pam: Update to 1.2.1
| Message ID | 1447001446-9252-1-git-send-email-matthias.fischer@ipfire.org |
|---|---|
| State | Superseded |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.tremer.info [172.28.1.200]) by septima.ipfire.org (Postfix) with ESMTP id B44F361ADC for <patchwork@ipfire.org>; Sun, 8 Nov 2015 17:50:52 +0100 (CET) Received: from hedwig.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 4639A1564; Sun, 8 Nov 2015 17:50:52 +0100 (CET) Received: from Devel.localdomain (p5DD82DF7.dip0.t-ipconnect.de [93.216.45.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 00F02D60 for <development@lists.ipfire.org>; Sun, 8 Nov 2015 17:50:50 +0100 (CET) From: Matthias Fischer <matthias.fischer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] pam: Update to 1.2.1 Date: Sun, 8 Nov 2015 17:50:46 +0100 Message-Id: <1447001446-9252-1-git-send-email-matthias.fischer@ipfire.org> X-Mailer: git-send-email 2.6.3 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <http://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <http://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Message
Matthias Fischer
Nov. 9, 2015, 3:50 a.m. UTC
pam: Update to 1.2.1
Changes: https://git.fedorahosted.org/cgit/linux-pam.git/
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
config/rootfiles/common/pam | 26 ++++++++++++++++++++------
lfs/pam | 12 ++++++------
2 files changed, 26 insertions(+), 12 deletions(-)
Comments
Hi, the patch looks good. I wonder if you have tested this on a clean installation. Because of the many so-bumps, the new libraries would probably not be used in an upgraded system and that won't find us the bugs :) Best, -Michael On Sun, 2015-11-08 at 17:50 +0100, Matthias Fischer wrote: > pam: Update to 1.2.1 > > Changes: https://git.fedorahosted.org/cgit/linux-pam.git/ > > Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> > --- > config/rootfiles/common/pam | 26 ++++++++++++++++++++------ > lfs/pam | 12 ++++++------ > 2 files changed, 26 insertions(+), 12 deletions(-) > > diff --git a/config/rootfiles/common/pam > b/config/rootfiles/common/pam > index 3335a54..e7e1d3a 100644 > --- a/config/rootfiles/common/pam > +++ b/config/rootfiles/common/pam > @@ -17,12 +17,13 @@ etc/security > #etc/security/pam_env.conf > #etc/security/time.conf > lib/libpam.so.0 > -lib/libpam.so.0.81.10 > +lib/libpam.so.0.84.1 > lib/libpam_misc.so.0 > -lib/libpam_misc.so.0.81.3 > +lib/libpam_misc.so.0.82.1 > lib/libpamc.so.0 > -lib/libpamc.so.0.81.0 > +lib/libpamc.so.0.82.1 > #lib/security > +lib/security/mkhomedir_helper > #lib/security/pam_access.la > lib/security/pam_access.so > #lib/security/pam_debug.la > @@ -71,6 +72,8 @@ lib/security/pam_mail.so > lib/security/pam_nologin.so > #lib/security/pam_permit.la > lib/security/pam_permit.so > +lib/security/pam_pwhistory.la > +#lib/security/pam_pwhistory.so > #lib/security/pam_rhosts.la > lib/security/pam_rhosts.so > #lib/security/pam_rootok.la > @@ -85,8 +88,14 @@ lib/security/pam_shells.so > #lib/security/pam_succeed_if.so > #lib/security/pam_tally.la > #lib/security/pam_tally.so > +#lib/security/pam_tally2 > +#lib/security/pam_tally2.la > +#lib/security/pam_tally2.so > #lib/security/pam_time.la > #lib/security/pam_time.so > +#lib/security/pam_timestamp.la > +#lib/security/pam_timestamp.so > +#lib/security/pam_timestamp_check > #lib/security/pam_umask.la > #lib/security/pam_umask.so > #lib/security/pam_unix.la > @@ -133,6 +142,9 @@ usr/lib/libpamc.so > #usr/share/man/man3/pam_end.3 > #usr/share/man/man3/pam_error.3 > #usr/share/man/man3/pam_fail_delay.3 > +#usr/share/man/man3/pam_get_authtok.3 > +#usr/share/man/man3/pam_get_authtok_noverify.3 > +#usr/share/man/man3/pam_get_authtok_verify.3 > #usr/share/man/man3/pam_get_data.3 > #usr/share/man/man3/pam_get_item.3 > #usr/share/man/man3/pam_get_user.3 > @@ -171,9 +183,9 @@ usr/lib/libpamc.so > #usr/share/man/man5/pam_env.conf.5 > #usr/share/man/man5/time.conf.5 > #usr/share/man/man8/PAM.8 > +#usr/share/man/man8/mkhomedir_helper.8 > #usr/share/man/man8/pam.8 > #usr/share/man/man8/pam_access.8 > -#usr/share/man/man8/pam_cracklib.8 > #usr/share/man/man8/pam_debug.8 > #usr/share/man/man8/pam_deny.8 > #usr/share/man/man8/pam_echo.8 > @@ -196,14 +208,17 @@ usr/lib/libpamc.so > #usr/share/man/man8/pam_namespace.8 > #usr/share/man/man8/pam_nologin.8 > #usr/share/man/man8/pam_permit.8 > +#usr/share/man/man8/pam_pwhistory.8 > #usr/share/man/man8/pam_rhosts.8 > #usr/share/man/man8/pam_rootok.8 > #usr/share/man/man8/pam_securetty.8 > #usr/share/man/man8/pam_shells.8 > #usr/share/man/man8/pam_succeed_if.8 > #usr/share/man/man8/pam_tally.8 > +#usr/share/man/man8/pam_tally2.8 > #usr/share/man/man8/pam_time.8 > -#usr/share/man/man8/pam_tty_audit.8 > +#usr/share/man/man8/pam_timestamp.8 > +#usr/share/man/man8/pam_timestamp_check.8 > #usr/share/man/man8/pam_umask.8 > #usr/share/man/man8/pam_unix.8 > #usr/share/man/man8/pam_userdb.8 > @@ -212,4 +227,3 @@ usr/lib/libpamc.so > #usr/share/man/man8/pam_xauth.8 > #usr/share/man/man8/unix_chkpwd.8 > #usr/share/man/man8/unix_update.8 > -#var/run/sepermit > diff --git a/lfs/pam b/lfs/pam > index 75557a4..606e65c 100644 > --- a/lfs/pam > +++ b/lfs/pam > @@ -1,7 +1,7 @@ > #################################################################### > ########### > # > # > # IPFire.org - A linux based firewall > # > -# Copyright (C) 2007 Michael Tremer & Christian Schmidt > # > +# Copyright (C) 2015 Michael Tremer & Christian Schmidt > # > # > # > # This program is free software: you can redistribute it and/or > modify # > # it under the terms of the GNU General Public License as published > by # > @@ -24,7 +24,7 @@ > > include Config > > -VER = 0.99.10.0 > +VER = 1.2.1 > > THISAPP = Linux-PAM-$(VER) > DL_FILE = $(THISAPP).tar.bz2 > @@ -40,7 +40,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_MD5 = be4dd1d34ac5933408e13e48f3eb710a > +$(DL_FILE)_MD5 = 9dc53067556d2dd567808fd509519dd6 > > install : $(TARGET) > > @@ -80,9 +80,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > chmod -v 4755 /lib/security/unix_chkpwd > mv -v /lib/security/pam_tally /sbin > mv -v /usr/lib/libpam*.so.0* /lib > - ln -v -sf ../../lib/libpam.so.0.81.10 /usr/lib/libpam.so > - ln -v -sf ../../lib/libpamc.so.0.81.0 /usr/lib/libpamc.so > - ln -v -sf ../../lib/libpam_misc.so.0.81.3 > /usr/lib/libpam_misc.so > + ln -v -sf ../../lib/libpam.so.0.84.1 /usr/lib/libpam.so > + ln -v -sf ../../lib/libpamc.so.0.82.1 /usr/lib/libpamc.so > + ln -v -sf ../../lib/libpam_misc.so.0.82.1 > /usr/lib/libpam_misc.so > -mkdir -p /etc/pam.d > cp $(DIR_SRC)/config/pam/* /etc/pam.d > chown root.root -R /etc/pam.d
On 09.11.2015 19:37, Michael Tremer wrote: > I wonder if you have tested this on a clean installation. Because of > the many so-bumps, the new libraries would probably not be used in an > upgraded system and that won't find us the bugs Hi Michael, You're probably right - sorry if I was a bit too fast with pushing this update! I'm having a tough time with a lot of work. "So much to do, but not much time for it..." ;-) In in the meantime I ran a few tests, maybe this helps: 1. Installed on testmachine (an old(!) Core 92), no noticeable problems during/after reboot: Deleted old pam-libraries, restarted, no noticeable problems either: ***SNIP*** ... [root@ipfiretest ~]# ps ax|grep pam 1527 ? Ss 0:00 /usr/sbin/saslauthd -n 2 -a pam 1528 ? S 0:00 /usr/sbin/saslauthd -n 2 -a pam 2463 pts/0 R+ 0:00 grep pam ... ***SNAP*** Started / stopped / restarted various services without problems. 2. Clean install on testmachine: (Core 96, "Development Build: pam/eeb83132-dirty", compiled 15.11.2015, with pam 1.2.1), no eye-catching events. What else could I test? Best, Matthias
Hi, On Sun, 2015-11-15 at 13:07 +0100, Matthias Fischer wrote: > On 09.11.2015 19:37, Michael Tremer wrote: > > I wonder if you have tested this on a clean installation. Because > > of > > the many so-bumps, the new libraries would probably not be used in > > an > > upgraded system and that won't find us the bugs > > Hi Michael, > > You're probably right - sorry if I was a bit too fast with pushing > this > update! I'm having a tough time with a lot of work. "So much to do, > but > not much time for it..." ;-) > > In in the meantime I ran a few tests, maybe this helps: > > 1. Installed on testmachine (an old(!) Core 92), no noticeable > problems > during/after reboot: > > Deleted old pam-libraries, restarted, no noticeable problems either: > > ***SNIP*** > ... > [root@ipfiretest ~]# ps ax|grep pam > 1527 ? Ss 0:00 /usr/sbin/saslauthd -n 2 -a pam > 1528 ? S 0:00 /usr/sbin/saslauthd -n 2 -a pam > 2463 pts/0 R+ 0:00 grep pam > ... > ***SNAP*** > > Started / stopped / restarted various services without problems. > > 2. Clean install on testmachine: (Core 96, "Development Build: > pam/eeb83132-dirty", compiled 15.11.2015, with pam 1.2.1), no > eye-catching events. > > What else could I test? as far as I understand, this is working for you? In that case, I guess we should merge the patch.. -Michael > > Best, > Matthias
Hi, On 18.11.2015 13:36, Michael Tremer wrote: > as far as I understand, this is working for you? In that case, I guess > we should merge the patch.. Nevertheless, I think it would be nice if someone else could test this, too: ;-) http://people.ipfire.org/~mfischer/pam-1.2.1-for-ipfire.tar.gz MD5SUM: 18EC666C6515C2536F6BFC93B200081D Copy to root, install with 'tar xvf pam-1.2.1-for-ipfire.tar.gz -C /' Regards, Matthias
Any feedback from anyone, yet? On Thu, 2015-11-19 at 18:33 +0100, Matthias Fischer wrote: > Hi, > > On 18.11.2015 13:36, Michael Tremer wrote: > > as far as I understand, this is working for you? In that case, I > > guess > > we should merge the patch.. > > Nevertheless, I think it would be nice if someone else could test > this, > too: ;-) > > http://people.ipfire.org/~mfischer/pam-1.2.1-for-ipfire.tar.gz > > MD5SUM: 18EC666C6515C2536F6BFC93B200081D > > Copy to root, install with 'tar xvf pam-1.2.1-for-ipfire.tar.gz -C /' > > Regards, > Matthias
Hi, been a bit silent because of too much work in Cologne mainly with the continuously growing refugee camps (sorry, but we're extremely busy these days) - I didn't here anything, too... Best, Matthias On 02.12.2015 00:10, Michael Tremer wrote: > Any feedback from anyone, yet? > > On Thu, 2015-11-19 at 18:33 +0100, Matthias Fischer wrote: >> Hi, >> >> On 18.11.2015 13:36, Michael Tremer wrote: >> > as far as I understand, this is working for you? In that case, I >> > guess >> > we should merge the patch.. >> >> Nevertheless, I think it would be nice if someone else could test >> this, >> too: ;-) >> >> http://people.ipfire.org/~mfischer/pam-1.2.1-for-ipfire.tar.gz >> >> MD5SUM: 18EC666C6515C2536F6BFC93B200081D >> >> Copy to root, install with 'tar xvf pam-1.2.1-for-ipfire.tar.gz -C /' >> >> Regards, >> Matthias >
Hi, On 02.12.2015 00:10, Michael Tremer wrote: > Any feedback from anyone, yet? No. Last feedback from me: I updated the following components: pam => 1.2.1 rrdtool => 1.5.5 clamav => 0.99 Fix for libnet 1.1.6 (Bug #10996) Several reboots, to make sure things are running. No seen problems until now... Best, Matthias > On Thu, 2015-11-19 at 18:33 +0100, Matthias Fischer wrote: >> Hi, >> >> On 18.11.2015 13:36, Michael Tremer wrote: >> > as far as I understand, this is working for you? In that case, I >> > guess >> > we should merge the patch.. >> >> Nevertheless, I think it would be nice if someone else could test >> this, >> too: ;-) >> >> http://people.ipfire.org/~mfischer/pam-1.2.1-for-ipfire.tar.gz >> >> MD5SUM: 18EC666C6515C2536F6BFC93B200081D >> >> Copy to root, install with 'tar xvf pam-1.2.1-for-ipfire.tar.gz -C /' >> >> Regards, >> Matthias >
Hi, On Sun, 2015-12-06 at 11:27 +0100, Matthias Fischer wrote: > Hi, > > On 02.12.2015 00:10, Michael Tremer wrote: > > Any feedback from anyone, yet? > > No. > > Last feedback from me: > > I updated the following components: > > pam => 1.2.1 > rrdtool => 1.5.5 > clamav => 0.99 > Fix for libnet 1.1.6 (Bug #10996) All but PAM is merged so far. Should we wait for more feedback? I am a bit disappointed that it is so silent on this list. Best, -Michael > > Several reboots, to make sure things are running. > > No seen problems until now... > > Best, > Matthias > > > On Thu, 2015-11-19 at 18:33 +0100, Matthias Fischer wrote: > > > Hi, > > > > > > On 18.11.2015 13:36, Michael Tremer wrote: > > > > as far as I understand, this is working for you? In that case, > > > > I > > > > guess > > > > we should merge the patch.. > > > > > > Nevertheless, I think it would be nice if someone else could test > > > this, > > > too: ;-) > > > > > > http://people.ipfire.org/~mfischer/pam-1.2.1-for-ipfire.tar.gz > > > > > > MD5SUM: 18EC666C6515C2536F6BFC93B200081D > > > > > > Copy to root, install with 'tar xvf pam-1.2.1-for-ipfire.tar.gz > > > -C /' > > > > > > Regards, > > > Matthias > > >
Hi Michael, On 11.12.2015 19:50, Michael Tremer wrote: >> >On 02.12.2015 00:10, Michael Tremer wrote: >>> > >Any feedback from anyone, yet? >> > >> >No. >> > >> >Last feedback from me: >> > >> >I updated the following components: >> > >> >pam => 1.2.1 >> >rrdtool => 1.5.5 >> >clamav => 0.99 >> >Fix for libnet 1.1.6 (Bug #10996) > All but PAM is merged so far. Regarding the missing sources - I can't explain that, sorry. As far as I know, I made an upload for each new source. Next time I'll look twice! > Should we wait for more feedback? I am a bit disappointed that it is so > silent on this list. If you'd like to wait: no problem for me! I'm also a bit ~bewildered, but nevertheless... Best, Matthias