.000000000 +0200 -+++ Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c 2014-10-17 12:09:12.965490940 +0200 -@@ -997,9 +997,9 @@ main( int argc UNUSED, char **argv ) - #ifdef HAVE_LIBAUDIT - char buf[64]; - int audit_fd = audit_open(); -- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u reset=%hu", uid, cline_reset); -- audit_log_user_message(audit_fd, AUDIT_USER_ACCT, -- buf, NULL, NULL, ttyname(STDIN_FILENO), 1); -+ snprintf(buf, sizeof(buf), "pam_tally2 reset=%hu", cline_reset); -+ audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL, -+ buf, NULL, uid, NULL, NULL, ttyname(STDIN_FILENO), 1); - if (audit_fd >=0) - close(audit_fd); - #endif -@@ -1040,11 +1040,10 @@ main( int argc UNUSED, char **argv ) - } - else if ( !cline_reset ) { - #ifdef HAVE_LIBAUDIT -- char buf[64]; - int audit_fd = audit_open(); -- snprintf(buf, sizeof(buf), "pam_tally2 uid=all reset=0"); -- audit_log_user_message(audit_fd, AUDIT_USER_ACCT, -- buf, NULL, NULL, ttyname(STDIN_FILENO), 1); -+ audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL, -+ "pam_tally2-reset-all-accts reset=0", "*", -1, -+ NULL, NULL, ttyname(STDIN_FILENO), 1); - if (audit_fd >=0) - close(audit_fd); - #endif diff --git a/source/a/pam/fedora-patches/pam-1.1.8-full-relro.patch b/source/a/pam/fedora-patches/pam-1.1.8-full-relro.patch deleted file mode 100644 index b2d8526f9..000000000 --- a/source/a/pam/fedora-patches/pam-1.1.8-full-relro.patch +++ /dev/null @@ -1,67 +0,0 @@ -diff -up Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am ---- Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am.relro 2014-09-10 17:17:20.273401344 +0200 -+++ Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am 2014-09-10 17:17:07.857115369 +0200 -@@ -9,7 +9,7 @@ securelibfilterdir = $(SECUREDIR)/pam_fi - - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(srcdir)/.. @PIE_CFLAGS@ --AM_LDFLAGS = @PIE_LDFLAGS@ -+AM_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ - LDADD = $(top_builddir)/libpam/libpam.la - - securelibfilter_PROGRAMS = upperLOWER -diff -up Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.am ---- Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.am.relro 2013-06-18 16:11:21.000000000 +0200 -+++ Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.am 2014-09-10 17:18:42.922304935 +0200 -@@ -30,6 +30,8 @@ endif - - sbin_PROGRAMS = mkhomedir_helper - mkhomedir_helper_SOURCES = mkhomedir_helper.c -+mkhomedir_helper_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -+mkhomedir_helper_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ - mkhomedir_helper_LDADD = $(top_builddir)/libpam/libpam.la - - if ENABLE_REGENERATE_MAN -diff -up Linux-PAM-1.1.8/modules/pam_tally2/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_tally2/Makefile.am ---- Linux-PAM-1.1.8/modules/pam_tally2/Makefile.am.relro 2013-06-18 16:11:21.000000000 +0200 -+++ Linux-PAM-1.1.8/modules/pam_tally2/Makefile.am 2014-09-10 17:22:04.339944040 +0200 -@@ -26,6 +26,8 @@ if HAVE_VERSIONING - pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map - endif - -+pam_tally2_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -+pam_tally2_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ - pam_tally2_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) - - securelib_LTLIBRARIES = pam_tally2.la -diff -up Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.am ---- Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.am.relro 2013-06-18 16:11:21.000000000 +0200 -+++ Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.am 2014-08-13 16:02:49.906688139 +0200 -@@ -36,7 +36,7 @@ pam_timestamp_la_CFLAGS = $(AM_CFLAGS) - pam_timestamp_check_SOURCES = pam_timestamp_check.c - pam_timestamp_check_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ - pam_timestamp_check_LDADD = $(top_builddir)/libpam/libpam.la --pam_timestamp_check_LDFLAGS = @PIE_LDFLAGS@ -+pam_timestamp_check_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ - - hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c - hmacfile_LDADD = $(top_builddir)/libpam/libpam.la -diff -up Linux-PAM-1.1.8/modules/pam_unix/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_unix/Makefile.am ---- Linux-PAM-1.1.8/modules/pam_unix/Makefile.am.relro 2013-06-18 16:11:21.000000000 +0200 -+++ Linux-PAM-1.1.8/modules/pam_unix/Makefile.am 2014-08-13 16:02:49.906688139 +0200 -@@ -55,13 +55,13 @@ bigcrypt_LDADD = @LIBCRYPT@ - unix_chkpwd_SOURCES = unix_chkpwd.c md5_good.c md5_broken.c bigcrypt.c \ - passverify.c - unix_chkpwd_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"unix_chkpwd\" --unix_chkpwd_LDFLAGS = @PIE_LDFLAGS@ -+unix_chkpwd_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ - unix_chkpwd_LDADD = @LIBCRYPT@ @LIBSELINUX@ @LIBAUDIT@ - - unix_update_SOURCES = unix_update.c md5_good.c md5_broken.c bigcrypt.c \ - passverify.c - unix_update_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"unix_update\" --unix_update_LDFLAGS = @PIE_LDFLAGS@ -+unix_update_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ - unix_update_LDADD = @LIBCRYPT@ @LIBSELINUX@ - - if ENABLE_REGENERATE_MAN diff --git a/source/a/pam/fedora-patches/pam-1.3.0-pwhistory-helper.patch b/source/a/pam/fedora-patches/pam-1.3.0-pwhistory-helper.patch deleted file mode 100644 index 554e5c8f8..000000000 --- a/source/a/pam/fedora-patches/pam-1.3.0-pwhistory-helper.patch +++ /dev/null @@ -1,806 +0,0 @@ -diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/Makefile.am.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/Makefile.am ---- Linux-PAM-1.3.0/modules/pam_pwhistory/Makefile.am.pwhhelper 2016-03-24 12:45:42.000000000 +0100 -+++ Linux-PAM-1.3.0/modules/pam_pwhistory/Makefile.am 2016-05-06 15:18:42.307637933 +0200 -@@ -1,5 +1,6 @@ - # - # Copyright (c) 2008, 2009 Thorsten Kukuk -+# Copyright (c) 2013 Red Hat, Inc. - # - - CLEANFILES = *~ -@@ -9,25 +10,34 @@ EXTRA_DIST = README $(MANS) $(XMLS) tst- - - TESTS = tst-pam_pwhistory - --man_MANS = pam_pwhistory.8 -+man_MANS = pam_pwhistory.8 pwhistory_helper.8 - --XMLS = README.xml pam_pwhistory.8.xml -+XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml - - securelibdir = $(SECUREDIR) - secureconfdir = $(SCONFIGDIR) - --AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include --AM_LDFLAGS = -no-undefined -avoid-version -module -+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -+ -DPWHISTORY_HELPER=\"$(sbindir)/pwhistory_helper\" -+ -+pam_pwhistory_la_LDFLAGS = -no-undefined -avoid-version -module - if HAVE_VERSIONING -- AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -+ pam_pwhistory_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map - endif - - noinst_HEADERS = opasswd.h - - securelib_LTLIBRARIES = pam_pwhistory.la --pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ -+pam_pwhistory_la_CFLAGS = $(AM_CFLAGS) -+pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ @LIBSELINUX@ - pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c - -+sbin_PROGRAMS = pwhistory_helper -+pwhistory_helper_CFLAGS = $(AM_CFLAGS) -DHELPER_COMPILE=\"pwhistory_helper\" @PIE_CFLAGS@ -+pwhistory_helper_SOURCES = pwhistory_helper.c opasswd.c -+pwhistory_helper_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ -+pwhistory_helper_LDADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ -+ - if ENABLE_REGENERATE_MAN - noinst_DATA = README - README: pam_pwhistory.8.xml -diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.c.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.c ---- Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.c.pwhhelper 2016-03-24 12:45:42.000000000 +0100 -+++ Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.c 2016-05-06 15:18:42.307637933 +0200 -@@ -1,5 +1,6 @@ - /* - * Copyright (c) 2008 Thorsten Kukuk -+ * Copyright (c) 2013 Red Hat, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions -@@ -38,6 +39,7 @@ - #endif - - #include -+#include - #include - #include - #include -@@ -47,6 +49,7 @@ - #include - #include - #include -+#include - #include - - #if defined (HAVE_XCRYPT_H) -@@ -55,7 +58,14 @@ - #include - #endif - -+#ifdef HELPER_COMPILE -+#define pam_modutil_getpwnam(h,n) getpwnam(n) -+#define pam_modutil_getspnam(h,n) getspnam(n) -+#define pam_syslog(h,a,...) helper_log_err(a,__VA_ARGS__) -+#else -+#include - #include -+#endif - #include - - #include "opasswd.h" -@@ -76,6 +86,19 @@ typedef struct { - char *old_passwords; - } opwd; - -+#ifdef HELPER_COMPILE -+void -+helper_log_err(int err, const char *format, ...) -+{ -+ va_list args; -+ -+ va_start(args, format); -+ openlog(HELPER_COMPILE, LOG_CONS | LOG_PID, LOG_AUTHPRIV); -+ vsyslog(err, format, args); -+ va_end(args); -+ closelog(); -+} -+#endif - - static int - parse_entry (char *line, opwd *data) -@@ -117,8 +140,8 @@ compare_password(const char *newpass, co - } - - /* Check, if the new password is already in the opasswd file. */ --int --check_old_pass (pam_handle_t *pamh, const char *user, -+PAMH_ARG_DECL(int -+check_old_pass, const char *user, - const char *newpass, int debug) - { - int retval = PAM_SUCCESS; -@@ -128,6 +151,11 @@ check_old_pass (pam_handle_t *pamh, cons - opwd entry; - int found = 0; - -+#ifndef HELPER_COMPILE -+ if (SELINUX_ENABLED) -+ return PAM_PWHISTORY_RUN_HELPER; -+#endif -+ - if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL) - { - if (errno != ENOENT) -@@ -213,9 +241,9 @@ check_old_pass (pam_handle_t *pamh, cons - return retval; - } - --int --save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid, -- const char *oldpass, int howmany, int debug UNUSED) -+PAMH_ARG_DECL(int -+save_old_pass, const char *user, -+ int howmany, int debug UNUSED) - { - char opasswd_tmp[] = TMP_PASSWORDS_FILE; - struct stat opasswd_stat; -@@ -226,10 +254,35 @@ save_old_pass (pam_handle_t *pamh, const - char *buf = NULL; - size_t buflen = 0; - int found = 0; -+ struct passwd *pwd; -+ const char *oldpass; -+ -+ pwd = pam_modutil_getpwnam (pamh, user); -+ if (pwd == NULL) -+ return PAM_USER_UNKNOWN; - - if (howmany <= 0) - return PAM_SUCCESS; - -+#ifndef HELPER_COMPILE -+ if (SELINUX_ENABLED) -+ return PAM_PWHISTORY_RUN_HELPER; -+#endif -+ -+ if ((strcmp(pwd->pw_passwd, "x") == 0) || -+ ((pwd->pw_passwd[0] == '#') && -+ (pwd->pw_passwd[1] == '#') && -+ (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0))) -+ { -+ struct spwd *spw = pam_modutil_getspnam (pamh, user); -+ -+ if (spw == NULL) -+ return PAM_USER_UNKNOWN; -+ oldpass = spw->sp_pwdp; -+ } -+ else -+ oldpass = pwd->pw_passwd; -+ - if (oldpass == NULL || *oldpass == '\0') - return PAM_SUCCESS; - -@@ -452,7 +505,7 @@ save_old_pass (pam_handle_t *pamh, const - { - char *out; - -- if (asprintf (&out, "%s:%d:1:%s\n", user, uid, oldpass) < 0) -+ if (asprintf (&out, "%s:%d:1:%s\n", user, pwd->pw_uid, oldpass) < 0) - { - retval = PAM_AUTHTOK_ERR; - if (oldpf) -diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.h.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.h ---- Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.h.pwhhelper 2016-03-24 12:45:42.000000000 +0100 -+++ Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.h 2016-05-06 15:18:42.307637933 +0200 -@@ -1,5 +1,6 @@ - /* - * Copyright (c) 2008 Thorsten Kukuk -+ * Copyright (c) 2013 Red Hat, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions -@@ -36,10 +37,32 @@ - #ifndef __OPASSWD_H__ - #define __OPASSWD_H__ - --extern int check_old_pass (pam_handle_t *pamh, const char *user, -- const char *newpass, int debug); --extern int save_old_pass (pam_handle_t *pamh, const char *user, -- uid_t uid, const char *oldpass, -- int howmany, int debug); -+#define PAM_PWHISTORY_RUN_HELPER PAM_CRED_INSUFFICIENT -+ -+#ifdef WITH_SELINUX -+#include -+#define SELINUX_ENABLED is_selinux_enabled()>0 -+#else -+#define SELINUX_ENABLED 0 -+#endif -+ -+#ifdef HELPER_COMPILE -+#define PAMH_ARG_DECL(fname, ...) fname(__VA_ARGS__) -+#define PAMH_ARG(...) __VA_ARGS__ -+#else -+#define PAMH_ARG_DECL(fname, ...) fname(pam_handle_t *pamh, __VA_ARGS__) -+#define PAMH_ARG(...) pamh, __VA_ARGS__ -+#endif -+ -+#ifdef HELPER_COMPILE -+void -+helper_log_err(int err, const char *format, ...); -+#endif -+ -+PAMH_ARG_DECL(int -+check_old_pass, const char *user, const char *newpass, int debug); -+ -+PAMH_ARG_DECL(int -+save_old_pass, const char *user, int howmany, int debug); - - #endif /* __OPASSWD_H__ */ -diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/pam_pwhistory.c.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/pam_pwhistory.c ---- Linux-PAM-1.3.0/modules/pam_pwhistory/pam_pwhistory.c.pwhhelper 2016-04-04 11:22:28.000000000 +0200 -+++ Linux-PAM-1.3.0/modules/pam_pwhistory/pam_pwhistory.c 2016-05-06 15:19:31.610785512 +0200 -@@ -1,6 +1,7 @@ - /* - * Copyright (c) 2008, 2012 Thorsten Kukuk - * Author: Thorsten Kukuk -+ * Copyright (c) 2013 Red Hat, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions -@@ -46,10 +47,14 @@ - #include - #include - #include --#include - #include - #include - #include -+#include -+#include -+#include -+#include -+#include - - #include - #include -@@ -59,6 +64,7 @@ - #include "opasswd.h" - - #define DEFAULT_BUFLEN 2048 -+#define MAX_FD_NO 20000 - - struct options_t { - int debug; -@@ -102,6 +108,184 @@ parse_option (pam_handle_t *pamh, const - pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv); - } - -+static int -+run_save_helper(pam_handle_t *pamh, const char *user, -+ int howmany, int debug) -+{ -+ int retval, child; -+ struct sigaction newsa, oldsa; -+ -+ memset(&newsa, '\0', sizeof(newsa)); -+ newsa.sa_handler = SIG_DFL; -+ sigaction(SIGCHLD, &newsa, &oldsa); -+ -+ child = fork(); -+ if (child == 0) -+ { -+ int i = 0; -+ struct rlimit rlim; -+ int dummyfds[2]; -+ static char *envp[] = { NULL }; -+ char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; -+ -+ /* replace std file descriptors with a dummy pipe */ -+ if (pipe2(dummyfds, O_NONBLOCK) == 0) -+ { -+ dup2(dummyfds[0], STDIN_FILENO); -+ dup2(dummyfds[1], STDOUT_FILENO); -+ dup2(dummyfds[1], STDERR_FILENO); -+ } -+ -+ if (getrlimit(RLIMIT_NOFILE,&rlim) == 0) -+ { -+ if (rlim.rlim_max >= MAX_FD_NO) -+ rlim.rlim_max = MAX_FD_NO; -+ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) -+ { -+ if (i != dummyfds[0]) -+ close(i); -+ } -+ } -+ -+ /* exec binary helper */ -+ args[0] = strdup(PWHISTORY_HELPER); -+ args[1] = strdup("save"); -+ args[2] = x_strdup(user); -+ asprintf(&args[3], "%d", howmany); -+ asprintf(&args[4], "%d", debug); -+ -+ execve(args[0], args, envp); -+ -+ _exit(PAM_SYSTEM_ERR); -+ } -+ else if (child > 0) -+ { -+ /* wait for child */ -+ int rc = 0; -+ rc = waitpid(child, &retval, 0); /* wait for helper to complete */ -+ if (rc < 0) -+ { -+ pam_syslog(pamh, LOG_ERR, "pwhistory_helper save waitpid returned %d: %m", rc); -+ retval = PAM_SYSTEM_ERR; -+ } -+ else if (!WIFEXITED(retval)) -+ { -+ pam_syslog(pamh, LOG_ERR, "pwhistory_helper save abnormal exit: %d", retval); -+ retval = PAM_SYSTEM_ERR; -+ } -+ else -+ { -+ retval = WEXITSTATUS(retval); -+ } -+ } -+ else -+ { -+ retval = PAM_SYSTEM_ERR; -+ } -+ -+ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ -+ -+ return retval; -+} -+ -+static int -+run_check_helper(pam_handle_t *pamh, const char *user, -+ const char *newpass, int debug) -+{ -+ int retval, child, fds[2]; -+ struct sigaction newsa, oldsa; -+ -+ /* create a pipe for the password */ -+ if (pipe(fds) != 0) -+ return PAM_SYSTEM_ERR; -+ -+ memset(&newsa, '\0', sizeof(newsa)); -+ newsa.sa_handler = SIG_DFL; -+ sigaction(SIGCHLD, &newsa, &oldsa); -+ -+ child = fork(); -+ if (child == 0) -+ { -+ int i = 0; -+ struct rlimit rlim; -+ int dummyfds[2]; -+ static char *envp[] = { NULL }; -+ char *args[] = { NULL, NULL, NULL, NULL, NULL }; -+ -+ /* reopen stdin as pipe */ -+ dup2(fds[0], STDIN_FILENO); -+ -+ /* replace std file descriptors with a dummy pipe */ -+ if (pipe2(dummyfds, O_NONBLOCK) == 0) -+ { -+ dup2(dummyfds[1], STDOUT_FILENO); -+ dup2(dummyfds[1], STDERR_FILENO); -+ } -+ -+ if (getrlimit(RLIMIT_NOFILE,&rlim) == 0) -+ { -+ if (rlim.rlim_max >= MAX_FD_NO) -+ rlim.rlim_max = MAX_FD_NO; -+ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) -+ { -+ if (i != dummyfds[0]) -+ close(i); -+ } -+ } -+ -+ /* exec binary helper */ -+ args[0] = strdup(PWHISTORY_HELPER); -+ args[1] = strdup("check"); -+ args[2] = x_strdup(user); -+ asprintf(&args[3], "%d", debug); -+ -+ execve(args[0], args, envp); -+ -+ _exit(PAM_SYSTEM_ERR); -+ } -+ else if (child > 0) -+ { -+ /* wait for child */ -+ int rc = 0; -+ if (newpass == NULL) -+ newpass = ""; -+ -+ /* send the password to the child */ -+ if (write(fds[1], newpass, strlen(newpass)+1) == -1) -+ { -+ pam_syslog(pamh, LOG_ERR, "Cannot send password to helper: %m"); -+ retval = PAM_SYSTEM_ERR; -+ } -+ newpass = NULL; -+ close(fds[0]); /* close here to avoid possible SIGPIPE above */ -+ close(fds[1]); -+ rc = waitpid(child, &retval, 0); /* wait for helper to complete */ -+ if (rc < 0) -+ { -+ pam_syslog(pamh, LOG_ERR, "pwhistory_helper check waitpid returned %d: %m", rc); -+ retval = PAM_SYSTEM_ERR; -+ } -+ else if (!WIFEXITED(retval)) -+ { -+ pam_syslog(pamh, LOG_ERR, "pwhistory_helper check abnormal exit: %d", retval); -+ retval = PAM_SYSTEM_ERR; -+ } -+ else -+ { -+ retval = WEXITSTATUS(retval); -+ } -+ } -+ else -+ { -+ close(fds[0]); -+ close(fds[1]); -+ retval = PAM_SYSTEM_ERR; -+ } -+ -+ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ -+ -+ return retval; -+} - - /* This module saves the current crypted password in /etc/security/opasswd - and then compares the new password with all entries in this file. */ -@@ -109,7 +293,6 @@ parse_option (pam_handle_t *pamh, const - int - pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) - { -- struct passwd *pwd; - const char *newpass; - const char *user; - int retval, tries; -@@ -154,31 +337,13 @@ pam_sm_chauthtok (pam_handle_t *pamh, in - return PAM_SUCCESS; - } - -- pwd = pam_modutil_getpwnam (pamh, user); -- if (pwd == NULL) -- return PAM_USER_UNKNOWN; -- -- if ((strcmp(pwd->pw_passwd, "x") == 0) || -- ((pwd->pw_passwd[0] == '#') && -- (pwd->pw_passwd[1] == '#') && -- (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0))) -- { -- struct spwd *spw = pam_modutil_getspnam (pamh, user); -- if (spw == NULL) -- return PAM_USER_UNKNOWN; -+ retval = save_old_pass (pamh, user, options.remember, options.debug); - -- retval = save_old_pass (pamh, user, pwd->pw_uid, spw->sp_pwdp, -- options.remember, options.debug); -- if (retval != PAM_SUCCESS) -- return retval; -- } -- else -- { -- retval = save_old_pass (pamh, user, pwd->pw_uid, pwd->pw_passwd, -- options.remember, options.debug); -- if (retval != PAM_SUCCESS) -- return retval; -- } -+ if (retval == PAM_PWHISTORY_RUN_HELPER) -+ retval = run_save_helper(pamh, user, options.remember, options.debug); -+ -+ if (retval != PAM_SUCCESS) -+ return retval; - - newpass = NULL; - tries = 0; -@@ -207,8 +372,11 @@ pam_sm_chauthtok (pam_handle_t *pamh, in - if (options.debug) - pam_syslog (pamh, LOG_DEBUG, "check against old password file"); - -- if (check_old_pass (pamh, user, newpass, -- options.debug) != PAM_SUCCESS) -+ retval = check_old_pass (pamh, user, newpass, options.debug); -+ if (retval == PAM_PWHISTORY_RUN_HELPER) -+ retval = run_check_helper(pamh, user, newpass, options.debug); -+ -+ if (retval != PAM_SUCCESS) - { - if (getuid() || options.enforce_for_root || - (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) -diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.c.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.c ---- Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.c.pwhhelper 2016-05-06 15:18:42.308637957 +0200 -+++ Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.c 2016-05-06 15:18:42.308637957 +0200 -@@ -0,0 +1,209 @@ -+/* -+ * Copyright (c) 2013 Red Hat, Inc. -+ * Author: Tomas Mraz -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, and the entire permission notice in its entirety, -+ * including the disclaimer of warranties. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. The name of the author may not be used to endorse or promote -+ * products derived from this software without specific prior -+ * written permission. -+ * -+ * ALTERNATIVELY, this product may be distributed under the terms of -+ * the GNU Public License, in which case the provisions of the GPL are -+ * required INSTEAD OF the above restrictions. (This clause is -+ * necessary due to a potential bad interaction between the GPL and -+ * the restrictions contained in a BSD-style copyright.) -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include "config.h" -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "opasswd.h" -+ -+#define MAXPASS 200 -+ -+static void -+su_sighandler(int sig) -+{ -+#ifndef SA_RESETHAND -+ /* emulate the behaviour of the SA_RESETHAND flag */ -+ if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) { -+ struct sigaction sa; -+ memset(&sa, '\0', sizeof(sa)); -+ sa.sa_handler = SIG_DFL; -+ sigaction(sig, &sa, NULL); -+ } -+#endif -+ if (sig > 0) { -+ _exit(sig); -+ } -+} -+ -+static void -+setup_signals(void) -+{ -+ struct sigaction action; /* posix signal structure */ -+ -+ /* -+ * Setup signal handlers -+ */ -+ (void) memset((void *) &action, 0, sizeof(action)); -+ action.sa_handler = su_sighandler; -+#ifdef SA_RESETHAND -+ action.sa_flags = SA_RESETHAND; -+#endif -+ (void) sigaction(SIGILL, &action, NULL); -+ (void) sigaction(SIGTRAP, &action, NULL); -+ (void) sigaction(SIGBUS, &action, NULL); -+ (void) sigaction(SIGSEGV, &action, NULL); -+ action.sa_handler = SIG_IGN; -+ action.sa_flags = 0; -+ (void) sigaction(SIGTERM, &action, NULL); -+ (void) sigaction(SIGHUP, &action, NULL); -+ (void) sigaction(SIGINT, &action, NULL); -+ (void) sigaction(SIGQUIT, &action, NULL); -+} -+ -+static int -+read_passwords(int fd, int npass, char **passwords) -+{ -+ int rbytes = 0; -+ int offset = 0; -+ int i = 0; -+ char *pptr; -+ while (npass > 0) -+ { -+ rbytes = read(fd, passwords[i]+offset, MAXPASS-offset); -+ -+ if (rbytes < 0) -+ { -+ if (errno == EINTR) continue; -+ break; -+ } -+ if (rbytes == 0) -+ break; -+ -+ while (npass > 0 && (pptr=memchr(passwords[i]+offset, '\0', rbytes)) -+ != NULL) -+ { -+ rbytes -= pptr - (passwords[i]+offset) + 1; -+ i++; -+ offset = 0; -+ npass--; -+ if (rbytes > 0) -+ { -+ if (npass > 0) -+ memcpy(passwords[i], pptr+1, rbytes); -+ memset(pptr+1, '\0', rbytes); -+ } -+ } -+ offset += rbytes; -+ } -+ -+ /* clear up */ -+ if (offset > 0 && npass > 0) -+ memset(passwords[i], '\0', offset); -+ -+ return i; -+} -+ -+ -+static int -+check_history(const char *user, const char *debug) -+{ -+ char pass[MAXPASS + 1]; -+ char *passwords[] = { pass }; -+ int npass; -+ int dbg = atoi(debug); /* no need to be too fancy here */ -+ int retval; -+ -+ /* read the password from stdin (a pipe from the pam_pwhistory module) */ -+ npass = read_passwords(STDIN_FILENO, 1, passwords); -+ -+ if (npass != 1) -+ { /* is it a valid password? */ -+ helper_log_err(LOG_DEBUG, "no password supplied"); -+ return PAM_AUTHTOK_ERR; -+ } -+ -+ retval = check_old_pass(user, pass, dbg); -+ -+ memset(pass, '\0', MAXPASS); /* clear memory of the password */ -+ -+ return retval; -+} -+ -+static int -+save_history(const char *user, const char *howmany, const char *debug) -+{ -+ int num = atoi(howmany); -+ int dbg = atoi(debug); /* no need to be too fancy here */ -+ int retval; -+ -+ retval = save_old_pass(user, num, dbg); -+ -+ return retval; -+} -+ -+int -+main(int argc, char *argv[]) -+{ -+ const char *option; -+ const char *user; -+ -+ /* -+ * Catch or ignore as many signal as possible. -+ */ -+ setup_signals(); -+ -+ /* -+ * we establish that this program is running with non-tty stdin. -+ * this is to discourage casual use. -+ */ -+ -+ if (isatty(STDIN_FILENO) || argc < 4) -+ { -+ fprintf(stderr, -+ "This binary is not designed for running in this way.\n"); -+ sleep(10); /* this should discourage/annoy the user */ -+ return PAM_SYSTEM_ERR; -+ } -+ -+ option = argv[1]; -+ user = argv[2]; -+ -+ if (strcmp(option, "check") == 0 && argc == 4) -+ return check_history(user, argv[3]); -+ else if (strcmp(option, "save") == 0 && argc == 5) -+ return save_history(user, argv[3], argv[4]); -+ -+ return PAM_SYSTEM_ERR; -+} -+ -diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.8.xml.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.8.xml ---- Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.8.xml.pwhhelper 2016-05-06 15:18:42.308637957 +0200 -+++ Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.8.xml 2016-05-06 15:18:42.308637957 +0200 -@@ -0,0 +1,68 @@ -+ -+ -+ -+ -+ -+ -+ pwhistory_helper -+ 8 -+ Linux-PAM Manual -+ -+ -+ -+ pwhistory_helper -+ Helper binary that transfers password hashes from passwd or shadow to opasswd -+ -+ -+ -+ -+ pwhistory_helper -+ -+ ... -+ -+ -+ -+ -+ -+ -+ DESCRIPTION -+ -+ -+ pwhistory_helper is a helper program for the -+ pam_pwhistory module that transfers password hashes -+ from passwd or shadow file to the opasswd file and checks a password -+ supplied by user against the existing hashes in the opasswd file. -+ -+ -+ -+ The purpose of the helper is to enable tighter confinement of -+ login and password changing services. The helper is thus called only -+ when SELinux is enabled on the system. -+ -+ -+ -+ The interface of the helper - command line options, and input/output -+ data format are internal to the pam_pwhistory -+ module and it should not be called directly from applications. -+ -+ -+ -+ -+ SEE ALSO -+ -+ -+ pam_pwhistory8 -+ -+ -+ -+ -+ -+ AUTHOR -+ -+ Written by Tomas Mraz based on the code originally in -+ pam_pwhistory and pam_unix modules. -+ -+ -+ -+ diff --git a/source/a/pam/fedora-patches/pam-1.3.1-coverity.patch b/source/a/pam/fedora-patches/pam-1.3.1-coverity.patch deleted file mode 100644 index cecf768f6..000000000 --- a/source/a/pam/fedora-patches/pam-1.3.1-coverity.patch +++ /dev/null @@ -1,185 +0,0 @@ -diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c -index 106ef7c..b2e94c7 100644 ---- a/libpam/pam_handlers.c -+++ b/libpam/pam_handlers.c -@@ -282,7 +282,6 @@ _pam_open_config_file(pam_handle_t *pamh - { - char *p; - FILE *f; -- int err = 0; - - /* Absolute path */ - if (service[0] == '/') { -diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c -index be53f34..07dce36 100644 ---- a/libpam_misc/misc_conv.c -+++ b/libpam_misc/misc_conv.c -@@ -211,7 +211,7 @@ static int read_string(int echo, const char *prompt, char **retstr) - line[nc] = '\0'; - } - *retstr = strdup(line); -- _pam_overwrite(line); -+ _pam_overwrite_n(line, sizeof(line)); - if (!*retstr) { - D(("no memory for response string")); - nc = -1; -@@ -244,7 +244,7 @@ static int read_string(int echo, const char *prompt, char **retstr) - D(("the timer appears to have expired")); - - *retstr = NULL; -- _pam_overwrite(line); -+ _pam_overwrite_n(line, sizeof(line)); - - cleanexit: - -diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c -index 80d885d..3801862 100644 ---- a/modules/pam_access/pam_access.c -+++ b/modules/pam_access/pam_access.c -@@ -806,7 +806,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - const char *user=NULL; - const void *void_from=NULL; - const char *from; -- const char const *default_config = PAM_ACCESS_CONFIG; -+ const char * const default_config = PAM_ACCESS_CONFIG; - struct passwd *user_pw; - char hostname[MAXHOSTNAMELEN + 1]; - int rv; -diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c -index 4bc4ae7..f8476b4 100644 ---- a/modules/pam_limits/pam_limits.c -+++ b/modules/pam_limits/pam_limits.c -@@ -342,7 +342,7 @@ static const char *lnames[RLIM_NLIMITS] = { - #endif - }; - --static int str2rlimit(char *name) { -+static int str2rlimit(const char *name) { - int i; - if (!name || *name == '\0') - return -1; -@@ -352,7 +352,7 @@ static int str2rlimit(char *name) { - return -1; - } - --static rlim_t str2rlim_t(char *value) { -+static rlim_t str2rlim_t(const char *value) { - unsigned long long rlimit = 0; - - if (!value) return (rlim_t)rlimit; -@@ -384,7 +384,7 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int - FILE *limitsfile; - const char *proclimits = "/proc/1/limits"; - char line[256]; -- char *units, *hard, *soft, *name; -+ const char *units, *hard, *soft, *name; - - if (!(limitsfile = fopen(proclimits, "r"))) { - pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM defaults", proclimits, strerror(errno)); -diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c -index 96bfd98..66d202c 100644 ---- a/modules/pam_loginuid/pam_loginuid.c -+++ b/modules/pam_loginuid/pam_loginuid.c -@@ -64,7 +64,7 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid) - fd = open("/proc/self/uid_map", O_RDONLY); - if (fd >= 0) { - count = pam_modutil_read(fd, uid_map, sizeof(uid_map)); -- if (strncmp(uid_map, host_uid_map, count) != 0) -+ if (count <= 0 || strncmp(uid_map, host_uid_map, count) != 0) - rc = PAM_IGNORE; - close(fd); - } -diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c -index 9e204c1..4b8d6b7 100644 ---- a/modules/pam_mkhomedir/mkhomedir_helper.c -+++ b/modules/pam_mkhomedir/mkhomedir_helper.c -@@ -232,6 +232,8 @@ create_homedir(const struct passwd *pwd, - { - pam_syslog(NULL, LOG_DEBUG, - "unable to open or stat src file %s: %m", newsource); -+ if (srcfd >= 0) -+ close(srcfd); - closedir(d); - - #ifndef PATH_MAX -diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c -index f541f89..85f5efa 100644 ---- a/modules/pam_namespace/pam_namespace.c -+++ b/modules/pam_namespace/pam_namespace.c -@@ -1418,6 +1418,7 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat * - if (fstat(fd, &newstatbuf) < 0) { - pam_syslog(idata->pamh, LOG_ERR, "Error stating %s, %m", - ipath); -+ close(fd); - rmdir(ipath); - return PAM_SESSION_ERR; - } -diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c -index e6cf346..813f579 100644 ---- a/modules/pam_pwhistory/opasswd.c -+++ b/modules/pam_pwhistory/opasswd.c -@@ -326,6 +326,9 @@ save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid, - n = strlen (buf); - #endif /* HAVE_GETLINE / HAVE_GETDELIM */ - -+ if (n < 1) -+ break; -+ - cp = buf; - save = strdup (buf); /* Copy to write the original data back. */ - if (save == NULL) -@@ -336,9 +339,6 @@ save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid, - goto error_opasswd; - } - -- if (n < 1) -- break; -- - tmp = strchr (cp, '#'); /* remove comments */ - if (tmp) - *tmp = '\0'; -diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c -index 17baabe..a9d9140 100644 ---- a/modules/pam_rootok/pam_rootok.c -+++ b/modules/pam_rootok/pam_rootok.c -@@ -66,14 +66,17 @@ log_callback (int type, const char *fmt, ...) - int audit_fd; - va_list ap; - -- va_start(ap, fmt); - #ifdef HAVE_LIBAUDIT - audit_fd = audit_open(); - - if (audit_fd >= 0) { - char *buf; -+ int ret; - -- if (vasprintf (&buf, fmt, ap) < 0) -+ va_start(ap, fmt); -+ ret = vasprintf (&buf, fmt, ap); -+ va_end(ap); -+ if (ret < 0) - return 0; - audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL, - NULL, 0); -@@ -83,6 +86,7 @@ log_callback (int type, const char *fmt, ...) - } - - #endif -+ va_start(ap, fmt); - vsyslog (LOG_USER | LOG_INFO, fmt, ap); - va_end(ap); - return 0; -diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c -index c653290..f37af0f 100644 ---- a/modules/pam_sepermit/pam_sepermit.c -+++ b/modules/pam_sepermit/pam_sepermit.c -@@ -353,7 +353,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user, - if (*sense == PAM_SUCCESS) { - if (ignore) - *sense = PAM_IGNORE; -- if (geteuid() == 0 && exclusive && get_loginuid(pamh) == -1) -+ if (geteuid() == 0 && exclusive && get_loginuid(pamh) == (uid_t)-1) - if (sepermit_lock(pamh, user, debug) < 0) - *sense = PAM_AUTH_ERR; - } diff --git a/source/a/pam/fedora-patches/pam-1.3.1-motd-multiple-paths.patch b/source/a/pam/fedora-patches/pam-1.3.1-motd-multiple-paths.patch deleted file mode 100644 index a0b069815..000000000 --- a/source/a/pam/fedora-patches/pam-1.3.1-motd-multiple-paths.patch +++ /dev/null @@ -1,755 +0,0 @@ -diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml -index 906c4ed..4e2110c 100644 ---- a/modules/pam_motd/pam_motd.8.xml -+++ b/modules/pam_motd/pam_motd.8.xml -@@ -21,6 +21,9 @@ - - motd=/path/filename - -+ -+ motd_dir=/path/dirname.d -+ - - - -@@ -31,10 +34,49 @@ - - pam_motd is a PAM module that can be used to display - arbitrary motd (message of the day) files after a successful -- login. By default the /etc/motd file is -- shown. The message size is limited to 64KB. -+ login. By default, pam_motd shows files in the -+ following locations: -+ -+ -+ -+ /etc/motd -+ /run/motd -+ /usr/lib/motd -+ /etc/motd.d/ -+ /run/motd.d/ -+ /usr/lib/motd.d/ -+ -+ -+ -+ Each message size is limited to 64KB. -+ -+ -+ If /etc/motd does not exist, -+ then /run/motd is shown. If -+ /run/motd does not exist, then -+ /usr/lib/motd is shown. -+ -+ -+ Similar overriding behavior applies to the directories. -+ Files in /etc/motd.d/ override files -+ with the same name in /run/motd.d/ and -+ /usr/lib/motd.d/. Files in /run/motd.d/ -+ override files with the same name in /usr/lib/motd.d/. -+ -+ -+ Files the in the directories listed above are displayed in -+ lexicographic order by name. -+ -+ -+ To silence a message, -+ a symbolic link with target /dev/null -+ may be placed in /etc/motd.d with -+ the same filename as the message to be silenced. Example: -+ Creating a symbolic link as follows silences /usr/lib/motd.d/my_motd. -+ -+ -+ ln -s /dev/null /etc/motd.d/my_motd - -- - - - -@@ -47,8 +89,10 @@ - - - -- The /path/filename file is displayed -- as message of the day. -+ The /path/filename file is displayed -+ as message of the day. Multiple paths to try can be -+ specified as a colon-separated list. By default this option -+ is set to /etc/motd:/run/motd:/usr/lib/motd. - - - -@@ -59,16 +103,17 @@ - - - The /path/dirname.d directory is scanned -- and each file contained inside of it is displayed. -+ and each file contained inside of it is displayed. Multiple -+ directories to scan can be specified as a colon-separated list. -+ By default this option is set to /etc/motd.d:/run/motd.d:/usr/lib/motd.d. - - - - - -- When no options are given, the default is to display both -- /etc/motd and the contents of -- /etc/motd.d. Specifying either option (or both) -- will disable this default behavior. -+ When no options are given, the default behavior applies for both -+ options. Specifying either option (or both) will disable the -+ default behavior for both options. - - - -diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c -index cc828d7..ec3ebd5 100644 ---- a/modules/pam_motd/pam_motd.c -+++ b/modules/pam_motd/pam_motd.c -@@ -33,8 +33,8 @@ - */ - - #define PAM_SM_SESSION --#define DEFAULT_MOTD "/etc/motd" --#define DEFAULT_MOTD_D "/etc/motd.d" -+#define DEFAULT_MOTD "/etc/motd:/run/motd:/usr/lib/motd" -+#define DEFAULT_MOTD_D "/etc/motd.d:/run/motd.d:/usr/lib/motd.d" - - #include - #include -@@ -97,12 +97,234 @@ static void try_to_display_directory(pam_handle_t *pamh, const char *dirname) - } - } - -+/* -+ * Split a DELIM-separated string ARG into an array. -+ * Outputs a newly allocated array of strings OUT_ARG_SPLIT -+ * and the number of strings OUT_NUM_STRS. -+ * Returns 0 in case of error, 1 in case of success. -+ */ -+static int pam_split_string(const pam_handle_t *pamh, char *arg, char delim, -+ char ***out_arg_split, uint *out_num_strs) -+{ -+ char *arg_extracted = NULL; -+ const char *arg_ptr = arg; -+ char **arg_split = NULL; -+ char delim_str[2]; -+ int i = 0; -+ uint num_strs = 0; -+ int retval = 0; -+ -+ delim_str[0] = delim; -+ delim_str[1] = '\0'; -+ -+ if (arg == NULL) { -+ goto out; -+ } -+ -+ while (arg_ptr != NULL) { -+ num_strs++; -+ arg_ptr = strchr(arg_ptr + sizeof(const char), delim); -+ } -+ -+ arg_split = (char **)calloc(num_strs, sizeof(char *)); -+ if (arg_split == NULL) { -+ pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate string array"); -+ goto out; -+ } -+ -+ arg_extracted = strtok_r(arg, delim_str, &arg); -+ while (arg_extracted != NULL && i < num_strs) { -+ arg_split[i++] = arg_extracted; -+ arg_extracted = strtok_r(NULL, delim_str, &arg); -+ } -+ -+ retval = 1; -+ -+ out: -+ *out_num_strs = num_strs; -+ *out_arg_split = arg_split; -+ -+ return retval; -+} -+ -+/* Join A_STR and B_STR, inserting a "/" between them if one is not already trailing -+ * in A_STR or beginning B_STR. A pointer to a newly allocated string holding the -+ * joined string is returned in STRP_OUT. -+ * Returns -1 in case of error, or the number of bytes in the joined string in -+ * case of success. */ -+static int join_dir_strings(char **strp_out, const char *a_str, const char *b_str) -+{ -+ int has_sep = 0; -+ int retval = -1; -+ char *join_strp = NULL; -+ -+ if (strp_out == NULL || a_str == NULL || b_str == NULL) { -+ goto out; -+ } -+ if (strlen(a_str) == 0) { -+ goto out; -+ } -+ -+ has_sep = (a_str[strlen(a_str) - 1] == '/') || (b_str[0] == '/'); -+ -+ retval = asprintf(&join_strp, "%s%s%s", a_str, -+ (has_sep == 1) ? "" : "/", b_str); -+ -+ if (retval < 0) { -+ goto out; -+ } -+ -+ *strp_out = join_strp; -+ -+ out: -+ return retval; -+} -+ -+static int compare_strings(const void * a, const void * b) -+{ -+ const char *a_str = *(char **)a; -+ const char *b_str = *(char **)b; -+ -+ if (a_str == NULL && b_str == NULL) { -+ return 0; -+ } -+ else if (a_str == NULL) { -+ return -1; -+ } -+ else if (b_str == NULL) { -+ return 1; -+ } -+ else { -+ return strcmp(a_str, b_str); -+ } -+} -+ -+static int filter_dirents(const struct dirent *d) -+{ -+ return (d->d_type == DT_REG || d->d_type == DT_LNK); -+} -+ -+static void try_to_display_directories_with_overrides(pam_handle_t *pamh, -+ char **motd_dir_path_split, int num_motd_dirs) -+{ -+ struct dirent ***dirscans = NULL; -+ int *dirscans_sizes = NULL; -+ int dirscans_size_total = 0; -+ char **dirnames_all = NULL; -+ int i; -+ int i_dirnames = 0; -+ -+ if (pamh == NULL || motd_dir_path_split == NULL) { -+ goto out; -+ } -+ if (num_motd_dirs < 1) { -+ goto out; -+ } -+ -+ if ((dirscans = (struct dirent ***)calloc(num_motd_dirs, -+ sizeof(struct dirent **))) == NULL) { -+ pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirent arrays"); -+ goto out; -+ } -+ if ((dirscans_sizes = (int *)calloc(num_motd_dirs, sizeof(int))) == NULL) { -+ pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirent array sizes"); -+ goto out; -+ } -+ -+ for (i = 0; i < num_motd_dirs; i++) { -+ dirscans_sizes[i] = scandir(motd_dir_path_split[i], &(dirscans[i]), -+ filter_dirents, alphasort); -+ if (dirscans_sizes[i] < 0) { -+ pam_syslog(pamh, LOG_ERR, "pam_motd: error scanning directory %s", motd_dir_path_split[i]); -+ dirscans_sizes[i] = 0; -+ } -+ dirscans_size_total += dirscans_sizes[i]; -+ } -+ -+ /* Allocate space for all file names found in the directories, including duplicates. */ -+ if ((dirnames_all = (char **)calloc(dirscans_size_total, -+ sizeof(char *))) == NULL) { -+ pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirname array"); -+ goto out; -+ } -+ -+ for (i = 0; i < dirscans_size_total; i++) { -+ dirnames_all[i] = NULL; -+ } -+ -+ for (i = 0; i < num_motd_dirs; i++) { -+ int j; -+ -+ for (j = 0; j < dirscans_sizes[i]; j++) { -+ dirnames_all[i_dirnames] = dirscans[i][j]->d_name; -+ i_dirnames++; -+ } -+ } -+ -+ qsort(dirnames_all, dirscans_size_total, -+ sizeof(const char *), compare_strings); -+ -+ for (i = 0; i < dirscans_size_total; i++) { -+ int j; -+ -+ if (dirnames_all[i] == NULL) { -+ continue; -+ } -+ -+ /* Skip duplicate file names. */ -+ if (i > 0 && strcmp(dirnames_all[i], dirnames_all[i - 1]) == 0) { -+ continue; -+ } -+ -+ for (j = 0; j < num_motd_dirs; j++) { -+ char *abs_path = NULL; -+ -+ if (join_dir_strings(&abs_path, motd_dir_path_split[j], -+ dirnames_all[i]) < 0) { -+ continue; -+ } -+ -+ if (abs_path != NULL) { -+ int fd = open(abs_path, O_RDONLY, 0); -+ if (fd >= 0) { -+ try_to_display_fd(pamh, fd); -+ close(fd); -+ -+ /* We displayed a file, skip to the next file name. */ -+ break; -+ } -+ } -+ _pam_drop(abs_path); -+ } -+ } -+ -+ out: -+ _pam_drop(dirnames_all); -+ for (i = 0; i < num_motd_dirs; i++) { -+ int j; -+ for (j = 0; j < dirscans_sizes[i]; j++) { -+ _pam_drop(dirscans[i][j]); -+ } -+ _pam_drop(dirscans[i]); -+ } -+ _pam_drop(dirscans_sizes); -+ _pam_drop(dirscans); -+ -+ return; -+} -+ - int pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - int retval = PAM_IGNORE; - const char *motd_path = NULL; -+ char *motd_path_copy = NULL; -+ int num_motd_paths = 0; -+ char **motd_path_split = NULL; - const char *motd_dir_path = NULL; -+ char *motd_dir_path_copy = NULL; -+ int num_motd_dir_paths = 0; -+ char **motd_dir_path_split = NULL; - - if (flags & PAM_SILENT) { - return retval; -@@ -141,16 +363,52 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, - } - - if (motd_path != NULL) { -- int fd = open(motd_path, O_RDONLY, 0); -+ motd_path_copy = strdup(motd_path); -+ } -+ -+ if (motd_path_copy != NULL) { -+ if (pam_split_string(pamh, motd_path_copy, ':', -+ &motd_path_split, &num_motd_paths) == 0) { -+ goto out; -+ } -+ } -+ -+ if (motd_dir_path != NULL) { -+ motd_dir_path_copy = strdup(motd_dir_path); -+ } - -- if (fd >= 0) { -- try_to_display_fd(pamh, fd); -- close(fd); -+ if (motd_dir_path_copy != NULL) { -+ if (pam_split_string(pamh, motd_dir_path_copy, ':', -+ &motd_dir_path_split, &num_motd_dir_paths) == 0) { -+ goto out; - } - } - -- if (motd_dir_path != NULL) -- try_to_display_directory(pamh, motd_dir_path); -+ if (motd_path_split != NULL) { -+ int i; -+ -+ for (i = 0; i < num_motd_paths; i++) { -+ int fd = open(motd_path_split[i], O_RDONLY, 0); -+ -+ if (fd >= 0) { -+ try_to_display_fd(pamh, fd); -+ close(fd); -+ -+ /* We found and displayed a file, move onto next filename. */ -+ break; -+ } -+ } -+ } -+ -+ if (motd_dir_path_split != NULL) -+ try_to_display_directories_with_overrides(pamh, motd_dir_path_split, -+ num_motd_dir_paths); -+ -+ out: -+ _pam_drop(motd_path_copy); -+ _pam_drop(motd_path_split); -+ _pam_drop(motd_dir_path_copy); -+ _pam_drop(motd_dir_path_split); - - return retval; - } -diff --git a/xtests/Makefile.am b/xtests/Makefile.am -index a6d6f8d..4d5aba3 100644 ---- a/xtests/Makefile.am -+++ b/xtests/Makefile.am -@@ -32,7 +32,10 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ - tst-pam_substack5.pamd tst-pam_substack5a.pamd tst-pam_substack5.sh \ - tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh \ - tst-pam_pwhistory1.pamd tst-pam_pwhistory1.sh \ -- tst-pam_time1.pamd time.conf -+ tst-pam_time1.pamd time.conf \ -+ tst-pam_motd.sh tst-pam_motd1.sh tst-pam_motd2.sh \ -+ tst-pam_motd3.sh tst-pam_motd4.sh tst-pam_motd1.pamd \ -+ tst-pam_motd2.pamd tst-pam_motd3.pamd tst-pam_motd4.pamd - - XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ - tst-pam_dispatch4 tst-pam_dispatch5 \ -@@ -41,7 +44,7 @@ XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ - tst-pam_access1 tst-pam_access2 tst-pam_access3 \ - tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ - tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \ -- tst-pam_pwhistory1 tst-pam_time1 -+ tst-pam_pwhistory1 tst-pam_time1 tst-pam_motd - - NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \ - tst-pam_substack4 tst-pam_substack5 tst-pam_assemble_line1 -diff --git a/xtests/tst-pam_motd.c b/xtests/tst-pam_motd.c -new file mode 100644 -index 0000000..bba2f9d ---- /dev/null -+++ b/xtests/tst-pam_motd.c -@@ -0,0 +1,69 @@ -+/* -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, and the entire permission notice in its entirety, -+ * including the disclaimer of warranties. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. The name of the author may not be used to endorse or promote -+ * products derived from this software without specific prior -+ * written permission. -+ * -+ * ALTERNATIVELY, this product may be distributed under the terms of -+ * the GNU Public License, in which case the provisions of the GPL are -+ * required INSTEAD OF the above restrictions. (This clause is -+ * necessary due to a potential bad interaction between the GPL and -+ * the restrictions contained in a BSD-style copyright.) -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#ifdef HAVE_CONFIG_H -+#include -+#endif -+ -+#include -+#include -+#include -+#include -+ -+static struct pam_conv conv = { -+ misc_conv, -+ NULL -+}; -+ -+int main(int argc, char *argv[]) -+{ -+ pam_handle_t *pamh=NULL; -+ char *tst_arg = NULL; -+ int retval; -+ -+ if (argc > 1) -+ tst_arg = argv[1]; -+ -+ retval = pam_start(tst_arg, NULL, &conv, &pamh); -+ -+ retval = pam_open_session(pamh, 0); -+ -+ retval = pam_close_session(pamh, 0); -+ -+ if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */ -+ pamh = NULL; -+ exit(1); -+ } -+ -+ return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */ -+} -diff --git a/xtests/tst-pam_motd.sh b/xtests/tst-pam_motd.sh -new file mode 100755 -index 0000000..9080128 ---- /dev/null -+++ b/xtests/tst-pam_motd.sh -@@ -0,0 +1,8 @@ -+#!/bin/bash -+ -+set -e -+ -+./tst-pam_motd1.sh -+./tst-pam_motd2.sh -+./tst-pam_motd3.sh -+./tst-pam_motd4.sh -diff --git a/xtests/tst-pam_motd1.pamd b/xtests/tst-pam_motd1.pamd -new file mode 100644 -index 0000000..ddea82c ---- /dev/null -+++ b/xtests/tst-pam_motd1.pamd -@@ -0,0 +1,3 @@ -+#%PAM-1.0 -+session required pam_permit.so -+session optional pam_motd.so motd=tst-pam_motd1.d/etc/motd motd_dir=tst-pam_motd1.d/etc/motd.d -diff --git a/xtests/tst-pam_motd1.sh b/xtests/tst-pam_motd1.sh -new file mode 100755 -index 0000000..cc88854 ---- /dev/null -+++ b/xtests/tst-pam_motd1.sh -@@ -0,0 +1,36 @@ -+#!/bin/bash -+ -+TST_DIR="tst-pam_motd1.d" -+ -+function tst_cleanup() { -+ rm -rf "${TST_DIR}" -+ rm -f tst-pam_motd1.out -+} -+ -+mkdir -p ${TST_DIR} -+mkdir -p ${TST_DIR}/etc/motd.d -+ -+# Verify the case of single motd and motd.d directory works -+echo "motd: /etc/motd" > ${TST_DIR}/etc/motd -+echo "motd: /etc/motd.d/test" > ${TST_DIR}/etc/motd.d/test -+ -+./tst-pam_motd tst-pam_motd1 > tst-pam_motd1.out -+ -+RET=$? -+ -+motd_to_show_output=$(cat tst-pam_motd1.out | grep "motd: /etc/motd") -+if [ -z "${motd_to_show_output}" ]; -+then -+ tst_cleanup -+ exit 1 -+fi -+ -+motd_dir_to_show_output=$(cat tst-pam_motd1.out | grep "motd: /etc/motd.d/test") -+if [ -z "${motd_dir_to_show_output}" ]; -+then -+ tst_cleanup -+ exit 1 -+fi -+ -+tst_cleanup -+exit $RET -diff --git a/xtests/tst-pam_motd2.pamd b/xtests/tst-pam_motd2.pamd -new file mode 100644 -index 0000000..8200191 ---- /dev/null -+++ b/xtests/tst-pam_motd2.pamd -@@ -0,0 +1,3 @@ -+#%PAM-1.0 -+session required pam_permit.so -+session optional pam_motd.so motd=tst-pam_motd2.d/etc/motd:tst-pam_motd2.d/run/motd:tst-pam_motd2.d/usr/lib/motd motd_dir=tst-pam_motd2.d/etc/motd.d:tst-pam_motd2.d/run/motd.d:tst-pam_motd2.d/usr/lib/motd.d -diff --git a/xtests/tst-pam_motd2.sh b/xtests/tst-pam_motd2.sh -new file mode 100755 -index 0000000..d26ea92 ---- /dev/null -+++ b/xtests/tst-pam_motd2.sh -@@ -0,0 +1,53 @@ -+#!/bin/bash -+ -+TST_DIR="tst-pam_motd2.d" -+ -+function tst_cleanup() { -+ rm -rf "${TST_DIR}" -+ rm -f tst-pam_motd2.out -+} -+ -+mkdir -p ${TST_DIR} -+mkdir -p ${TST_DIR}/etc/motd.d -+mkdir -p ${TST_DIR}/run/motd.d -+mkdir -p ${TST_DIR}/usr/lib/motd.d -+ -+echo "motd: /etc/motd" > ${TST_DIR}/etc/motd -+echo "motd: /run/motd" > ${TST_DIR}/run/motd -+echo "motd: /usr/lib/motd" > ${TST_DIR}/usr/lib/motd -+ -+# Drop a motd file in test directories such that every overriding -+# condition (for 3 directories in this case) will be seen. -+echo "motd: e0r0u1 in usr/lib - will show" > ${TST_DIR}/usr/lib/motd.d/e0r0u1.motd -+echo "motd: e0r1u0 in run - will show" > ${TST_DIR}/run/motd.d/e0r1u0.motd -+echo "motd: e0r1u1 in usr/lib - not show" > ${TST_DIR}/usr/lib/motd.d/e0r1u1.motd -+echo "motd: e0r1u1 in run - will show" > ${TST_DIR}/run/motd.d/e0r1u1.motd -+echo "motd: e1r0u0 in etc - will show" > ${TST_DIR}/etc/motd.d/e1r0u0.motd -+echo "motd: e1r0u1 in usr/lib - not show" > ${TST_DIR}/usr/lib/motd.d/e1r0u1.motd -+echo "motd: e1r0u1 in etc - will show" > ${TST_DIR}/etc/motd.d/e1r0u1.motd -+echo "motd: e1r1u0 in run - not show" > ${TST_DIR}/run/motd.d/e1r1u0.motd -+echo "motd: e1r1u0 in etc - will show" > ${TST_DIR}/etc/motd.d/e1r1u0.motd -+echo "motd: e1r1u1 in usr/lib - not show" > ${TST_DIR}/usr/lib/motd.d/e1r1u1.motd -+echo "motd: e1r1u1 in run - not show" > ${TST_DIR}/run/motd.d/e1r1u1.motd -+echo "motd: e1r1u1 in etc - will show" > ${TST_DIR}/etc/motd.d/e1r1u1.motd -+ -+./tst-pam_motd tst-pam_motd2 > tst-pam_motd2.out -+ -+RET=$? -+ -+motd_to_show_output=$(cat tst-pam_motd2.out | grep "motd: /etc/motd") -+if [ -z "${motd_to_show_output}" ]; -+then -+ tst_cleanup -+ exit 1 -+fi -+ -+motd_dir_not_show_output=$(cat tst-pam_motd2.out | grep "not show") -+if [ -n "${motd_dir_not_show_output}" ]; -+then -+ tst_cleanup -+ exit 1 -+fi -+ -+tst_cleanup -+exit $RET -diff --git a/xtests/tst-pam_motd3.pamd b/xtests/tst-pam_motd3.pamd -new file mode 100644 -index 0000000..a8b8cbf ---- /dev/null -+++ b/xtests/tst-pam_motd3.pamd -@@ -0,0 +1,3 @@ -+#%PAM-1.0 -+session required pam_permit.so -+session optional pam_motd.so motd=tst-pam_motd3.d/etc/motd:tst-pam_motd3.d/run/motd:tst-pam_motd3.d/usr/lib/motd motd_dir=tst-pam_motd3.d/etc/motd.d:tst-pam_motd3.d/run/motd.d:tst-pam_motd3.d/usr/lib/motd.d -diff --git a/xtests/tst-pam_motd3.sh b/xtests/tst-pam_motd3.sh -new file mode 100755 -index 0000000..e18856b ---- /dev/null -+++ b/xtests/tst-pam_motd3.sh -@@ -0,0 +1,53 @@ -+#!/bin/bash -+ -+TST_DIR="tst-pam_motd3.d" -+ -+function tst_cleanup() { -+ rm -rf "${TST_DIR}" -+ rm -f tst-pam_motd3.out -+} -+ -+mkdir -p ${TST_DIR} -+mkdir -p ${TST_DIR}/etc/motd.d -+mkdir -p ${TST_DIR}/run/motd.d -+mkdir -p ${TST_DIR}/usr/lib/motd.d -+ -+# Verify motd is still displayed when not overridden -+echo "motd: test-show in run - show" > ${TST_DIR}/run/motd.d/test-show.motd -+ -+# Test overridden by a symlink to a file that isn't /dev/null; symlink target should show -+echo "motd: hidden-by-symlink in usr/lib - not show" > ${TST_DIR}/usr/lib/motd.d/hidden-by-symlink.motd -+echo "motd: test-from-symlink - show" > ${TST_DIR}/test-from-symlink.motd -+ln -sr ${TST_DIR}/test-from-symlink.motd ${TST_DIR}/run/motd.d/hidden-by-symlink.motd -+ -+# Test hidden by a null symlink -+echo "motd: hidden-by-null-symlink in run - not show" > ${TST_DIR}/run/motd.d/hidden-by-null-symlink.motd -+ln -s /dev/null ${TST_DIR}/etc/motd.d/hidden-by-null-symlink.motd -+ -+./tst-pam_motd tst-pam_motd3 > tst-pam_motd3.out -+ -+RET=$? -+ -+motd_dir_not_show_output=$(cat tst-pam_motd3.out | grep "not show") -+if [ -n "${motd_dir_not_show_output}" ]; -+then -+ tst_cleanup -+ exit 1 -+fi -+ -+motd_test_show_output=$(cat tst-pam_motd3.out | grep "test-show.*- show") -+if [ -z "${motd_test_show_output}" ]; -+then -+ tst_cleanup -+ exit 1 -+fi -+ -+motd_general_symlink_show_output=$(cat tst-pam_motd3.out | grep "test-from-symlink.*- show") -+if [ -z "${motd_general_symlink_show_output}" ]; -+then -+ tst_cleanup -+ exit 1 -+fi -+ -+tst_cleanup -+exit $RET -diff --git a/xtests/tst-pam_motd4.pamd b/xtests/tst-pam_motd4.pamd -new file mode 100644 -index 0000000..9dc311a ---- /dev/null -+++ b/xtests/tst-pam_motd4.pamd -@@ -0,0 +1,3 @@ -+#%PAM-1.0 -+session required pam_permit.so -+session optional pam_motd.so motd=tst-pam_motd4.d/etc/motd -diff --git a/xtests/tst-pam_motd4.sh b/xtests/tst-pam_motd4.sh -new file mode 100755 -index 0000000..6022177 ---- /dev/null -+++ b/xtests/tst-pam_motd4.sh -@@ -0,0 +1,27 @@ -+#!/bin/bash -+ -+TST_DIR="tst-pam_motd4.d" -+ -+function tst_cleanup() { -+ rm -rf "${TST_DIR}" -+ rm -f tst-pam_motd4.out -+} -+ -+mkdir -p ${TST_DIR}/etc -+ -+# Verify the case of single motd with no motd_dir given in tst-pam_motd4.pamd -+echo "motd: /etc/motd" > ${TST_DIR}/etc/motd -+ -+./tst-pam_motd tst-pam_motd4 > tst-pam_motd4.out -+ -+RET=$? -+ -+motd_to_show_output=$(cat tst-pam_motd4.out | grep "motd: /etc/motd") -+if [ -z "${motd_to_show_output}" ]; -+then -+ tst_cleanup -+ exit 1 -+fi -+ -+tst_cleanup -+exit $RET diff --git a/source/a/pam/fedora-patches/pam-1.3.1-noflex.patch b/source/a/pam/fedora-patches/pam-1.3.1-noflex.patch deleted file mode 100644 index c65d22537..000000000 --- a/source/a/pam/fedora-patches/pam-1.3.1-noflex.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up Linux-PAM-1.3.1/doc/Makefile.am.noflex Linux-PAM-1.3.1/doc/Makefile.am ---- Linux-PAM-1.3.1/doc/Makefile.am.noflex 2017-02-10 11:10:15.000000000 +0100 -+++ Linux-PAM-1.3.1/doc/Makefile.am 2018-05-18 14:53:50.300997606 +0200 -@@ -2,7 +2,7 @@ - # Copyright (c) 2005, 2006 Thorsten Kukuk - # - --SUBDIRS = man specs sag adg mwg -+SUBDIRS = man sag adg mwg - - CLEANFILES = *~ - -diff -up Linux-PAM-1.3.1/Makefile.am.noflex Linux-PAM-1.3.1/Makefile.am ---- Linux-PAM-1.3.1/Makefile.am.noflex 2018-05-18 14:53:50.301997629 +0200 -+++ Linux-PAM-1.3.1/Makefile.am 2018-05-18 14:55:31.576353800 +0200 -@@ -4,7 +4,7 @@ - - AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 dist-xz check-news - --SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests -+SUBDIRS = libpam tests libpamc libpam_misc modules po doc examples xtests - - CLEANFILES = *~ - diff --git a/source/a/pam/fedora-patches/pam-1.3.1-redhat-modules.patch b/source/a/pam/fedora-patches/pam-1.3.1-redhat-modules.patch deleted file mode 100644 index 4d3f37414..000000000 --- a/source/a/pam/fedora-patches/pam-1.3.1-redhat-modules.patch +++ /dev/null @@ -1,78 +0,0 @@ -diff -up Linux-PAM-1.3.1/configure.ac.redhat-modules Linux-PAM-1.3.1/configure.ac ---- Linux-PAM-1.3.1/configure.ac.redhat-modules 2018-05-18 12:57:57.000000000 +0200 -+++ Linux-PAM-1.3.1/configure.ac 2018-11-26 12:58:14.623545121 +0100 -@@ -611,10 +611,12 @@ AC_CONFIG_FILES([Makefile libpam/Makefil - libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \ - po/Makefile.in \ - modules/Makefile \ -+ modules/pam_chroot/Makefile modules/pam_console/Makefile \ -+ modules/pam_postgresok/Makefile \ - modules/pam_access/Makefile modules/pam_cracklib/Makefile \ - modules/pam_debug/Makefile modules/pam_deny/Makefile \ - modules/pam_echo/Makefile modules/pam_env/Makefile \ -- modules/pam_faildelay/Makefile \ -+ modules/pam_faildelay/Makefile modules/pam_faillock/Makefile \ - modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \ - modules/pam_ftp/Makefile modules/pam_group/Makefile \ - modules/pam_issue/Makefile modules/pam_keyinit/Makefile \ -diff -up Linux-PAM-1.3.1/doc/sag/pam_faillock.xml.redhat-modules Linux-PAM-1.3.1/doc/sag/pam_faillock.xml ---- Linux-PAM-1.3.1/doc/sag/pam_faillock.xml.redhat-modules 2018-11-26 12:58:14.623545121 +0100 -+++ Linux-PAM-1.3.1/doc/sag/pam_faillock.xml 2018-11-26 12:58:14.623545121 +0100 -@@ -0,0 +1,38 @@ -+ -+ -+
-+ pam_faillock - temporarily locking access based on failed authentication attempts during an interval -+ -+ -+ -+ -+ -+ -+
-+ -+
-+
-+ -+
-+
-+ -+
-+
-+ -+
-+
-+ -+
-+
-+ -+
-+
-diff -up Linux-PAM-1.3.1/modules/Makefile.am.redhat-modules Linux-PAM-1.3.1/modules/Makefile.am ---- Linux-PAM-1.3.1/modules/Makefile.am.redhat-modules 2017-02-10 11:10:15.000000000 +0100 -+++ Linux-PAM-1.3.1/modules/Makefile.am 2018-11-26 12:58:14.623545121 +0100 -@@ -3,13 +3,14 @@ - # - - SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \ -+ pam_chroot pam_console pam_postgresok pam_faillock \ - pam_env pam_exec pam_faildelay pam_filter pam_ftp \ - pam_group pam_issue pam_keyinit pam_lastlog pam_limits \ - pam_listfile pam_localuser pam_loginuid pam_mail \ - pam_mkhomedir pam_motd pam_namespace pam_nologin \ - pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \ - pam_selinux pam_sepermit pam_shells pam_stress \ -- pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \ -+ pam_succeed_if pam_time pam_timestamp \ - pam_tty_audit pam_umask \ - pam_unix pam_userdb pam_warn pam_wheel pam_xauth - diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch deleted file mode 100644 index bff9d47ea..000000000 --- a/source/a/pam/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch +++ /dev/null @@ -1,34 +0,0 @@ -From f7abb8c1ef3aa31e6c2564a8aaf69683a77c2016 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= -Date: Thu, 15 Nov 2018 15:01:57 +0100 -Subject: [PATCH] pam_unix: Use bcrypt b-variant for computing new hashes. - -Bcrypt hashes used the "$2a$" prefix since 1997. -However, in 2011 an implementation bug was discovered in bcrypt -affecting the handling of characters in passphrases with the 8th -bit set. - -Besides fixing the bug, OpenBSD 5.5 introduced the "$2b$" prefix -for a behavior that exactly matches crypt_blowfish's "$2y$", and -the crypt_blowfish implementation supports it as well since v1.1. - -That said new computed bcrypt hashes should use the "$2b$" prefix. - -* modules/pam_unix/passverify.c: Use bcrypt b-variant. ---- - modules/pam_unix/passverify.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c -index 9c1771e2..1f433b3a 100644 ---- a/modules/pam_unix/passverify.c -+++ b/modules/pam_unix/passverify.c -@@ -385,7 +385,7 @@ PAMH_ARG_DECL(char * create_password_hash, - /* algoid = "$1" */ - return crypt_md5_wrapper(password); - } else if (on(UNIX_BLOWFISH_PASS, ctrl)) { -- algoid = "$2a$"; -+ algoid = "$2b$"; - } else if (on(UNIX_SHA256_PASS, ctrl)) { - algoid = "$5$"; - } else if (on(UNIX_SHA512_PASS, ctrl)) { diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch deleted file mode 100644 index 5cbc35b03..000000000 --- a/source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 86eed7ca01864b9fd17099e57f10f2b9b6b568a1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= -Date: Mon, 26 Nov 2018 22:33:17 +0100 -Subject: [PATCH] pam_unix: Report unusable hashes found by checksalt to - syslog. - -libxcrypt can be build-time configured to support (or not support) -various hashing methods. Future versions will also have support for -runtime configuration by the system's vendor and/or administrator. - -For that reason adminstrator should be notified by pam if users cannot -log into their account anymore because of such a change in the system's -configuration of libxcrypt. - -Also check for malformed hashes, like descrypt hashes starting with -"$2...", which might have been generated by unsafe base64 encoding -functions as used in glibc <= 2.16. -Such hashes are likely to be rejected by many recent implementations -of libcrypt. - -* modules/pam_unix/passverify.c (verify_pwd_hash): Report unusable -hashes found by checksalt to syslog. ---- - modules/pam_unix/passverify.c | 36 +++++++++++++++++++++++++++++++++++ - 1 file changed, 36 insertions(+) - -diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c -index eb2444bb..2c808eb5 100644 ---- a/modules/pam_unix/passverify.c -+++ b/modules/pam_unix/passverify.c -@@ -103,6 +103,42 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) - * Ok, we don't know the crypt algorithm, but maybe - * libcrypt knows about it? We should try it. - */ -+#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE -+ /* Get the status of the hash from checksalt */ -+ int retval_checksalt = crypt_checksalt(hash); -+ -+ /* -+ * Check for hashing methods that are disabled by -+ * libcrypt configuration and/or system preset. -+ */ -+ if (retval_checksalt == CRYPT_SALT_METHOD_DISABLED) { -+ /* -+ * pam_syslog() needs a pam handle, -+ * but that's not available here. -+ */ -+ helper_log_err(LOG_ERR, -+ "pam_unix(verify_pwd_hash): The method " -+ "for computing the hash \"%.6s\" has been " -+ "disabled in libcrypt by the preset from " -+ "the system's vendor and/or administrator.", -+ hash); -+ } -+ /* -+ * Check for malformed hashes, like descrypt hashes -+ * starting with "$2...", which might have been -+ * generated by unsafe base64 encoding functions -+ * as used in glibc <= 2.16. -+ * Such hashes are likely to be rejected by many -+ * recent implementations of libcrypt. -+ */ -+ if (retval_checksalt == CRYPT_SALT_INVALID) { -+ helper_log_err(LOG_ERR, -+ "pam_unix(verify_pwd_hash): The hash \"%.6s\"" -+ "does not use a method known by the version " -+ "of libcrypt this system is supplied with.", -+ hash); -+ } -+#endif - #ifdef HAVE_CRYPT_R - struct crypt_data *cdata; - cdata = malloc(sizeof(*cdata)); diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch deleted file mode 100644 index 0a74e940e..000000000 --- a/source/a/pam/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 62425bf2a0c72d0e23139d0b285547a7add26251 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= -Date: Thu, 15 Nov 2018 19:49:44 +0100 -Subject: [PATCH] pam_unix: Add support for crypt_checksalt, if libcrypt - supports it. - -libxcrypt v4.3 has added the crypt_checksalt function to whether -the prefix at the begining of a given hash string refers to a -supported hashing method. - -Future revisions of this function will add support to check whether -the hashing method, the prefix refers to, was disabled or considered -deprecated by the system's factory presets or system administrator. -Furthermore it will be able to detect whether the parameters, which -are used by the corresponding hashing method, being encoded in the -hash string are not considered to be strong enough anymore. - -*modules/pam_unix/passverify.c: Add support for crypt_checksalt. ---- - modules/pam_unix/passverify.c | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c -index 1f433b3a..6132130a 100644 ---- a/modules/pam_unix/passverify.c -+++ b/modules/pam_unix/passverify.c -@@ -244,7 +244,13 @@ PAMH_ARG_DECL(int check_shadow_expiry, - D(("account expired")); - return PAM_ACCT_EXPIRED; - } -+#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE -+ if (spent->sp_lstchg == 0 || -+ crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_METHOD_LEGACY || -+ crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_TOO_CHEAP) { -+#else - if (spent->sp_lstchg == 0) { -+#endif - D(("need a new password")); - *daysleft = 0; - return PAM_NEW_AUTHTOK_REQD; diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch deleted file mode 100644 index 41733ae04..000000000 --- a/source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch +++ /dev/null @@ -1,104 +0,0 @@ -From d8d11db2cef65da5d2afa7acf21aa9c8cd88abed Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Tue, 27 Nov 2018 16:11:03 +0100 -Subject: [PATCH] pam_unix: Use pam_syslog instead of helper_log_err. - -* modules/pam_unix/passverify.c (verify_pwd_hash): Add pamh argument via - PAMH_ARG_DECL. Call pam_syslog() instead of helper_log_err(). -* modules/pam_unix/passverify.h: Adjust the declaration of verify_pwd_hash(). -* modules/pam_unix/support.c (_unix_verify_password): Add the pamh argument - to verify_pwd_hash() call. ---- - modules/pam_unix/passverify.c | 24 +++++++++++++----------- - modules/pam_unix/passverify.h | 6 +++--- - modules/pam_unix/support.c | 2 +- - 3 files changed, 17 insertions(+), 15 deletions(-) - -diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c -index 2c808eb5..80e32767 100644 ---- a/modules/pam_unix/passverify.c -+++ b/modules/pam_unix/passverify.c -@@ -65,8 +65,8 @@ strip_hpux_aging(char *hash) - } - } - --int --verify_pwd_hash(const char *p, char *hash, unsigned int nullok) -+PAMH_ARG_DECL(int verify_pwd_hash, -+ const char *p, char *hash, unsigned int nullok) - { - size_t hash_len; - char *pp = NULL; -@@ -116,11 +116,10 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) - * pam_syslog() needs a pam handle, - * but that's not available here. - */ -- helper_log_err(LOG_ERR, -- "pam_unix(verify_pwd_hash): The method " -- "for computing the hash \"%.6s\" has been " -- "disabled in libcrypt by the preset from " -- "the system's vendor and/or administrator.", -+ pam_syslog(pamh, LOG_ERR, -+ "The support for password hash \"%.6s\" " -+ "has been disabled in libcrypt " -+ "configuration.", - hash); - } - /* -@@ -132,12 +131,15 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) - * recent implementations of libcrypt. - */ - if (retval_checksalt == CRYPT_SALT_INVALID) { -- helper_log_err(LOG_ERR, -- "pam_unix(verify_pwd_hash): The hash \"%.6s\"" -- "does not use a method known by the version " -- "of libcrypt this system is supplied with.", -+ pam_syslog(pamh, LOG_ERR, -+ "The password hash \"%.6s\" is unknown to " -+ "libcrypt.", - hash); - } -+#else -+#ifndef HELPER_COMPILE -+ (void)pamh; -+#endif - #endif - #ifdef HAVE_CRYPT_R - struct crypt_data *cdata; -diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h -index 086c28ac..e9a88fbf 100644 ---- a/modules/pam_unix/passverify.h -+++ b/modules/pam_unix/passverify.h -@@ -12,9 +12,6 @@ - - #define OLD_PASSWORDS_FILE "/etc/security/opasswd" - --int --verify_pwd_hash(const char *p, char *hash, unsigned int nullok); -- - int - is_pwd_shadowed(const struct passwd *pwd); - -@@ -65,6 +62,9 @@ read_passwords(int fd, int npass, char **passwords); - #define PAMH_ARG(...) pamh, __VA_ARGS__ - #endif - -+PAMH_ARG_DECL(int verify_pwd_hash, -+ const char *p, char *hash, unsigned int nullok); -+ - PAMH_ARG_DECL(char * create_password_hash, - const char *password, unsigned long long ctrl, int rounds); - -diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c -index 6894288d..ea5594d2 100644 ---- a/modules/pam_unix/support.c -+++ b/modules/pam_unix/support.c -@@ -770,7 +770,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name - } - } - } else { -- retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl)); -+ retval = verify_pwd_hash(pamh, p, salt, off(UNIX__NONULL, ctrl)); - } - - if (retval == PAM_SUCCESS) { diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch deleted file mode 100644 index 8ae4abfd8..000000000 --- a/source/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 05aa693b7db6b818d31e41f0cab1d5fb4f49600e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= -Date: Thu, 15 Nov 2018 15:58:56 +0100 -Subject: [PATCH] pam_unix: Prefer a gensalt function, that supports auto - entropy. - -* modules/pam_unix/pam_unix_passwd.c: Initialize rounds parameter to 0. -* modules/pam_unix/passverify.c: Prefer gensalt with auto entropy. -* modules/pam_unix/support.c: Fix sanitizing of rounds parameter. ---- - modules/pam_unix/pam_unix_passwd.c | 2 +- - modules/pam_unix/passverify.c | 13 +++++++++++++ - modules/pam_unix/support.c | 7 +++++-- - 3 files changed, 19 insertions(+), 3 deletions(-) - -Index: Linux-PAM-1.3.1/modules/pam_unix/pam_unix_passwd.c -=================================================================== ---- Linux-PAM-1.3.1.orig/modules/pam_unix/pam_unix_passwd.c -+++ Linux-PAM-1.3.1/modules/pam_unix/pam_unix_passwd.c -@@ -607,7 +607,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int - unsigned int ctrl, lctrl; - int retval; - int remember = -1; -- int rounds = -1; -+ int rounds = 0; - int pass_min_len = 0; - - /* */ -Index: Linux-PAM-1.3.1/modules/pam_unix/passverify.c -=================================================================== ---- Linux-PAM-1.3.1.orig/modules/pam_unix/passverify.c -+++ Linux-PAM-1.3.1/modules/pam_unix/passverify.c -@@ -375,7 +375,12 @@ PAMH_ARG_DECL(char * create_password_has - const char *password, unsigned int ctrl, int rounds) - { - const char *algoid; -+#if defined(CRYPT_GENSALT_OUTPUT_SIZE) && CRYPT_GENSALT_OUTPUT_SIZE > 64 -+ /* Strings returned by crypt_gensalt_rn will be no longer than this. */ -+ char salt[CRYPT_GENSALT_OUTPUT_SIZE]; -+#else - char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */ -+#endif - char *sp; - #ifdef HAVE_CRYPT_R - struct crypt_data *cdata = NULL; -@@ -406,6 +411,13 @@ PAMH_ARG_DECL(char * create_password_has - return crypted; - } - -+#if defined(CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY) && CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY -+ /* -+ * Any version of libcrypt supporting auto entropy is -+ * guaranteed to have crypt_gensalt_rn(). -+ */ -+ sp = crypt_gensalt_rn(algoid, rounds, NULL, 0, salt, sizeof(salt)); -+#else - #ifdef HAVE_CRYPT_GENSALT_R - if (on(UNIX_BLOWFISH_PASS, ctrl)) { - char entropy[17]; -@@ -423,6 +435,7 @@ PAMH_ARG_DECL(char * create_password_has - #ifdef HAVE_CRYPT_GENSALT_R - } - #endif -+#endif /* CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY */ - #ifdef HAVE_CRYPT_R - sp = NULL; - cdata = malloc(sizeof(*cdata)); -Index: Linux-PAM-1.3.1/modules/pam_unix/support.c -=================================================================== ---- Linux-PAM-1.3.1.orig/modules/pam_unix/support.c -+++ Linux-PAM-1.3.1/modules/pam_unix/support.c -@@ -175,6 +175,7 @@ int _set_ctrl(pam_handle_t *pamh, int fl - - if (val) { - *rounds = strtol(val, NULL, 10); -+ set(UNIX_ALGO_ROUNDS, ctrl); - free (val); - } - } -@@ -254,11 +255,13 @@ int _set_ctrl(pam_handle_t *pamh, int fl - if (*rounds < 4 || *rounds > 31) - *rounds = 5; - } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { -- if ((*rounds < 1000) || (*rounds == INT_MAX)) -+ if ((*rounds < 1000) || (*rounds == INT_MAX)) { - /* don't care about bogus values */ -+ *rounds = 0; - unset(UNIX_ALGO_ROUNDS, ctrl); -- if (*rounds >= 10000000) -+ } else if (*rounds >= 10000000) { - *rounds = 9999999; -+ } - } - } - diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch deleted file mode 100644 index 8755cf602..000000000 --- a/source/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch +++ /dev/null @@ -1,105 +0,0 @@ -Index: Linux-PAM-1.3.1/modules/pam_unix/pam_unix.8.xml -=================================================================== ---- Linux-PAM-1.3.1.orig/modules/pam_unix/pam_unix.8.xml -+++ Linux-PAM-1.3.1/modules/pam_unix/pam_unix.8.xml -@@ -293,11 +293,10 @@ - - - When a user changes their password next, -- encrypt it with the SHA256 algorithm. If the -- SHA256 algorithm is not known to the -+ encrypt it with the SHA256 algorithm. The -+ SHA256 algorithm must be supported by the - crypt3 -- function, -- fall back to MD5. -+ function. - - - -@@ -308,11 +307,10 @@ - - - When a user changes their password next, -- encrypt it with the SHA512 algorithm. If the -- SHA512 algorithm is not known to the -+ encrypt it with the SHA512 algorithm. The -+ SHA512 algorithm must be supported by the - crypt3 -- function, -- fall back to MD5. -+ function. - - - -@@ -323,11 +321,10 @@ - - - When a user changes their password next, -- encrypt it with the blowfish algorithm. If the -- blowfish algorithm is not known to the -+ encrypt it with the blowfish algorithm. The -+ blowfish algorithm must be supported by the - crypt3 -- function, -- fall back to MD5. -+ function. - - - -@@ -338,11 +335,10 @@ - - - When a user changes their password next, -- encrypt it with the gost-yescrypt algorithm. If the -- gost-yescrypt algorithm is not known to the -+ encrypt it with the gost-yescrypt algorithm. The -+ gost-yescrypt algorithm must be supported by the - crypt3 -- function, -- fall back to MD5. -+ function. - - - -@@ -353,11 +349,10 @@ - - - When a user changes their password next, -- encrypt it with the yescrypt algorithm. If the -- yescrypt algorithm is not known to the -+ encrypt it with the yescrypt algorithm. The -+ yescrypt algorithm must be supported by the - crypt3 -- function, -- fall back to MD5. -+ function. - - - -Index: Linux-PAM-1.3.1/modules/pam_unix/passverify.c -=================================================================== ---- Linux-PAM-1.3.1.orig/modules/pam_unix/passverify.c -+++ Linux-PAM-1.3.1/modules/pam_unix/passverify.c -@@ -466,10 +466,9 @@ PAMH_ARG_DECL(char * create_password_has - sp = crypt(password, salt); - #endif - if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) { -- /* libxcrypt/libc doesn't know the algorithm, use MD5 */ -+ /* libxcrypt/libc doesn't know the algorithm, error out */ - pam_syslog(pamh, LOG_ERR, -- "Algo %s not supported by the crypto backend, " -- "falling back to MD5\n", -+ "Algo %s not supported by the crypto backend.\n", - on(UNIX_YESCRYPT_PASS, ctrl) ? "yescrypt" : - on(UNIX_GOST_YESCRYPT_PASS, ctrl) ? "gost_yescrypt" : - on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : -@@ -481,7 +480,7 @@ PAMH_ARG_DECL(char * create_password_has - #ifdef HAVE_CRYPT_R - free(cdata); - #endif -- return crypt_md5_wrapper(password); -+ return NULL; - } - sp = x_strdup(sp); - #ifdef HAVE_CRYPT_R diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch deleted file mode 100644 index 14f285deb..000000000 --- a/source/a/pam/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch +++ /dev/null @@ -1,34 +0,0 @@ -From a2b72aeb86f297d349bc9e6a8f059fedf97a499a Mon Sep 17 00:00:00 2001 -From: "Dmitry V. Levin" -Date: Thu, 31 May 2018 00:20:18 +0000 -Subject: [PATCH] pam_unix: remove obsolete _unix_read_password prototype - -The function was removed by commit Linux-PAM-1.3.0~5 -so the function prototype should go as well. - -* modules/pam_unix/support.h (_unix_read_password): Remove. - -Complements: 7e09188c5dc4 ("pam_unix: Use pam_get_authtok() instead of -direct pam_prompt() calls.") ---- - modules/pam_unix/support.h | 7 ------- - 1 file changed, 7 deletions(-) - -diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h -index b4c279c3..543e9b9f 100644 ---- a/modules/pam_unix/support.h -+++ b/modules/pam_unix/support.h -@@ -164,13 +164,6 @@ extern int _unix_blankpasswd(pam_handle_t *pamh,unsigned int ctrl, - const char *name); - extern int _unix_verify_password(pam_handle_t * pamh, const char *name - ,const char *p, unsigned int ctrl); --extern int _unix_read_password(pam_handle_t * pamh -- ,unsigned int ctrl -- ,const char *comment -- ,const char *prompt1 -- ,const char *prompt2 -- ,const char *data_name -- ,const void **pass); - - extern int _unix_run_verify_binary(pam_handle_t *pamh, - unsigned int ctrl, const char *user, int *daysleft); diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-yescrypt.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-yescrypt.patch deleted file mode 100644 index f04a59ce7..000000000 --- a/source/a/pam/fedora-patches/pam-1.3.1-unix-yescrypt.patch +++ /dev/null @@ -1,479 +0,0 @@ -From 16bd523f85ede9fa9115f80e826f2d803d7e61d4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= -Date: Thu, 15 Nov 2018 16:38:05 +0100 -Subject: [PATCH] pam_unix: Add support for (gost-)yescrypt hashing methods. - -libxcrypt (v4.2 and later) has added support for the yescrypt -hashing method; gost-yescrypt has been added in v4.3. - -* modules/pam_unix/pam_unix.8.xml: Documentation for (gost-)yescrypt. -* modules/pam_unix/pam_unix_acct.c: Use 64 bit type for control flags. -* modules/pam_unix/pam_unix_auth.c: Likewise. -* modules/pam_unix/pam_unix_passwd.c: Likewise. -* modules/pam_unix/pam_unix_sess.c: Likewise. -* modules/pam_unix/passverify.c: Add support for (gost-)yescrypt. -* modules/pam_unix/passverify.h: Use 64 bit type for control flags. -* modules/pam_unix/support.c: Set sane rounds for (gost-)yescrypt. -* modules/pam_unix/support.h: Add support for (gost-)yescrypt. ---- - modules/pam_unix/pam_unix.8.xml | 35 +++++++++- - modules/pam_unix/pam_unix_acct.c | 4 +- - modules/pam_unix/pam_unix_auth.c | 4 +- - modules/pam_unix/pam_unix_passwd.c | 12 ++-- - modules/pam_unix/pam_unix_sess.c | 4 +- - modules/pam_unix/passverify.c | 8 ++- - modules/pam_unix/passverify.h | 2 +- - modules/pam_unix/support.c | 33 ++++++---- - modules/pam_unix/support.h | 101 +++++++++++++++-------------- - 9 files changed, 128 insertions(+), 75 deletions(-) - -diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml -index 1b318f11..cae2aeaa 100644 ---- a/modules/pam_unix/pam_unix.8.xml -+++ b/modules/pam_unix/pam_unix.8.xml -@@ -331,14 +331,45 @@ - - - -+ -+ -+ -+ -+ -+ -+ When a user changes their password next, -+ encrypt it with the gost-yescrypt algorithm. If the -+ gost-yescrypt algorithm is not known to the -+ crypt3 -+ function, -+ fall back to MD5. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ When a user changes their password next, -+ encrypt it with the yescrypt algorithm. If the -+ yescrypt algorithm is not known to the -+ crypt3 -+ function, -+ fall back to MD5. -+ -+ -+ - - - - - - -- Set the optional number of rounds of the SHA256, SHA512 -- and blowfish password hashing algorithms to -+ Set the optional number of rounds of the SHA256, SHA512, -+ blowfish, gost-yescrypt, and yescrypt password hashing -+ algorithms to - n. - - -diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c -index fbc84e2f..d8d084ac 100644 ---- a/modules/pam_unix/pam_unix_acct.c -+++ b/modules/pam_unix/pam_unix_acct.c -@@ -62,7 +62,7 @@ - #include "support.h" - #include "passverify.h" - --int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, -+int _unix_run_verify_binary(pam_handle_t *pamh, unsigned long long ctrl, - const char *user, int *daysleft) - { - int retval=0, child, fds[2]; -@@ -185,7 +185,7 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, - int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) - { -- unsigned int ctrl; -+ unsigned long long ctrl; - const void *void_uname; - const char *uname; - int retval, daysleft; -diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c -index 9d9f709d..905fc66c 100644 ---- a/modules/pam_unix/pam_unix_auth.c -+++ b/modules/pam_unix/pam_unix_auth.c -@@ -96,7 +96,7 @@ setcred_free (pam_handle_t *pamh UNUSED, void *ptr, int err UNUSED) - int - pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) - { -- unsigned int ctrl; -+ unsigned long long ctrl; - int retval, *ret_data = NULL; - const char *name; - const char *p; -@@ -194,7 +194,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, - { - int retval; - const void *pretval = NULL; -- unsigned int ctrl; -+ unsigned long long ctrl; - - D(("called.")); - -diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c -index f2c42513..df4c1233 100644 ---- a/modules/pam_unix/pam_unix_passwd.c -+++ b/modules/pam_unix/pam_unix_passwd.c -@@ -138,7 +138,7 @@ __taddr2port (const struct netconfig *nconf, const struct netbuf *nbuf) - } - #endif - --static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) -+static char *getNISserver(pam_handle_t *pamh, unsigned long long ctrl) - { - char *master; - char *domainname; -@@ -233,7 +233,7 @@ static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) - - #ifdef WITH_SELINUX - --static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user, -+static int _unix_run_update_binary(pam_handle_t *pamh, unsigned long long ctrl, const char *user, - const char *fromwhat, const char *towhat, int remember) - { - int retval, child, fds[2]; -@@ -388,7 +388,7 @@ static int check_old_password(const char *forwho, const char *newpass) - - static int _do_setpass(pam_handle_t* pamh, const char *forwho, - const char *fromwhat, -- char *towhat, unsigned int ctrl, int remember) -+ char *towhat, unsigned long long ctrl, int remember) - { - struct passwd *pwd = NULL; - int retval = 0; -@@ -512,7 +512,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, - return retval; - } - --static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned int ctrl) -+static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned long long ctrl) - { - struct passwd *pwent = NULL; /* Password and shadow password */ - struct spwd *spent = NULL; /* file entries for the user */ -@@ -542,7 +542,7 @@ static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned in - } - - static int _pam_unix_approve_pass(pam_handle_t * pamh -- ,unsigned int ctrl -+ ,unsigned long long ctrl - ,const char *pass_old - ,const char *pass_new, - int pass_min_len) -@@ -600,7 +600,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh - int - pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) - { -- unsigned int ctrl, lctrl; -+ unsigned long long ctrl, lctrl; - int retval; - int remember = -1; - int rounds = 0; -diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c -index 03e7dcd9..4b8af530 100644 ---- a/modules/pam_unix/pam_unix_sess.c -+++ b/modules/pam_unix/pam_unix_sess.c -@@ -67,7 +67,7 @@ int - pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - char *user_name, *service; -- unsigned int ctrl; -+ unsigned long long ctrl; - int retval; - const char *login_name; - -@@ -103,7 +103,7 @@ int - pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - char *user_name, *service; -- unsigned int ctrl; -+ unsigned long long ctrl; - int retval; - - D(("called.")); -diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c -index 95dfe528..39e2bfac 100644 ---- a/modules/pam_unix/passverify.c -+++ b/modules/pam_unix/passverify.c -@@ -387,7 +387,7 @@ crypt_md5_wrapper(const char *pass_new) - } - - PAMH_ARG_DECL(char * create_password_hash, -- const char *password, unsigned int ctrl, int rounds) -+ const char *password, unsigned long long ctrl, int rounds) - { - const char *algoid; - #if defined(CRYPT_GENSALT_OUTPUT_SIZE) && CRYPT_GENSALT_OUTPUT_SIZE > 64 -@@ -404,6 +404,10 @@ PAMH_ARG_DECL(char * create_password_hash, - if (on(UNIX_MD5_PASS, ctrl)) { - /* algoid = "$1" */ - return crypt_md5_wrapper(password); -+ } else if (on(UNIX_YESCRYPT_PASS, ctrl)) { -+ algoid = "$y$"; -+ } else if (on(UNIX_GOST_YESCRYPT_PASS, ctrl)) { -+ algoid = "$gy$"; - } else if (on(UNIX_BLOWFISH_PASS, ctrl)) { - algoid = "$2b$"; - } else if (on(UNIX_SHA256_PASS, ctrl)) { -@@ -466,6 +470,8 @@ PAMH_ARG_DECL(char * create_password_hash, - pam_syslog(pamh, LOG_ERR, - "Algo %s not supported by the crypto backend, " - "falling back to MD5\n", -+ on(UNIX_YESCRYPT_PASS, ctrl) ? "yescrypt" : -+ on(UNIX_GOST_YESCRYPT_PASS, ctrl) ? "gost_yescrypt" : - on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : - on(UNIX_SHA256_PASS, ctrl) ? "sha256" : - on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); -diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h -index caf7ae8a..086c28ac 100644 ---- a/modules/pam_unix/passverify.h -+++ b/modules/pam_unix/passverify.h -@@ -66,7 +66,7 @@ read_passwords(int fd, int npass, char **passwords); - #endif - - PAMH_ARG_DECL(char * create_password_hash, -- const char *password, unsigned int ctrl, int rounds); -+ const char *password, unsigned long long ctrl, int rounds); - - PAMH_ARG_DECL(int get_account_info, - const char *name, struct passwd **pwd, struct spwd **spwdent); -diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c -index 8cbc4217..6894288d 100644 ---- a/modules/pam_unix/support.c -+++ b/modules/pam_unix/support.c -@@ -107,7 +107,7 @@ search_key (const char *key, const char *filename) - - /* this is a front-end for module-application conversations */ - --int _make_remark(pam_handle_t * pamh, unsigned int ctrl, -+int _make_remark(pam_handle_t * pamh, unsigned long long ctrl, - int type, const char *text) - { - int retval = PAM_SUCCESS; -@@ -122,10 +122,11 @@ int _make_remark(pam_handle_t * pamh, unsigned int ctrl, - * set the control flags for the UNIX module. - */ - --int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, -- int *pass_min_len, int argc, const char **argv) -+unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember, -+ int *rounds, int *pass_min_len, int argc, -+ const char **argv) - { -- unsigned int ctrl; -+ unsigned long long ctrl; - char *val; - int j; - -@@ -243,15 +244,23 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, - set(UNIX__NONULL, ctrl); - } - -- /* Set default rounds for blowfish */ -- if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl) && rounds != NULL) { -- *rounds = 5; -- set(UNIX_ALGO_ROUNDS, ctrl); -+ /* Set default rounds for blowfish, gost-yescrypt and yescrypt */ -+ if (off(UNIX_ALGO_ROUNDS, ctrl) && rounds != NULL) { -+ if (on(UNIX_BLOWFISH_PASS, ctrl) || -+ on(UNIX_GOST_YESCRYPT_PASS, ctrl) || -+ on(UNIX_YESCRYPT_PASS, ctrl)) { -+ *rounds = 5; -+ set(UNIX_ALGO_ROUNDS, ctrl); -+ } - } - - /* Enforce sane "rounds" values */ - if (on(UNIX_ALGO_ROUNDS, ctrl)) { -- if (on(UNIX_BLOWFISH_PASS, ctrl)) { -+ if (on(UNIX_GOST_YESCRYPT_PASS, ctrl) || -+ on(UNIX_YESCRYPT_PASS, ctrl)) { -+ if (*rounds < 3 || *rounds > 11) -+ *rounds = 5; -+ } else if (on(UNIX_BLOWFISH_PASS, ctrl)) { - if (*rounds < 4 || *rounds > 31) - *rounds = 5; - } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { -@@ -532,7 +541,7 @@ int _unix_comesfromsource(pam_handle_t *pamh, - #include - - static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, -- unsigned int ctrl, const char *user) -+ unsigned long long ctrl, const char *user) - { - int retval, child, fds[2]; - struct sigaction newsa, oldsa; -@@ -658,7 +667,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, - */ - - int --_unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) -+_unix_blankpasswd (pam_handle_t *pamh, unsigned long long ctrl, const char *name) - { - struct passwd *pwd = NULL; - char *salt = NULL; -@@ -706,7 +715,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) - } - - int _unix_verify_password(pam_handle_t * pamh, const char *name -- ,const char *p, unsigned int ctrl) -+ ,const char *p, unsigned long long ctrl) - { - struct passwd *pwd = NULL; - char *salt = NULL; -diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h -index 543e9b9f..e02c05e0 100644 ---- a/modules/pam_unix/support.h -+++ b/modules/pam_unix/support.h -@@ -22,8 +22,8 @@ - - typedef struct { - const char *token; -- unsigned int mask; /* shall assume 32 bits of flags */ -- unsigned int flag; -+ unsigned long long mask; /* shall assume 64 bits of flags */ -+ unsigned long long flag; - unsigned int is_hash_algo; - } UNIX_Ctrls; - -@@ -48,7 +48,7 @@ typedef struct { - - /* the generic mask */ - --#define _ALL_ON_ (~0U) -+#define _ALL_ON_ (~0ULL) - - /* end of macro definitions definitions for the control flags */ - -@@ -98,47 +98,51 @@ typedef struct { - #define UNIX_QUIET 28 /* Don't print informational messages */ - #define UNIX_NO_PASS_EXPIRY 29 /* Don't check for password expiration if not used for authentication */ - #define UNIX_DES 30 /* DES, default */ -+#define UNIX_GOST_YESCRYPT_PASS 31 /* new password hashes will use gost-yescrypt */ -+#define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */ - /* -------------- */ --#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 33 /* number of ctrl arguments defined */ - --#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) -+#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl)) - - static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = - { --/* symbol token name ctrl mask ctrl * -- * ----------------------- ------------------- --------------------- -------- */ -- --/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, --/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, --/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, --/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, --/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020, 0}, --/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040, 0}, --/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0}, --/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0}, --/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0}, --/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, --/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, --/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, --/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, --/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000, 1}, --/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0, 0}, --/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, --/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, --/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, --/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000, 1}, --/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, --/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, --/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, --/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, --/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000, 1}, --/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000, 1}, --/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, --/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, --/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, --/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, --/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, --/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, -+/* symbol token name ctrl mask ctrl * -+ * --------------------------- -------------------- ------------------------- ---------------- */ -+ -+/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, -+/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, -+/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, -+/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, -+/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060ULL), 020, 0}, -+/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060ULL), 040, 0}, -+/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0}, -+/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600ULL), 0200, 0}, -+/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600ULL), 0400, 0}, -+/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, -+/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, -+/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, -+/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, -+/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(015660420000ULL), 020000, 1}, -+/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000ULL), 0, 0}, -+/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, -+/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, -+/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, -+/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(015660420000ULL), 0400000, 1}, -+/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, -+/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, -+/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, -+/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, -+/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(015660420000ULL), 020000000, 1}, -+/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(015660420000ULL), 040000000, 1}, -+/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, -+/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(015660420000ULL), 0200000000, 1}, -+/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, -+/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, -+/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, -+/* UNIX_DES */ {"des", _ALL_ON_^(015660420000ULL), 0, 1}, -+/* UNIX_GOST_YESCRYPT_PASS */ {"gost_yescrypt", _ALL_ON_^(015660420000ULL), 04000000000, 1}, -+/* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(015660420000ULL), 010000000000, 1}, - }; - - #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -@@ -151,20 +155,23 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = - _pam_drop(xx); \ - } - --extern int _make_remark(pam_handle_t * pamh, unsigned int ctrl -- ,int type, const char *text); --extern int _set_ctrl(pam_handle_t * pamh, int flags, int *remember, int *rounds, -- int *pass_min_len, int argc, const char **argv); -+extern int _make_remark(pam_handle_t * pamh, unsigned long long ctrl, -+ int type, const char *text); -+extern unsigned long long _set_ctrl(pam_handle_t * pamh, int flags, -+ int *remember, int *rounds, -+ int *pass_min_len, -+ int argc, const char **argv); - extern int _unix_getpwnam (pam_handle_t *pamh, - const char *name, int files, int nis, - struct passwd **ret); - extern int _unix_comesfromsource (pam_handle_t *pamh, - const char *name, int files, int nis); --extern int _unix_blankpasswd(pam_handle_t *pamh,unsigned int ctrl, -+extern int _unix_blankpasswd(pam_handle_t *pamh, unsigned long long ctrl, - const char *name); --extern int _unix_verify_password(pam_handle_t * pamh, const char *name -- ,const char *p, unsigned int ctrl); -+extern int _unix_verify_password(pam_handle_t * pamh, const char *name, -+ const char *p, unsigned long long ctrl); - - extern int _unix_run_verify_binary(pam_handle_t *pamh, -- unsigned int ctrl, const char *user, int *daysleft); -+ unsigned long long ctrl, -+ const char *user, int *daysleft); - #endif /* _PAM_UNIX_SUPPORT_H */ diff --git a/source/a/pam/fedora-patches/pam-1.4.0-redhat-modules.patch b/source/a/pam/fedora-patches/pam-1.4.0-redhat-modules.patch deleted file mode 100644 index fda4eca75..000000000 --- a/source/a/pam/fedora-patches/pam-1.4.0-redhat-modules.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- ./configure.ac.orig 2020-06-08 05:17:27.000000000 -0500 -+++ ./configure.ac 2020-06-13 14:11:04.857950668 -0500 -@@ -712,6 +712,7 @@ - po/Makefile.in \ - Make.xml.rules \ - modules/Makefile \ -+ modules/pam_chroot/Makefile modules/pam_console/Makefile modules/pam_postgresok/Makefile \ - modules/pam_access/Makefile modules/pam_cracklib/Makefile \ - modules/pam_debug/Makefile modules/pam_deny/Makefile \ - modules/pam_echo/Makefile modules/pam_env/Makefile \ ---- ./modules/Makefile.am.orig 2020-06-08 05:17:27.000000000 -0500 -+++ ./modules/Makefile.am 2020-06-13 14:12:28.614946035 -0500 -@@ -53,6 +53,8 @@ - SUBDIRS := \ - pam_access \ - $(MAYBE_PAM_CRACKLIB) \ -+ pam_chroot \ -+ pam_console \ - pam_debug \ - pam_deny \ - pam_echo \ -@@ -76,6 +78,7 @@ - $(MAYBE_PAM_NAMESPACE) \ - pam_nologin \ - pam_permit \ -+ pam_postgresok \ - pam_pwhistory \ - $(MAYBE_PAM_RHOSTS) \ - pam_rootok \ diff --git a/source/a/pam/fedora-patches/pam-1.5.0-redhat-modules.patch b/source/a/pam/fedora-patches/pam-1.5.0-redhat-modules.patch deleted file mode 100644 index 1212a6d31..000000000 --- a/source/a/pam/fedora-patches/pam-1.5.0-redhat-modules.patch +++ /dev/null @@ -1,95 +0,0 @@ ---- ./doc/sag/pam_faillock.xml.orig 2023-05-19 13:22:11.197977808 -0500 -+++ ./doc/sag/pam_faillock.xml 2023-05-19 13:24:39.673969595 -0500 -@@ -1,27 +1,38 @@ --
-+ -+ -+
- pam_faillock - temporarily locking access based on failed authentication attempts during an interval -- -- -+ -+ - -- -- -+ -+ - --
-- -+
-+ -+
-+
-+ -+
-+
-+ -+
-+
-+ -+
-+
-+ -+
-+
-+ -
--
-- --
--
-- --
--
-- --
--
-- --
--
-- --
--
-\ No newline at end of file -+
---- ./configure.ac.orig 2023-05-07 18:06:47.000000000 -0500 -+++ ./configure.ac 2023-05-19 13:22:11.198977808 -0500 -@@ -754,6 +754,8 @@ - po/Makefile.in \ - Make.xml.rules \ - modules/Makefile \ -+ modules/pam_chroot/Makefile modules/pam_console/Makefile \ -+ modules/pam_postgresok/Makefile \ - modules/pam_access/Makefile \ - modules/pam_debug/Makefile modules/pam_deny/Makefile \ - modules/pam_echo/Makefile modules/pam_env/Makefile \ ---- ./modules/Makefile.am.orig 2023-05-07 18:06:47.000000000 -0500 -+++ ./modules/Makefile.am 2023-05-19 13:22:11.198977808 -0500 -@@ -44,6 +44,8 @@ - - SUBDIRS := \ - pam_access \ -+ pam_chroot \ -+ pam_console \ - pam_debug \ - pam_deny \ - pam_echo \ -@@ -67,6 +69,7 @@ - $(MAYBE_PAM_NAMESPACE) \ - pam_nologin \ - pam_permit \ -+ pam_postgresok \ - pam_pwhistory \ - $(MAYBE_PAM_RHOSTS) \ - pam_rootok \ diff --git a/source/a/pam/fedora-patches/pam-1.3.0-unix-nomsg.patch b/source/a/pam/fedora-patches/pam-1.5.3-unix-nomsg.patch similarity index 54% rename from source/a/pam/fedora-patches/pam-1.3.0-unix-nomsg.patch rename to source/a/pam/fedora-patches/pam-1.5.3-unix-nomsg.patch index 33c226773..3a8abbb1a 100644 --- a/source/a/pam/fedora-patches/pam-1.3.0-unix-nomsg.patch +++ b/source/a/pam/fedora-patches/pam-1.5.3-unix-nomsg.patch @@ -1,7 +1,8 @@ -diff -up Linux-PAM-1.3.0/modules/pam_unix/pam_unix_passwd.c.nomsg Linux-PAM-1.3.0/modules/pam_unix/pam_unix_passwd.c ---- Linux-PAM-1.3.0/modules/pam_unix/pam_unix_passwd.c.nomsg 2016-04-11 13:08:47.000000000 +0200 -+++ Linux-PAM-1.3.0/modules/pam_unix/pam_unix_passwd.c 2017-04-20 16:51:24.853106709 +0200 -@@ -687,12 +687,6 @@ pam_sm_chauthtok(pam_handle_t *pamh, int +Index: Linux-PAM-1.5.3/modules/pam_unix/pam_unix_passwd.c +=================================================================== +--- Linux-PAM-1.5.3.orig/modules/pam_unix/pam_unix_passwd.c ++++ Linux-PAM-1.5.3/modules/pam_unix/pam_unix_passwd.c +@@ -678,12 +678,6 @@ pam_sm_chauthtok(pam_handle_t *pamh, int return PAM_SUCCESS; } else if (off(UNIX__IAMROOT, ctrl) || (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) { diff --git a/source/a/pam/fedora-patches/pam-1.6.0-noflex.patch b/source/a/pam/fedora-patches/pam-1.6.0-noflex.patch new file mode 100644 index 000000000..706841c9d --- /dev/null +++ b/source/a/pam/fedora-patches/pam-1.6.0-noflex.patch @@ -0,0 +1,24 @@ +diff -up Linux-PAM-1.6.0/doc/Makefile.am.noflex Linux-PAM-1.6.0/doc/Makefile.am +--- Linux-PAM-1.6.0/doc/Makefile.am.noflex 2024-01-23 13:19:04.681955581 +0100 ++++ Linux-PAM-1.6.0/doc/Makefile.am 2024-01-23 13:19:49.740014426 +0100 +@@ -2,7 +2,7 @@ + # Copyright (c) 2005, 2006 Thorsten Kukuk + # + +-SUBDIRS = man specs sag adg mwg ++SUBDIRS = man sag adg mwg + + CLEANFILES = *~ + DISTCLEANFILES = custom-html.xsl custom-man.xsl +diff -up Linux-PAM-1.6.0/Makefile.am.noflex Linux-PAM-1.6.0/Makefile.am +--- Linux-PAM-1.6.0/Makefile.am.noflex 2024-01-23 13:19:04.681955581 +0100 ++++ Linux-PAM-1.6.0/Makefile.am 2024-01-23 13:21:03.428109219 +0100 +@@ -4,7 +4,7 @@ + + AUTOMAKE_OPTIONS = 1.9 gnu dist-xz no-dist-gzip check-news + +-SUBDIRS = libpam tests libpamc libpam_misc modules po conf xtests ++SUBDIRS = libpam tests libpamc libpam_misc modules po doc xtests + + if HAVE_DOC + SUBDIRS += doc diff --git a/source/a/pam/fedora-patches/pam-1.6.0-redhat-modules.patch b/source/a/pam/fedora-patches/pam-1.6.0-redhat-modules.patch new file mode 100644 index 000000000..66aa8ff48 --- /dev/null +++ b/source/a/pam/fedora-patches/pam-1.6.0-redhat-modules.patch @@ -0,0 +1,24 @@ +diff -up Linux-PAM-1.6.0/configure.ac.redhat-modules Linux-PAM-1.6.0/configure.ac +--- Linux-PAM-1.6.0/configure.ac.redhat-modules 2024-01-23 13:16:34.854753145 +0100 ++++ Linux-PAM-1.6.0/configure.ac 2024-01-23 13:17:52.855859922 +0100 +@@ -774,6 +774,8 @@ AC_CONFIG_FILES([Makefile libpam/Makefil + po/Makefile.in \ + Make.xml.rules \ + modules/Makefile \ ++ modules/pam_chroot/Makefile \ ++ modules/pam_postgresok/Makefile \ + modules/pam_access/Makefile \ + modules/pam_canonicalize_user/Makefile \ + modules/pam_debug/Makefile modules/pam_deny/Makefile \ +diff -up Linux-PAM-1.6.0/modules/Makefile.am.redhat-modules Linux-PAM-1.6.0/modules/Makefile.am +--- Linux-PAM-1.6.0/modules/Makefile.am.redhat-modules 2024-01-17 11:29:36.000000000 +0100 ++++ Linux-PAM-1.6.0/modules/Makefile.am 2024-01-23 13:16:34.855753147 +0100 +@@ -48,6 +48,8 @@ SUBDIRS := \ + pam_debug \ + pam_deny \ + pam_echo \ ++ pam_chroot \ ++ pam_postgresok \ + pam_env \ + pam_exec \ + pam_faildelay \ diff --git a/source/a/pam/pam.SlackBuild b/source/a/pam/pam.SlackBuild index 64b098060..cfe61ec73 100755 --- a/source/a/pam/pam.SlackBuild +++ b/source/a/pam/pam.SlackBuild @@ -1,7 +1,7 @@ #!/bin/sh # Copyright 2010 Vincent Batts, vbatts@hashbangbash.com -# Copyright 2010, 2011 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2010, 2011, 2024 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -27,7 +27,7 @@ SRCNAM=Linux-PAM PKGNAM=pam PAMRHVER=${PAMRHVER:-$(echo pam-redhat-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -96,27 +96,11 @@ for file in pam-redhat-$PAMRHVER/* ; do echo "$(basename $file) already exists in modules/, not moving!" fi done -# NOTE: Linux-PAM-1.4.0 already ships with most of these applied: -#zcat $CWD/fedora-patches/pam-1.3.1-redhat-modules.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.4.0-redhat-modules.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/fedora-patches/pam-1.5.0-redhat-modules.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.3.1-noflex.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.1.3-nouserenv.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/fedora-patches/pam-1.1.6-limits-user.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.1.8-full-relro.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.3.0-pwhistory-helper.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.1.8-audit-user-mgmt.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/fedora-patches/pam-1.3.0-unix-nomsg.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.3.1-coverity.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.3.1-unix-yescrypt.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.3.1-unix-no-fallback.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.3.1-motd-multiple-paths.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch.gz | patch -p1 --verbose || exit 1 -#zcat $CWD/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch.gz | patch -p1 --verbose || exit 1 + +# Patches from the Fedora SRPM: +zcat $CWD/fedora-patches/pam-1.5.3-unix-nomsg.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.6.0-noflex.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.6.0-redhat-modules.patch.gz | patch -p1 --verbose || exit 1 # Improve the comments in /etc/environment: zcat $CWD/patches/pam.etc.environment.better.comments.diff.gz | patch -p1 --verbose || exit 1