import UBI pam-1.5.1-25.el9_6
This commit is contained in:
parent
3e96a19e31
commit
8aa5f5bea4
70
SOURCES/pam-1.5.1-pam-inline-pam-asprintf.patch
Normal file
70
SOURCES/pam-1.5.1-pam-inline-pam-asprintf.patch
Normal file
@ -0,0 +1,70 @@
|
||||
diff -up Linux-PAM-1.5.1/libpam/include/pam_cc_compat.h.pam-inline-pam-asprintf Linux-PAM-1.5.1/libpam/include/pam_cc_compat.h
|
||||
--- Linux-PAM-1.5.1/libpam/include/pam_cc_compat.h.pam-inline-pam-asprintf 2020-11-25 17:57:02.000000000 +0100
|
||||
+++ Linux-PAM-1.5.1/libpam/include/pam_cc_compat.h 2025-06-16 18:11:50.548603779 +0200
|
||||
@@ -21,6 +21,12 @@
|
||||
# define PAM_ATTRIBUTE_ALIGNED(arg) /* empty */
|
||||
#endif
|
||||
|
||||
+#if PAM_GNUC_PREREQ(3, 0)
|
||||
+# define PAM_ATTRIBUTE_MALLOC __attribute__((__malloc__))
|
||||
+#else
|
||||
+# define PAM_ATTRIBUTE_MALLOC /* empty */
|
||||
+#endif
|
||||
+
|
||||
#if PAM_GNUC_PREREQ(4, 6)
|
||||
# define DIAG_PUSH_IGNORE_CAST_QUAL \
|
||||
_Pragma("GCC diagnostic push"); \
|
||||
diff -up Linux-PAM-1.5.1/libpam/include/pam_inline.h.pam-inline-pam-asprintf Linux-PAM-1.5.1/libpam/include/pam_inline.h
|
||||
--- Linux-PAM-1.5.1/libpam/include/pam_inline.h.pam-inline-pam-asprintf 2025-06-16 18:11:50.548870777 +0200
|
||||
+++ Linux-PAM-1.5.1/libpam/include/pam_inline.h 2025-06-16 18:13:38.313288681 +0200
|
||||
@@ -9,6 +9,9 @@
|
||||
#define PAM_INLINE_H
|
||||
|
||||
#include "pam_cc_compat.h"
|
||||
+#include <stdarg.h>
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
@@ -66,6 +69,40 @@ pam_str_skip_icase_prefix_len(const char
|
||||
#define pam_str_skip_icase_prefix(str_, prefix_) \
|
||||
pam_str_skip_icase_prefix_len((str_), (prefix_), sizeof(prefix_) - 1 + PAM_MUST_BE_ARRAY(prefix_))
|
||||
|
||||
+static inline char * PAM_FORMAT((printf, 1, 2)) PAM_NONNULL((1)) PAM_ATTRIBUTE_MALLOC
|
||||
+pam_asprintf(const char *fmt, ...)
|
||||
+{
|
||||
+ int rc;
|
||||
+ char *res;
|
||||
+ va_list ap;
|
||||
+
|
||||
+ va_start(ap, fmt);
|
||||
+ rc = vasprintf(&res, fmt, ap);
|
||||
+ va_end(ap);
|
||||
+
|
||||
+ return rc < 0 ? NULL : res;
|
||||
+}
|
||||
+
|
||||
+static inline int PAM_FORMAT((printf, 3, 4)) PAM_NONNULL((3))
|
||||
+pam_snprintf(char *str, size_t size, const char *fmt, ...)
|
||||
+{
|
||||
+ int rc;
|
||||
+ va_list ap;
|
||||
+
|
||||
+ va_start(ap, fmt);
|
||||
+ rc = vsnprintf(str, size, fmt, ap);
|
||||
+ va_end(ap);
|
||||
+
|
||||
+ if (rc < 0 || (unsigned int) rc >= size)
|
||||
+ return -1;
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
+#define pam_sprintf(str_, fmt_, ...) \
|
||||
+ pam_snprintf((str_), sizeof(str_) + PAM_MUST_BE_ARRAY(str_), (fmt_), \
|
||||
+ ##__VA_ARGS__)
|
||||
+
|
||||
+
|
||||
static inline int
|
||||
pam_read_passwords(int fd, int npass, char **passwords)
|
||||
{
|
||||
1038
SOURCES/pam-1.5.1-pam-namespace-rebase.patch
Normal file
1038
SOURCES/pam-1.5.1-pam-namespace-rebase.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -3,7 +3,7 @@
|
||||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.5.1
|
||||
Release: 23%{?dist}
|
||||
Release: 25%{?dist}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+
|
||||
# - this option is redundant as the BSD license allows that anyway.
|
||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||
@ -75,6 +75,10 @@ Patch22: pam-1.5.1-pam-unix-shadow-password.patch
|
||||
Patch23: pam-1.5.1-pam-access-local.patch
|
||||
# https://github.com/linux-pam/linux-pam/commit/940747f88c16e029b69a74e80a2e94f65cb3e628
|
||||
Patch24: pam-1.5.1-pam-access-resolve-ip.patch
|
||||
# https://github.com/linux-pam/linux-pam/commit/10b80543807e3fc5af5f8bcfd8bb6e219bb3cecc
|
||||
Patch25: pam-1.5.1-pam-inline-pam-asprintf.patch
|
||||
# Available upstream
|
||||
Patch26: pam-1.5.1-pam-namespace-rebase.patch
|
||||
|
||||
%global _pamlibdir %{_libdir}
|
||||
%global _moduledir %{_libdir}/security
|
||||
@ -181,6 +185,8 @@ cp %{SOURCE18} .
|
||||
%patch22 -p1 -b .pam-unix-shadow-password
|
||||
%patch23 -p1 -b .pam-access-local
|
||||
%patch24 -p1 -b .pam-access-resolve-ip
|
||||
%patch25 -p1 -b .pam-inline-pam-asprintf
|
||||
%patch26 -p1 -b .pam-namespace-rebase
|
||||
|
||||
autoreconf -i
|
||||
|
||||
@ -436,6 +442,10 @@ done
|
||||
%doc doc/sag/*.txt doc/sag/html
|
||||
|
||||
%changelog
|
||||
* Mon Jun 16 2025 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-25
|
||||
- pam_namespace: fix potential privilege escalation.
|
||||
Resolves: CVE-2025-6020 and RHEL-96729
|
||||
|
||||
* Thu Nov 21 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-23
|
||||
- pam_access: rework resolving of tokens as hostname.
|
||||
Resolves: CVE-2024-10963 and RHEL-66244
|
||||
|
||||
Loading…
Reference in New Issue
Block a user