Compare commits
No commits in common. "c8" and "c8s" have entirely different histories.
|
@ -1,2 +1,4 @@
|
|||
SOURCES/Linux-PAM-1.3.1.tar.xz
|
||||
SOURCES/pam-redhat-0.99.11.tar.bz2
|
||||
/Linux-PAM-1.3.1.tar.xz
|
||||
/pam-redhat-0.99.11.tar.bz2
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
e89b6d279c9bf8cb495dfc0b3f3931eb50f818e9 SOURCES/Linux-PAM-1.3.1.tar.xz
|
||||
42206fe8319723ef23ab646b2eab496c86de3f5b SOURCES/pam-redhat-0.99.11.tar.bz2
|
|
@ -0,0 +1,6 @@
|
|||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-8
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
|
@ -0,0 +1,33 @@
|
|||
diff -up Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c.audit-messages-formatting Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c
|
||||
--- Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c.audit-messages-formatting 2024-03-11 16:21:51.928946604 +0100
|
||||
+++ Linux-PAM-1.3.1/modules/pam_faillock/pam_faillock.c 2024-03-11 16:21:51.934946609 +0100
|
||||
@@ -334,7 +334,7 @@ check_tally(pam_handle_t *pamh, struct o
|
||||
|
||||
(void)pam_get_item(pamh, PAM_TTY, &tty);
|
||||
(void)pam_get_item(pamh, PAM_RHOST, &rhost);
|
||||
- snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
|
||||
+ snprintf(buf, sizeof(buf), "op=pam_faillock suid=%u ", opts->uid);
|
||||
audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
|
||||
rhost, NULL, tty, 1);
|
||||
}
|
||||
@@ -450,7 +450,7 @@ write_tally(pam_handle_t *pamh, struct o
|
||||
errno == EAFNOSUPPORT))
|
||||
return PAM_SYSTEM_ERR;
|
||||
|
||||
- snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
|
||||
+ snprintf(buf, sizeof(buf), "op=pam_faillock suid=%u ", opts->uid);
|
||||
audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf,
|
||||
NULL, NULL, NULL, 1);
|
||||
|
||||
diff -up Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c.audit-messages-formatting Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c
|
||||
--- Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c.audit-messages-formatting 2024-03-11 16:21:51.934946609 +0100
|
||||
+++ Linux-PAM-1.3.1/modules/pam_selinux/pam_selinux.c 2024-03-11 16:23:24.521025061 +0100
|
||||
@@ -106,7 +106,7 @@ int send_audit_message(pam_handle_t *pam
|
||||
pam_syslog(pamh, LOG_ERR, "Error translating selected context.");
|
||||
selected_raw = NULL;
|
||||
}
|
||||
- if (asprintf(&msg, "pam: default-context=%s selected-context=%s",
|
||||
+ if (asprintf(&msg, "op=pam_selinux default-context=%s selected-context=%s",
|
||||
default_raw ? default_raw : (default_context ? default_context : "?"),
|
||||
selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) {
|
||||
pam_syslog(pamh, LOG_ERR, "Error allocating memory.");
|
|
@ -3,7 +3,7 @@
|
|||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.3.1
|
||||
Release: 33%{?dist}
|
||||
Release: 34%{?dist}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+
|
||||
# - this option is redundant as the BSD license allows that anyway.
|
||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||
|
@ -110,6 +110,9 @@ Patch68: pam-1.3.1-faillock-create-tallydir.patch
|
|||
Patch69: pam-1.3.1-access-handle-hostnames.patch
|
||||
# https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb
|
||||
Patch70: pam-1.3.1-namespace-protect-dir.patch
|
||||
# https://github.com/linux-pam/linux-pam/commit/c85513220c1bd3150e39c6277422d29cfa44acc7
|
||||
# https://github.com/linux-pam/linux-pam/commit/1648734a69c31e9ce834da70144ac9a453296807
|
||||
Patch71: pam-1.3.1-audit-messages-formatting.patch
|
||||
|
||||
%define _pamlibdir %{_libdir}
|
||||
%define _moduledir %{_libdir}/security
|
||||
|
@ -228,6 +231,7 @@ cp %{SOURCE18} .
|
|||
%patch68 -p1 -b .faillock-create-tallydir
|
||||
%patch69 -p1 -b .access-handle-hostnames
|
||||
%patch70 -p1 -b .namespace-protect-dir
|
||||
%patch71 -p1 -b .audit-messages-formatting
|
||||
|
||||
autoreconf -i
|
||||
|
||||
|
@ -481,6 +485,9 @@ done
|
|||
%doc doc/specs/rfc86.0.txt
|
||||
|
||||
%changelog
|
||||
* Thu Apr 4 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-34
|
||||
- fix formatting of audit messages. Resolves: RHEL-28620
|
||||
|
||||
* Mon Feb 12 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-33
|
||||
- pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS
|
||||
situations. CVE-2024-22365. Resolves: RHEL-21242
|
|
@ -0,0 +1,2 @@
|
|||
SHA512 (Linux-PAM-1.3.1.tar.xz) = 6bc8e2a5b64686f0a23846221c5228c88418ba485b17c53b3a12f91262b5bb73566d6b6a5daa1f63bbae54310aee918b987e44a72ce809b4e7c668f0fadfe08e
|
||||
SHA512 (pam-redhat-0.99.11.tar.bz2) = 2897ff3837a24e62dae0b90b85b1b70f9c783b56a0597dd1a52ef24011f74cc5b669f6b76ddac7ee230f32c3295bc3520ef9e88d49b50e52e476b37e85ac548e
|
Loading…
Reference in New Issue