rpms/logwatch
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add secure-username patch to properly ignore "password check failed for user" (rhbz#894272)

Browse Source
This commit is contained in:
Jan Synacek 2013-01-14 10:11:23 +01:00
parent 1af5caf56e
commit 6b854d19cd
2 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
logwatch-secure-username.patch Normal file
View File

@ -0,0 +1,18 @@
Weaken username regexp restriction. Usernames can include more characters than
just letters (e.g. _ or [0-9]).
Author: Jan Synacek <jsynacek@redhat.com>
Reported-By: Robert Scheck
RH-Bugzilla: #894272
--- logwatch-svn127-dist/scripts/services/secure 2013-01-11 10:38:15.778804473 +0100
+++ logwatch-svn127/scripts/services/secure 2013-01-11 10:49:13.381323119 +0100
@@ -247,7 +247,7 @@ while (defined($ThisLine = <STDIN>)) {
( $ThisLine =~ /userhelper\[\d+\]: running '([^ ]+)' with [^ ]+ context/) or
( $ThisLine =~ /pam_timestamp\(.*:session\): updated timestamp file `\/var\/run\/sudo.*'/) or
( $ThisLine =~ /[^ ]*: pam_keyinit(.*:.*): Unable to change GID to [0-9]* temporarily/) or
- ( $ThisLine =~ /password check failed for user \([a-zA-Z]*\)/) or
+ ( $ThisLine =~ /password check failed for user \(\S*\)/) or
( $ThisLine =~ /PAM pam_set_item: attempt to set conv\(\) to NULL/) or
( $ThisLine =~ /PAM pam_get_item: nowhere to place requested item/) or
( $ThisLine =~ /pam_succeed_if\(.*:.*\): error retrieving information about user [a-zA-Z]*/ ) or

9
logwatch.spec
View File

@ -1,7 +1,7 @@
Summary: A log file analysis program
Name: logwatch
Version: 7.4.0
Release: 21.20130102svn127%{?dist}
Release: 22.20130102svn127%{?dist}
License: MIT
Group: Applications/System
URL: http://www.logwatch.org/
@ -26,6 +26,8 @@ Patch9: logwatch-rkhunter.patch
Patch16: logwatch-secure-userhelper.patch
# Modified version pending upstream acceptance
Patch17: logwatch-http-error.patch
# Not upstreamed yet
Patch18: logwatch-secure-username.patch
Requires: textutils sh-utils grep mailx
Requires: perl(Date::Manip)
Requires: perl(Sys::CPU)
@ -48,6 +50,7 @@ of the package on many systems.
%patch9 -p0
%patch16 -p1
%patch17 -p1
%patch18 -p1
rm -f scripts/services/*.orig
%build
@ -138,6 +141,10 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
%{_mandir}/man*/*
%changelog
* Fri Jan 11 2013 Jan Synáček <jsynacek@redhat.com> - 7.4.0-22.20130102svn127
- Add secure-username patch to properly ignore "password check failed for user"
(rhbz#894272)
* Wed Jan 09 2013 Jan Synáček <jsynacek@redhat.com> - 7.4.0-21.20130102svn127
- Update to revision 127 and drop ustreamed patches
- Update dovecot patch