From patchwork Sun Dec 6 10:08:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Erik Kapfer X-Patchwork-Id: 3707 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CphxL02cnz3wh1 for ; Sun, 6 Dec 2020 10:09:10 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CphxK5M6Xz22L; Sun, 6 Dec 2020 10:09:09 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CphxK3ZK1z2xpb; Sun, 6 Dec 2020 10:09:09 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CphxJ2GNcz2xZk for ; Sun, 6 Dec 2020 10:09:08 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CphxG1DJQzyC; Sun, 6 Dec 2020 10:09:06 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1607249346; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=PR8Cr3n2bQUrKAZqCWoOL0snHCfaedPsvotHm6jztQM=; b=KkgLjr0pjMTlQNqJoex0dwmVQlxylmvfTN7X7HD8YJDPrVOaxDcOs7t0mDGcjBsOOafr2y 330ODAs9zpkW8oCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1607249346; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=PR8Cr3n2bQUrKAZqCWoOL0snHCfaedPsvotHm6jztQM=; b=QrjiMQ2LUFuzz+z//LdKfUE8+FWlCl26buztuZZJA9T2VGyMS0vfUVrpLSQR23bkaVCNqa unlNMJ0GPRubaZuGzn2ohkAMGYUX9sv+w3NTfYvAxployTm7s7u61xjhKFJZIt0AnBguiW uL+E1TaRxJVvuEMCfmWy4lyy3GobHXYFNfz1Ark1jILx/zBgjiKuTCgkk8eL0MJOSthMC6 uZ8G5uPhnD2GIqo/aGdvGLTRYIcg21bw29Jda/ecEIk86x6/fL/PJIS6J+f6RTFfdPtI8j 0vP7bfk2Hnpui1AkC7nFN78OlIVgRTdgg94dG8R3PtbkOayriLlbkFg8xyon6A== From: ummeegge To: development@lists.ipfire.org Subject: [PATCH] Pam: Update to version 1.5.1 Date: Sun, 6 Dec 2020 10:08:59 +0000 Message-Id: <20201206100859.13103-1-erik.kapfer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Several fixes and improvements since the current available 1.3.1 version are included. CVE-2020-27780 has also been fixed. For a full release overview --> https://github.com/linux-pam/linux-pam/releases . Signed-off-by: ummeegge --- config/rootfiles/common/pam | 31 ++++++++++++++++++++++--------- lfs/pam | 6 +++--- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/config/rootfiles/common/pam b/config/rootfiles/common/pam index 0ca320f8f..e487e3fe2 100644 --- a/config/rootfiles/common/pam +++ b/config/rootfiles/common/pam @@ -2,6 +2,7 @@ etc/pam.d etc/security #etc/security/access.conf +#etc/security/faillock.conf #etc/security/group.conf #etc/security/limits.conf #etc/security/limits.d @@ -11,6 +12,7 @@ etc/security #etc/security/pam_env.conf #etc/security/time.conf #lib/security +#lib/security/faillock #lib/security/mkhomedir_helper #lib/security/pam_access.la lib/security/pam_access.so @@ -26,6 +28,8 @@ lib/security/pam_env.so lib/security/pam_exec.so #lib/security/pam_faildelay.la lib/security/pam_faildelay.so +#lib/security/pam_faillock.la +#lib/security/pam_faillock.so #lib/security/pam_filter #lib/security/pam_filter.la #lib/security/pam_filter.so @@ -56,6 +60,7 @@ lib/security/pam_mail.so #lib/security/pam_motd.so #lib/security/pam_namespace.la #lib/security/pam_namespace.so +#lib/security/pam_namespace_helper #lib/security/pam_nologin.la lib/security/pam_nologin.so #lib/security/pam_permit.la @@ -68,18 +73,14 @@ lib/security/pam_rhosts.so #lib/security/pam_rootok.so #lib/security/pam_securetty.la #lib/security/pam_securetty.so +#lib/security/pam_setquota.la +#lib/security/pam_setquota.so #lib/security/pam_shells.la lib/security/pam_shells.so #lib/security/pam_stress.la #lib/security/pam_stress.so #lib/security/pam_succeed_if.la #lib/security/pam_succeed_if.so -#lib/security/pam_tally -#lib/security/pam_tally.la -#lib/security/pam_tally.so -#lib/security/pam_tally2 -#lib/security/pam_tally2.la -#lib/security/pam_tally2.so #lib/security/pam_time.la #lib/security/pam_time.so #lib/security/pam_timestamp.la @@ -91,12 +92,15 @@ lib/security/pam_shells.so lib/security/pam_unix.so #lib/security/pam_userdb.la #lib/security/pam_userdb.so +#lib/security/pam_usertype.la +#lib/security/pam_usertype.so #lib/security/pam_warn.la #lib/security/pam_warn.so #lib/security/pam_wheel.la #lib/security/pam_wheel.so #lib/security/pam_xauth.la #lib/security/pam_xauth.so +#lib/security/pwhistory_helper lib/security/unix_chkpwd lib/security/unix_update #usr/include/security @@ -113,7 +117,7 @@ lib/security/unix_update #usr/lib/libpam.la #usr/lib/libpam.so usr/lib/libpam.so.0 -usr/lib/libpam.so.0.84.2 +usr/lib/libpam.so.0.85.1 #usr/lib/libpam_misc.la #usr/lib/libpam_misc.so usr/lib/libpam_misc.so.0 @@ -122,6 +126,9 @@ usr/lib/libpam_misc.so.0.82.1 #usr/lib/libpamc.so usr/lib/libpamc.so.0 usr/lib/libpamc.so.0.82.1 +#usr/lib/systemd +#usr/lib/systemd/system +#usr/lib/systemd/system/pam_namespace.service #usr/share/doc/Linux-PAM #usr/share/doc/Linux-PAM/draft-morgan-pam-current.txt #usr/share/doc/Linux-PAM/index.html @@ -170,6 +177,7 @@ usr/lib/libpamc.so.0.82.1 #usr/share/man/man3/pam_xauth_data.3 #usr/share/man/man5/access.conf.5 #usr/share/man/man5/environment.5 +#usr/share/man/man5/faillock.conf.5 #usr/share/man/man5/group.conf.5 #usr/share/man/man5/limits.conf.5 #usr/share/man/man5/namespace.conf.5 @@ -178,6 +186,7 @@ usr/lib/libpamc.so.0.82.1 #usr/share/man/man5/pam_env.conf.5 #usr/share/man/man5/time.conf.5 #usr/share/man/man8/PAM.8 +#usr/share/man/man8/faillock.8 #usr/share/man/man8/mkhomedir_helper.8 #usr/share/man/man8/pam.8 #usr/share/man/man8/pam_access.8 @@ -187,6 +196,7 @@ usr/lib/libpamc.so.0.82.1 #usr/share/man/man8/pam_env.8 #usr/share/man/man8/pam_exec.8 #usr/share/man/man8/pam_faildelay.8 +#usr/share/man/man8/pam_faillock.8 #usr/share/man/man8/pam_filter.8 #usr/share/man/man8/pam_ftp.8 #usr/share/man/man8/pam_group.8 @@ -201,24 +211,27 @@ usr/lib/libpamc.so.0.82.1 #usr/share/man/man8/pam_mkhomedir.8 #usr/share/man/man8/pam_motd.8 #usr/share/man/man8/pam_namespace.8 +#usr/share/man/man8/pam_namespace_helper.8 #usr/share/man/man8/pam_nologin.8 #usr/share/man/man8/pam_permit.8 #usr/share/man/man8/pam_pwhistory.8 #usr/share/man/man8/pam_rhosts.8 #usr/share/man/man8/pam_rootok.8 #usr/share/man/man8/pam_securetty.8 +#usr/share/man/man8/pam_setquota.8 #usr/share/man/man8/pam_shells.8 +#usr/share/man/man8/pam_stress.8 #usr/share/man/man8/pam_succeed_if.8 -#usr/share/man/man8/pam_tally.8 -#usr/share/man/man8/pam_tally2.8 #usr/share/man/man8/pam_time.8 #usr/share/man/man8/pam_timestamp.8 #usr/share/man/man8/pam_timestamp_check.8 #usr/share/man/man8/pam_umask.8 #usr/share/man/man8/pam_unix.8 #usr/share/man/man8/pam_userdb.8 +#usr/share/man/man8/pam_usertype.8 #usr/share/man/man8/pam_warn.8 #usr/share/man/man8/pam_wheel.8 #usr/share/man/man8/pam_xauth.8 +#usr/share/man/man8/pwhistory_helper.8 #usr/share/man/man8/unix_chkpwd.8 #usr/share/man/man8/unix_update.8 diff --git a/lfs/pam b/lfs/pam index d5ce5ef69..daae2def3 100644 --- a/lfs/pam +++ b/lfs/pam @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.3.1 +VER = 1.5.1 THISAPP = Linux-PAM-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 558ff53b0fc0563ca97f79e911822165 +$(DL_FILE)_MD5 = 155f2a31d07077b2c63a1f135876c31b install : $(TARGET)