Accepting request 733118 from home:kukuk:etc

- Update to version 1.3.1+git20190923.ea78d67: * Fixed missing quotes in configure script * Add support for a vendor directory and libeconf (#136) * pam_lastlog: document the 'unlimited' option * pam_lastlog: prevent crash due to reduced 'fsize' limit * pam_unix_sess.c add uid for opening session * Fix the man page for "pam_fail_delay()" * Fix a typo * Update a function comment - drop usr-etc-support.patch (accepted upstream) - Add migration support from /etc to /usr/etc during upgrade - Update to version 1.3.1+git20190902.9de67ee: * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd - Update to version 1.3.1+git20190826.1b087ed: * libpam/pam_modutil_sanitize.c: optimize the way to close fds OBS-URL: https://build.opensuse.org/request/show/733118 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=195
2019-09-25 10:16:25 +00:00 · 2019-09-25 10:16:25 +00:00 · 2a42ae9f1f
commit 2a42ae9f1f
parent 9b6fc55e33
8 changed files with 145 additions and 103 deletions
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 <servicedata>
  <service name="tar_scm">
    <param name="url">git://github.com/linux-pam/linux-pam.git</param>
-    <param name="changesrevision">e31dd6c7d0faa7a06d3ebd50a0b6957b9f822d15</param>
+    <param name="changesrevision">ea78d6764353c5510b235846452e6810d009b78e</param>
 </service>
 </servicedata>
--- a/libeconf.patch
+++ b/libeconf.patch
@ -0,0 +1,74 @@
 diff --git a/libpam/Makefile.am b/libpam/Makefile.am
 index 875031e..9f27c16 100644
 --- a/libpam/Makefile.am
 +++ b/libpam/Makefile.am
@@ -3,7 +3,8 @@
 #
 AM_CFLAGS = -DDEFAULT_MODULE_PATH=\"$(SECUREDIR)/\" -DLIBPAM_COMPILE \
 -	-I$(srcdir)/include $(LIBPRELUDE_CFLAGS) -DPAM_VERSION=\"$(VERSION)\"
 +	-I$(srcdir)/include $(LIBPRELUDE_CFLAGS) \
 +	-DPAM_VERSION=\"$(VERSION)\" @ECONF_CFLAGS@
 if HAVE_LIBSELINUX
   AM_CFLAGS += -D"WITH_SELINUX"
 endif
@@ -21,7 +22,7 @@ noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \
 		pam_modutil_private.h
 libpam_la_LDFLAGS = -no-undefined -version-info 84:2:84
 -libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@
 +libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ @ECONF_LIBS@
 if HAVE_VERSIONING
   libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map
 diff --git a/libpam/pam_modutil_searchkey.c b/libpam/pam_modutil_searchkey.c
 index 338b44f..8e4061f 100644
 --- a/libpam/pam_modutil_searchkey.c
 +++ b/libpam/pam_modutil_searchkey.c
@@ -13,9 +13,34 @@
 #include <string.h>
 #include <stdlib.h>
 #include <ctype.h>
 +#ifdef USE_ECONF
 +#include <libeconf.h>
 +#endif
 #define BUF_SIZE 8192
 +#ifdef USE_ECONF
 +#define LOGIN_DEFS "/etc/login.defs"
 +
 +static char *
 +econf_search_key (const char *name, const char *suffix, const char *key)
 +{
 +  econf_file *key_file = NULL;
 +  char *val;
 +
 +  if (econf_readDirs (&key_file, "/usr/etc", "/etc", name, suffix, " \t", "#"))
 +    return NULL;
 +
 +  if (econf_getStringValue (key_file, NULL, key, &val))
 +    return NULL;
 +
 +  econf_free (key_file);
 +
 +  return val;
 +}
 +
 +#endif
 +
 /* lookup a value for key in login.defs file or similar key value format */
 char *
 pam_modutil_search_key(pam_handle_t *pamh UNUSED,
@@ -27,6 +52,11 @@ pam_modutil_search_key(pam_handle_t *pamh UNUSED,
 	size_t buflen = 0;
 	char *retval = NULL;
 +#ifdef USE_ECONF
 +	if (strcmp (file_name, LOGIN_DEFS) == 0)
 +	  return econf_search_key ("login", ".defs", key);
 +#endif
 +
 	fp = fopen(file_name, "r");
 	if (NULL == fp)
 		return NULL;
--- a/linux-pam-1.3.1+git20190807.e31dd6c.tar.xz
+++ b/linux-pam-1.3.1+git20190807.e31dd6c.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:5203477a4c8ea91e038e08f18efeb3836aa7b395de8b518f405eb3f43ea7fdbf
 size 530264
--- a/linux-pam-1.3.1+git20190923.ea78d67.tar.xz
+++ b/linux-pam-1.3.1+git20190923.ea78d67.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:a56e27836c298e46b09e14d6d3aaa78d1e9e02dee8785818141ea73fa4e4622f
 size 970564
--- a/linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz
+++ b/linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:89397d7cb52e6a331b766d6219c6aaf3e3cc57c384ef8223f10c1f0ff4217bac
 size 64012
--- a/pam.changes
+++ b/pam.changes
@ -1,3 +1,34 @@
 -------------------------------------------------------------------
 Tue Sep 24 11:15:19 UTC 2019 - kukuk@suse.com
 - Update to version 1.3.1+git20190923.ea78d67:
  * Fixed missing quotes in configure script
  * Add support for a vendor directory and libeconf (#136)
  * pam_lastlog: document the 'unlimited' option
  * pam_lastlog: prevent crash due to reduced 'fsize' limit
  * pam_unix_sess.c add uid for opening session
  * Fix the man page for "pam_fail_delay()"
  * Fix a typo
  * Update a function comment
 - drop usr-etc-support.patch (accepted upstream)
 -------------------------------------------------------------------
 Thu Sep  5 10:09:05 CEST 2019 - kukuk@suse.de
 - Add migration support from /etc to /usr/etc during upgrade
 -------------------------------------------------------------------
 Wed Sep 04 19:06:01 UTC 2019 - kukuk@suse.com
 - Update to version 1.3.1+git20190902.9de67ee:
  * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd
 -------------------------------------------------------------------
 Tue Aug 27 18:41:10 UTC 2019 - kukuk@suse.com
 - Update to version 1.3.1+git20190826.1b087ed:
  * libpam/pam_modutil_sanitize.c: optimize the way to close fds
 -------------------------------------------------------------------
 Thu Aug 22 20:29:24 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
--- a/pam.spec
+++ b/pam.spec
@ -16,6 +16,11 @@
 #
 %if ! %{defined _distconfdir}
  %define _distconfdir %{_sysconfdir}
  %define config_noreplace 1
 %endif
 #
 %define enable_selinux 1
 %define libpam_so_version 0.84.2
@ -23,7 +28,7 @@
 %define libpamc_so_version 0.82.1
 Name:           pam
 #
-Version:        1.3.1+git20190807.e31dd6c
+Version:        1.3.1+git20190923.ea78d67
 Release:        0
 Summary:        A Security Tool that Provides Authentication for Applications
 License:        GPL-2.0-or-later OR BSD-3-Clause
@ -31,7 +36,6 @@ Group:          System/Libraries
 URL:            http://www.linux-pam.org/
 Source:         linux-pam-%{version}.tar.xz
 Source1:        Linux-PAM-1.3.1-docs.tar.xz
 Source2:        linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz
 Source3:        other.pamd
 Source4:        common-auth.pamd
 Source5:        common-account.pamd
@ -46,7 +50,6 @@ Patch0:         fix-man-links.dif
 Patch2:         pam-limit-nproc.patch
 Patch4:         pam-hostnames-in-access_conf.patch
 Patch5:         use-correct-IP-address.patch
 Patch6:         usr-etc-support.patch
 BuildRequires:  audit-devel
 # Remove with next version update:
 BuildRequires:  autoconf
@ -64,6 +67,7 @@ Requires(post): permissions
 %if 0%{?suse_version} > 1320
 BuildRequires:  libdb-4_8-devel
 BuildRequires:  xz
 BuildRequires:  pkgconfig(libeconf)
 BuildRequires:  pkgconfig(libnsl)
 BuildRequires:  pkgconfig(libtirpc)
 %endif
@ -109,14 +113,13 @@ This package contains header files and static libraries used for
 building both PAM-aware applications and modules for use with PAM.
 %prep
-%setup -q -n linux-pam-%{version} -b 1 -a 2
+%setup -q -n linux-pam-%{version} -b 1
 cp -av ../Linux-PAM-1.3.1/* .
 cp -a %{SOURCE12} .
 %patch0 -p1
 %patch2 -p1
 %patch4
 %patch5 -p1
 %patch6
 %build
 bash ./pam-login_defs-check.sh
@ -130,7 +133,8 @@ export CFLAGS="%{optflags} -DNDEBUG"
 	--pdfdir=%{_docdir}/pam/pdf \
        --libdir=/%{_lib} \
 	--enable-isadir=../../%{_lib}/security \
-        --enable-securedir=/%{_lib}/security
+        --enable-securedir=/%{_lib}/security \
 	--enable-vendordir=%{_distconfdir}
 make %{?_smp_mflags}
 gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/linux-pam-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/linux-pam-%{version}/libpam/.libs/ -lpam
@ -139,7 +143,7 @@ make %{?_smp_mflags} check
 %install
 mkdir -p %{buildroot}%{_sysconfdir}/pam.d
-mkdir -p %{buildroot}%{_prefix}%{_sysconfdir}/pam.d
+mkdir -p %{buildroot}%{_distconfdir}/pam.d
 mkdir -p %{buildroot}%{_includedir}/security
 mkdir -p %{buildroot}/%{_lib}/security
 mkdir -p %{buildroot}/sbin
@ -149,20 +153,20 @@ mkdir -p -m 755 %{buildroot}%{_libdir}
 # Install documentation
 %make_install -C doc
 # install securetty
-install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}
+install -m 644 %{SOURCE8} %{buildroot}%{_distconfdir}
 %ifarch s390 s390x
 for i in ttyS0 ttyS1 hvc0 hvc1 hvc2 hvc3 hvc4 hvc5 hvc6 hvc7 sclp_line0 ttysclp0; do
-	echo "$i" >>%{buildroot}/%{_sysconfdir}/securetty
+	echo "$i" >>%{buildroot}/%{_distconfdir}/securetty
 done
 %endif
 # install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript
 install -d %{buildroot}%{_sysconfdir}/security/namespace.d
 # install other.pamd and common-*.pamd
-install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/other
+install -m 644 %{SOURCE3} %{buildroot}%{_distconfdir}/pam.d/other
-install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/common-auth
+install -m 644 %{SOURCE4} %{buildroot}%{_distconfdir}/pam.d/common-auth
-install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/common-account
+install -m 644 %{SOURCE5} %{buildroot}%{_distconfdir}/pam.d/common-account
-install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pam.d/common-password
+install -m 644 %{SOURCE6} %{buildroot}%{_distconfdir}/pam.d/common-password
-install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pam.d/common-session
+install -m 644 %{SOURCE7} %{buildroot}%{_distconfdir}/pam.d/common-session
 rm %{buildroot}/%{_lib}/libpam.so
 ln -sf ../../%{_lib}/libpam.so.%{libpam_so_version} %{buildroot}%{_libdir}/libpam.so
 rm %{buildroot}/%{_lib}/libpamc.so
@ -210,15 +214,32 @@ install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/
 %postun -p /sbin/ldconfig
 %pre
 for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do
  test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||:
 done
 %posttrans
 # Migration to /usr/etc.
 for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do
  test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||:
 done
 %files -f Linux-PAM.lang
 %dir %{_sysconfdir}/pam.d
-%dir %{_prefix}%{_sysconfdir}/pam.d
+%dir %{_distconfdir}/pam.d
 %dir %{_sysconfdir}/security
 %dir %{_sysconfdir}/security/limits.d
 %dir %{_defaultdocdir}/pam
 %if %{defined config_noreplace}
 %config(noreplace) %{_sysconfdir}/pam.d/other
 %config(noreplace) %{_sysconfdir}/pam.d/common-*
 %config(noreplace) %{_sysconfdir}/securetty
 %else
 %{_distconfdir}/pam.d/other
 %{_distconfdir}/pam.d/common-*
 %{_distconfdir}/securetty
 %endif
 %config(noreplace) %{_sysconfdir}/environment
 %config(noreplace) %{_sysconfdir}/security/access.conf
 %config(noreplace) %{_sysconfdir}/security/group.conf
--- a/usr-etc-support.patch
+++ b/usr-etc-support.patch
@ -1,81 +0,0 @@
 --- doc/man/pam.8.xml
 +++ doc/man/pam.8.xml	2019/08/16 13:37:44
@@ -53,11 +53,13 @@
     <para>
       Vendor-supplied PAM configuration files might be installed in
 -      the system directory <filename>/usr/lib/pam.d/</filename> instead
 +      the system directory <filename>/usr/lib/pam.d/</filename> or
 +      <filename>/usr/etc/pam.d/</filename> instead
       of the machine configuration directory <filename>/etc/pam.d/</filename>.
       If no machine configuration file is found, the vendor-supplied file
       is used. All files in <filename>/etc/pam.d/</filename> override
 -      files with the same name in <filename>/usr/lib/pam.d/</filename>.
 +      files with the same name in <filename>/usr/lib/pam.d/</filename>,
 +      which override files with the same name in <filename>/usr/etc/pam.d/</filename>.
     </para>
 <para>From the point of view of the system administrator, for whom this
@@ -157,6 +159,16 @@
           </para>
         </listitem>
       </varlistentry>
 +      <term><filename>/usr/etc/pam.d</filename></term>
 +        <listitem>
 +          <para>
 +            the <emphasis remap='B'>Linux-PAM</emphasis> vendor configuration
 +	    directory. Files in <filename>/etc/pam.d</filename> and
 +	    <filename>/usr/lib/pam.d</filename> override files with the same
 +	    name in this directory.
 +          </para>
 +        </listitem>
 +      </varlistentry>
     </variablelist>
   </refsect1>
 --- libpam/pam_handlers.c
 +++ libpam/pam_handlers.c	2019/08/16 13:35:31
@@ -329,6 +329,21 @@
 	    *file = f;
 	    return PAM_SUCCESS;
     }
 +
 +    /* System Configuration /usr/etc/pam.d/ */
 +    _pam_drop(p);
 +    if (asprintf (&p, PAM_CONFIG_DIST2_DF, service) < 0) {
 +        pam_syslog(pamh, LOG_CRIT, "asprintf failed");
 +        return PAM_BUF_ERR;
 +    }
 +    D(("opening %s", p));
 +    f = fopen(p, "r");
 +    if (f != NULL) {
 +            *path = p;
 +            *file = f;
 +            return PAM_SUCCESS;
 +    }
 +
     _pam_drop(p);
     return PAM_ABORT;
@@ -447,7 +462,8 @@
 	/* Is there a PAM_CONFIG_D directory? */
 	if ((stat(PAM_CONFIG_D, &test_d) == 0 && S_ISDIR(test_d.st_mode)) ||
 -	    (stat(PAM_CONFIG_DIST_D, &test_d) == 0 && S_ISDIR(test_d.st_mode))) {
 +	    (stat(PAM_CONFIG_DIST_D, &test_d) == 0 && S_ISDIR(test_d.st_mode)) ||
 +	    (stat(PAM_CONFIG_DIST2_D, &test_d) == 0 && S_ISDIR(test_d.st_mode))) {
 	    char *path = NULL;
 	    int read_something=0;
 --- libpam/pam_private.h
 +++ libpam/pam_private.h	2019/08/16 13:33:04
@@ -29,6 +29,9 @@
 #define PAM_CONFIG_DF      "/etc/pam.d/%s"
 #define PAM_CONFIG_DIST_D  "/usr/lib/pam.d"
 #define PAM_CONFIG_DIST_DF "/usr/lib/pam.d/%s"
 +#define PAM_CONFIG_DIST2_D  "/usr/etc/pam.d"
 +#define PAM_CONFIG_DIST2_DF "/usr/etc/pam.d/%s"
 +
 #define PAM_DEFAULT_SERVICE        "other"     /* lower case */