rpms
/
pam
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c10s
rpms:c9s
rpms:c9
rpms:c8s
rpms:c9-beta
rpms:c8-beta
rpms:imports/c8/pam-1.3.1-33.el8
rpms:imports/c9/pam-1.5.1-19.el9
rpms:imports/c8/pam-1.3.1-27.el8
rpms:imports/c9/pam-1.5.1-15.el9
rpms:imports/c8-beta/pam-1.3.1-27.el8
rpms:imports/c9-beta/pam-1.5.1-15.el9
rpms:imports/c8/pam-1.3.1-25.el8
rpms:imports/c9/pam-1.5.1-14.el9
rpms:imports/c9-beta/pam-1.5.1-14.el9
rpms:imports/c8-beta/pam-1.3.1-25.el8
rpms:imports/c8s/pam-1.3.1-25.el8
rpms:imports/c9/pam-1.5.1-12.el9
rpms:imports/c8/pam-1.3.1-22.el8
rpms:imports/c8s/pam-1.3.1-24.el8
rpms:imports/c9-beta/pam-1.5.1-12.el9
rpms:imports/c8-beta/pam-1.3.1-22.el8
rpms:imports/c9/pam-1.5.1-9.el9_0.1
rpms:imports/c8/pam-1.3.1-16.el8_6.1
rpms:imports/c8s/pam-1.3.1-22.el8
rpms:imports/c8s/pam-1.3.1-21.el8
rpms:imports/c8s/pam-1.3.1-20.el8
rpms:imports/c8s/pam-1.3.1-19.el8
rpms:imports/c8s/pam-1.3.1-18.el8
rpms:imports/c9/pam-1.5.1-9.el9
rpms:imports/c8/pam-1.3.1-16.el8
rpms:imports/c8-beta/pam-1.3.1-16.el8
rpms:imports/c8s/pam-1.3.1-16.el8
rpms:imports/c9-beta/pam-1.5.1-9.el9
rpms:imports/c9-beta/pam-1.5.1-8.el9
rpms:imports/c8/pam-1.3.1-15.el8
rpms:imports/c8-beta/pam-1.3.1-15.el8
rpms:imports/c8-beta/pam-1.3.1-14.el8
rpms:imports/c8-beta/pam-1.3.1-11.el8
rpms:imports/c8-beta/pam-1.3.1-8.el8
rpms:imports/c8-beta/pam-1.3.1-4.el8
rpms:imports/c8s/pam-1.3.1-15.el8
rpms:imports/c8s/pam-1.3.1-14.el8
rpms:imports/c8s/pam-1.3.1-11.el8
rpms:imports/c8s/pam-1.3.1-10.el8
rpms:imports/c8s/pam-1.3.1-8.el8
rpms:imports/c8/pam-1.3.1-14.el8
rpms:imports/c8/pam-1.3.1-11.el8
rpms:imports/c8/pam-1.3.1-8.el8
rpms:imports/c8/pam-1.3.1-4.el8
...
pull from: rpms:c8s
Branches Tags
rpms:c10s
rpms:c9s
rpms:c8
rpms:c9
rpms:c8s
rpms:c9-beta
rpms:c8-beta
rpms:imports/c8/pam-1.3.1-33.el8
rpms:imports/c9/pam-1.5.1-19.el9
rpms:imports/c8/pam-1.3.1-27.el8
rpms:imports/c9/pam-1.5.1-15.el9
rpms:imports/c8-beta/pam-1.3.1-27.el8
rpms:imports/c9-beta/pam-1.5.1-15.el9
rpms:imports/c8/pam-1.3.1-25.el8
rpms:imports/c9/pam-1.5.1-14.el9
rpms:imports/c9-beta/pam-1.5.1-14.el9
rpms:imports/c8-beta/pam-1.3.1-25.el8
rpms:imports/c8s/pam-1.3.1-25.el8
rpms:imports/c9/pam-1.5.1-12.el9
rpms:imports/c8/pam-1.3.1-22.el8
rpms:imports/c8s/pam-1.3.1-24.el8
rpms:imports/c9-beta/pam-1.5.1-12.el9
rpms:imports/c8-beta/pam-1.3.1-22.el8
rpms:imports/c9/pam-1.5.1-9.el9_0.1
rpms:imports/c8/pam-1.3.1-16.el8_6.1
rpms:imports/c8s/pam-1.3.1-22.el8
rpms:imports/c8s/pam-1.3.1-21.el8
rpms:imports/c8s/pam-1.3.1-20.el8
rpms:imports/c8s/pam-1.3.1-19.el8
rpms:imports/c8s/pam-1.3.1-18.el8
rpms:imports/c9/pam-1.5.1-9.el9
rpms:imports/c8/pam-1.3.1-16.el8
rpms:imports/c8-beta/pam-1.3.1-16.el8
rpms:imports/c8s/pam-1.3.1-16.el8
rpms:imports/c9-beta/pam-1.5.1-9.el9
rpms:imports/c9-beta/pam-1.5.1-8.el9
rpms:imports/c8/pam-1.3.1-15.el8
rpms:imports/c8-beta/pam-1.3.1-15.el8
rpms:imports/c8-beta/pam-1.3.1-14.el8
rpms:imports/c8-beta/pam-1.3.1-11.el8
rpms:imports/c8-beta/pam-1.3.1-8.el8
rpms:imports/c8-beta/pam-1.3.1-4.el8
rpms:imports/c8s/pam-1.3.1-15.el8
rpms:imports/c8s/pam-1.3.1-14.el8
rpms:imports/c8s/pam-1.3.1-11.el8
rpms:imports/c8s/pam-1.3.1-10.el8
rpms:imports/c8s/pam-1.3.1-8.el8
rpms:imports/c8/pam-1.3.1-14.el8
rpms:imports/c8/pam-1.3.1-11.el8
rpms:imports/c8/pam-1.3.1-8.el8
rpms:imports/c8/pam-1.3.1-4.el8

No commits in common. "c8" and "c8s" have entirely different histories.
c8 ... c8s

72 changed files with 51 additions and 3 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,4 @@
SOURCES/Linux-PAM-1.3.1.tar.xz
SOURCES/pam-redhat-0.99.11.tar.bz2
/Linux-PAM-1.3.1.tar.xz
/pam-redhat-0.99.11.tar.bz2

2
.pam.metadata
View File

@ -1,2 +0,0 @@
e89b6d279c9bf8cb495dfc0b3f3931eb50f818e9 SOURCES/Linux-PAM-1.3.1.tar.xz
42206fe8319723ef23ab646b2eab496c86de3f5b SOURCES/pam-redhat-0.99.11.tar.bz2

0
SOURCES/Linux-PAM-1.3.1.tar.xz.asc → Linux-PAM-1.3.1.tar.xz.asc
View File

0
SOURCES/config-util.5 → config-util.5
View File

0
SOURCES/config-util.pamd → config-util.pamd
View File

0
SOURCES/dlopen.sh → dlopen.sh
View File

0
SOURCES/fingerprint-auth.pamd → fingerprint-auth.pamd
View File

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

0
SOURCES/gpl-2.0.txt → gpl-2.0.txt
View File

0
SOURCES/other.pamd → other.pamd
View File

0
SOURCES/pam-1.1.0-console-nochmod.patch → pam-1.1.0-console-nochmod.patch
View File

0
SOURCES/pam-1.1.0-notally.patch → pam-1.1.0-notally.patch
View File

0
SOURCES/pam-1.1.1-console-errmsg.patch → pam-1.1.1-console-errmsg.patch
View File

0
SOURCES/pam-1.1.3-nouserenv.patch → pam-1.1.3-nouserenv.patch
View File

0
SOURCES/pam-1.1.6-limits-user.patch → pam-1.1.6-limits-user.patch
View File

0
SOURCES/pam-1.1.8-audit-user-mgmt.patch → pam-1.1.8-audit-user-mgmt.patch
View File

0
SOURCES/pam-1.1.8-full-relro.patch → pam-1.1.8-full-relro.patch
View File

0
SOURCES/pam-1.2.0-redhat-modules.patch → pam-1.2.0-redhat-modules.patch
View File

0
SOURCES/pam-1.2.0-unix-no-fallback.patch → pam-1.2.0-unix-no-fallback.patch
View File

0
SOURCES/pam-1.2.1-console-devname.patch → pam-1.2.1-console-devname.patch
View File

0
SOURCES/pam-1.2.1-faillock-admin-group.patch → pam-1.2.1-faillock-admin-group.patch
View File

0
SOURCES/pam-1.2.1-faillock.patch → pam-1.2.1-faillock.patch
View File

0
SOURCES/pam-1.3.0-pwhistory-helper.patch → pam-1.3.0-pwhistory-helper.patch
View File

0
SOURCES/pam-1.3.0-unix-nomsg.patch → pam-1.3.0-unix-nomsg.patch
View File

0
SOURCES/pam-1.3.1-access-handle-hostnames.patch → pam-1.3.1-access-handle-hostnames.patch
View File

0
SOURCES/pam-1.3.1-audit-error.patch → pam-1.3.1-audit-error.patch
View File

33
pam-1.3.1-audit-messages-formatting.patch Normal file
View File

@ -0,0 +1,33 @@
diff -up Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c.audit-messages-formatting Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c
--- Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c.audit-messages-formatting 2024-03-11 16:21:51.928946604 +0100
+++ Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c 2024-03-11 16:21:51.934946609 +0100
@@ -334,7 +334,7 @@ check_tally(pam_handle_t *pamh, struct o
(void)pam_get_item(pamh, PAM_TTY, &tty);
(void)pam_get_item(pamh, PAM_RHOST, &rhost);
- snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
+ snprintf(buf, sizeof(buf), "op=pam_faillock suid=%u ", opts->uid);
audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
rhost, NULL, tty, 1);
}
@@ -450,7 +450,7 @@ write_tally(pam_handle_t *pamh, struct o
errno == EAFNOSUPPORT))
return PAM_SYSTEM_ERR;
- snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
+ snprintf(buf, sizeof(buf), "op=pam_faillock suid=%u ", opts->uid);
audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf,
NULL, NULL, NULL, 1);
diff -up Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c.audit-messages-formatting Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c
--- Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c.audit-messages-formatting 2024-03-11 16:21:51.934946609 +0100
+++ Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c 2024-03-11 16:23:24.521025061 +0100
@@ -106,7 +106,7 @@ int send_audit_message(pam_handle_t *pam
pam_syslog(pamh, LOG_ERR, "Error translating selected context.");
selected_raw = NULL;
}
- if (asprintf(&msg, "pam: default-context=%s selected-context=%s",
+ if (asprintf(&msg, "op=pam_selinux default-context=%s selected-context=%s",
default_raw ? default_raw : (default_context ? default_context : "?"),
selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) {
pam_syslog(pamh, LOG_ERR, "Error allocating memory.");

0
SOURCES/pam-1.3.1-authtok-verify-fix.patch → pam-1.3.1-authtok-verify-fix.patch
View File

0
SOURCES/pam-1.3.1-console-build.patch → pam-1.3.1-console-build.patch
View File

0
SOURCES/pam-1.3.1-coverity.patch → pam-1.3.1-coverity.patch
View File

0
SOURCES/pam-1.3.1-faillock-create-tallydir.patch → pam-1.3.1-faillock-create-tallydir.patch
View File

0
SOURCES/pam-1.3.1-faillock-load-conf-from-file.patch → pam-1.3.1-faillock-load-conf-from-file.patch
View File

0
SOURCES/pam-1.3.1-faillock-update.patch → pam-1.3.1-faillock-update.patch
View File

0
SOURCES/pam-1.3.1-fds-closing.patch → pam-1.3.1-fds-closing.patch
View File

0
SOURCES/pam-1.3.1-inline.patch → pam-1.3.1-inline.patch
View File

0
SOURCES/pam-1.3.1-lastlog-no-showfailed.patch → pam-1.3.1-lastlog-no-showfailed.patch
View File

0
SOURCES/pam-1.3.1-lastlog-unlimited-fsize.patch → pam-1.3.1-lastlog-unlimited-fsize.patch
View File

0
SOURCES/pam-1.3.1-motd-manpage.patch → pam-1.3.1-motd-manpage.patch
View File

0
SOURCES/pam-1.3.1-namespace-gdm-doc.patch → pam-1.3.1-namespace-gdm-doc.patch
View File

0
SOURCES/pam-1.3.1-namespace-mntopts.patch → pam-1.3.1-namespace-mntopts.patch
View File

0
SOURCES/pam-1.3.1-namespace-protect-dir.patch → pam-1.3.1-namespace-protect-dir.patch
View File

0
SOURCES/pam-1.3.1-noflex.patch → pam-1.3.1-noflex.patch
View File

0
SOURCES/pam-1.3.1-pam-cc-compat.patch → pam-1.3.1-pam-cc-compat.patch
View File

0
SOURCES/pam-1.3.1-pam-keyinit-thread-safe.patch → pam-1.3.1-pam-keyinit-thread-safe.patch
View File

0
SOURCES/pam-1.3.1-pam-limits-unlimited-value.patch → pam-1.3.1-pam-limits-unlimited-value.patch
View File

0
SOURCES/pam-1.3.1-pam-misc-configurable.patch → pam-1.3.1-pam-misc-configurable.patch
View File

0
SOURCES/pam-1.3.1-pam-modutil-close-write.patch → pam-1.3.1-pam-modutil-close-write.patch
View File

0
SOURCES/pam-1.3.1-pam-motd-avoid-unnecessary-logging.patch → pam-1.3.1-pam-motd-avoid-unnecessary-logging.patch
View File

0
SOURCES/pam-1.3.1-pam-motd-fix-memory-leak.patch → pam-1.3.1-pam-motd-fix-memory-leak.patch
View File

0
SOURCES/pam-1.3.1-pam-motd-fix-segmentation-fault.patch → pam-1.3.1-pam-motd-fix-segmentation-fault.patch
View File

0
SOURCES/pam-1.3.1-pam-motd-support-multiple-motd-paths.patch → pam-1.3.1-pam-motd-support-multiple-motd-paths.patch
View File

0
SOURCES/pam-1.3.1-pam-pwhistory-load-conf-from-file.patch → pam-1.3.1-pam-pwhistory-load-conf-from-file.patch
View File

0
SOURCES/pam-1.3.1-pam-userdb-prevent-garbage-characters-from-db.patch → pam-1.3.1-pam-userdb-prevent-garbage-characters-from-db.patch
View File

0
SOURCES/pam-1.3.1-pam-usertype-SYS_UID_MAX.patch → pam-1.3.1-pam-usertype-SYS_UID_MAX.patch
View File

0
SOURCES/pam-1.3.1-pam-usertype.patch → pam-1.3.1-pam-usertype.patch
View File

0
SOURCES/pam-1.3.1-tty-audit-manfix.patch → pam-1.3.1-tty-audit-manfix.patch
View File

0
SOURCES/pam-1.3.1-unix-default-rounds.patch → pam-1.3.1-unix-default-rounds.patch
View File

0
SOURCES/pam-1.3.1-unix-enable-bcrypt.patch → pam-1.3.1-unix-enable-bcrypt.patch
View File

0
SOURCES/pam-1.3.1-unix-improve-logging.patch → pam-1.3.1-unix-improve-logging.patch
View File

0
SOURCES/pam-1.3.1-wheel-pam_ruser-fallback.patch → pam-1.3.1-wheel-pam_ruser-fallback.patch
View File

0
SOURCES/pam-1.5.1-pam-faillock-avoid-logging-erroneous.patch → pam-1.5.1-pam-faillock-avoid-logging-erroneous.patch
View File

0
SOURCES/pam-1.5.1-pam-faillock-clarify-missing-user.patch → pam-1.5.1-pam-faillock-clarify-missing-user.patch
View File

0
SOURCES/pam-1.5.1-pam-lastlog-check-localtime_r-return-value.patch → pam-1.5.1-pam-lastlog-check-localtime_r-return-value.patch
View File

9
SPECS/pam.spec → pam.spec
View File

@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications
Name: pam
Version: 1.3.1
Release: 33%{?dist}
Release: 34%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway.
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -110,6 +110,9 @@ Patch68: pam-1.3.1-faillock-create-tallydir.patch
Patch69: pam-1.3.1-access-handle-hostnames.patch
# https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb
Patch70: pam-1.3.1-namespace-protect-dir.patch
# https://github.com/linux-pam/linux-pam/commit/c85513220c1bd3150e39c6277422d29cfa44acc7
# https://github.com/linux-pam/linux-pam/commit/1648734a69c31e9ce834da70144ac9a453296807
Patch71: pam-1.3.1-audit-messages-formatting.patch
%define _pamlibdir %{_libdir}
%define _moduledir %{_libdir}/security
@ -228,6 +231,7 @@ cp %{SOURCE18} .
%patch68 -p1 -b .faillock-create-tallydir
%patch69 -p1 -b .access-handle-hostnames
%patch70 -p1 -b .namespace-protect-dir
%patch71 -p1 -b .audit-messages-formatting
autoreconf -i
@ -481,6 +485,9 @@ done
%doc doc/specs/rfc86.0.txt
%changelog
* Thu Apr 4 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-34
- fix formatting of audit messages. Resolves: RHEL-28620
* Mon Feb 12 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-33
- pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS
situations. CVE-2024-22365. Resolves: RHEL-21242

0
SOURCES/pamtmp.conf → pamtmp.conf
View File

0
SOURCES/password-auth.pamd → password-auth.pamd
View File

0
SOURCES/postlogin.5 → postlogin.5
View File

0
SOURCES/postlogin.pamd → postlogin.pamd
View File

0
SOURCES/smartcard-auth.pamd → smartcard-auth.pamd
View File

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (Linux-PAM-1.3.1.tar.xz) = 6bc8e2a5b64686f0a23846221c5228c88418ba485b17c53b3a12f91262b5bb73566d6b6a5daa1f63bbae54310aee918b987e44a72ce809b4e7c668f0fadfe08e
SHA512 (pam-redhat-0.99.11.tar.bz2) = 2897ff3837a24e62dae0b90b85b1b70f9c783b56a0597dd1a52ef24011f74cc5b669f6b76ddac7ee230f32c3295bc3520ef9e88d49b50e52e476b37e85ac548e

0
SOURCES/system-auth.5 → system-auth.5
View File

0
SOURCES/system-auth.pamd → system-auth.pamd
View File