import UBI pam-1.3.1-34.el8_10

2024-07-02 18:47:53 +00:00 · 2024-07-02 18:47:53 +00:00 · 3d5bfbc711
commit 3d5bfbc711
parent 872c83f438
2 changed files with 41 additions and 1 deletions
--- a/SOURCES/pam-1.3.1-audit-messages-formatting.patch
+++ b/SOURCES/pam-1.3.1-audit-messages-formatting.patch
@ -0,0 +1,33 @@
 diff -up Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c.audit-messages-formatting Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c
 --- Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c.audit-messages-formatting	2024-03-11 16:21:51.928946604 +0100
 +++ Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c	2024-03-11 16:21:51.934946609 +0100
@@ -334,7 +334,7 @@ check_tally(pam_handle_t *pamh, struct o
 				(void)pam_get_item(pamh, PAM_TTY, &tty);
 				(void)pam_get_item(pamh, PAM_RHOST, &rhost);
 -				snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
 +				snprintf(buf, sizeof(buf), "op=pam_faillock suid=%u ", opts->uid);
 				audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
 					rhost, NULL, tty, 1);
 			}
@@ -450,7 +450,7 @@ write_tally(pam_handle_t *pamh, struct o
 			errno == EAFNOSUPPORT))
 			return PAM_SYSTEM_ERR;
 -		snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
 +		snprintf(buf, sizeof(buf), "op=pam_faillock suid=%u ", opts->uid);
 		audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf,
 			NULL, NULL, NULL, 1);
 diff -up Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c.audit-messages-formatting Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c
 --- Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c.audit-messages-formatting	2024-03-11 16:21:51.934946609 +0100
 +++ Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c	2024-03-11 16:23:24.521025061 +0100
@@ -106,7 +106,7 @@ int send_audit_message(pam_handle_t *pam
 		pam_syslog(pamh, LOG_ERR, "Error translating selected context.");
 		selected_raw = NULL;
 	}
 -	if (asprintf(&msg, "pam: default-context=%s selected-context=%s",
 +	if (asprintf(&msg, "op=pam_selinux default-context=%s selected-context=%s",
 		     default_raw ? default_raw : (default_context ? default_context : "?"),
 		     selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) {
 		pam_syslog(pamh, LOG_ERR, "Error allocating memory.");
--- a/SPECS/pam.spec
+++ b/SPECS/pam.spec
@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.3.1
-Release: 33%{?dist}
+Release: 34%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -110,6 +110,9 @@ Patch68: pam-1.3.1-faillock-create-tallydir.patch
 Patch69: pam-1.3.1-access-handle-hostnames.patch
 # https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb
 Patch70: pam-1.3.1-namespace-protect-dir.patch
 # https://github.com/linux-pam/linux-pam/commit/c85513220c1bd3150e39c6277422d29cfa44acc7
 # https://github.com/linux-pam/linux-pam/commit/1648734a69c31e9ce834da70144ac9a453296807
 Patch71: pam-1.3.1-audit-messages-formatting.patch
 %define _pamlibdir %{_libdir}
 %define _moduledir %{_libdir}/security
@ -228,6 +231,7 @@ cp %{SOURCE18} .
 %patch68 -p1 -b .faillock-create-tallydir
 %patch69 -p1 -b .access-handle-hostnames
 %patch70 -p1 -b .namespace-protect-dir
 %patch71 -p1 -b .audit-messages-formatting
 autoreconf -i
@ -481,6 +485,9 @@ done
 %doc doc/specs/rfc86.0.txt
 %changelog
 * Thu Apr  4 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-34
 - fix formatting of audit messages. Resolves: RHEL-28620
 * Mon Feb 12 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-33
 - pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS
  situations. CVE-2024-22365. Resolves: RHEL-21242