mirror of
git://slackware.nl/current.git
synced 2024-12-28 09:59:53 +01:00
ffef56590d
Greetings! After three months in /testing, the PAM merge into the main tree is now complete. When updating, be sure to install the new pam, cracklib, and libpwquality packages or you may find yourself locked out of your machine. Otherwise, these changes should be completely transparent and you shouldn't notice any obvious operational differences. Be careful if you make any changes in /etc/pam.d/ - leaving an extra console logged in while testing PAM config changes is a recommended standard procedure. Thanks again to Robby Workman, Vincent Batts, Phantom X, and ivandi for help implementing this. It's not done yet and there will be more fine-tuning of the config files, but now we can move on to build some other updates. Enjoy! a/cracklib-2.9.7-x86_64-1.txz: Added. a/kernel-firmware-20200517_f8d32e4-noarch-1.txz: Upgraded. a/libcgroup-0.41-x86_64-7.txz: Rebuilt. Rebuilt to add PAM support. a/libpwquality-1.4.2-x86_64-1.txz: Added. a/lilo-24.2-x86_64-9.txz: Rebuilt. Enable the "compact" option by default. liloconfig: correctly set the root partition. a/pam-1.3.1-x86_64-1.txz: Added. a/shadow-4.8.1-x86_64-7.txz: Rebuilt. Rebuilt to add PAM support. a/utempter-1.2.0-x86_64-1.txz: Upgraded. a/util-linux-2.35.1-x86_64-6.txz: Rebuilt. Rebuilt to add PAM support. a/xfsprogs-5.6.0-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. ap/at-3.2.1-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/cups-2.3.3-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/hplip-3.20.5-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/mariadb-10.4.13-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/screen-4.8.0-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/soma-3.3.0-noarch-1.txz: Upgraded. Thanks to David Woodfall. ap/sqlite-3.31.1-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. ap/sudo-1.9.0-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/vim-8.2.0788-x86_64-1.txz: Upgraded. d/bison-3.6.2-x86_64-1.txz: Upgraded. d/meson-0.54.2-x86_64-1.txz: Upgraded. d/python-setuptools-46.4.0-x86_64-1.txz: Upgraded. d/vala-0.48.6-x86_64-1.txz: Upgraded. kde/calligra-2.9.11-x86_64-36.txz: Rebuilt. Recompiled against icu4c-67.1. kde/kde-workspace-4.11.22-x86_64-7.txz: Rebuilt. Rebuilt to add PAM support. l/ConsoleKit2-1.2.1-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. l/boost-1.73.0-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. l/gnome-keyring-3.36.0-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. l/harfbuzz-2.6.6-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. l/icu4c-67.1-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/imagemagick-7.0.10_13-x86_64-1.txz: Upgraded. l/libcap-2.34-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. l/libical-3.0.8-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. l/libuv-1.38.0-x86_64-1.txz: Upgraded. l/libvisio-0.1.7-x86_64-3.txz: Rebuilt. Recompiled against icu4c-67.1. l/polkit-0.116-x86_64-3.txz: Rebuilt. Rebuilt to add PAM support. l/qt-4.8.7-x86_64-16.txz: Rebuilt. Recompiled against icu4c-67.1. l/qt5-5.13.2-x86_64-4.txz: Rebuilt. Recompiled against icu4c-67.1. l/qt5-webkit-5.212.0_alpha4-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. l/raptor2-2.0.15-x86_64-9.txz: Rebuilt. Recompiled against icu4c-67.1. l/system-config-printer-1.5.12-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. l/vte-0.60.2-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. n/cifs-utils-6.10-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. n/cyrus-sasl-2.1.27-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. n/dovecot-2.3.10.1-x86_64-1.txz: Upgraded. Rebuilt to add PAM support. Compiled against icu4c-67.1. This update fixes several denial-of-service vulnerabilities. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10957 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10967 (* Security fix *) n/mutt-1.14.1-x86_64-1.txz: Upgraded. n/netatalk-3.1.12-x86_64-3.txz: Rebuilt. Rebuilt to add PAM support. n/netkit-rsh-0.17-x86_64-3.txz: Rebuilt. Rebuilt to add PAM support. n/nss-pam-ldapd-0.9.11-x86_64-1.txz: Added. n/openssh-8.2p1-x86_64-3.txz: Rebuilt. Rebuilt to add PAM support. n/openvpn-2.4.9-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. n/pam-krb5-4.9-x86_64-1.txz: Added. n/php-7.4.6-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. n/popa3d-1.0.3-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. n/postfix-3.5.2-x86_64-1.txz: Upgraded. Compiled against icu4c-67.1. n/ppp-2.4.8-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. n/proftpd-1.3.6c-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. n/samba-4.12.2-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. Recompiled against icu4c-67.1. n/tin-2.4.4-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. n/vsftpd-3.0.3-x86_64-6.txz: Rebuilt. Rebuilt to add PAM support. t/texlive-2019.190626-x86_64-4.txz: Rebuilt. Recompiled against icu4c-67.1. x/vulkan-sdk-1.2.135.0-x86_64-1.txz: Upgraded. x/xdm-1.1.11-x86_64-10.txz: Rebuilt. Rebuilt to add PAM support. x/xisxwayland-1-x86_64-1.txz: Added. xap/sane-1.0.30-x86_64-1.txz: Upgraded. This update fixes several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12867 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12862 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12863 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12865 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12866 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12861 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12864 (* Security fix *) xap/vim-gvim-8.2.0788-x86_64-1.txz: Upgraded. xap/xlockmore-5.63-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. xap/xscreensaver-5.44-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. extra/brltty/brltty-6.1-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. extra/pure-alsa-system/qt5-5.13.2-x86_64-4_alsa.txz: Rebuilt. Recompiled against icu4c-67.1. isolinux/initrd.img: Rebuilt. Added PAM libraries, security modules, and config files. usb-and-pxe-installers/usbboot.img: Rebuilt. Added PAM libraries, security modules, and config files.
78 lines
4.4 KiB
Diff
78 lines
4.4 KiB
Diff
diff -up Linux-PAM-1.3.1/configure.ac.redhat-modules Linux-PAM-1.3.1/configure.ac
|
|
--- Linux-PAM-1.3.1/configure.ac.redhat-modules 2018-05-18 12:57:57.000000000 +0200
|
|
+++ Linux-PAM-1.3.1/configure.ac 2018-11-26 12:58:14.623545121 +0100
|
|
@@ -611,10 +611,12 @@ AC_CONFIG_FILES([Makefile libpam/Makefil
|
|
libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
|
|
po/Makefile.in \
|
|
modules/Makefile \
|
|
+ modules/pam_chroot/Makefile modules/pam_console/Makefile \
|
|
+ modules/pam_postgresok/Makefile \
|
|
modules/pam_access/Makefile modules/pam_cracklib/Makefile \
|
|
modules/pam_debug/Makefile modules/pam_deny/Makefile \
|
|
modules/pam_echo/Makefile modules/pam_env/Makefile \
|
|
- modules/pam_faildelay/Makefile \
|
|
+ modules/pam_faildelay/Makefile modules/pam_faillock/Makefile \
|
|
modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \
|
|
modules/pam_ftp/Makefile modules/pam_group/Makefile \
|
|
modules/pam_issue/Makefile modules/pam_keyinit/Makefile \
|
|
diff -up Linux-PAM-1.3.1/doc/sag/pam_faillock.xml.redhat-modules Linux-PAM-1.3.1/doc/sag/pam_faillock.xml
|
|
--- Linux-PAM-1.3.1/doc/sag/pam_faillock.xml.redhat-modules 2018-11-26 12:58:14.623545121 +0100
|
|
+++ Linux-PAM-1.3.1/doc/sag/pam_faillock.xml 2018-11-26 12:58:14.623545121 +0100
|
|
@@ -0,0 +1,38 @@
|
|
+<?xml version='1.0' encoding='UTF-8'?>
|
|
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
|
+ "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
|
|
+<section id='sag-pam_faillock'>
|
|
+ <title>pam_faillock - temporarily locking access based on failed authentication attempts during an interval</title>
|
|
+ <cmdsynopsis>
|
|
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//cmdsynopsis[@id = "pam_faillock-cmdsynopsisauth"]/*)'/>
|
|
+ </cmdsynopsis>
|
|
+ <cmdsynopsis>
|
|
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//cmdsynopsis[@id = "pam_faillock-cmdsynopsisacct"]/*)'/>
|
|
+ </cmdsynopsis>
|
|
+ <section id='sag-pam_faillock-description'>
|
|
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-description"]/*)'/>
|
|
+ </section>
|
|
+ <section id='sag-pam_faillock-options'>
|
|
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-options"]/*)'/>
|
|
+ </section>
|
|
+ <section id='sag-pam_faillock-types'>
|
|
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-types"]/*)'/>
|
|
+ </section>
|
|
+ <section id='sag-pam_faillock-return_values'>
|
|
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-return_values"]/*)'/>
|
|
+ </section>
|
|
+ <section id='sag-pam_faillock-examples'>
|
|
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-examples"]/*)'/>
|
|
+ </section>
|
|
+ <section id='sag-pam_faillock-author'>
|
|
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-author"]/*)'/>
|
|
+ </section>
|
|
+</section>
|
|
diff -up Linux-PAM-1.3.1/modules/Makefile.am.redhat-modules Linux-PAM-1.3.1/modules/Makefile.am
|
|
--- Linux-PAM-1.3.1/modules/Makefile.am.redhat-modules 2017-02-10 11:10:15.000000000 +0100
|
|
+++ Linux-PAM-1.3.1/modules/Makefile.am 2018-11-26 12:58:14.623545121 +0100
|
|
@@ -3,13 +3,14 @@
|
|
#
|
|
|
|
SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
|
|
+ pam_chroot pam_console pam_postgresok pam_faillock \
|
|
pam_env pam_exec pam_faildelay pam_filter pam_ftp \
|
|
pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
|
|
pam_listfile pam_localuser pam_loginuid pam_mail \
|
|
pam_mkhomedir pam_motd pam_namespace pam_nologin \
|
|
pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
|
|
pam_selinux pam_sepermit pam_shells pam_stress \
|
|
- pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
|
|
+ pam_succeed_if pam_time pam_timestamp \
|
|
pam_tty_audit pam_umask \
|
|
pam_unix pam_userdb pam_warn pam_wheel pam_xauth
|
|
|