diff --git a/SOURCES/pam-1.5.1-pam-misc-configurable.patch b/SOURCES/pam-1.5.1-pam-misc-configurable.patch new file mode 100644 index 0000000..e43261c --- /dev/null +++ b/SOURCES/pam-1.5.1-pam-misc-configurable.patch @@ -0,0 +1,79 @@ +From 55f206447a1e4ee26e307e7a9c069236e823b1a5 Mon Sep 17 00:00:00 2001 +From: Jeff Squyres +Date: Fri, 30 Apr 2021 15:16:38 -0700 +Subject: [PATCH 1/2] pam_misc: make length of misc_conv() configurable + +Add --with-misc-conv-bufsize= option to configure to allow +a longer buffer size for libpam_misc's misc_conv() function (it still +defaults to 512 bytes). + +Signed-off-by: Jeff Squyres +--- + configure.ac | 7 +++++++ + libpam_misc/misc_conv.c | 2 +- + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 9c92d0de..b283db1b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -648,6 +648,13 @@ case "$enable_unix" in + *) AC_MSG_ERROR([bad value $enable_unix for --enable-unix option]) ;; + esac + ++AC_ARG_WITH([misc-conv-bufsize], ++AS_HELP_STRING([--with-misc-conv-bufsize=], ++ [Size of input buffer for libpam_misc's misc_conv() conversation function, default=512]), ++ [], ++ [with_misc_conv_bufsize=512]) ++AC_DEFINE_UNQUOTED(PAM_MISC_CONV_BUFSIZE, $with_misc_conv_bufsize, [libpam_misc misc_conv() buffer size.]) ++ + AM_CONDITIONAL([COND_BUILD_PAM_KEYINIT], [test "$have_key_syscalls" = 1]) + AM_CONDITIONAL([COND_BUILD_PAM_LASTLOG], [test "$ac_cv_func_logwtmp" = yes]) + AM_CONDITIONAL([COND_BUILD_PAM_NAMESPACE], [test "$ac_cv_func_unshare" = yes]) +diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c +index f28b1093..908ee890 100644 +--- a/libpam_misc/misc_conv.c ++++ b/libpam_misc/misc_conv.c +@@ -18,7 +18,7 @@ + #include + #include + +-#define INPUTSIZE PAM_MAX_RESP_SIZE /* maximum length of input+1 */ ++#define INPUTSIZE PAM_MISC_CONV_BUFSIZE /* maximum length of input+1 */ + #define CONV_ECHO_ON 1 /* types of echo state */ + #define CONV_ECHO_OFF 0 + +-- +2.41.0 + + +From 80bfda5962e5be3daa70e0fc8c75fc97d1c55121 Mon Sep 17 00:00:00 2001 +From: Jeff Squyres +Date: Fri, 30 Apr 2021 15:28:33 -0700 +Subject: [PATCH 2/2] pam_misc: set default length of misc_conv() buffer to + 4096 + +--- + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index b283db1b..8e5d0ff7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -650,9 +650,9 @@ esac + + AC_ARG_WITH([misc-conv-bufsize], + AS_HELP_STRING([--with-misc-conv-bufsize=], +- [Size of input buffer for libpam_misc's misc_conv() conversation function, default=512]), ++ [Size of input buffer for libpam_misc's misc_conv() conversation function, default=4096]), + [], +- [with_misc_conv_bufsize=512]) ++ [with_misc_conv_bufsize=4096]) + AC_DEFINE_UNQUOTED(PAM_MISC_CONV_BUFSIZE, $with_misc_conv_bufsize, [libpam_misc misc_conv() buffer size.]) + + AM_CONDITIONAL([COND_BUILD_PAM_KEYINIT], [test "$have_key_syscalls" = 1]) +-- +2.41.0 + diff --git a/SPECS/pam.spec b/SPECS/pam.spec index abdcb4f..80ae6ab 100644 --- a/SPECS/pam.spec +++ b/SPECS/pam.spec @@ -3,7 +3,7 @@ Summary: An extensible library which provides authentication for applications Name: pam Version: 1.5.1 -Release: 14%{?dist} +Release: 15%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ # - this option is redundant as the BSD license allows that anyway. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. @@ -48,6 +48,9 @@ Patch11: pam-1.5.1-pam-lastlog-check-localtime_r-return-value.patch Patch12: pam-1.5.1-pam-faillock-clarify-missing-user.patch # https://github.com/linux-pam/linux-pam/commit/10086bc69663fa819277af244eeb5b629a2403b8 Patch13: pam-1.5.1-pam-faillock-avoid-logging-erroneous.patch +# https://github.com/linux-pam/linux-pam/commit/55f206447a1e4ee26e307e7a9c069236e823b1a5 +# https://github.com/linux-pam/linux-pam/commit/80bfda5962e5be3daa70e0fc8c75fc97d1c55121 +Patch14: pam-1.5.1-pam-misc-configurable.patch %global _pamlibdir %{_libdir} %global _moduledir %{_libdir}/security @@ -143,6 +146,7 @@ cp %{SOURCE18} . %patch11 -p1 -b .pam-lastlog-check-localtime_r-return-value %patch12 -p1 -b .pam-faillock-clarify-missing-user %patch13 -p1 -b .pam-faillock-avoid-logging-erroneous +%patch14 -p1 -b .pam-misc-configurable autoreconf -i @@ -398,6 +402,9 @@ done %doc doc/sag/*.txt doc/sag/html %changelog +* Mon Jun 26 2023 Iker Pedrosa - 1.5.1-15 +- pam_misc: make length of misc_conv() configurable and set to 4096. Resolves: #2215007 + * Tue Nov 29 2022 Iker Pedrosa - 1.5.1-14 - pam_lastlog: check localtime_r() return value. Resolves: #2130124 - pam_faillock: clarify missing user faillock files after reboot. Resolves: #2126632