slackware-current/source/a/pam/fedora-patches/pam-1.3.1-redhat-modules.patch
Patrick J Volkerding ffef56590d Mon May 18 19:17:21 UTC 2020
Greetings! After three months in /testing, the PAM merge into the main tree
is now complete. When updating, be sure to install the new pam, cracklib, and
libpwquality packages or you may find yourself locked out of your machine.
Otherwise, these changes should be completely transparent and you shouldn't
notice any obvious operational differences. Be careful if you make any changes
in /etc/pam.d/ - leaving an extra console logged in while testing PAM config
changes is a recommended standard procedure. Thanks again to Robby Workman,
Vincent Batts, Phantom X, and ivandi for help implementing this. It's not
done yet and there will be more fine-tuning of the config files, but now we
can move on to build some other updates. Enjoy!
a/cracklib-2.9.7-x86_64-1.txz:  Added.
a/kernel-firmware-20200517_f8d32e4-noarch-1.txz:  Upgraded.
a/libcgroup-0.41-x86_64-7.txz:  Rebuilt.
  Rebuilt to add PAM support.
a/libpwquality-1.4.2-x86_64-1.txz:  Added.
a/lilo-24.2-x86_64-9.txz:  Rebuilt.
  Enable the "compact" option by default.
  liloconfig: correctly set the root partition.
a/pam-1.3.1-x86_64-1.txz:  Added.
a/shadow-4.8.1-x86_64-7.txz:  Rebuilt.
  Rebuilt to add PAM support.
a/utempter-1.2.0-x86_64-1.txz:  Upgraded.
a/util-linux-2.35.1-x86_64-6.txz:  Rebuilt.
  Rebuilt to add PAM support.
a/xfsprogs-5.6.0-x86_64-2.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
ap/at-3.2.1-x86_64-2.txz:  Rebuilt.
  Rebuilt to add PAM support.
ap/cups-2.3.3-x86_64-2.txz:  Rebuilt.
  Rebuilt to add PAM support.
ap/hplip-3.20.5-x86_64-2.txz:  Rebuilt.
  Rebuilt to add PAM support.
ap/mariadb-10.4.13-x86_64-2.txz:  Rebuilt.
  Rebuilt to add PAM support.
ap/screen-4.8.0-x86_64-2.txz:  Rebuilt.
  Rebuilt to add PAM support.
ap/soma-3.3.0-noarch-1.txz:  Upgraded.
  Thanks to David Woodfall.
ap/sqlite-3.31.1-x86_64-2.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
ap/sudo-1.9.0-x86_64-2.txz:  Rebuilt.
  Rebuilt to add PAM support.
ap/vim-8.2.0788-x86_64-1.txz:  Upgraded.
d/bison-3.6.2-x86_64-1.txz:  Upgraded.
d/meson-0.54.2-x86_64-1.txz:  Upgraded.
d/python-setuptools-46.4.0-x86_64-1.txz:  Upgraded.
d/vala-0.48.6-x86_64-1.txz:  Upgraded.
kde/calligra-2.9.11-x86_64-36.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
kde/kde-workspace-4.11.22-x86_64-7.txz:  Rebuilt.
  Rebuilt to add PAM support.
l/ConsoleKit2-1.2.1-x86_64-4.txz:  Rebuilt.
  Rebuilt to add PAM support.
l/boost-1.73.0-x86_64-2.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
l/gnome-keyring-3.36.0-x86_64-2.txz:  Rebuilt.
  Rebuilt to add PAM support.
l/harfbuzz-2.6.6-x86_64-2.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
l/icu4c-67.1-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/imagemagick-7.0.10_13-x86_64-1.txz:  Upgraded.
l/libcap-2.34-x86_64-2.txz:  Rebuilt.
  Rebuilt to add PAM support.
l/libical-3.0.8-x86_64-2.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
l/libuv-1.38.0-x86_64-1.txz:  Upgraded.
l/libvisio-0.1.7-x86_64-3.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
l/polkit-0.116-x86_64-3.txz:  Rebuilt.
  Rebuilt to add PAM support.
l/qt-4.8.7-x86_64-16.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
l/qt5-5.13.2-x86_64-4.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
l/qt5-webkit-5.212.0_alpha4-x86_64-2.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
l/raptor2-2.0.15-x86_64-9.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
l/system-config-printer-1.5.12-x86_64-4.txz:  Rebuilt.
  Rebuilt to add PAM support.
l/vte-0.60.2-x86_64-2.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
n/cifs-utils-6.10-x86_64-4.txz:  Rebuilt.
  Rebuilt to add PAM support.
n/cyrus-sasl-2.1.27-x86_64-4.txz:  Rebuilt.
  Rebuilt to add PAM support.
n/dovecot-2.3.10.1-x86_64-1.txz:  Upgraded.
  Rebuilt to add PAM support.
  Compiled against icu4c-67.1.
  This update fixes several denial-of-service vulnerabilities.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10957
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10958
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10967
  (* Security fix *)
n/mutt-1.14.1-x86_64-1.txz:  Upgraded.
n/netatalk-3.1.12-x86_64-3.txz:  Rebuilt.
  Rebuilt to add PAM support.
n/netkit-rsh-0.17-x86_64-3.txz:  Rebuilt.
  Rebuilt to add PAM support.
n/nss-pam-ldapd-0.9.11-x86_64-1.txz:  Added.
n/openssh-8.2p1-x86_64-3.txz:  Rebuilt.
  Rebuilt to add PAM support.
n/openvpn-2.4.9-x86_64-2.txz:  Rebuilt.
  Rebuilt to add PAM support.
n/pam-krb5-4.9-x86_64-1.txz:  Added.
n/php-7.4.6-x86_64-2.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
n/popa3d-1.0.3-x86_64-4.txz:  Rebuilt.
  Rebuilt to add PAM support.
n/postfix-3.5.2-x86_64-1.txz:  Upgraded.
  Compiled against icu4c-67.1.
n/ppp-2.4.8-x86_64-2.txz:  Rebuilt.
  Rebuilt to add PAM support.
n/proftpd-1.3.6c-x86_64-2.txz:  Rebuilt.
  Rebuilt to add PAM support.
n/samba-4.12.2-x86_64-2.txz:  Rebuilt.
  Rebuilt to add PAM support.
  Recompiled against icu4c-67.1.
n/tin-2.4.4-x86_64-2.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
n/vsftpd-3.0.3-x86_64-6.txz:  Rebuilt.
  Rebuilt to add PAM support.
t/texlive-2019.190626-x86_64-4.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
x/vulkan-sdk-1.2.135.0-x86_64-1.txz:  Upgraded.
x/xdm-1.1.11-x86_64-10.txz:  Rebuilt.
  Rebuilt to add PAM support.
x/xisxwayland-1-x86_64-1.txz:  Added.
xap/sane-1.0.30-x86_64-1.txz:  Upgraded.
  This update fixes several security issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12867
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12862
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12863
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12865
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12866
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12861
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12864
  (* Security fix *)
xap/vim-gvim-8.2.0788-x86_64-1.txz:  Upgraded.
xap/xlockmore-5.63-x86_64-2.txz:  Rebuilt.
  Rebuilt to add PAM support.
xap/xscreensaver-5.44-x86_64-2.txz:  Rebuilt.
  Rebuilt to add PAM support.
extra/brltty/brltty-6.1-x86_64-2.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
extra/pure-alsa-system/qt5-5.13.2-x86_64-4_alsa.txz:  Rebuilt.
  Recompiled against icu4c-67.1.
isolinux/initrd.img:  Rebuilt.
  Added PAM libraries, security modules, and config files.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
  Added PAM libraries, security modules, and config files.
2020-05-18 23:25:14 +02:00

78 lines
4.4 KiB
Diff

diff -up Linux-PAM-1.3.1/configure.ac.redhat-modules Linux-PAM-1.3.1/configure.ac
--- Linux-PAM-1.3.1/configure.ac.redhat-modules 2018-05-18 12:57:57.000000000 +0200
+++ Linux-PAM-1.3.1/configure.ac 2018-11-26 12:58:14.623545121 +0100
@@ -611,10 +611,12 @@ AC_CONFIG_FILES([Makefile libpam/Makefil
libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
po/Makefile.in \
modules/Makefile \
+ modules/pam_chroot/Makefile modules/pam_console/Makefile \
+ modules/pam_postgresok/Makefile \
modules/pam_access/Makefile modules/pam_cracklib/Makefile \
modules/pam_debug/Makefile modules/pam_deny/Makefile \
modules/pam_echo/Makefile modules/pam_env/Makefile \
- modules/pam_faildelay/Makefile \
+ modules/pam_faildelay/Makefile modules/pam_faillock/Makefile \
modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \
modules/pam_ftp/Makefile modules/pam_group/Makefile \
modules/pam_issue/Makefile modules/pam_keyinit/Makefile \
diff -up Linux-PAM-1.3.1/doc/sag/pam_faillock.xml.redhat-modules Linux-PAM-1.3.1/doc/sag/pam_faillock.xml
--- Linux-PAM-1.3.1/doc/sag/pam_faillock.xml.redhat-modules 2018-11-26 12:58:14.623545121 +0100
+++ Linux-PAM-1.3.1/doc/sag/pam_faillock.xml 2018-11-26 12:58:14.623545121 +0100
@@ -0,0 +1,38 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
+ "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
+<section id='sag-pam_faillock'>
+ <title>pam_faillock - temporarily locking access based on failed authentication attempts during an interval</title>
+ <cmdsynopsis>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//cmdsynopsis[@id = "pam_faillock-cmdsynopsisauth"]/*)'/>
+ </cmdsynopsis>
+ <cmdsynopsis>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//cmdsynopsis[@id = "pam_faillock-cmdsynopsisacct"]/*)'/>
+ </cmdsynopsis>
+ <section id='sag-pam_faillock-description'>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-description"]/*)'/>
+ </section>
+ <section id='sag-pam_faillock-options'>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-options"]/*)'/>
+ </section>
+ <section id='sag-pam_faillock-types'>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-types"]/*)'/>
+ </section>
+ <section id='sag-pam_faillock-return_values'>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-return_values"]/*)'/>
+ </section>
+ <section id='sag-pam_faillock-examples'>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-examples"]/*)'/>
+ </section>
+ <section id='sag-pam_faillock-author'>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-author"]/*)'/>
+ </section>
+</section>
diff -up Linux-PAM-1.3.1/modules/Makefile.am.redhat-modules Linux-PAM-1.3.1/modules/Makefile.am
--- Linux-PAM-1.3.1/modules/Makefile.am.redhat-modules 2017-02-10 11:10:15.000000000 +0100
+++ Linux-PAM-1.3.1/modules/Makefile.am 2018-11-26 12:58:14.623545121 +0100
@@ -3,13 +3,14 @@
#
SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
+ pam_chroot pam_console pam_postgresok pam_faillock \
pam_env pam_exec pam_faildelay pam_filter pam_ftp \
pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
pam_listfile pam_localuser pam_loginuid pam_mail \
pam_mkhomedir pam_motd pam_namespace pam_nologin \
pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
pam_selinux pam_sepermit pam_shells pam_stress \
- pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
+ pam_succeed_if pam_time pam_timestamp \
pam_tty_audit pam_umask \
pam_unix pam_userdb pam_warn pam_wheel pam_xauth