[packages/pam] - updated to 1.6.0 (fixes CVE-2024-22365 in pam_namespace)

qboosh qboosh at pld-linux.org
Fri Mar 22 20:14:15 CET 2024 

commit 4769dbd51ac101e2b106b109bd0f89385e4e29ec
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date:   Fri Mar 22 19:59:07 2024 +0100

    - updated to 1.6.0 (fixes CVE-2024-22365 in pam_namespace)

 pam-db-gdbm.patch     | 11 -----------
 pam-pld-modules.patch | 12 +++++-------
 pam.spec              | 10 +++++-----
 3 files changed, 10 insertions(+), 23 deletions(-)
---
diff --git a/pam.spec b/pam.spec
index 3231ea9..5335768 100644
--- a/pam.spec
+++ b/pam.spec
@@ -1,4 +1,5 @@
 # TODO
+# - libeconf >= 0.5.0 ?
 # - fix pdf gen or disable it: No fo2pdf processor installed, skip PDF generation
 # NOTE: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}-docs.tar.xz
 #   is not needed here: it contains documentation in target formats (HTML, PDF) built from sources included in main tarball
@@ -22,8 +23,8 @@ Summary(ru.UTF-8):	Интструмент, обеспечивающий ауте
 Summary(tr.UTF-8):	Modüler, artımsal doğrulama birimleri
 Summary(uk.UTF-8):	Інструмент, що забезпечує аутентифікацію для програм
 Name:		pam
-Version:	1.5.3
-Release:	4
+Version:	1.6.0
+Release:	1
 Epoch:		1
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
@@ -31,7 +32,7 @@ Epoch:		1
 License:	BSD and GPL v2+
 Group:		Base
 Source0:	https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz
-# Source0-md5:	a913bd5fbf9edeafaacf3eb1eb86fd83
+# Source0-md5:	41a10af5fc35a7be472ae9864338e64a
 Source2:	ftp://ftp.pld-linux.org/software/pam/%{name}-pld-%{pam_pld_version}.tar.gz
 # Source2-md5:	f9ec6fcafcf1801bf318e60040244f2e
 Source3:	other.pamd
@@ -45,7 +46,6 @@ Source10:	postlogin.pamd
 Patch0:		%{name}-pld-modules.patch
 Patch1:		%{name}_console-lex-static.patch
 Patch3:		%{name}-mkhomedir-notfound.patch
-Patch4:		%{name}-db-gdbm.patch
 Patch5:		%{name}-exec-failok.patch
 Patch6:		pam_console_pam_tty.patch
 URL:		http://www.linux-pam.org/
@@ -262,7 +262,6 @@ danych GDBM.
 %patch0 -p1
 %patch1 -p1
 %patch3 -p1
-%patch4 -p1
 %patch5 -p1
 %patch6 -p1
 
@@ -532,6 +531,7 @@ fi
 
 # PAM modules
 %attr(755,root,root) /%{_lib}/security/pam_access.so
+%attr(755,root,root) /%{_lib}/security/pam_canonicalize_user.so
 %attr(755,root,root) /%{_lib}/security/pam_console.so
 %attr(755,root,root) /%{_lib}/security/pam_debug.so
 %attr(755,root,root) /%{_lib}/security/pam_deny.so
diff --git a/pam-db-gdbm.patch b/pam-db-gdbm.patch
deleted file mode 100644
index 79add7a..0000000
--- a/pam-db-gdbm.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- Linux-PAM-1.4.0/configure.ac.orig	2020-08-25 19:45:34.529916132 +0200
-+++ Linux-PAM-1.4.0/configure.ac	2020-08-25 19:49:33.305289241 +0200
-@@ -462,7 +462,7 @@
-               LIBS=$old_libs
-         fi
-         if test -z "$LIBDB" ; then
--            AC_CHECK_LIB([ndbm],[dbm_store], LIBDB="-lndbm", LIBDB="")
-+            AC_CHECK_LIB([gdbm],[dbm_store], LIBDB="-lgdbm -lgdbm_compat", LIBDB="", [-lgdbm_compat])
-             if test -n "$LIBDB" ; then
-                 AC_CHECK_HEADERS(ndbm.h)
-             fi
diff --git a/pam-pld-modules.patch b/pam-pld-modules.patch
index 38359b4..0049144 100644
--- a/pam-pld-modules.patch
+++ b/pam-pld-modules.patch
@@ -1,16 +1,14 @@
-diff -urNp -x '*.orig' Linux-PAM-1.4.0.org/configure.ac Linux-PAM-1.4.0/configure.ac
---- Linux-PAM-1.4.0.org/configure.ac	2020-06-08 12:17:27.000000000 +0200
-+++ Linux-PAM-1.4.0/configure.ac	2021-03-21 13:19:44.088594925 +0100
-@@ -712,6 +712,8 @@ AC_CONFIG_FILES([Makefile libpam/Makefil
+--- Linux-PAM-1.6.0/configure.ac.orig	2024-03-22 18:58:45.064426280 +0100
++++ Linux-PAM-1.6.0/configure.ac	2024-03-22 18:59:27.857527783 +0100
+@@ -774,6 +774,8 @@ AC_CONFIG_FILES([Makefile libpam/Makefil
  	po/Makefile.in \
  	Make.xml.rules \
  	modules/Makefile \
 +	modules/pam_console/Makefile modules/pam_pwexport/Makefile \
 +	modules/pam_pwgen/Makefile modules/pam_rps/Makefile \
  	modules/pam_access/Makefile \
-         modules/pam_debug/Makefile modules/pam_deny/Makefile \
- 	modules/pam_echo/Makefile modules/pam_env/Makefile \
-diff -urNp -x '*.orig' Linux-PAM-1.4.0.org/modules/Makefile.am Linux-PAM-1.4.0/modules/Makefile.am
+ 	modules/pam_canonicalize_user/Makefile \
+ 	modules/pam_debug/Makefile modules/pam_deny/Makefile \
 --- Linux-PAM-1.4.0.org/modules/Makefile.am	2020-06-08 12:17:27.000000000 +0200
 +++ Linux-PAM-1.4.0/modules/Makefile.am	2021-03-21 13:19:44.089594925 +0100
 @@ -98,6 +98,10 @@ SUBDIRS := \
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/pam.git/commitdiff/4769dbd51ac101e2b106b109bd0f89385e4e29ec

More information about the pld-cvs-commit mailing list