From 8f93461bac8f11a1171380603d9545470f8135c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Fri, 15 Nov 2024 10:47:44 +0100
Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 pam revision
 42421bf1e4ac29f3a085bc8cfcf0667c

---
 pam-bsc1194818-cursor-escape.patch | 36 ++++++++++++++++++++++++++++++
 pam.changes                        |  6 +++++
 pam.spec                           |  3 +++
 3 files changed, 45 insertions(+)
 create mode 100644 pam-bsc1194818-cursor-escape.patch

diff --git a/pam-bsc1194818-cursor-escape.patch b/pam-bsc1194818-cursor-escape.patch
new file mode 100644
index 0000000..b6c3f8d
--- /dev/null
+++ b/pam-bsc1194818-cursor-escape.patch
@@ -0,0 +1,36 @@
+From 8ae228fa76ff9ef1d8d6b2199582d9206f1830c6 Mon Sep 17 00:00:00 2001
+From: Stanislav Brabec <sbrabec@suse.cz>
+Date: Mon, 22 Jul 2024 23:18:16 +0200
+Subject: [PATCH] libpam_misc: Use ECHOCTL in the terminal input
+
+Use the canonical terminal mode (line mode) and set ECHOCTL to prevent
+cursor escape from the login prompt using arrows or escape sequences.
+
+ICANON is the default in most cases anyway. ECHOCTL is default on tty, but
+for example not on pty, allowing cursor to escape.
+
+Stanislav Brabec <sbrabec@suse.com>
+---
+ libpam_misc/misc_conv.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c
+index 7410e929..6b839b48 100644
+--- a/libpam_misc/misc_conv.c
++++ b/libpam_misc/misc_conv.c
+@@ -145,9 +145,10 @@ static int read_string(int echo, const char *prompt, char **retstr)
+ 	    return -1;
+ 	}
+ 	memcpy(&term_tmp, &term_before, sizeof(term_tmp));
+-	if (!echo) {
++	if (echo)
++	    term_tmp.c_lflag |= ICANON | ECHOCTL;
++	else
+ 	    term_tmp.c_lflag &= ~(ECHO);
+-	}
+ 	have_term = 1;
+ 
+ 	/*
+-- 
+2.45.2
+
diff --git a/pam.changes b/pam.changes
index 934cb8b..e83706c 100644
--- a/pam.changes
+++ b/pam.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Aug  7 14:44:56 UTC 2024 - Stanislav Brabec <sbrabec@suse.com>
+
+- Prevent cursor escape from the login prompt [bsc#1194818]
+  * Added: pam-bsc1194818-cursor-escape.patch
+
 -------------------------------------------------------------------
 Wed Feb  7 13:11:15 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
 
diff --git a/pam.spec b/pam.spec
index 9ba38c4..8221b44 100644
--- a/pam.spec
+++ b/pam.spec
@@ -104,6 +104,8 @@ Patch3:		pam_env-fix-enable-vendordir-fallback.patch
 Patch4:         pam_env-remove-escaped-newlines.patch
 # https://github.com/linux-pam/linux-pam/pull/744
 Patch5:         pam_unix-fix-password-aging-disabled.patch
+# https://github.com/linux-pam/linux-pam/pull/816
+Patch6:         pam-bsc1194818-cursor-escape.patch
 BuildRequires:  audit-devel
 BuildRequires:  bison
 BuildRequires:  flex
@@ -220,6 +222,7 @@ cp -a %{SOURCE12} .
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 %build
 bash ./pam-login_defs-check.sh