diff --git a/Linux-PAM-1.3.1-docs.tar.xz b/Linux-PAM-1.3.1-docs.tar.xz deleted file mode 100644 index 6317d16..0000000 --- a/Linux-PAM-1.3.1-docs.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3bb80257cc61f23956d8df43ea31cadeeb3b4cdb69d46006a70b377c139e37ca -size 459552 diff --git a/Linux-PAM-1.4.0-docs.tar.xz b/Linux-PAM-1.4.0-docs.tar.xz new file mode 100644 index 0000000..273819e --- /dev/null +++ b/Linux-PAM-1.4.0-docs.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:351764a0643052564a4b840320744c7e402112a2a57d2ac04511a6d22dc52e04 +size 477712 diff --git a/Linux-PAM-1.4.0.tar.xz b/Linux-PAM-1.4.0.tar.xz new file mode 100644 index 0000000..fedf45f --- /dev/null +++ b/Linux-PAM-1.4.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cd6d928c51e64139be3bdb38692c68183a509b83d4f2c221024ccd4bcddfd034 +size 988908 diff --git a/baselibs.conf b/baselibs.conf index 4cd0578..aa1a812 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,2 +1,4 @@ pam +pam-extra +pam-deprecated pam-devel diff --git a/common-password.pamd b/common-password.pamd index 1baf490..83e9109 100644 --- a/common-password.pamd +++ b/common-password.pamd @@ -8,5 +8,4 @@ # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # -password requisite pam_cracklib.so -password required pam_unix.so use_authtok nullok try_first_pass +password required pam_unix.so nullok diff --git a/fix-man-links.dif b/fix-man-links.dif deleted file mode 100644 index 04fe917..0000000 --- a/fix-man-links.dif +++ /dev/null @@ -1,56 +0,0 @@ -Index: Linux-PAM-1.1.8/doc/man/pam.8 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam.8 -+++ Linux-PAM-1.1.8/doc/man/pam.8 -@@ -1 +1 @@ --.so PAM.8 -+.so man8/PAM.8 -Index: Linux-PAM-1.1.8/doc/man/pam.d.5 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam.d.5 -+++ Linux-PAM-1.1.8/doc/man/pam.d.5 -@@ -1 +1 @@ --.so pam.conf.5 -+.so man5/pam.conf.5 -Index: Linux-PAM-1.1.8/doc/man/pam_get_authtok_noverify.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_get_authtok_noverify.3 -+++ Linux-PAM-1.1.8/doc/man/pam_get_authtok_noverify.3 -@@ -1 +1 @@ --.so pam_get_authtok.3 -+.so man3/pam_get_authtok.3 -Index: Linux-PAM-1.1.8/doc/man/pam_get_authtok_verify.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_get_authtok_verify.3 -+++ Linux-PAM-1.1.8/doc/man/pam_get_authtok_verify.3 -@@ -1 +1 @@ --.so pam_get_authtok.3 -+.so man3/pam_get_authtok.3 -Index: Linux-PAM-1.1.8/doc/man/pam_verror.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_verror.3 -+++ Linux-PAM-1.1.8/doc/man/pam_verror.3 -@@ -1 +1 @@ --.so pam_error.3 -+.so man3/pam_error.3 -Index: Linux-PAM-1.1.8/doc/man/pam_vinfo.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_vinfo.3 -+++ Linux-PAM-1.1.8/doc/man/pam_vinfo.3 -@@ -1 +1 @@ --.so pam_info.3 -+.so man3/pam_info.3 -Index: Linux-PAM-1.1.8/doc/man/pam_vprompt.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_vprompt.3 -+++ Linux-PAM-1.1.8/doc/man/pam_vprompt.3 -@@ -1 +1 @@ --.so pam_prompt.3 -+.so man3/pam_prompt.3 -Index: Linux-PAM-1.1.8/doc/man/pam_vsyslog.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_vsyslog.3 -+++ Linux-PAM-1.1.8/doc/man/pam_vsyslog.3 -@@ -1 +1 @@ --.so pam_syslog.3 -+.so man3/pam_syslog.3 diff --git a/linux-pam-1.3.1+git20190923.ea78d67.tar.xz b/linux-pam-1.3.1+git20190923.ea78d67.tar.xz deleted file mode 100644 index bb14cc8..0000000 --- a/linux-pam-1.3.1+git20190923.ea78d67.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a56e27836c298e46b09e14d6d3aaa78d1e9e02dee8785818141ea73fa4e4622f -size 970564 diff --git a/pam-hostnames-in-access_conf.patch b/pam-hostnames-in-access_conf.patch index 7650754..3f2c1f9 100644 --- a/pam-hostnames-in-access_conf.patch +++ b/pam-hostnames-in-access_conf.patch @@ -1,8 +1,8 @@ -Index: modules/pam_access/pam_access.c +Index: Linux-PAM-1.3.91/modules/pam_access/pam_access.c =================================================================== ---- modules/pam_access/pam_access.c.orig -+++ modules/pam_access/pam_access.c -@@ -692,10 +692,10 @@ string_match (pam_handle_t *pamh, const +--- Linux-PAM-1.3.91.orig/modules/pam_access/pam_access.c ++++ Linux-PAM-1.3.91/modules/pam_access/pam_access.c +@@ -699,10 +699,10 @@ string_match (pam_handle_t *pamh, const return (NO); } @@ -15,7 +15,7 @@ Index: modules/pam_access/pam_access.c */ static int network_netmask_match (pam_handle_t *pamh, -@@ -704,10 +704,14 @@ network_netmask_match (pam_handle_t *pam +@@ -711,10 +711,14 @@ network_netmask_match (pam_handle_t *pam char *netmask_ptr; char netmask_string[MAXHOSTNAMELEN + 1]; int addr_type; @@ -31,7 +31,7 @@ Index: modules/pam_access/pam_access.c /* OK, check if tok is of type addr/mask */ if ((netmask_ptr = strchr(tok, '/')) != NULL) { -@@ -717,7 +721,7 @@ network_netmask_match (pam_handle_t *pam +@@ -724,7 +728,7 @@ network_netmask_match (pam_handle_t *pam *netmask_ptr = 0; netmask_ptr++; @@ -40,7 +40,7 @@ Index: modules/pam_access/pam_access.c { /* no netaddr */ return NO; } -@@ -739,19 +743,47 @@ network_netmask_match (pam_handle_t *pam +@@ -748,19 +752,47 @@ network_netmask_match (pam_handle_t *pam netmask_ptr = number_to_netmask(netmask, addr_type, netmask_string, MAXHOSTNAMELEN); } @@ -93,7 +93,7 @@ Index: modules/pam_access/pam_access.c memset (&hint, '\0', sizeof (hint)); hint.ai_flags = AI_CANONNAME; hint.ai_family = AF_UNSPEC; -@@ -764,27 +796,52 @@ network_netmask_match (pam_handle_t *pam +@@ -773,29 +805,54 @@ network_netmask_match (pam_handle_t *pam else { struct addrinfo *runp = item->res; @@ -103,29 +103,31 @@ Index: modules/pam_access/pam_access.c { char buf[INET6_ADDRSTRLEN]; + DIAG_PUSH_IGNORE_CAST_ALIGN; - inet_ntop (runp->ai_family, - runp->ai_family == AF_INET - ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr - : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, - buf, sizeof (buf)); + (void) getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST); + DIAG_POP_IGNORE_CAST_ALIGN; - if (are_addresses_equal(buf, tok, netmask_ptr)) + for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) { - return YES; -+ char buf1[INET6_ADDRSTRLEN]; ++ char buf1[INET6_ADDRSTRLEN]; + -+ if (runp->ai_family != runp1->ai_family) -+ continue; ++ if (runp->ai_family != runp1->ai_family) ++ continue; + -+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); ++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); + -+ if (are_addresses_equal (buf, buf1, netmask_ptr)) -+ { -+ freeaddrinfo(ai); -+ return YES; -+ } ++ if (are_addresses_equal (buf, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } } runp = runp->ai_next; } @@ -134,20 +136,20 @@ Index: modules/pam_access/pam_access.c else - return (are_addresses_equal(string, tok, netmask_ptr)); + { -+ struct addrinfo *runp1; ++ struct addrinfo *runp1; + -+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) -+ { -+ char buf1[INET6_ADDRSTRLEN]; ++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) ++ { ++ char buf1[INET6_ADDRSTRLEN]; + -+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); ++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); + -+ if (are_addresses_equal(string, buf1, netmask_ptr)) -+ { -+ freeaddrinfo(ai); -+ return YES; -+ } -+ } ++ if (are_addresses_equal(string, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } ++ } + } + + freeaddrinfo(ai); diff --git a/pam.changes b/pam.changes index 58e0c2a..f2c199e 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,82 @@ +------------------------------------------------------------------- +Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk + +- Update to final 1.4.0 release + - includes pam-check-user-home-dir.patch + - obsoletes fix-man-links.dif + +------------------------------------------------------------------- +Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk + +- common-password: remove pam_cracklib, as that is deprecated. + +------------------------------------------------------------------- +Thu May 28 12:36:33 UTC 2020 - Josef Möllers + +- pam_setquota.so: + When setting quota, don't apply any quota if the user's $HOME is + a mountpoint (ie the user has a partition of his/her own). + [bsc#1171721, pam-check-user-home-dir.patch] + +------------------------------------------------------------------- +Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - pam_tally* and pam_cracklib got deprecated +- Disable pam_faillock and pam_setquota until they are whitelisted + +------------------------------------------------------------------- +Tue May 12 11:44:19 UTC 2020 - Josef Möllers + +- Adapted patch pam-hostnames-in-access_conf.patch for new version + New version obsoleted patch use-correct-IP-address.patch + [pam-hostnames-in-access_conf.patch, + use-correct-IP-address.patch] + +------------------------------------------------------------------- +Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Obsoletes pam_namespace-systemd.diff + +------------------------------------------------------------------- +Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Add pam_faillock + - Multiple minor bug fixes and documentation improvements + - Fixed grammar of messages printed via pam_prompt + - Added support for a vendor directory and libeconf + - configure: Allowed disabling documentation through --disable-doc + - pam_get_authtok_verify: Avoid duplicate password verification + - pam_env: Changed the default to not read the user .pam_environment file + - pam_group, pam_time: Fixed logical error with multiple ! operators + - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session + - pam_lastlog: Do not log info about failed login if the session was opened + with PAM_SILENT flag + - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs + - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' + limit + - pam_motd: Export MOTD_SHOWN=pam after showing MOTD + - pam_motd: Support multiple motd paths specified, with filename overrides + - pam_namespace: Added a systemd service, which creates the namespaced + instance parent directories during boot + - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts + - pam_shells: Recognize /bin/sh as the default shell + - pam_succeed_if: Support lists in group membership checks + - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE + - pam_umask: Added new 'nousergroups' module argument and allowed specifying + the default for usergroups at build-time + - pam_unix: Added 'nullresetok' option to allow resetting blank passwords + - pam_unix: Report unusable hashes found by checksalt to syslog + - pam_unix: Support for (gost-)yescrypt hashing methods + - pam_unix: Use bcrypt b-variant when it bcrypt is chosen + - pam_usertype: New module to tell if uid is in login.defs ranges + - Added new API call pam_start_confdir() for special applications that + cannot use the system-default PAM configuration paths and need to + explicitly specify another path +- pam_namespace-systemd.diff: fix path of pam_namespace.services + ------------------------------------------------------------------- Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel diff --git a/pam.spec b/pam.spec index 4c676d8..cff51f0 100644 --- a/pam.spec +++ b/pam.spec @@ -16,26 +16,25 @@ # +# +%define enable_selinux 1 +%define libpam_so_version 0.85.1 +%define libpam_misc_so_version 0.82.1 +%define libpamc_so_version 0.82.1 %if ! %{defined _distconfdir} %define _distconfdir %{_sysconfdir} %define config_noreplace 1 %endif - -# -%define enable_selinux 1 -%define libpam_so_version 0.84.2 -%define libpam_misc_so_version 0.82.1 -%define libpamc_so_version 0.82.1 Name: pam # -Version: 1.3.1+git20190923.ea78d67 +Version: 1.4.0 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause Group: System/Libraries URL: http://www.linux-pam.org/ -Source: linux-pam-%{version}.tar.xz -Source1: Linux-PAM-1.3.1-docs.tar.xz +Source: Linux-PAM-%{version}.tar.xz +Source1: Linux-PAM-%{version}-docs.tar.xz Source3: other.pamd Source4: common-auth.pamd Source5: common-account.pamd @@ -46,24 +45,19 @@ Source9: baselibs.conf Source10: unix2_chkpwd.c Source11: unix2_chkpwd.8 Source12: pam-login_defs-check.sh -Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch -Patch5: use-correct-IP-address.patch BuildRequires: audit-devel -# Remove with next version update: -BuildRequires: autoconf -BuildRequires: automake BuildRequires: bison BuildRequires: cracklib-devel BuildRequires: flex BuildRequires: libtool +BuildRequires: xz +Requires(post): permissions # All login.defs variables require support from shadow side. # Upgrade this symbol version only if new variables appear! # Verify by shadow-login_defs-check.sh from shadow source package. Recommends: login_defs-support-for-pam >= 1.3.1 -Requires(post): permissions -BuildRequires: xz %if 0%{?suse_version} > 1320 BuildRequires: pkgconfig(libeconf) BuildRequires: pkgconfig(libnsl) @@ -84,7 +78,7 @@ having to recompile programs that do authentication. %package extra Summary: PAM module to authenticate against a separate database -Group: System/Libraries%description +Group: System/Libraries BuildRequires: libdb-4_8-devel BuildRequires: pam-devel @@ -125,18 +119,29 @@ having to recompile programs which do authentication. This package contains header files and static libraries used for building both PAM-aware applications and modules for use with PAM. +%package deprecated +Summary: Deprecated PAM Modules +Group: System/Libraries +Provides: pam:/%{_lib}/security/pam_cracklib.so +Provides: pam:/%{_lib}/security/pam_tally2.so + +%description deprecated +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains deprecated extra modules like pam_cracklib and +pam_tally2, which are no longer supported upstream and will be completly +removed with one of the next releases. + %prep -%setup -q -n linux-pam-%{version} -b 1 -cp -av ../Linux-PAM-1.3.1/* . +%setup -q -n Linux-PAM-%{version} -b 1 cp -a %{SOURCE12} . -%patch0 -p1 %patch2 -p1 -%patch4 -%patch5 -p1 +%patch4 -p1 %build bash ./pam-login_defs-check.sh -./autogen.sh export CFLAGS="%{optflags} -DNDEBUG" %configure \ --sbindir=/sbin \ @@ -147,12 +152,13 @@ export CFLAGS="%{optflags} -DNDEBUG" --libdir=/%{_lib} \ --enable-isadir=../../%{_lib}/security \ --enable-securedir=/%{_lib}/security \ - --enable-vendordir=%{_distconfdir} + --enable-vendordir=%{_distconfdir} \ + --enable-tally2 --enable-cracklib make %{?_smp_mflags} -gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/linux-pam-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/linux-pam-%{version}/libpam/.libs/ -lpam +gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam %check -make %{?_smp_mflags} check +%make_build check %install mkdir -p %{buildroot}%{_sysconfdir}/pam.d @@ -204,13 +210,8 @@ for i in pam_*/README; do cp -fpv "$i" "$DOC/modules/README.${i%/*}" done popd -# -# pam_tally is deprecated since ages -# -rm -f %{buildroot}/%{_lib}/security/pam_tally.so -rm -f %{buildroot}/sbin/pam_tally -rm -f %{buildroot}%{_mandir}/man8/pam_tally.8* -rm -f %{buildroot}%{_defaultdocdir}/pam/modules/README.pam_tally +# XXX Remove until whitelisted +rm %{buildroot}/%{_lib}/security/pam_faillock.so # Install unix2_chkpwd install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}/sbin/ install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ @@ -227,16 +228,15 @@ install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ %set_permissions /sbin/unix2_chkpwd %postun -p /sbin/ldconfig - %pre for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do - test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||: + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: done %posttrans # Migration to /usr/etc. for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do - test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||: + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: done %files -f Linux-PAM.lang @@ -258,6 +258,7 @@ done %config(noreplace) %{_sysconfdir}/environment %config(noreplace) %{_sysconfdir}/security/access.conf %config(noreplace) %{_sysconfdir}/security/group.conf +%config(noreplace) %{_sysconfdir}/security/faillock.conf %config(noreplace) %{_sysconfdir}/security/limits.conf %config(noreplace) %{_sysconfdir}/security/pam_env.conf %if %{enable_selinux} @@ -272,54 +273,57 @@ done %{_mandir}/man5/environment.5%{?ext_man} %{_mandir}/man5/*.conf.5%{?ext_man} %{_mandir}/man5/pam.d.5%{?ext_man} -%{_mandir}/man8/mkhomedir_helper.8.gz -%{_mandir}/man8/pam.8.gz -%{_mandir}/man8/PAM.8.gz -%{_mandir}/man8/pam_access.8.gz -%{_mandir}/man8/pam_cracklib.8.gz -%{_mandir}/man8/pam_debug.8.gz -%{_mandir}/man8/pam_deny.8.gz -%{_mandir}/man8/pam_echo.8.gz -%{_mandir}/man8/pam_env.8.gz -%{_mandir}/man8/pam_exec.8.gz -%{_mandir}/man8/pam_faildelay.8.gz -%{_mandir}/man8/pam_filter.8.gz -%{_mandir}/man8/pam_ftp.8.gz -%{_mandir}/man8/pam_group.8.gz -%{_mandir}/man8/pam_issue.8.gz -%{_mandir}/man8/pam_keyinit.8.gz -%{_mandir}/man8/pam_lastlog.8.gz -%{_mandir}/man8/pam_limits.8.gz -%{_mandir}/man8/pam_listfile.8.gz -%{_mandir}/man8/pam_localuser.8.gz -%{_mandir}/man8/pam_loginuid.8.gz -%{_mandir}/man8/pam_mail.8.gz -%{_mandir}/man8/pam_mkhomedir.8.gz -%{_mandir}/man8/pam_motd.8.gz -%{_mandir}/man8/pam_namespace.8.gz -%{_mandir}/man8/pam_nologin.8.gz -%{_mandir}/man8/pam_permit.8.gz -%{_mandir}/man8/pam_pwhistory.8.gz -%{_mandir}/man8/pam_rhosts.8.gz -%{_mandir}/man8/pam_rootok.8.gz -%{_mandir}/man8/pam_securetty.8.gz -%{_mandir}/man8/pam_selinux.8.gz -%{_mandir}/man8/pam_sepermit.8.gz -%{_mandir}/man8/pam_shells.8.gz -%{_mandir}/man8/pam_succeed_if.8.gz -%{_mandir}/man8/pam_tally2.8.gz -%{_mandir}/man8/pam_time.8.gz -%{_mandir}/man8/pam_timestamp.8.gz -%{_mandir}/man8/pam_timestamp_check.8.gz -%{_mandir}/man8/pam_tty_audit.8.gz -%{_mandir}/man8/pam_umask.8.gz -%{_mandir}/man8/pam_unix.8.gz -%{_mandir}/man8/pam_warn.8.gz -%{_mandir}/man8/pam_wheel.8.gz -%{_mandir}/man8/pam_xauth.8.gz -%{_mandir}/man8/unix_chkpwd.8.gz -%{_mandir}/man8/unix2_chkpwd.8.gz -%{_mandir}/man8/unix_update.8.gz +%{_mandir}/man8/PAM.8%{?ext_man} +%{_mandir}/man8/faillock.8%{?ext_man} +%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} +%{_mandir}/man8/pam.8%{?ext_man} +%{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_debug.8%{?ext_man} +%{_mandir}/man8/pam_deny.8%{?ext_man} +%{_mandir}/man8/pam_echo.8%{?ext_man} +%{_mandir}/man8/pam_env.8%{?ext_man} +%{_mandir}/man8/pam_exec.8%{?ext_man} +%{_mandir}/man8/pam_faildelay.8%{?ext_man} +%{_mandir}/man8/pam_faillock.8%{?ext_man} +%{_mandir}/man8/pam_filter.8%{?ext_man} +%{_mandir}/man8/pam_ftp.8%{?ext_man} +%{_mandir}/man8/pam_group.8%{?ext_man} +%{_mandir}/man8/pam_issue.8%{?ext_man} +%{_mandir}/man8/pam_keyinit.8%{?ext_man} +%{_mandir}/man8/pam_lastlog.8%{?ext_man} +%{_mandir}/man8/pam_limits.8%{?ext_man} +%{_mandir}/man8/pam_listfile.8%{?ext_man} +%{_mandir}/man8/pam_localuser.8%{?ext_man} +%{_mandir}/man8/pam_loginuid.8%{?ext_man} +%{_mandir}/man8/pam_mail.8%{?ext_man} +%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} +%{_mandir}/man8/pam_motd.8%{?ext_man} +%{_mandir}/man8/pam_namespace.8%{?ext_man} +%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} +%{_mandir}/man8/pam_nologin.8%{?ext_man} +%{_mandir}/man8/pam_permit.8%{?ext_man} +%{_mandir}/man8/pam_pwhistory.8%{?ext_man} +%{_mandir}/man8/pam_rhosts.8%{?ext_man} +%{_mandir}/man8/pam_rootok.8%{?ext_man} +%{_mandir}/man8/pam_securetty.8%{?ext_man} +%{_mandir}/man8/pam_selinux.8%{?ext_man} +%{_mandir}/man8/pam_sepermit.8%{?ext_man} +%{_mandir}/man8/pam_setquota.8%{?ext_man} +%{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_succeed_if.8%{?ext_man} +%{_mandir}/man8/pam_time.8%{?ext_man} +%{_mandir}/man8/pam_timestamp.8%{?ext_man} +%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} +%{_mandir}/man8/pam_tty_audit.8%{?ext_man} +%{_mandir}/man8/pam_umask.8%{?ext_man} +%{_mandir}/man8/pam_unix.8%{?ext_man} +%{_mandir}/man8/pam_usertype.8%{?ext_man} +%{_mandir}/man8/pam_warn.8%{?ext_man} +%{_mandir}/man8/pam_wheel.8%{?ext_man} +%{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/unix2_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_update.8%{?ext_man} /%{_lib}/libpam.so.0 /%{_lib}/libpam.so.%{libpam_so_version} /%{_lib}/libpamc.so.0 @@ -328,13 +332,13 @@ done /%{_lib}/libpam_misc.so.%{libpam_misc_so_version} %dir /%{_lib}/security /%{_lib}/security/pam_access.so -/%{_lib}/security/pam_cracklib.so /%{_lib}/security/pam_debug.so /%{_lib}/security/pam_deny.so /%{_lib}/security/pam_echo.so /%{_lib}/security/pam_env.so /%{_lib}/security/pam_exec.so /%{_lib}/security/pam_faildelay.so +#/%{_lib}/security/pam_faillock.so /%{_lib}/security/pam_filter.so %dir /%{_lib}/security/pam_filter /%{_lib}/security//pam_filter/upperLOWER @@ -361,10 +365,10 @@ done /%{_lib}/security/pam_selinux.so /%{_lib}/security/pam_sepermit.so %endif +/%{_lib}/security/pam_setquota.so /%{_lib}/security/pam_shells.so /%{_lib}/security/pam_stress.so /%{_lib}/security/pam_succeed_if.so -/%{_lib}/security/pam_tally2.so /%{_lib}/security/pam_time.so /%{_lib}/security/pam_timestamp.so /%{_lib}/security/pam_tty_audit.so @@ -374,20 +378,31 @@ done /%{_lib}/security/pam_unix_auth.so /%{_lib}/security/pam_unix_passwd.so /%{_lib}/security/pam_unix_session.so +/%{_lib}/security/pam_usertype.so /%{_lib}/security/pam_warn.so /%{_lib}/security/pam_wheel.so /%{_lib}/security/pam_xauth.so +/sbin/faillock /sbin/mkhomedir_helper -/sbin/pam_tally2 +/sbin/pam_namespace_helper /sbin/pam_timestamp_check %verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd %verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd %attr(0700,root,root) /sbin/unix_update +%{_unitdir}/pam_namespace.service %files extra %defattr(-,root,root,755) -%attr(755,root,root) /%{_lib}/security/pam_userdb.so -%attr(644,root,root) %doc %{_mandir}/man8/pam_userdb.8.gz +/%{_lib}/security/pam_userdb.so +%{_mandir}/man8/pam_userdb.8%{?ext_man} + +%files deprecated +%defattr(-,root,root,755) +/%{_lib}/security/pam_cracklib.so +/%{_lib}/security/pam_tally2.so +/sbin/pam_tally2 +%{_mandir}/man8/pam_cracklib.8%{?ext_man} +%{_mandir}/man8/pam_tally2.8%{?ext_man} %files doc %defattr(644,root,root,755) diff --git a/use-correct-IP-address.patch b/use-correct-IP-address.patch deleted file mode 100644 index 105a16c..0000000 --- a/use-correct-IP-address.patch +++ /dev/null @@ -1,34 +0,0 @@ -Index: Linux-PAM-1.3.1/modules/pam_access/pam_access.c -=================================================================== ---- Linux-PAM-1.3.1.orig/modules/pam_access/pam_access.c -+++ Linux-PAM-1.3.1/modules/pam_access/pam_access.c -@@ -716,7 +716,7 @@ network_netmask_match (pam_handle_t *pam - - if (item->debug) - pam_syslog (pamh, LOG_DEBUG, -- "network_netmask_match: tok=%s, item=%s", tok, string); -+ "network_netmask_match: tok=%s, string=%s", tok, string); - - /* OK, check if tok is of type addr/mask */ - if ((netmask_ptr = strchr(tok, '/')) != NULL) -@@ -734,7 +734,7 @@ network_netmask_match (pam_handle_t *pam - - /* check netmask */ - if (isipaddr(netmask_ptr, NULL, NULL) == NO) -- { /* netmask as integre value */ -+ { /* netmask as integer value */ - char *endptr = NULL; - netmask = strtol(netmask_ptr, &endptr, 0); - if ((endptr == netmask_ptr) || (*endptr != '\0')) -@@ -778,9 +778,9 @@ network_netmask_match (pam_handle_t *pam - - ai = NULL; /* just to be on the safe side */ - -- if (getaddrinfo (string, NULL, &hint, &ai) != 0) -+ if (getaddrinfo (tok, NULL, &hint, &ai) != 0) - { -- pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", string); -+ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); - - return NO; - }