import UBI pam-1.3.1-34.el8_10
This commit is contained in:
parent
872c83f438
commit
3d5bfbc711
33
SOURCES/pam-1.3.1-audit-messages-formatting.patch
Normal file
33
SOURCES/pam-1.3.1-audit-messages-formatting.patch
Normal file
@ -0,0 +1,33 @@
|
||||
diff -up Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c.audit-messages-formatting Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c
|
||||
--- Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c.audit-messages-formatting 2024-03-11 16:21:51.928946604 +0100
|
||||
+++ Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c 2024-03-11 16:21:51.934946609 +0100
|
||||
@@ -334,7 +334,7 @@ check_tally(pam_handle_t *pamh, struct o
|
||||
|
||||
(void)pam_get_item(pamh, PAM_TTY, &tty);
|
||||
(void)pam_get_item(pamh, PAM_RHOST, &rhost);
|
||||
- snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
|
||||
+ snprintf(buf, sizeof(buf), "op=pam_faillock suid=%u ", opts->uid);
|
||||
audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
|
||||
rhost, NULL, tty, 1);
|
||||
}
|
||||
@@ -450,7 +450,7 @@ write_tally(pam_handle_t *pamh, struct o
|
||||
errno == EAFNOSUPPORT))
|
||||
return PAM_SYSTEM_ERR;
|
||||
|
||||
- snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
|
||||
+ snprintf(buf, sizeof(buf), "op=pam_faillock suid=%u ", opts->uid);
|
||||
audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf,
|
||||
NULL, NULL, NULL, 1);
|
||||
|
||||
diff -up Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c.audit-messages-formatting Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c
|
||||
--- Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c.audit-messages-formatting 2024-03-11 16:21:51.934946609 +0100
|
||||
+++ Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c 2024-03-11 16:23:24.521025061 +0100
|
||||
@@ -106,7 +106,7 @@ int send_audit_message(pam_handle_t *pam
|
||||
pam_syslog(pamh, LOG_ERR, "Error translating selected context.");
|
||||
selected_raw = NULL;
|
||||
}
|
||||
- if (asprintf(&msg, "pam: default-context=%s selected-context=%s",
|
||||
+ if (asprintf(&msg, "op=pam_selinux default-context=%s selected-context=%s",
|
||||
default_raw ? default_raw : (default_context ? default_context : "?"),
|
||||
selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) {
|
||||
pam_syslog(pamh, LOG_ERR, "Error allocating memory.");
|
@ -3,7 +3,7 @@
|
||||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.3.1
|
||||
Release: 33%{?dist}
|
||||
Release: 34%{?dist}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+
|
||||
# - this option is redundant as the BSD license allows that anyway.
|
||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||
@ -110,6 +110,9 @@ Patch68: pam-1.3.1-faillock-create-tallydir.patch
|
||||
Patch69: pam-1.3.1-access-handle-hostnames.patch
|
||||
# https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb
|
||||
Patch70: pam-1.3.1-namespace-protect-dir.patch
|
||||
# https://github.com/linux-pam/linux-pam/commit/c85513220c1bd3150e39c6277422d29cfa44acc7
|
||||
# https://github.com/linux-pam/linux-pam/commit/1648734a69c31e9ce834da70144ac9a453296807
|
||||
Patch71: pam-1.3.1-audit-messages-formatting.patch
|
||||
|
||||
%define _pamlibdir %{_libdir}
|
||||
%define _moduledir %{_libdir}/security
|
||||
@ -228,6 +231,7 @@ cp %{SOURCE18} .
|
||||
%patch68 -p1 -b .faillock-create-tallydir
|
||||
%patch69 -p1 -b .access-handle-hostnames
|
||||
%patch70 -p1 -b .namespace-protect-dir
|
||||
%patch71 -p1 -b .audit-messages-formatting
|
||||
|
||||
autoreconf -i
|
||||
|
||||
@ -481,6 +485,9 @@ done
|
||||
%doc doc/specs/rfc86.0.txt
|
||||
|
||||
%changelog
|
||||
* Thu Apr 4 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-34
|
||||
- fix formatting of audit messages. Resolves: RHEL-28620
|
||||
|
||||
* Mon Feb 12 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-33
|
||||
- pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS
|
||||
situations. CVE-2024-22365. Resolves: RHEL-21242
|
||||
|
Loading…
Reference in New Issue
Block a user