pool/pam
SHA256
4
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Update to current Linux-PAM snapshot

Browse Source 
- Multiple minor bug fixes and documentation improvements
  - Fixed grammar of messages printed via pam_prompt
  - Added support for a vendor directory and libeconf
  - configure: Allowed disabling documentation through --disable-doc
  - pam_get_authtok_verify: Avoid duplicate password verification
  - pam_env: Changed the default to not read the user .pam_environment file
  - pam_group, pam_time: Fixed logical error with multiple ! operators
  - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session
  - pam_lastlog: Do not log info about failed login if the session was opened
                 with PAM_SILENT flag
  - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs
  - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize'
                 limit
  - pam_motd: Export MOTD_SHOWN=pam after showing MOTD
  - pam_motd: Support multiple motd paths specified, with filename overrides
  - pam_namespace: Added a systemd service, which creates the namespaced
                   instance parent directories during boot
  - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts
  - pam_shells: Recognize /bin/sh as the default shell
  - pam_succeed_if: Support lists in group membership checks
  - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE
  - pam_umask: Added new 'nousergroups' module argument and allowed specifying
               the default for usergroups at build-time
  - pam_unix: Added 'nullresetok' option to allow resetting blank passwords
  - pam_unix: Report unusable hashes found by checksalt to syslog
  - pam_unix: Support for (gost-)yescrypt hashing methods
  - pam_unix: Use bcrypt b-variant when it bcrypt is chosen
  - pam_usertype: New module to tell if uid is in login.defs ranges
  - Added new API call pam_start_confdir() for special applications that

OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=208
This commit is contained in:
Thorsten Kukuk 2020-05-12 09:30:59 +00:00 committed by Git OBS Bridge
parent 6726b029b0
commit db3a5fbd69
7 changed files with 82 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Linux-PAM-1.3.1-docs.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3bb80257cc61f23956d8df43ea31cadeeb3b4cdb69d46006a70b377c139e37ca
size 459552

3
Linux-PAM-1.3.90-docs.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3c36209714f41cb58379be9330bf990e28affc0b51d89eab976a8b02ec5a9529
size 464040

3
Linux-PAM-1.3.90.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b1f6ade473809f6c2b284426cee67f3d2162ce791f7b26c56c2f8928e9be9f8c
size 975768

3
linux-pam-1.3.1+git20190923.ea78d67.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a56e27836c298e46b09e14d6d3aaa78d1e9e02dee8785818141ea73fa4e4622f
size 970564

37
pam.changes
View File

@ -1,3 +1,40 @@
-------------------------------------------------------------------
Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Update to current Linux-PAM snapshot
- Multiple minor bug fixes and documentation improvements
- Fixed grammar of messages printed via pam_prompt
- Added support for a vendor directory and libeconf
- configure: Allowed disabling documentation through --disable-doc
- pam_get_authtok_verify: Avoid duplicate password verification
- pam_env: Changed the default to not read the user .pam_environment file
- pam_group, pam_time: Fixed logical error with multiple ! operators
- pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session
- pam_lastlog: Do not log info about failed login if the session was opened
with PAM_SILENT flag
- pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs
- pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize'
limit
- pam_motd: Export MOTD_SHOWN=pam after showing MOTD
- pam_motd: Support multiple motd paths specified, with filename overrides
- pam_namespace: Added a systemd service, which creates the namespaced
instance parent directories during boot
- pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts
- pam_shells: Recognize /bin/sh as the default shell
- pam_succeed_if: Support lists in group membership checks
- pam_tty_audit: If kernel audit is disabled return PAM_IGNORE
- pam_umask: Added new 'nousergroups' module argument and allowed specifying
the default for usergroups at build-time
- pam_unix: Added 'nullresetok' option to allow resetting blank passwords
- pam_unix: Report unusable hashes found by checksalt to syslog
- pam_unix: Support for (gost-)yescrypt hashing methods
- pam_unix: Use bcrypt b-variant when it bcrypt is chosen
- pam_usertype: New module to tell if uid is in login.defs ranges
- Added new API call pam_start_confdir() for special applications that
cannot use the system-default PAM configuration paths and need to
explicitly specify another path
- pam_namespace-systemd.diff: fix path of pam_namespace.services
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel <lnussel@suse.de> Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel <lnussel@suse.de>

37
pam.spec
View File

@ -23,19 +23,19 @@
# #
%define enable_selinux 1 %define enable_selinux 1
%define libpam_so_version 0.84.2 %define libpam_so_version 0.85.1
%define libpam_misc_so_version 0.82.1 %define libpam_misc_so_version 0.82.1
%define libpamc_so_version 0.82.1 %define libpamc_so_version 0.82.1
Name: pam Name: pam
# #
Version: 1.3.1+git20190923.ea78d67 Version: 1.3.90
Release: 0 Release: 0
Summary: A Security Tool that Provides Authentication for Applications Summary: A Security Tool that Provides Authentication for Applications
License: GPL-2.0-or-later OR BSD-3-Clause License: GPL-2.0-or-later OR BSD-3-Clause
Group: System/Libraries Group: System/Libraries
URL: http://www.linux-pam.org/ URL: http://www.linux-pam.org/
Source: linux-pam-%{version}.tar.xz Source: Linux-PAM-%{version}.tar.xz
Source1: Linux-PAM-1.3.1-docs.tar.xz Source1: Linux-PAM-%{version}-docs.tar.xz
Source3: other.pamd Source3: other.pamd
Source4: common-auth.pamd Source4: common-auth.pamd
Source5: common-account.pamd Source5: common-account.pamd
@ -50,6 +50,7 @@ Patch0: fix-man-links.dif
Patch2: pam-limit-nproc.patch Patch2: pam-limit-nproc.patch
Patch4: pam-hostnames-in-access_conf.patch Patch4: pam-hostnames-in-access_conf.patch
Patch5: use-correct-IP-address.patch Patch5: use-correct-IP-address.patch
Patch6: pam_namespace-systemd.diff
BuildRequires: audit-devel BuildRequires: audit-devel
# Remove with next version update: # Remove with next version update:
BuildRequires: autoconf BuildRequires: autoconf
@ -76,6 +77,8 @@ BuildRequires: libselinux-devel
Requires(pre): group(shadow) Requires(pre): group(shadow)
Requires(pre): user(root) Requires(pre): user(root)
%endif %endif
BuildRequires: autoconf
BuildRequires: automake
%description %description
PAM (Pluggable Authentication Modules) is a system security tool that PAM (Pluggable Authentication Modules) is a system security tool that
@ -126,17 +129,17 @@ This package contains header files and static libraries used for
building both PAM-aware applications and modules for use with PAM. building both PAM-aware applications and modules for use with PAM.
%prep %prep
%setup -q -n linux-pam-%{version} -b 1 %setup -q -n Linux-PAM-%{version} -b 1
cp -av ../Linux-PAM-1.3.1/* .
cp -a %{SOURCE12} . cp -a %{SOURCE12} .
%patch0 -p1 %patch0 -p1
%patch2 -p1 %patch2 -p1
%patch4 #%patch4
%patch5 -p1 #%patch5 -p1
%patch6 -p1
%build %build
bash ./pam-login_defs-check.sh bash ./pam-login_defs-check.sh
./autogen.sh autoreconf -fiv
export CFLAGS="%{optflags} -DNDEBUG" export CFLAGS="%{optflags} -DNDEBUG"
%configure \ %configure \
--sbindir=/sbin \ --sbindir=/sbin \
@ -258,6 +261,7 @@ done
%config(noreplace) %{_sysconfdir}/environment %config(noreplace) %{_sysconfdir}/environment
%config(noreplace) %{_sysconfdir}/security/access.conf %config(noreplace) %{_sysconfdir}/security/access.conf
%config(noreplace) %{_sysconfdir}/security/group.conf %config(noreplace) %{_sysconfdir}/security/group.conf
%config(noreplace) %{_sysconfdir}/security/faillock.conf
%config(noreplace) %{_sysconfdir}/security/limits.conf %config(noreplace) %{_sysconfdir}/security/limits.conf
%config(noreplace) %{_sysconfdir}/security/pam_env.conf %config(noreplace) %{_sysconfdir}/security/pam_env.conf
%if %{enable_selinux} %if %{enable_selinux}
@ -272,9 +276,10 @@ done
%{_mandir}/man5/environment.5%{?ext_man} %{_mandir}/man5/environment.5%{?ext_man}
%{_mandir}/man5/*.conf.5%{?ext_man} %{_mandir}/man5/*.conf.5%{?ext_man}
%{_mandir}/man5/pam.d.5%{?ext_man} %{_mandir}/man5/pam.d.5%{?ext_man}
%{_mandir}/man8/PAM.8.gz
%{_mandir}/man8/faillock.8.gz
%{_mandir}/man8/mkhomedir_helper.8.gz %{_mandir}/man8/mkhomedir_helper.8.gz
%{_mandir}/man8/pam.8.gz %{_mandir}/man8/pam.8.gz
%{_mandir}/man8/PAM.8.gz
%{_mandir}/man8/pam_access.8.gz %{_mandir}/man8/pam_access.8.gz
%{_mandir}/man8/pam_cracklib.8.gz %{_mandir}/man8/pam_cracklib.8.gz
%{_mandir}/man8/pam_debug.8.gz %{_mandir}/man8/pam_debug.8.gz
@ -283,6 +288,7 @@ done
%{_mandir}/man8/pam_env.8.gz %{_mandir}/man8/pam_env.8.gz
%{_mandir}/man8/pam_exec.8.gz %{_mandir}/man8/pam_exec.8.gz
%{_mandir}/man8/pam_faildelay.8.gz %{_mandir}/man8/pam_faildelay.8.gz
%{_mandir}/man8/pam_faillock.8.gz
%{_mandir}/man8/pam_filter.8.gz %{_mandir}/man8/pam_filter.8.gz
%{_mandir}/man8/pam_ftp.8.gz %{_mandir}/man8/pam_ftp.8.gz
%{_mandir}/man8/pam_group.8.gz %{_mandir}/man8/pam_group.8.gz
@ -297,6 +303,7 @@ done
%{_mandir}/man8/pam_mkhomedir.8.gz %{_mandir}/man8/pam_mkhomedir.8.gz
%{_mandir}/man8/pam_motd.8.gz %{_mandir}/man8/pam_motd.8.gz
%{_mandir}/man8/pam_namespace.8.gz %{_mandir}/man8/pam_namespace.8.gz
%{_mandir}/man8/pam_namespace_helper.8.gz
%{_mandir}/man8/pam_nologin.8.gz %{_mandir}/man8/pam_nologin.8.gz
%{_mandir}/man8/pam_permit.8.gz %{_mandir}/man8/pam_permit.8.gz
%{_mandir}/man8/pam_pwhistory.8.gz %{_mandir}/man8/pam_pwhistory.8.gz
@ -305,6 +312,7 @@ done
%{_mandir}/man8/pam_securetty.8.gz %{_mandir}/man8/pam_securetty.8.gz
%{_mandir}/man8/pam_selinux.8.gz %{_mandir}/man8/pam_selinux.8.gz
%{_mandir}/man8/pam_sepermit.8.gz %{_mandir}/man8/pam_sepermit.8.gz
%{_mandir}/man8/pam_setquota.8.gz
%{_mandir}/man8/pam_shells.8.gz %{_mandir}/man8/pam_shells.8.gz
%{_mandir}/man8/pam_succeed_if.8.gz %{_mandir}/man8/pam_succeed_if.8.gz
%{_mandir}/man8/pam_tally2.8.gz %{_mandir}/man8/pam_tally2.8.gz
@ -314,11 +322,12 @@ done
%{_mandir}/man8/pam_tty_audit.8.gz %{_mandir}/man8/pam_tty_audit.8.gz
%{_mandir}/man8/pam_umask.8.gz %{_mandir}/man8/pam_umask.8.gz
%{_mandir}/man8/pam_unix.8.gz %{_mandir}/man8/pam_unix.8.gz
%{_mandir}/man8/pam_usertype.8.gz
%{_mandir}/man8/pam_warn.8.gz %{_mandir}/man8/pam_warn.8.gz
%{_mandir}/man8/pam_wheel.8.gz %{_mandir}/man8/pam_wheel.8.gz
%{_mandir}/man8/pam_xauth.8.gz %{_mandir}/man8/pam_xauth.8.gz
%{_mandir}/man8/unix_chkpwd.8.gz
%{_mandir}/man8/unix2_chkpwd.8.gz %{_mandir}/man8/unix2_chkpwd.8.gz
%{_mandir}/man8/unix_chkpwd.8.gz
%{_mandir}/man8/unix_update.8.gz %{_mandir}/man8/unix_update.8.gz
/%{_lib}/libpam.so.0 /%{_lib}/libpam.so.0
/%{_lib}/libpam.so.%{libpam_so_version} /%{_lib}/libpam.so.%{libpam_so_version}
@ -335,6 +344,7 @@ done
/%{_lib}/security/pam_env.so /%{_lib}/security/pam_env.so
/%{_lib}/security/pam_exec.so /%{_lib}/security/pam_exec.so
/%{_lib}/security/pam_faildelay.so /%{_lib}/security/pam_faildelay.so
/%{_lib}/security/pam_faillock.so
/%{_lib}/security/pam_filter.so /%{_lib}/security/pam_filter.so
%dir /%{_lib}/security/pam_filter %dir /%{_lib}/security/pam_filter
/%{_lib}/security//pam_filter/upperLOWER /%{_lib}/security//pam_filter/upperLOWER
@ -361,6 +371,7 @@ done
/%{_lib}/security/pam_selinux.so /%{_lib}/security/pam_selinux.so
/%{_lib}/security/pam_sepermit.so /%{_lib}/security/pam_sepermit.so
%endif %endif
/%{_lib}/security/pam_setquota.so
/%{_lib}/security/pam_shells.so /%{_lib}/security/pam_shells.so
/%{_lib}/security/pam_stress.so /%{_lib}/security/pam_stress.so
/%{_lib}/security/pam_succeed_if.so /%{_lib}/security/pam_succeed_if.so
@ -374,15 +385,19 @@ done
/%{_lib}/security/pam_unix_auth.so /%{_lib}/security/pam_unix_auth.so
/%{_lib}/security/pam_unix_passwd.so /%{_lib}/security/pam_unix_passwd.so
/%{_lib}/security/pam_unix_session.so /%{_lib}/security/pam_unix_session.so
/%{_lib}/security/pam_usertype.so
/%{_lib}/security/pam_warn.so /%{_lib}/security/pam_warn.so
/%{_lib}/security/pam_wheel.so /%{_lib}/security/pam_wheel.so
/%{_lib}/security/pam_xauth.so /%{_lib}/security/pam_xauth.so
/sbin/faillock
/sbin/mkhomedir_helper /sbin/mkhomedir_helper
/sbin/pam_namespace_helper
/sbin/pam_tally2 /sbin/pam_tally2
/sbin/pam_timestamp_check /sbin/pam_timestamp_check
%verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd %verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd
%verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd %verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd
%attr(0700,root,root) /sbin/unix_update %attr(0700,root,root) /sbin/unix_update
%{_unitdir}/pam_namespace.service
%files extra %files extra
%defattr(-,root,root,755) %defattr(-,root,root,755)

13
pam_namespace-systemd.diff Normal file
View File

@ -0,0 +1,13 @@
diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am
index eacd5201..21e1b33a 100644
--- a/modules/pam_namespace/Makefile.am
+++ b/modules/pam_namespace/Makefile.am
@@ -18,7 +18,7 @@ TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
namespaceddir = $(SCONFIGDIR)/namespace.d
-servicedir = $(prefix)/lib/systemd
+servicedir = $(prefix)/lib/systemd/system
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS)