- Update to current Linux-PAM snapshot

- Multiple minor bug fixes and documentation improvements - Fixed grammar of messages printed via pam_prompt - Added support for a vendor directory and libeconf - configure: Allowed disabling documentation through --disable-doc - pam_get_authtok_verify: Avoid duplicate password verification - pam_env: Changed the default to not read the user .pam_environment file - pam_group, pam_time: Fixed logical error with multiple ! operators - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session - pam_lastlog: Do not log info about failed login if the session was opened with PAM_SILENT flag - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' limit - pam_motd: Export MOTD_SHOWN=pam after showing MOTD - pam_motd: Support multiple motd paths specified, with filename overrides - pam_namespace: Added a systemd service, which creates the namespaced instance parent directories during boot - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts - pam_shells: Recognize /bin/sh as the default shell - pam_succeed_if: Support lists in group membership checks - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE - pam_umask: Added new 'nousergroups' module argument and allowed specifying the default for usergroups at build-time - pam_unix: Added 'nullresetok' option to allow resetting blank passwords - pam_unix: Report unusable hashes found by checksalt to syslog - pam_unix: Support for (gost-)yescrypt hashing methods - pam_unix: Use bcrypt b-variant when it bcrypt is chosen - pam_usertype: New module to tell if uid is in login.defs ranges - Added new API call pam_start_confdir() for special applications that OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=208
2020-05-12 09:30:59 +00:00 · 2020-05-12 09:30:59 +00:00 · db3a5fbd69
commit db3a5fbd69
parent 6726b029b0
7 changed files with 82 additions and 17 deletions
--- a/Linux-PAM-1.3.1-docs.tar.xz
+++ b/Linux-PAM-1.3.1-docs.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3bb80257cc61f23956d8df43ea31cadeeb3b4cdb69d46006a70b377c139e37ca
-size 459552
--- a/Linux-PAM-1.3.90-docs.tar.xz
+++ b/Linux-PAM-1.3.90-docs.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3c36209714f41cb58379be9330bf990e28affc0b51d89eab976a8b02ec5a9529
+size 464040
--- a/Linux-PAM-1.3.90.tar.xz
+++ b/Linux-PAM-1.3.90.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b1f6ade473809f6c2b284426cee67f3d2162ce791f7b26c56c2f8928e9be9f8c
+size 975768
--- a/linux-pam-1.3.1+git20190923.ea78d67.tar.xz
+++ b/linux-pam-1.3.1+git20190923.ea78d67.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a56e27836c298e46b09e14d6d3aaa78d1e9e02dee8785818141ea73fa4e4622f
-size 970564
--- a/pam.changes
+++ b/pam.changes
@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
+
+- Update to current Linux-PAM snapshot
+  - Multiple minor bug fixes and documentation improvements
+  - Fixed grammar of messages printed via pam_prompt
+  - Added support for a vendor directory and libeconf
+  - configure: Allowed disabling documentation through --disable-doc
+  - pam_get_authtok_verify: Avoid duplicate password verification
+  - pam_env: Changed the default to not read the user .pam_environment file
+  - pam_group, pam_time: Fixed logical error with multiple ! operators
+  - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session
+  - pam_lastlog: Do not log info about failed login if the session was opened
+                 with PAM_SILENT flag
+  - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs
+  - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize'
+                 limit
+  - pam_motd: Export MOTD_SHOWN=pam after showing MOTD
+  - pam_motd: Support multiple motd paths specified, with filename overrides
+  - pam_namespace: Added a systemd service, which creates the namespaced
+                   instance parent directories during boot
+  - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts
+  - pam_shells: Recognize /bin/sh as the default shell
+  - pam_succeed_if: Support lists in group membership checks
+  - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE
+  - pam_umask: Added new 'nousergroups' module argument and allowed specifying
+               the default for usergroups at build-time
+  - pam_unix: Added 'nullresetok' option to allow resetting blank passwords
+  - pam_unix: Report unusable hashes found by checksalt to syslog
+  - pam_unix: Support for (gost-)yescrypt hashing methods
+  - pam_unix: Use bcrypt b-variant when it bcrypt is chosen
+  - pam_usertype: New module to tell if uid is in login.defs ranges
+  - Added new API call pam_start_confdir() for special applications that
+    cannot use the system-default PAM configuration paths and need to
+    explicitly specify another path
+- pam_namespace-systemd.diff: fix path of pam_namespace.services
+
 -------------------------------------------------------------------
 Thu Apr  2 09:51:31 UTC 2020 - Ludwig Nussel <lnussel@suse.de>

--- a/pam.spec
+++ b/pam.spec
@ -23,19 +23,19 @@

 #
 %define enable_selinux 1
-%define libpam_so_version 0.84.2
+%define libpam_so_version 0.85.1
 %define libpam_misc_so_version 0.82.1
 %define libpamc_so_version 0.82.1
 Name:           pam
 #
-Version:        1.3.1+git20190923.ea78d67
+Version:        1.3.90
 Release:        0
 Summary:        A Security Tool that Provides Authentication for Applications
 License:        GPL-2.0-or-later OR BSD-3-Clause
 Group:          System/Libraries
 URL:            http://www.linux-pam.org/
-Source:         linux-pam-%{version}.tar.xz
-Source1:        Linux-PAM-1.3.1-docs.tar.xz
+Source:         Linux-PAM-%{version}.tar.xz
+Source1:        Linux-PAM-%{version}-docs.tar.xz
 Source3:        other.pamd
 Source4:        common-auth.pamd
 Source5:        common-account.pamd
@ -50,6 +50,7 @@ Patch0:         fix-man-links.dif
 Patch2:         pam-limit-nproc.patch
 Patch4:         pam-hostnames-in-access_conf.patch
 Patch5:         use-correct-IP-address.patch
+Patch6:         pam_namespace-systemd.diff
 BuildRequires:  audit-devel
 # Remove with next version update:
 BuildRequires:  autoconf
@ -76,6 +77,8 @@ BuildRequires:  libselinux-devel
 Requires(pre):  group(shadow)
 Requires(pre):  user(root)
 %endif
+BuildRequires:  autoconf
+BuildRequires:  automake

 %description
 PAM (Pluggable Authentication Modules) is a system security tool that
@ -126,17 +129,17 @@ This package contains header files and static libraries used for
 building both PAM-aware applications and modules for use with PAM.

 %prep
-%setup -q -n linux-pam-%{version} -b 1
-cp -av ../Linux-PAM-1.3.1/* .
+%setup -q -n Linux-PAM-%{version} -b 1
 cp -a %{SOURCE12} .
 %patch0 -p1
 %patch2 -p1
-%patch4
-%patch5 -p1
+#%patch4
+#%patch5 -p1
+%patch6 -p1

 %build
 bash ./pam-login_defs-check.sh
-./autogen.sh
+autoreconf -fiv
 export CFLAGS="%{optflags} -DNDEBUG"
 %configure \
 	--sbindir=/sbin \
@ -258,6 +261,7 @@ done
 %config(noreplace) %{_sysconfdir}/environment
 %config(noreplace) %{_sysconfdir}/security/access.conf
 %config(noreplace) %{_sysconfdir}/security/group.conf
+%config(noreplace) %{_sysconfdir}/security/faillock.conf
 %config(noreplace) %{_sysconfdir}/security/limits.conf
 %config(noreplace) %{_sysconfdir}/security/pam_env.conf
 %if %{enable_selinux}
@ -272,9 +276,10 @@ done
 %{_mandir}/man5/environment.5%{?ext_man}
 %{_mandir}/man5/*.conf.5%{?ext_man}
 %{_mandir}/man5/pam.d.5%{?ext_man}
+%{_mandir}/man8/PAM.8.gz
+%{_mandir}/man8/faillock.8.gz
 %{_mandir}/man8/mkhomedir_helper.8.gz
 %{_mandir}/man8/pam.8.gz
-%{_mandir}/man8/PAM.8.gz
 %{_mandir}/man8/pam_access.8.gz
 %{_mandir}/man8/pam_cracklib.8.gz
 %{_mandir}/man8/pam_debug.8.gz
@ -283,6 +288,7 @@ done
 %{_mandir}/man8/pam_env.8.gz
 %{_mandir}/man8/pam_exec.8.gz
 %{_mandir}/man8/pam_faildelay.8.gz
+%{_mandir}/man8/pam_faillock.8.gz
 %{_mandir}/man8/pam_filter.8.gz
 %{_mandir}/man8/pam_ftp.8.gz
 %{_mandir}/man8/pam_group.8.gz
@ -297,6 +303,7 @@ done
 %{_mandir}/man8/pam_mkhomedir.8.gz
 %{_mandir}/man8/pam_motd.8.gz
 %{_mandir}/man8/pam_namespace.8.gz
+%{_mandir}/man8/pam_namespace_helper.8.gz
 %{_mandir}/man8/pam_nologin.8.gz
 %{_mandir}/man8/pam_permit.8.gz
 %{_mandir}/man8/pam_pwhistory.8.gz
@ -305,6 +312,7 @@ done
 %{_mandir}/man8/pam_securetty.8.gz
 %{_mandir}/man8/pam_selinux.8.gz
 %{_mandir}/man8/pam_sepermit.8.gz
+%{_mandir}/man8/pam_setquota.8.gz
 %{_mandir}/man8/pam_shells.8.gz
 %{_mandir}/man8/pam_succeed_if.8.gz
 %{_mandir}/man8/pam_tally2.8.gz
@ -314,11 +322,12 @@ done
 %{_mandir}/man8/pam_tty_audit.8.gz
 %{_mandir}/man8/pam_umask.8.gz
 %{_mandir}/man8/pam_unix.8.gz
+%{_mandir}/man8/pam_usertype.8.gz
 %{_mandir}/man8/pam_warn.8.gz
 %{_mandir}/man8/pam_wheel.8.gz
 %{_mandir}/man8/pam_xauth.8.gz
-%{_mandir}/man8/unix_chkpwd.8.gz
 %{_mandir}/man8/unix2_chkpwd.8.gz
+%{_mandir}/man8/unix_chkpwd.8.gz
 %{_mandir}/man8/unix_update.8.gz
 /%{_lib}/libpam.so.0
 /%{_lib}/libpam.so.%{libpam_so_version}
@ -335,6 +344,7 @@ done
 /%{_lib}/security/pam_env.so
 /%{_lib}/security/pam_exec.so
 /%{_lib}/security/pam_faildelay.so
+/%{_lib}/security/pam_faillock.so
 /%{_lib}/security/pam_filter.so
 %dir /%{_lib}/security/pam_filter
 /%{_lib}/security//pam_filter/upperLOWER
@ -361,6 +371,7 @@ done
 /%{_lib}/security/pam_selinux.so
 /%{_lib}/security/pam_sepermit.so
 %endif
+/%{_lib}/security/pam_setquota.so
 /%{_lib}/security/pam_shells.so
 /%{_lib}/security/pam_stress.so
 /%{_lib}/security/pam_succeed_if.so
@ -374,15 +385,19 @@ done
 /%{_lib}/security/pam_unix_auth.so
 /%{_lib}/security/pam_unix_passwd.so
 /%{_lib}/security/pam_unix_session.so
+/%{_lib}/security/pam_usertype.so
 /%{_lib}/security/pam_warn.so
 /%{_lib}/security/pam_wheel.so
 /%{_lib}/security/pam_xauth.so
+/sbin/faillock
 /sbin/mkhomedir_helper
+/sbin/pam_namespace_helper
 /sbin/pam_tally2
 /sbin/pam_timestamp_check
 %verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd
 %verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd
 %attr(0700,root,root) /sbin/unix_update
+%{_unitdir}/pam_namespace.service

 %files extra
 %defattr(-,root,root,755)
--- a/pam_namespace-systemd.diff
+++ b/pam_namespace-systemd.diff
@ -0,0 +1,13 @@
+diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am
+index eacd5201..21e1b33a 100644
+--- a/modules/pam_namespace/Makefile.am
+++ b/modules/pam_namespace/Makefile.am
+@@ -18,7 +18,7 @@ TESTS = $(dist_check_SCRIPTS)
+ securelibdir = $(SECUREDIR)
+ secureconfdir = $(SCONFIGDIR)
+ namespaceddir = $(SCONFIGDIR)/namespace.d
+-servicedir = $(prefix)/lib/systemd
+servicedir = $(prefix)/lib/systemd/system
+ 
+ AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+         -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS)