From d55e35278c9c72cccec6e4398bfb664d8f89d944 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 16 Oct 2015 15:31:12 +0200 Subject: [PATCH] pam_faillock: add possibility to set unlock_time to never --- pam-1.1.8-audit-user-mgmt.patch | 24 ---- pam-1.1.8-full-relro.patch | 20 --- ...faillock.patch => pam-1.2.1-faillock.patch | 129 ++++++++++-------- pam.spec | 7 +- 4 files changed, 78 insertions(+), 102 deletions(-) rename pam-1.2.0-faillock.patch => pam-1.2.1-faillock.patch (91%) diff --git a/pam-1.1.8-audit-user-mgmt.patch b/pam-1.1.8-audit-user-mgmt.patch index ef9cb4f..277a569 100644 --- a/pam-1.1.8-audit-user-mgmt.patch +++ b/pam-1.1.8-audit-user-mgmt.patch @@ -1,27 +1,3 @@ -diff -up Linux-PAM-1.1.8/modules/pam_faillock/main.c.audit-user-mgmt Linux-PAM-1.1.8/modules/pam_faillock/main.c ---- Linux-PAM-1.1.8/modules/pam_faillock/main.c.audit-user-mgmt 2014-10-17 12:09:12.928490104 +0200 -+++ Linux-PAM-1.1.8/modules/pam_faillock/main.c 2014-10-17 12:09:43.001169008 +0200 -@@ -127,7 +127,6 @@ do_user(struct options *opts, const char - } - if (opts->reset) { - #ifdef HAVE_LIBAUDIT -- char buf[64]; - int audit_fd; - #endif - -@@ -141,10 +140,8 @@ do_user(struct options *opts, const char - if ((audit_fd=audit_open()) >= 0) { - - if (pwd != NULL) { -- snprintf(buf, sizeof(buf), "faillock reset uid=%u", -- pwd->pw_uid); -- audit_log_user_message(audit_fd, AUDIT_USER_ACCT, -- buf, NULL, NULL, NULL, rv == 0); -+ audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL, -+ "faillock-reset", NULL, pwd->pw_uid, NULL, NULL, NULL, rv == 0); - } - close(audit_fd); - } diff -up Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c --- Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt 2013-06-18 16:11:21.000000000 +0200 +++ Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c 2014-10-17 12:09:12.965490940 +0200 diff --git a/pam-1.1.8-full-relro.patch b/pam-1.1.8-full-relro.patch index 0337062..07c69e3 100644 --- a/pam-1.1.8-full-relro.patch +++ b/pam-1.1.8-full-relro.patch @@ -19,26 +19,6 @@ diff -up Linux-PAM-1.1.8/modules/pam_console/Makefile.am.relro Linux-PAM-1.1.8/m configfile.tab.c: configfile.y $(YACC) $(BISON_OPTS) -o $@ -p _pc_yy $< -diff -up Linux-PAM-1.1.8/modules/pam_faillock/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_faillock/Makefile.am ---- Linux-PAM-1.1.8/modules/pam_faillock/Makefile.am.relro 2014-08-13 16:02:49.000000000 +0200 -+++ Linux-PAM-1.1.8/modules/pam_faillock/Makefile.am 2014-09-10 17:16:11.102808189 +0200 -@@ -19,7 +19,7 @@ secureconfdir = $(SCONFIGDIR) - - noinst_HEADERS = faillock.h - --faillock_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include -+faillock_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include @PIE_CFLAGS@ - pam_faillock_la_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include - - pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module -@@ -28,6 +28,7 @@ if HAVE_VERSIONING - pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map - endif - -+faillock_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ - faillock_LDADD = -L$(top_builddir)/libpam -lpam $(LIBAUDIT) - - securelib_LTLIBRARIES = pam_faillock.la diff -up Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am --- Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am.relro 2014-09-10 17:17:20.273401344 +0200 +++ Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am 2014-09-10 17:17:07.857115369 +0200 diff --git a/pam-1.2.0-faillock.patch b/pam-1.2.1-faillock.patch similarity index 91% rename from pam-1.2.0-faillock.patch rename to pam-1.2.1-faillock.patch index bb48eef..b91a255 100644 --- a/pam-1.2.0-faillock.patch +++ b/pam-1.2.1-faillock.patch @@ -1,6 +1,6 @@ -diff -up Linux-PAM-1.2.0/configure.ac.faillock Linux-PAM-1.2.0/configure.ac ---- Linux-PAM-1.2.0/configure.ac.faillock 2015-05-15 15:52:13.794506394 +0200 -+++ Linux-PAM-1.2.0/configure.ac 2015-05-15 15:52:13.798506486 +0200 +diff -up Linux-PAM-1.2.1/configure.ac.faillock Linux-PAM-1.2.1/configure.ac +--- Linux-PAM-1.2.1/configure.ac.faillock 2015-06-25 10:42:21.477374752 +0200 ++++ Linux-PAM-1.2.1/configure.ac 2015-06-25 10:42:21.501375246 +0200 @@ -621,7 +621,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefil modules/pam_access/Makefile modules/pam_cracklib/Makefile \ modules/pam_debug/Makefile modules/pam_deny/Makefile \ @@ -10,9 +10,9 @@ diff -up Linux-PAM-1.2.0/configure.ac.faillock Linux-PAM-1.2.0/configure.ac modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \ modules/pam_ftp/Makefile modules/pam_group/Makefile \ modules/pam_issue/Makefile modules/pam_keyinit/Makefile \ -diff -up Linux-PAM-1.2.0/doc/sag/pam_faillock.xml.faillock Linux-PAM-1.2.0/doc/sag/pam_faillock.xml ---- Linux-PAM-1.2.0/doc/sag/pam_faillock.xml.faillock 2015-05-15 15:52:13.799506509 +0200 -+++ Linux-PAM-1.2.0/doc/sag/pam_faillock.xml 2015-05-15 15:52:13.799506509 +0200 +diff -up Linux-PAM-1.2.1/doc/sag/pam_faillock.xml.faillock Linux-PAM-1.2.1/doc/sag/pam_faillock.xml +--- Linux-PAM-1.2.1/doc/sag/pam_faillock.xml.faillock 2015-06-25 10:42:21.482374855 +0200 ++++ Linux-PAM-1.2.1/doc/sag/pam_faillock.xml 2015-06-25 10:42:21.482374855 +0200 @@ -0,0 +1,38 @@ + + + + -diff -up Linux-PAM-1.2.0/modules/Makefile.am.faillock Linux-PAM-1.2.0/modules/Makefile.am ---- Linux-PAM-1.2.0/modules/Makefile.am.faillock 2015-05-15 15:52:13.797506463 +0200 -+++ Linux-PAM-1.2.0/modules/Makefile.am 2015-05-15 15:52:13.799506509 +0200 +diff -up Linux-PAM-1.2.1/modules/Makefile.am.faillock Linux-PAM-1.2.1/modules/Makefile.am +--- Linux-PAM-1.2.1/modules/Makefile.am.faillock 2015-06-25 10:42:21.480374814 +0200 ++++ Linux-PAM-1.2.1/modules/Makefile.am 2015-06-25 10:42:21.482374855 +0200 @@ -3,7 +3,7 @@ # @@ -64,9 +64,9 @@ diff -up Linux-PAM-1.2.0/modules/Makefile.am.faillock Linux-PAM-1.2.0/modules/Ma pam_env pam_exec pam_faildelay pam_filter pam_ftp \ pam_group pam_issue pam_keyinit pam_lastlog pam_limits \ pam_listfile pam_localuser pam_loginuid pam_mail \ -diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.c.faillock Linux-PAM-1.2.0/modules/pam_faillock/faillock.c ---- Linux-PAM-1.2.0/modules/pam_faillock/faillock.c.faillock 2015-05-15 15:52:13.799506509 +0200 -+++ Linux-PAM-1.2.0/modules/pam_faillock/faillock.c 2015-05-15 15:52:13.799506509 +0200 +diff -up Linux-PAM-1.2.1/modules/pam_faillock/faillock.c.faillock Linux-PAM-1.2.1/modules/pam_faillock/faillock.c +--- Linux-PAM-1.2.1/modules/pam_faillock/faillock.c.faillock 2015-06-25 10:42:21.482374855 +0200 ++++ Linux-PAM-1.2.1/modules/pam_faillock/faillock.c 2015-06-25 10:42:21.482374855 +0200 @@ -0,0 +1,158 @@ +/* + * Copyright (c) 2010 Tomas Mraz @@ -226,9 +226,9 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.c.faillock Linux-PAM-1.2. + + return 0; +} -diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.h.faillock Linux-PAM-1.2.0/modules/pam_faillock/faillock.h ---- Linux-PAM-1.2.0/modules/pam_faillock/faillock.h.faillock 2015-05-15 15:52:13.799506509 +0200 -+++ Linux-PAM-1.2.0/modules/pam_faillock/faillock.h 2015-05-15 15:52:13.799506509 +0200 +diff -up Linux-PAM-1.2.1/modules/pam_faillock/faillock.h.faillock Linux-PAM-1.2.1/modules/pam_faillock/faillock.h +--- Linux-PAM-1.2.1/modules/pam_faillock/faillock.h.faillock 2015-06-25 10:42:21.482374855 +0200 ++++ Linux-PAM-1.2.1/modules/pam_faillock/faillock.h 2015-06-25 10:42:21.482374855 +0200 @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2010 Tomas Mraz @@ -303,9 +303,9 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.h.faillock Linux-PAM-1.2. +int update_tally(int fd, struct tally_data *tallies); +#endif + -diff -up Linux-PAM-1.2.0/modules/pam_faillock/faillock.8.xml.faillock Linux-PAM-1.2.0/modules/pam_faillock/faillock.8.xml ---- Linux-PAM-1.2.0/modules/pam_faillock/faillock.8.xml.faillock 2015-05-15 15:52:13.799506509 +0200 -+++ Linux-PAM-1.2.0/modules/pam_faillock/faillock.8.xml 2015-05-15 15:52:13.799506509 +0200 +diff -up Linux-PAM-1.2.1/modules/pam_faillock/faillock.8.xml.faillock Linux-PAM-1.2.1/modules/pam_faillock/faillock.8.xml +--- Linux-PAM-1.2.1/modules/pam_faillock/faillock.8.xml.faillock 2015-06-25 10:42:21.482374855 +0200 ++++ Linux-PAM-1.2.1/modules/pam_faillock/faillock.8.xml 2015-06-25 10:42:21.482374855 +0200 @@ -0,0 +1,123 @@ + + + + -diff -up Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.0/modules/pam_faillock/main.c ---- Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock 2015-05-15 15:52:13.799506509 +0200 -+++ Linux-PAM-1.2.0/modules/pam_faillock/main.c 2015-05-15 15:52:13.799506509 +0200 -@@ -0,0 +1,235 @@ +diff -up Linux-PAM-1.2.1/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.1/modules/pam_faillock/main.c +--- Linux-PAM-1.2.1/modules/pam_faillock/main.c.faillock 2015-06-25 10:42:21.482374855 +0200 ++++ Linux-PAM-1.2.1/modules/pam_faillock/main.c 2015-06-25 10:42:21.503375287 +0200 +@@ -0,0 +1,232 @@ +/* + * Copyright (c) 2010 Tomas Mraz + * @@ -563,7 +563,6 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.0/mo + } + if (opts->reset) { +#ifdef HAVE_LIBAUDIT -+ char buf[64]; + int audit_fd; +#endif + @@ -577,10 +576,8 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.0/mo + if ((audit_fd=audit_open()) >= 0) { + + if (pwd != NULL) { -+ snprintf(buf, sizeof(buf), "faillock reset uid=%u", -+ pwd->pw_uid); -+ audit_log_user_message(audit_fd, AUDIT_USER_ACCT, -+ buf, NULL, NULL, NULL, rv == 0); ++ audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL, ++ "faillock-reset", NULL, pwd->pw_uid, NULL, NULL, NULL, rv == 0); + } + close(audit_fd); + } @@ -669,10 +666,10 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/main.c.faillock Linux-PAM-1.2.0/mo + return do_user(&opts, opts.user); +} + -diff -up Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am ---- Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock 2015-05-15 15:52:13.799506509 +0200 -+++ Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am 2015-05-15 15:52:13.799506509 +0200 -@@ -0,0 +1,43 @@ +diff -up Linux-PAM-1.2.1/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2.1/modules/pam_faillock/Makefile.am +--- Linux-PAM-1.2.1/modules/pam_faillock/Makefile.am.faillock 2015-06-25 10:42:21.482374855 +0200 ++++ Linux-PAM-1.2.1/modules/pam_faillock/Makefile.am 2015-06-25 10:42:21.494375102 +0200 +@@ -0,0 +1,44 @@ +# +# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk +# Copyright (c) 2008 Red Hat, Inc. @@ -694,7 +691,7 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2 + +noinst_HEADERS = faillock.h + -+faillock_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include ++faillock_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include @PIE_CFLAGS@ +pam_faillock_la_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include + +pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module @@ -703,6 +700,7 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2 + pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +endif + ++faillock_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@ +faillock_LDADD = -L$(top_builddir)/libpam -lpam $(LIBAUDIT) + +securelib_LTLIBRARIES = pam_faillock.la @@ -716,10 +714,10 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/Makefile.am.faillock Linux-PAM-1.2 +README: pam_faillock.8.xml +-include $(top_srcdir)/Make.xml.rules +endif -diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c ---- Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock 2015-05-15 15:52:13.800506532 +0200 -+++ Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c 2015-05-15 15:52:13.800506532 +0200 -@@ -0,0 +1,556 @@ +diff -up Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.c +--- Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.c.faillock 2015-06-25 10:42:21.483374875 +0200 ++++ Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.c 2015-10-16 14:07:38.451616869 +0200 +@@ -0,0 +1,571 @@ +/* + * Copyright (c) 2010 Tomas Mraz + * @@ -847,21 +845,30 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM- + } + else if (strncmp(argv[i], "unlock_time=", 12) == 0) { + unsigned int temp; -+ if (sscanf(argv[i]+12, "%u", &temp) != 1 || ++ ++ if (strcmp(argv[i]+12, "never") == 0) { ++ opts->unlock_time = 0; ++ } ++ else if (sscanf(argv[i]+12, "%u", &temp) != 1 || + temp > MAX_TIME_INTERVAL) { + pam_syslog(pamh, LOG_ERR, + "Bad number supplied for unlock_time argument"); -+ } else { ++ } ++ else { + opts->unlock_time = temp; + } + } + else if (strncmp(argv[i], "root_unlock_time=", 17) == 0) { + unsigned int temp; -+ if (sscanf(argv[i]+17, "%u", &temp) != 1 || ++ ++ if (strcmp(argv[i]+17, "never") == 0) { ++ opts->root_unlock_time = 0; ++ } ++ else if (sscanf(argv[i]+17, "%u", &temp) != 1 || + temp > MAX_TIME_INTERVAL) { + pam_syslog(pamh, LOG_ERR, + "Bad number supplied for root_unlock_time argument"); -+ } else { ++ } else { + opts->root_unlock_time = temp; + } + } @@ -980,8 +987,8 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM- + } + + if (opts->deny && failures >= opts->deny) { -+ if ((opts->uid && latest_time + opts->unlock_time < opts->now) || -+ (!opts->uid && latest_time + opts->root_unlock_time < opts->now)) { ++ if ((opts->uid && opts->unlock_time && latest_time + opts->unlock_time < opts->now) || ++ (!opts->uid && opts->root_unlock_time && latest_time + opts->root_unlock_time < opts->now)) { +#ifdef HAVE_LIBAUDIT + if (opts->action != FAILLOCK_ACTION_PREAUTH) { /* do not audit in preauth */ + char buf[64]; @@ -1145,11 +1152,17 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM- + left = opts->latest_time + opts->root_unlock_time - opts->now; + } + -+ left /= 60; /* minutes */ ++ if (left > 0) { ++ left = (left + 59)/60; /* minutes */ + -+ pam_info(pamh, _("Account temporarily locked due to %d failed logins"), -+ opts->failures); -+ pam_info(pamh, _("(%d minutes left to unlock)"), (int)left); ++ pam_info(pamh, _("Account temporarily locked due to %d failed logins"), ++ opts->failures); ++ pam_info(pamh, _("(%d minutes left to unlock)"), (int)left); ++ } ++ else { ++ pam_info(pamh, _("Account locked due to %d failed logins"), ++ opts->failures); ++ } + } +} + @@ -1276,10 +1289,10 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.c.faillock Linux-PAM- + +#endif /* #ifdef PAM_STATIC */ + -diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml.faillock Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml ---- Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml.faillock 2015-05-15 15:52:13.800506532 +0200 -+++ Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml 2015-05-15 15:52:13.800506532 +0200 -@@ -0,0 +1,392 @@ +diff -up Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.8.xml.faillock Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.8.xml +--- Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.8.xml.faillock 2015-06-25 10:42:21.483374875 +0200 ++++ Linux-PAM-1.2.1/modules/pam_faillock/pam_faillock.8.xml 2015-10-16 14:04:45.810864576 +0200 +@@ -0,0 +1,396 @@ + + @@ -1481,6 +1494,10 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml.faillock Linux- + + The access will be reenabled after + n seconds after the lock out. ++ The value 0 has the same meaning as value ++ never - the access ++ will not be reenabled without resetting the faillock ++ entries by the faillock8 command. + The default is 600 (10 minutes). + + @@ -1672,9 +1689,9 @@ diff -up Linux-PAM-1.2.0/modules/pam_faillock/pam_faillock.8.xml.faillock Linux- + + + -diff -up Linux-PAM-1.2.0/modules/pam_faillock/README.xml.faillock Linux-PAM-1.2.0/modules/pam_faillock/README.xml ---- Linux-PAM-1.2.0/modules/pam_faillock/README.xml.faillock 2015-05-15 15:52:13.800506532 +0200 -+++ Linux-PAM-1.2.0/modules/pam_faillock/README.xml 2015-05-15 15:52:13.800506532 +0200 +diff -up Linux-PAM-1.2.1/modules/pam_faillock/README.xml.faillock Linux-PAM-1.2.1/modules/pam_faillock/README.xml +--- Linux-PAM-1.2.1/modules/pam_faillock/README.xml.faillock 2015-06-25 10:42:21.483374875 +0200 ++++ Linux-PAM-1.2.1/modules/pam_faillock/README.xml 2015-06-25 10:42:21.483374875 +0200 @@ -0,0 +1,46 @@ + + + + -diff -up Linux-PAM-1.2.0/modules/pam_faillock/tst-pam_faillock.faillock Linux-PAM-1.2.0/modules/pam_faillock/tst-pam_faillock ---- Linux-PAM-1.2.0/modules/pam_faillock/tst-pam_faillock.faillock 2015-05-15 15:52:13.800506532 +0200 -+++ Linux-PAM-1.2.0/modules/pam_faillock/tst-pam_faillock 2015-05-15 15:52:13.800506532 +0200 +diff -up Linux-PAM-1.2.1/modules/pam_faillock/tst-pam_faillock.faillock Linux-PAM-1.2.1/modules/pam_faillock/tst-pam_faillock +--- Linux-PAM-1.2.1/modules/pam_faillock/tst-pam_faillock.faillock 2015-06-25 10:42:21.483374875 +0200 ++++ Linux-PAM-1.2.1/modules/pam_faillock/tst-pam_faillock 2015-06-25 10:42:21.483374875 +0200 @@ -0,0 +1,2 @@ +#!/bin/sh +../../tests/tst-dlopen .libs/pam_faillock.so diff --git a/pam.spec b/pam.spec index a70529f..e6780a1 100644 --- a/pam.spec +++ b/pam.spec @@ -3,7 +3,7 @@ Summary: An extensible library which provides authentication for applications Name: pam Version: 1.2.1 -Release: 2%{?dist} +Release: 3%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ # - this option is redundant as the BSD license allows that anyway. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. @@ -30,7 +30,7 @@ Source18: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt Patch1: pam-1.2.0-redhat-modules.patch Patch4: pam-1.1.0-console-nochmod.patch Patch5: pam-1.1.0-notally.patch -Patch8: pam-1.2.0-faillock.patch +Patch8: pam-1.2.1-faillock.patch Patch9: pam-1.1.6-noflex.patch Patch10: pam-1.1.3-nouserenv.patch Patch13: pam-1.1.6-limits-user.patch @@ -369,6 +369,9 @@ fi %doc doc/adg/*.txt doc/adg/html %changelog +* Fri Oct 16 2015 Tomáš Mráz 1.2.1-3 +- pam_faillock: add possibility to set unlock_time to never + * Wed Aug 12 2015 Tomáš Mráz 1.2.1-2 - drop the nproc limit setting, it is causing more harm than it solves