[packages/pam] - updated to 1.5.3 - TODO: triggers and O/P for removed modules
baggins
baggins at pld-linux.org
Sat Dec 23 08:28:18 CET 2023
commit 9dcddb5207d0442fa8653c621bd3f316b2d8c3db
Author: Jan Rękorajski <baggins at pld-linux.org>
Date: Sat Dec 23 07:05:09 2023 +0100
- updated to 1.5.3
- TODO: triggers and O/P for removed modules
pam-exec-failok.patch | 14 +++---
pam-mkhomedir-notfound.patch | 12 ++---
pam-pld-modules.patch | 2 +-
pam.spec | 102 ++++++-------------------------------------
4 files changed, 28 insertions(+), 102 deletions(-)
---
diff --git a/pam.spec b/pam.spec
index 9d09a54..b6ca1b8 100644
--- a/pam.spec
+++ b/pam.spec
@@ -8,8 +8,6 @@
# Conditional build:
%bcond_without doc # documentation
%bcond_with prelude # Prelude IDS support (in libpam)
-%bcond_without cracklib # (deprecated) cracklib module
-%bcond_without tally # (deprecated) tally/tally2 modules
%bcond_without selinux # SELinux support
%bcond_without audit # Linux Auditing library support
@@ -24,8 +22,8 @@ Summary(ru.UTF-8): Интструмент, обеспечивающий ауте
Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri
Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм
Name: pam
-Version: 1.4.0
-Release: 10
+Version: 1.5.3
+Release: 0.1
Epoch: 1
# The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway.
@@ -33,7 +31,7 @@ Epoch: 1
License: BSD and GPL v2+
Group: Base
Source0: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz
-# Source0-md5: 39fca0523bccec6af4b63b5322276c84
+# Source0-md5: a913bd5fbf9edeafaacf3eb1eb86fd83
Source2: ftp://ftp.pld-linux.org/software/pam/%{name}-pld-%{pam_pld_version}.tar.gz
# Source2-md5: f9ec6fcafcf1801bf318e60040244f2e
Source3: other.pamd
@@ -46,18 +44,15 @@ Source9: %{name}.tmpfiles
Source10: postlogin.pamd
Patch0: %{name}-pld-modules.patch
Patch1: %{name}_console-lex-static.patch
-Patch2: %{name}-tally-fail-close.patch
Patch3: %{name}-mkhomedir-notfound.patch
Patch4: %{name}-db-gdbm.patch
Patch5: %{name}-exec-failok.patch
Patch6: pam_console_pam_tty.patch
-Patch7: no-force-pass-change.patch
URL: http://www.linux-pam.org/
%{?with_audit:BuildRequires: audit-libs-devel >= 1.6.9}
BuildRequires: autoconf >= 2.61
BuildRequires: automake
BuildRequires: bison
-%{?with_cracklib:BuildRequires: cracklib-devel >= 2.8.3}
BuildRequires: flex
# gdbm due to db pulling libpthread
BuildRequires: gdbm-devel >= 1.8.3-7
@@ -78,6 +73,7 @@ BuildRequires: zlib-devel
BuildRequires: docbook-dtd412-xml
BuildRequires: docbook-dtd43-xml
BuildRequires: docbook-dtd44-xml
+BuildRequires: docbook-dtd50-xml
BuildRequires: docbook-style-xsl >= 1.69.1
# For building PDFs
#BuildRequires: fop
@@ -91,8 +87,6 @@ Requires: awk
Requires: crypt(blowfish)
Requires: glibc >= 6:2.5-0.5
%{?with_selinux:Requires: libselinux >= 2.1.9}
-%{?with_cracklib:Requires: pam-pam_cracklib = %{epoch}:%{version}-%{release}}
-%{?with_tally:Requires: pam-pam_tally = %{epoch}:%{version}-%{release}}
Suggests: make
Suggests: pam-pam_pwquality
Suggests: pam-pam_userdb = %{epoch}:%{version}-%{release}
@@ -233,20 +227,6 @@ Biblioteki statyczne PAM.
%description static -l uk.UTF-8
Цей пакет містить статичні бібліотеки програміста для PAM.
-%package pam_cracklib
-Summary: PAM module to check the password against dictionary words
-Summary(pl.UTF-8): Moduł PAM do sprawdzania haseł względem słów ze słownika
-Group: Base
-Requires: %{name}-libs = %{epoch}:%{version}-%{release}
-Requires: cracklib >= 2.8.3
-Requires: cracklib-dicts >= 2.8.3
-
-%description pam_cracklib
-PAM module to check the password against dictionary words.
-
-%description pam_cracklib -l pl.UTF-8
-Moduł PAM do sprawdzania haseł względem słów ze słownika.
-
%package pam_selinux
Summary: PAM module - SELinux support
Summary(pl.UTF-8): Moduł PAM pozwalający na zmianę kontekstów SELinuksa
@@ -260,21 +240,6 @@ PAM module - SELinux support.
%description pam_selinux -l pl.UTF-8
Moduł PAM pozwalający na zmianę kontekstów SELinuksa.
-%package pam_tally
-Summary: PAM module to check login counts (tallying)
-Summary(pl.UTF-8): Moduł PAM do sprawdzania liczby logowań
-Group: Base
-Requires: %{name}-libs = %{epoch}:%{version}-%{release}
-
-%description pam_tally
-This module maintains a count of attempted accesses, can reset count
-on success, can deny access if too many attempts fail.
-
-%description pam_tally -l pl.UTF-8
-Ten moduł utrzymuje licznik prób logowań, może zerować licznik przy
-udanym logowaniu, może też blokować dostęp przy zbyt wielu
-niepowodzeniach.
-
%package pam_userdb
Summary: PAM module - authenticate against GDBM database
Summary(pl.UTF-8): Moduł PAM do uwierzytelniania względem bazy danych GDBM
@@ -293,12 +258,10 @@ danych GDBM.
%setup -q -a2 -n Linux-PAM-%{version}
%patch0 -p1
%patch1 -p1
-%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
-%patch7 -p1
%build
%{__libtoolize}
@@ -313,14 +276,12 @@ danych GDBM.
--libdir=/%{_lib} \
--includedir=%{_includedir}/security \
%{!?with_audit:--disable-audit} \
- %{?with_cracklib:--enable-cracklib} \
--enable-db=gdbm \
%{!?with_doc:--disable-regenerate-docu} \
--enable-isadir=../../%{_lib}/security \
+ --enable-lastlog \
%{!?with_prelude:--disable-prelude} \
%{!?with_selinux:--disable-selinux} \
- %{?with_tally:--enable-tally} \
- %{?with_tally:--enable-tally2}
# we must explicitely update-gmo as we patch a po file
%{__make} -C po update-gmo
@@ -334,6 +295,7 @@ install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/usr/lib/pam.d,/var/{log,run/se
%{__make} install \
DESTDIR=$RPM_BUILD_ROOT \
+ pkgconfigdir=%{_pkgconfigdir} \
servicedir=%{systemdunitdir}
%if %{with selinux}
@@ -349,7 +311,6 @@ for r in modules/pam_*/README; do
cp -pf $r doc/txts/README.$(basename $(dirname $r))
done
%{__rm} doc/txts/README.pam_userdb
-%{__rm} doc/txts/README.pam_cracklib
install -d doc/html
cp -pf doc/index.html doc/html/
@@ -359,18 +320,10 @@ echo ".so PAM.8" > $RPM_BUILD_ROOT%{_mandir}/man8/pam.8
:> $RPM_BUILD_ROOT/etc/security/opasswd
:> $RPM_BUILD_ROOT/etc/security/blacklist
-%if %{with tally}
-:> $RPM_BUILD_ROOT/var/log/tallylog
-%endif
-
%{__mv} $RPM_BUILD_ROOT/%{_lib}/lib*.a $RPM_BUILD_ROOT%{_libdir}
+%{__rm} $RPM_BUILD_ROOT/%{_lib}/lib*.la
cd $RPM_BUILD_ROOT/%{_lib}
-for f in lib*.la ; do
- %{__sed} -e 's|/%{_lib}/libpam|%{_libdir}/libpam|g' \
- -e "s|libdir='/%{_lib}|libdir='%{_libdir}|g" $f > $RPM_BUILD_ROOT%{_libdir}/$f
- %{__rm} $f
-done
ln -sf /%{_lib}/$(echo libpam.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam.so
ln -sf /%{_lib}/$(echo libpam_misc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so
ln -sf /%{_lib}/$(echo libpamc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpamc.so
@@ -474,16 +427,6 @@ if ! grep -qs pam_systemd /etc/pam.d/system-auth; then
echo "-session optional pam_systemd.so" >>/etc/pam.d/system-auth
fi
-%post pam_tally -p <lua>
-fh, error = io.open("/var/log/tallylog")
-if fh ~= nil then
- io.close(fh)
-else
- fh = io.open("/var/log/tallylog", "w+")
- io.close(fh)
- posix.chmod("/var/log/tallylog", "rw-------")
-end
-
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
@@ -515,6 +458,7 @@ end
%config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf
%attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init
%config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf
+%config(noreplace) %verify(not md5 mtime size) /etc/security/pwhistory.conf
%config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf
%config(noreplace) %verify(not md5 mtime size) /etc/security/trigram
%config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.en
@@ -535,6 +479,7 @@ end
%attr(755,root,root) %{_sbindir}/pam_namespace_helper
%attr(755,root,root) %{_sbindir}/pam_timestamp_check
%attr(755,root,root) %{_sbindir}/pwgen_trigram
+%attr(755,root,root) %{_sbindir}/pwhistory_helper
%attr(4755,root,root) %{_sbindir}/unix_chkpwd
%attr(4755,root,root) %{_sbindir}/unix_update
%{systemdunitdir}/pam_namespace.service
@@ -551,6 +496,7 @@ end
%{_mandir}/man5/pam.conf.5*
%{_mandir}/man5/pam.d.5*
%{_mandir}/man5/pam_env.conf.5*
+%{_mandir}/man5/pwhistory.conf.5*
%{_mandir}/man5/system-auth.5*
%{_mandir}/man5/time.conf.5*
%{_mandir}/man8/PAM.8*
@@ -558,11 +504,9 @@ end
%{_mandir}/man8/mkhomedir_helper.8*
%{_mandir}/man8/pam.8*
%{_mandir}/man8/pam_*.8*
+%{_mandir}/man8/pwhistory_helper.8*
%{_mandir}/man8/unix_chkpwd.8*
%{_mandir}/man8/unix_update.8*
-%if %{with cracklib}
-%exclude %{_mandir}/man8/pam_cracklib.8*
-%endif
%if %{with selinux}
%exclude %{_mandir}/man8/pam_selinux*.8*
%exclude %{_mandir}/man8/pam_sepermit.8*
@@ -635,9 +579,9 @@ end
%attr(755,root,root) %{_libdir}/libpam.so
%attr(755,root,root) %{_libdir}/libpam_misc.so
%attr(755,root,root) %{_libdir}/libpamc.so
-%{_libdir}/libpam.la
-%{_libdir}/libpam_misc.la
-%{_libdir}/libpamc.la
+%{_pkgconfigdir}/pam.pc
+%{_pkgconfigdir}/pam_misc.pc
+%{_pkgconfigdir}/pamc.pc
%{_includedir}/security/_pam_*.h
%{_includedir}/security/pam*.h
%{_mandir}/man3/misc_conv.3*
@@ -649,14 +593,6 @@ end
%{_libdir}/libpamc.a
%{_libdir}/libpam_misc.a
-%if %{with cracklib}
-%files pam_cracklib
-%defattr(644,root,root,755)
-%doc modules/pam_cracklib/README
-%attr(755,root,root) /%{_lib}/security/pam_cracklib.so
-%{_mandir}/man8/pam_cracklib.8*
-%endif
-
%if %{with selinux}
%files pam_selinux
%defattr(644,root,root,755)
@@ -671,16 +607,6 @@ end
%dir /var/run/sepermit
%endif
-%if %{with tally}
-%files pam_tally
-%defattr(644,root,root,755)
-%attr(755,root,root) %{_sbindir}/pam_tally
-%attr(755,root,root) %{_sbindir}/pam_tally2
-%attr(755,root,root) /%{_lib}/security/pam_tally.so
-%attr(755,root,root) /%{_lib}/security/pam_tally2.so
-%ghost %verify(not md5 mtime size) /var/log/tallylog
-%endif
-
%files pam_userdb
%defattr(644,root,root,755)
%doc modules/pam_userdb/README
diff --git a/pam-exec-failok.patch b/pam-exec-failok.patch
index 953be16..7f5bef7 100644
--- a/pam-exec-failok.patch
+++ b/pam-exec-failok.patch
@@ -4,13 +4,13 @@ diff -urNp -x '*.orig' Linux-PAM-1.4.0.org/modules/pam_exec/pam_exec.8.xml Linux
@@ -34,6 +34,9 @@
stdout
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
+ failok
+ </arg>
-+ <arg choice="opt">
++ <arg choice="opt" rep="norepeat">
log=<replaceable>file</replaceable>
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
@@ -172,6 +175,18 @@
</para>
</listitem>
@@ -34,15 +34,15 @@ diff -urNp -x '*.orig' Linux-PAM-1.4.0.org/modules/pam_exec/pam_exec.c Linux-PAM
--- Linux-PAM-1.4.0.org/modules/pam_exec/pam_exec.c 2020-06-08 12:17:27.000000000 +0200
+++ Linux-PAM-1.4.0/modules/pam_exec/pam_exec.c 2021-03-21 13:20:06.504594925 +0100
@@ -93,6 +93,7 @@ call_exec (const char *pam_type, pam_han
- int debug = 0;
int call_setuid = 0;
int quiet = 0;
+ int quiet_log = 0;
+ int fail_ok = 0;
int expose_authtok = 0;
int use_stdout = 0;
int optargc;
@@ -135,6 +136,8 @@ call_exec (const char *pam_type, pam_han
- quiet = 1;
+ quiet_log = 1;
else if (strcasecmp (argv[optargc], "expose_authtok") == 0)
expose_authtok = 1;
+ else if (strcasecmp (argv[optargc], "failok") == 0)
@@ -51,7 +51,7 @@ diff -urNp -x '*.orig' Linux-PAM-1.4.0.org/modules/pam_exec/pam_exec.c Linux-PAM
break; /* Unknown option, assume program to execute. */
}
@@ -271,7 +274,7 @@ call_exec (const char *pam_type, pam_han
- {
+ if (!quiet_log)
pam_syslog (pamh, LOG_ERR, "%s failed: exit code %d",
argv[optargc], WEXITSTATUS(status));
- if (!quiet)
@@ -69,7 +69,7 @@ diff -urNp -x '*.orig' Linux-PAM-1.4.0.org/modules/pam_exec/pam_exec.c Linux-PAM
argv[optargc], WTERMSIG(status),
WCOREDUMP(status) ? " (core dumped)" : "");
@@ -289,11 +292,14 @@ call_exec (const char *pam_type, pam_han
- {
+ if (!quiet_log)
pam_syslog (pamh, LOG_ERR, "%s failed: unknown status 0x%x",
argv[optargc], status);
- if (!quiet)
diff --git a/pam-mkhomedir-notfound.patch b/pam-mkhomedir-notfound.patch
index bc39e73..c60fc49 100644
--- a/pam-mkhomedir-notfound.patch
+++ b/pam-mkhomedir-notfound.patch
@@ -4,10 +4,10 @@ diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml Linu
@@ -29,6 +29,9 @@
umask=<replaceable>mode</replaceable>
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
+ notfound=[<replaceable>create</replaceable>|<replaceable>deny</replaceable>|<replaceable>ignore</replaceable>]
+ </arg>
-+ <arg choice="opt">
++ <arg choice="opt" rep="norepeat">
skel=<replaceable>skeldir</replaceable>
</arg>
</cmdsynopsis>
@@ -29,7 +29,7 @@ diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml Linu
+
+ <varlistentry>
+ <term>
- <option>skel=<replaceable>/path/to/skel/directory</replaceable></option>
+ skel=/path/to/skel/directory
</term>
<listitem>
--- Linux-PAM-1.4.0/modules/pam_mkhomedir/pam_mkhomedir.c.orig 2020-06-08 12:17:27.000000000 +0200
@@ -46,15 +46,15 @@ diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml Linu
+#define HOMEDIR_CREATE 0x40 /* create it */
+#define HOMEDIR_DENY 0x80 /* deny access */
- struct options_t {
- int ctrl;
+ #define LOGIN_DEFS "/etc/login.defs"
+ #define UMASK_DEFAULT "0022"
@@ -67,7 +70,7 @@
_pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv,
options_t *opt)
{
- opt->ctrl = 0;
+ opt->ctrl = HOMEDIR_CREATE;
- opt->umask = "0022";
+ opt->umask = NULL;
opt->skeldir = "/etc/skel";
@@ -88,6 +91,15 @@
diff --git a/pam-pld-modules.patch b/pam-pld-modules.patch
index bc71fab..38359b4 100644
--- a/pam-pld-modules.patch
+++ b/pam-pld-modules.patch
@@ -7,7 +7,7 @@ diff -urNp -x '*.orig' Linux-PAM-1.4.0.org/configure.ac Linux-PAM-1.4.0/configur
modules/Makefile \
+ modules/pam_console/Makefile modules/pam_pwexport/Makefile \
+ modules/pam_pwgen/Makefile modules/pam_rps/Makefile \
- modules/pam_access/Makefile modules/pam_cracklib/Makefile \
+ modules/pam_access/Makefile \
modules/pam_debug/Makefile modules/pam_deny/Makefile \
modules/pam_echo/Makefile modules/pam_env/Makefile \
diff -urNp -x '*.orig' Linux-PAM-1.4.0.org/modules/Makefile.am Linux-PAM-1.4.0/modules/Makefile.am
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/pam.git/commitdiff/9dcddb5207d0442fa8653c621bd3f316b2d8c3db
More information about the pld-cvs-commit
mailing list