From bf578882d8d624a9a1da0a0f1a5e040b04ba1ec9a1a61f7d96507b5b318dc1eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Mon, 6 May 2019 07:09:44 +0000 Subject: [PATCH] Accepting request 700497 from home:sbrabec:branches:util-linux-2.33.1 Depends on https://build.opensuse.org/request/show/700494! - Add virtual symbols for login.defs compatibility (bsc#1121197). - Add login.defs safety check pam-login_defs-check.sh (bsc#1121197). OBS-URL: https://build.opensuse.org/request/show/700497 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=189 --- pam-login_defs-check.sh | 46 +++++++++++++++++++++++++++++++++++++++++ pam.changes | 7 +++++++ pam.spec | 12 +++++++++-- 3 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 pam-login_defs-check.sh diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh new file mode 100644 index 0000000..80ce8fd --- /dev/null +++ b/pam-login_defs-check.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Extract list of variables supported by su/runuser. +# +# If you edit this file, you will probably need to edit +# shadow-login_defs-check.sh from shadow sources in a similar way. + +set -o errexit + +echo -n "Checking login.defs variables in pam... " >&2 +grep -rh LOGIN_DEFS . | + sed -n 's/^.*search_key *("\([A-Z0-9_]*\)", *LOGIN_DEFS).*$/\1/p' | + LC_ALL=C sort -u >pam-login_defs-vars.lst + +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 3e1ae01b1e928c53c828f64ab412be6267eb1018 ; then + + echo "does not match!" >&2 + echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 + +cat >&2 <&2 +fi diff --git a/pam.changes b/pam.changes index baceee0..c84e094 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu May 2 23:55:30 CEST 2019 - sbrabec@suse.com + +- Add virtual symbols for login.defs compatibility (bsc#1121197). +- Add login.defs safety check pam-login_defs-check.sh + (bsc#1121197). + ------------------------------------------------------------------- Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com diff --git a/pam.spec b/pam.spec index 47d4ba2..7fec94b 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -48,6 +48,11 @@ PreReq: permissions Requires(pre): group(shadow) Requires(pre): user(root) %endif +# All login.defs variables require support from shadow side. +# Upgrade this symbol version only if new variables appear! +# Verify by shadow-login_defs-check.sh from shadow source package. +# Recent symbol includes variable from encryption_method_nis.diff. +Requires: login_defs-support-for-pam >= 1.3.1 #DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/ Source: Linux-PAM-%{version}.tar.xz @@ -62,6 +67,7 @@ Source8: etc.environment Source9: baselibs.conf Source10: unix2_chkpwd.c Source11: unix2_chkpwd.8 +Source12: pam-login_defs-check.sh Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch3: encryption_method_nis.diff @@ -115,6 +121,7 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 +cp -a %{S:12} . %patch0 -p1 %patch2 -p1 %patch3 -p0 @@ -122,6 +129,7 @@ building both PAM-aware applications and modules for use with PAM. %patch5 -p1 %build +bash ./pam-login_defs-check.sh autoreconf -fiv export CFLAGS="%optflags -DNDEBUG" %configure \