diff --git a/pam-1.5.3-noflex.patch b/pam-1.5.3-noflex.patch deleted file mode 100644 index de316ef..0000000 --- a/pam-1.5.3-noflex.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: Linux-PAM-1.5.3/doc/Makefile.am -=================================================================== ---- Linux-PAM-1.5.3.orig/doc/Makefile.am -+++ Linux-PAM-1.5.3/doc/Makefile.am -@@ -2,7 +2,7 @@ - # Copyright (c) 2005, 2006 Thorsten Kukuk - # - --SUBDIRS = man specs sag adg mwg -+SUBDIRS = man sag adg mwg - - CLEANFILES = *~ - -Index: Linux-PAM-1.5.3/Makefile.am -=================================================================== ---- Linux-PAM-1.5.3.orig/Makefile.am -+++ Linux-PAM-1.5.3/Makefile.am -@@ -4,7 +4,7 @@ - - AUTOMAKE_OPTIONS = 1.9 gnu dist-xz no-dist-gzip check-news - --SUBDIRS = libpam tests libpamc libpam_misc modules po conf examples xtests -+SUBDIRS = libpam tests libpamc libpam_misc modules po doc examples xtests - - if HAVE_DOC - SUBDIRS += doc diff --git a/pam-1.5.3-pwhistory-null-filename-arg.patch b/pam-1.5.3-pwhistory-null-filename-arg.patch deleted file mode 100644 index b1ba7db..0000000 --- a/pam-1.5.3-pwhistory-null-filename-arg.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 80dc2d410595b5193d32f965185710df27f3984e Mon Sep 17 00:00:00 2001 -From: Md Zain Hasib -Date: Sat, 29 Jul 2023 11:01:35 +0530 -Subject: [PATCH] pam_pwhistory: fix passing NULL filename argument to - pwhistory helper - -This change fixes a bug when pwhistory_helper is invoked from -pam_pwhistory with an NULL filename, pwhistory_helper receives a short -circuited argc count of 3, ignoring the rest of the arguments passed -due to filename being NULL. To resolve the issue, an empty string is -passed in case the filename is empty, which is later changed back to -NULL in pwhistory_helper so that it can be passed to opasswd to read -the default opasswd file. - -* modules/pam_pwhistory/pam_pwhistory.c (run_save_helper, -run_check_helper): Replace NULL filename argument with an empty string. -* modules/pam_pwhistory/pwhistory_helper.c (main): Replace empty string -filename argument with NULL. - -Fixes: 11c35109a67f ("pam_pwhistory: Enable alternate location for password history file (#396)") -Signed-off-by: Dmitry V. Levin ---- - modules/pam_pwhistory/pam_pwhistory.c | 4 ++-- - modules/pam_pwhistory/pwhistory_helper.c | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c -index 5a7fb811..98ddffce 100644 ---- a/modules/pam_pwhistory/pam_pwhistory.c -+++ b/modules/pam_pwhistory/pam_pwhistory.c -@@ -141,7 +141,7 @@ run_save_helper(pam_handle_t *pamh, const char *user, - args[0] = (char *)PWHISTORY_HELPER; - args[1] = (char *)"save"; - args[2] = (char *)user; -- args[3] = (char *)filename; -+ args[3] = (char *)((filename != NULL) ? filename : ""); - DIAG_POP_IGNORE_CAST_QUAL; - if (asprintf(&args[4], "%d", howmany) < 0 || - asprintf(&args[5], "%d", debug) < 0) -@@ -228,7 +228,7 @@ run_check_helper(pam_handle_t *pamh, const char *user, - args[0] = (char *)PWHISTORY_HELPER; - args[1] = (char *)"check"; - args[2] = (char *)user; -- args[3] = (char *)filename; -+ args[3] = (char *)((filename != NULL) ? filename : ""); - DIAG_POP_IGNORE_CAST_QUAL; - if (asprintf(&args[4], "%d", debug) < 0) - { -diff --git a/modules/pam_pwhistory/pwhistory_helper.c b/modules/pam_pwhistory/pwhistory_helper.c -index 469d95fa..fb9a1e31 100644 ---- a/modules/pam_pwhistory/pwhistory_helper.c -+++ b/modules/pam_pwhistory/pwhistory_helper.c -@@ -108,7 +108,7 @@ main(int argc, char *argv[]) - - option = argv[1]; - user = argv[2]; -- filename = argv[3]; -+ filename = (argv[3][0] != '\0') ? argv[3] : NULL; - - if (strcmp(option, "check") == 0 && argc == 5) - return check_history(user, filename, argv[4]); --- -2.41.0 - diff --git a/pam-1.5.3-redhat-modules.patch b/pam-1.5.3-redhat-modules.patch deleted file mode 100644 index 8434ce4..0000000 --- a/pam-1.5.3-redhat-modules.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: Linux-PAM-1.5.3/configure.ac -=================================================================== ---- Linux-PAM-1.5.3.orig/configure.ac -+++ Linux-PAM-1.5.3/configure.ac -@@ -754,6 +754,8 @@ AC_CONFIG_FILES([Makefile libpam/Makefil - po/Makefile.in \ - Make.xml.rules \ - modules/Makefile \ -+ modules/pam_chroot/Makefile \ -+ modules/pam_postgresok/Makefile \ - modules/pam_access/Makefile \ - modules/pam_debug/Makefile modules/pam_deny/Makefile \ - modules/pam_echo/Makefile modules/pam_env/Makefile \ -Index: Linux-PAM-1.5.3/modules/Makefile.am -=================================================================== ---- Linux-PAM-1.5.3.orig/modules/Makefile.am -+++ Linux-PAM-1.5.3/modules/Makefile.am -@@ -47,6 +47,8 @@ SUBDIRS := \ - pam_debug \ - pam_deny \ - pam_echo \ -+ pam_chroot \ -+ pam_postgresok \ - pam_env \ - pam_exec \ - pam_faildelay \ diff --git a/pam-1.5.3-userdb-gdbm.patch b/pam-1.5.3-userdb-gdbm.patch deleted file mode 100644 index 83fa5c7..0000000 --- a/pam-1.5.3-userdb-gdbm.patch +++ /dev/null @@ -1,225 +0,0 @@ -From 45c2c496dcf89f568b90fcf403af9d63b2361fbd Mon Sep 17 00:00:00 2001 -From: Iker Pedrosa -Date: Mon, 10 Jul 2023 12:45:12 +0200 -Subject: [PATCH] pam_userdb: enable GDBM support - -* configure.ac: add `gdbm` option to `enable-db` -* modules/pam_userdb/pam_userdb.c: conditionally provide database access - depending on the database technology - -Signed-off-by: Iker Pedrosa ---- - configure.ac | 10 +++- - modules/pam_userdb/pam_userdb.c | 90 ++++++++++++++++++++++++++++----- - 2 files changed, 86 insertions(+), 14 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 6666b1b2..7565a830 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -436,10 +436,10 @@ if test -n "$opt_randomdev"; then - AC_DEFINE_UNQUOTED(PAM_PATH_RANDOMDEV, "$opt_randomdev", [Random device path.]) - fi - --dnl check for libdb or libndbm as fallback. Some libndbm compat -+dnl check for libdb or gdbm or libndbm as fallback. Some libndbm compat - dnl libraries are unusable, so try libdb first. - AC_ARG_ENABLE([db], -- AS_HELP_STRING([--enable-db=(db|ndbm|yes|no)],[Default behavior 'yes', which is to check for libdb first, followed by ndbm. Use 'no' to disable db support.]), -+ AS_HELP_STRING([--enable-db=(db|gdbm|ndbm|yes|no)],[Default behavior 'yes', which is to check for libdb first, followed by gdbm and ndbm. Use 'no' to disable db support.]), - WITH_DB=$enableval, WITH_DB=yes) - AC_ARG_WITH([db-uniquename], - AS_HELP_STRING([--with-db-uniquename=extension],[Unique name for db libraries and functions.])) -@@ -451,6 +451,12 @@ if test x"$WITH_DB" != xno ; then - [LIBDB="-ldb$with_db_uniquename"; break]) - LIBS=$old_libs - fi -+ if test x"$WITH_DB" = xgdbm ; then -+ AC_CHECK_LIB([gdbm],[gdbm_store], LIBDB="-lgdbm", LIBDB="") -+ if test -n "$LIBDB" ; then -+ AC_CHECK_HEADERS(gdbm.h) -+ fi -+ fi - if test -z "$LIBDB" ; then - AC_CHECK_LIB([ndbm],[dbm_store], LIBDB="-lndbm", LIBDB="") - if test -n "$LIBDB" ; then -diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c -index 297403b0..0b5e5965 100644 ---- a/modules/pam_userdb/pam_userdb.c -+++ b/modules/pam_userdb/pam_userdb.c -@@ -25,6 +25,8 @@ - - #ifdef HAVE_NDBM_H - # include -+#elif defined(HAVE_GDBM_H) -+# include - #else - # ifdef HAVE_DB_H - # define DB_DBM_HSEARCH 1 /* use the dbm interface */ -@@ -40,6 +42,12 @@ - #include - #include "pam_inline.h" - -+#ifndef HAVE_GDBM_H -+# define COND_UNUSED UNUSED -+#else -+# define COND_UNUSED -+#endif /* HAVE_GDBM_H */ -+ - /* - * Conversation function to obtain the user's password - */ -@@ -129,6 +137,60 @@ _pam_parse (pam_handle_t *pamh, int argc, const char **argv, - return ctrl; - } - -+/* -+ * Database abstraction functions -+ */ -+static void * -+db_open(const char *database, mode_t file_mode) -+{ -+#ifdef HAVE_GDBM_H -+ return gdbm_open(database, 4096, GDBM_READER, file_mode, NULL); -+#else -+ return dbm_open(database, O_RDONLY, file_mode); -+#endif /* HAVE_GDBM_H */ -+} -+ -+static datum -+db_firstkey(void *dbm) -+{ -+#ifdef HAVE_GDBM_H -+ return gdbm_firstkey(dbm); -+#else -+ return dbm_firstkey(dbm); -+#endif /* HAVE_GDBM_H */ -+} -+ -+static datum -+db_nextkey(void *dbm, datum key COND_UNUSED) -+{ -+#ifdef HAVE_GDBM_H -+ return gdbm_nextkey(dbm, key); -+#else -+ return dbm_nextkey(dbm); -+#endif /* HAVE_GDBM_H */ -+} -+ -+static datum -+db_fetch(void *dbm, datum key) -+{ -+#ifdef HAVE_GDBM_H -+ return gdbm_fetch(dbm, key); -+#else -+ return dbm_fetch(dbm, key); -+#endif /* HAVE_GDBM_H */ -+} -+ -+static int -+db_close(void *dbm) -+{ -+#ifdef HAVE_GDBM_H -+ return gdbm_close(dbm); -+#else -+ dbm_close(dbm); -+ return 0; -+#endif /* HAVE_GDBM_H */ -+} -+ - - /* - * Looks up a user name in a database and checks the password -@@ -143,11 +205,15 @@ static int - user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, - const char *user, const char *pass, int ctrl) - { -+#ifdef HAVE_GDBM_H -+ GDBM_FILE *dbm; -+#else - DBM *dbm; -+#endif - datum key, data; - - /* Open the DB file. */ -- dbm = dbm_open(database, O_RDONLY, 0644); -+ dbm = db_open(database, 0644); - if (dbm == NULL) { - pam_syslog(pamh, LOG_ERR, - "user_lookup: could not open database `%s': %m", database); -@@ -157,9 +223,9 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, - /* dump out the database contents for debugging */ - if (ctrl & PAM_DUMP_ARG) { - pam_syslog(pamh, LOG_INFO, "Database dump:"); -- for (key = dbm_firstkey(dbm); key.dptr != NULL; -- key = dbm_nextkey(dbm)) { -- data = dbm_fetch(dbm, key); -+ for (key = db_firstkey(dbm); key.dptr != NULL; -+ key = db_nextkey(dbm, key)) { -+ data = db_fetch(dbm, key); - pam_syslog(pamh, LOG_INFO, - "key[len=%d] = `%s', data[len=%d] = `%s'", - key.dsize, key.dptr, data.dsize, data.dptr); -@@ -180,7 +246,7 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, - } - - if (key.dptr) { -- data = dbm_fetch(dbm, key); -+ data = db_fetch(dbm, key); - pam_overwrite_n(key.dptr, key.dsize); - free(key.dptr); - } -@@ -196,7 +262,7 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, - - if (ctrl & PAM_KEY_ONLY_ARG) - { -- dbm_close (dbm); -+ db_close (dbm); - return 0; /* found it, data contents don't matter */ - } - -@@ -275,7 +341,7 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, - - } - -- dbm_close(dbm); -+ db_close(dbm); - if (compare == 0) - return 0; /* match */ - else -@@ -290,14 +356,14 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, - /* probably we should check dbm_error() here */ - - if ((ctrl & PAM_KEY_ONLY_ARG) == 0) { -- dbm_close(dbm); -+ db_close(dbm); - return 1; /* not key_only, so no entry => no entry for the user */ - } - - /* now handle the key_only case */ -- for (key = dbm_firstkey(dbm); -+ for (key = db_firstkey(dbm); - key.dptr != NULL; -- key = dbm_nextkey(dbm)) { -+ key = db_nextkey(dbm, key)) { - int compare; - /* first compare the user portion (case sensitive) */ - compare = strncmp(key.dptr, user, strlen(user)); -@@ -322,12 +388,12 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, - } - } - if (compare == 0) { -- dbm_close(dbm); -+ db_close(dbm); - return 0; /* match */ - } - } - } -- dbm_close(dbm); -+ db_close(dbm); - if (saw_user) - return -1; /* saw the user, but password mismatch */ - else --- -2.41.0 - diff --git a/pam-1.6.0-noflex.patch b/pam-1.6.0-noflex.patch new file mode 100644 index 0000000..706841c --- /dev/null +++ b/pam-1.6.0-noflex.patch @@ -0,0 +1,24 @@ +diff -up Linux-PAM-1.6.0/doc/Makefile.am.noflex Linux-PAM-1.6.0/doc/Makefile.am +--- Linux-PAM-1.6.0/doc/Makefile.am.noflex 2024-01-23 13:19:04.681955581 +0100 ++++ Linux-PAM-1.6.0/doc/Makefile.am 2024-01-23 13:19:49.740014426 +0100 +@@ -2,7 +2,7 @@ + # Copyright (c) 2005, 2006 Thorsten Kukuk + # + +-SUBDIRS = man specs sag adg mwg ++SUBDIRS = man sag adg mwg + + CLEANFILES = *~ + DISTCLEANFILES = custom-html.xsl custom-man.xsl +diff -up Linux-PAM-1.6.0/Makefile.am.noflex Linux-PAM-1.6.0/Makefile.am +--- Linux-PAM-1.6.0/Makefile.am.noflex 2024-01-23 13:19:04.681955581 +0100 ++++ Linux-PAM-1.6.0/Makefile.am 2024-01-23 13:21:03.428109219 +0100 +@@ -4,7 +4,7 @@ + + AUTOMAKE_OPTIONS = 1.9 gnu dist-xz no-dist-gzip check-news + +-SUBDIRS = libpam tests libpamc libpam_misc modules po conf xtests ++SUBDIRS = libpam tests libpamc libpam_misc modules po doc xtests + + if HAVE_DOC + SUBDIRS += doc diff --git a/pam-1.6.0-redhat-modules.patch b/pam-1.6.0-redhat-modules.patch new file mode 100644 index 0000000..66aa8ff --- /dev/null +++ b/pam-1.6.0-redhat-modules.patch @@ -0,0 +1,24 @@ +diff -up Linux-PAM-1.6.0/configure.ac.redhat-modules Linux-PAM-1.6.0/configure.ac +--- Linux-PAM-1.6.0/configure.ac.redhat-modules 2024-01-23 13:16:34.854753145 +0100 ++++ Linux-PAM-1.6.0/configure.ac 2024-01-23 13:17:52.855859922 +0100 +@@ -774,6 +774,8 @@ AC_CONFIG_FILES([Makefile libpam/Makefil + po/Makefile.in \ + Make.xml.rules \ + modules/Makefile \ ++ modules/pam_chroot/Makefile \ ++ modules/pam_postgresok/Makefile \ + modules/pam_access/Makefile \ + modules/pam_canonicalize_user/Makefile \ + modules/pam_debug/Makefile modules/pam_deny/Makefile \ +diff -up Linux-PAM-1.6.0/modules/Makefile.am.redhat-modules Linux-PAM-1.6.0/modules/Makefile.am +--- Linux-PAM-1.6.0/modules/Makefile.am.redhat-modules 2024-01-17 11:29:36.000000000 +0100 ++++ Linux-PAM-1.6.0/modules/Makefile.am 2024-01-23 13:16:34.855753147 +0100 +@@ -48,6 +48,8 @@ SUBDIRS := \ + pam_debug \ + pam_deny \ + pam_echo \ ++ pam_chroot \ ++ pam_postgresok \ + pam_env \ + pam_exec \ + pam_faildelay \ diff --git a/pam.spec b/pam.spec index b4fefc8..f7ae0fc 100644 --- a/pam.spec +++ b/pam.spec @@ -3,8 +3,8 @@ Summary: An extensible library which provides authentication for applications Name: pam -Version: 1.5.3 -Release: 10%{?dist} +Version: 1.6.0 +Release: 1%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ # - this option is redundant as the BSD license allows that anyway. # pam_timestamp and pam_loginuid modules are GPLv2+. @@ -22,11 +22,9 @@ Source13: config-util.5 Source15: pamtmp.conf Source17: postlogin.5 Source18: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt -Patch1: pam-1.5.3-redhat-modules.patch -Patch2: pam-1.5.3-noflex.patch +Patch1: pam-1.6.0-redhat-modules.patch +Patch2: pam-1.6.0-noflex.patch Patch3: pam-1.5.3-unix-nomsg.patch -Patch4: pam-1.5.3-pwhistory-null-filename-arg.patch -Patch5: pam-1.5.3-userdb-gdbm.patch %{load:%{SOURCE3}} @@ -121,8 +119,6 @@ cp %{SOURCE18} . %patch -P 1 -p1 -b .redhat-modules %patch -P 2 -p1 -b .noflex %patch -P 3 -p1 -b .nomsg -%patch -P 4 -p1 -b .pwhistory-null-filename-arg -%patch -P 5 -p1 -b .userdb-gdbm autoreconf -i @@ -263,6 +259,7 @@ done %attr(0755,root,root) %{_sbindir}/pwhistory_helper %dir %{_pam_moduledir} %{_pam_moduledir}/pam_access.so +%{_pam_moduledir}/pam_canonicalize_user.so %{_pam_moduledir}/pam_chroot.so %{_pam_moduledir}/pam_debug.so %{_pam_moduledir}/pam_deny.so @@ -359,6 +356,10 @@ done %{_pam_libdir}/libpam_misc.so.%{so_ver}* %changelog +* Tue Jan 23 2024 Iker Pedrosa - 1.6.0-1 +- Rebase to release 1.6.0 + Resolves: #2258964 + * Sun Jan 21 2024 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild diff --git a/sources b/sources index cb60f2c..86d37d4 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (Linux-PAM-1.5.3.tar.xz) = af88e8c1b6a9b737ffaffff7dd9ed8eec996d1fbb5804fb76f590bed66d8a1c2c6024a534d7a7b6d18496b300f3d6571a08874cf406cd2e8cea1d5eff49c136a -SHA512 (Linux-PAM-1.5.3.tar.xz.asc) = a00c6d6ecc26020513a71cb70597950c95aa4f8b8514e6b8184d5a828be92bc21aad1a03096e142cff6a5e3bdd990999d2cff054ea8db0b5b37173560b8d3932 +SHA512 (Linux-PAM-1.6.0.tar.xz) = 7af07edb71a79275ad7f7f3bd82a4619b12a23a10f5fb2e5d810c6aadb718fd739ed17ca336c3420945d48d326e91874d8e45cfc5a4bf01a0cc5f9663bd2a0ad +SHA512 (Linux-PAM-1.6.0.tar.xz.asc) = bfed774bf49b13f11ab4251fe6223ce04ecf57e7123ce245b8e885c345449af528317e8500360efef12beabd14b99cd3ae6d7ad61074955958018062c36ba476 SHA512 (pam-redhat-1.2.0.tar.xz) = f676a6c8df0cf3836018b1a67ded1d40937b88ff046e5c6b22bac46cb05e27970ef6a7ce224269e4c0d1ca9375c72e77880cf9114e936a7de9c423bf443d27ee