From 8a72f7369af2ebe414a72629d2968da374eca9ef07ee618f9fed1d9619e30ea6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Fri, 9 Aug 2024 23:16:55 +0200
Subject: [PATCH] Sync from SUSE:SLFO:Main pam revision
 1a1a5f7ea117eb3c26edbd76b3bc0836

---
 pam-bsc1194818-cursor-escape.patch | 36 ++++++++++++++++++++++++++++++
 pam.changes                        |  6 +++++
 pam.spec                           |  1 +
 3 files changed, 43 insertions(+)
 create mode 100644 pam-bsc1194818-cursor-escape.patch

diff --git a/pam-bsc1194818-cursor-escape.patch b/pam-bsc1194818-cursor-escape.patch
new file mode 100644
index 0000000..fbd27de
--- /dev/null
+++ b/pam-bsc1194818-cursor-escape.patch
@@ -0,0 +1,36 @@
+From 8ae228fa76ff9ef1d8d6b2199582d9206f1830c6 Mon Sep 17 00:00:00 2001
+From: Stanislav Brabec <sbrabec@suse.cz>
+Date: Mon, 22 Jul 2024 23:18:16 +0200
+Subject: [PATCH] libpam_misc: Use ECHOCTL in the terminal input
+
+Use the canonical terminal mode (line mode) and set ECHOCTL to prevent
+cursor escape from the login prompt using arrows or escape sequences.
+
+ICANON is the default in most cases anyway. ECHOCTL is default on tty, but
+for example not on pty, allowing cursor to escape.
+
+Stanislav Brabec <sbrabec@suse.com>
+---
+ libpam_misc/misc_conv.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c
+index 7410e929..6b839b48 100644
+--- a/libpam_misc/misc_conv.c
++++ b/libpam_misc/misc_conv.c
+@@ -145,9 +145,10 @@ static int read_string(int echo, const char *prompt, char **retstr)
+ 	    return -1;
+ 	}
+ 	memcpy(&term_tmp, &term_before, sizeof(term_tmp));
+-	if (!echo) {
++	if (echo)
++	    term_tmp.c_lflag |= ICANON | ECHOCTL;
++	else
+ 	    term_tmp.c_lflag &= ~(ECHO);
+-	}
+ 	have_term = 1;
+ 
+ 	/*
+-- 
+2.45.2
+
diff --git a/pam.changes b/pam.changes
index cfad22d..2ed849d 100644
--- a/pam.changes
+++ b/pam.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Aug  7 14:44:56 UTC 2024 - Stanislav Brabec <sbrabec@suse.com>
+
+- Prevent cursor escape from the login prompt [bsc#1194818]
+  * Added: pam-bsc1194818-cursor-escape.patch
+
 -------------------------------------------------------------------
 Wed Apr 10 07:12:02 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
 
diff --git a/pam.spec b/pam.spec
index 75915f7..652fd7b 100644
--- a/pam.spec
+++ b/pam.spec
@@ -96,6 +96,7 @@ Source22:       postlogin-account.pamd
 Source23:       postlogin-password.pamd
 Source24:       postlogin-session.pamd
 Patch1:         pam-limit-nproc.patch
+Patch2:         pam-bsc1194818-cursor-escape.patch
 BuildRequires:  audit-devel
 BuildRequires:  bison
 BuildRequires:  flex