import pam-1.5.1-15.el9

c9 imports/c9/pam-1.5.1-15.el9
MSVSphere Packaging Team 1 year ago
parent 85b748757f
commit 616b490daa

@ -0,0 +1,79 @@
From 55f206447a1e4ee26e307e7a9c069236e823b1a5 Mon Sep 17 00:00:00 2001
From: Jeff Squyres <jsquyres@cisco.com>
Date: Fri, 30 Apr 2021 15:16:38 -0700
Subject: [PATCH 1/2] pam_misc: make length of misc_conv() configurable
Add --with-misc-conv-bufsize=<number> option to configure to allow
a longer buffer size for libpam_misc's misc_conv() function (it still
defaults to 512 bytes).
Signed-off-by: Jeff Squyres <jsquyres@cisco.com>
---
configure.ac | 7 +++++++
libpam_misc/misc_conv.c | 2 +-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 9c92d0de..b283db1b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -648,6 +648,13 @@ case "$enable_unix" in
*) AC_MSG_ERROR([bad value $enable_unix for --enable-unix option]) ;;
esac
+AC_ARG_WITH([misc-conv-bufsize],
+AS_HELP_STRING([--with-misc-conv-bufsize=<number>],
+ [Size of input buffer for libpam_misc's misc_conv() conversation function, default=512]),
+ [],
+ [with_misc_conv_bufsize=512])
+AC_DEFINE_UNQUOTED(PAM_MISC_CONV_BUFSIZE, $with_misc_conv_bufsize, [libpam_misc misc_conv() buffer size.])
+
AM_CONDITIONAL([COND_BUILD_PAM_KEYINIT], [test "$have_key_syscalls" = 1])
AM_CONDITIONAL([COND_BUILD_PAM_LASTLOG], [test "$ac_cv_func_logwtmp" = yes])
AM_CONDITIONAL([COND_BUILD_PAM_NAMESPACE], [test "$ac_cv_func_unshare" = yes])
diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c
index f28b1093..908ee890 100644
--- a/libpam_misc/misc_conv.c
+++ b/libpam_misc/misc_conv.c
@@ -18,7 +18,7 @@
#include <security/pam_appl.h>
#include <security/pam_misc.h>
-#define INPUTSIZE PAM_MAX_RESP_SIZE /* maximum length of input+1 */
+#define INPUTSIZE PAM_MISC_CONV_BUFSIZE /* maximum length of input+1 */
#define CONV_ECHO_ON 1 /* types of echo state */
#define CONV_ECHO_OFF 0
--
2.41.0
From 80bfda5962e5be3daa70e0fc8c75fc97d1c55121 Mon Sep 17 00:00:00 2001
From: Jeff Squyres <jsquyres@cisco.com>
Date: Fri, 30 Apr 2021 15:28:33 -0700
Subject: [PATCH 2/2] pam_misc: set default length of misc_conv() buffer to
4096
---
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index b283db1b..8e5d0ff7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -650,9 +650,9 @@ esac
AC_ARG_WITH([misc-conv-bufsize],
AS_HELP_STRING([--with-misc-conv-bufsize=<number>],
- [Size of input buffer for libpam_misc's misc_conv() conversation function, default=512]),
+ [Size of input buffer for libpam_misc's misc_conv() conversation function, default=4096]),
[],
- [with_misc_conv_bufsize=512])
+ [with_misc_conv_bufsize=4096])
AC_DEFINE_UNQUOTED(PAM_MISC_CONV_BUFSIZE, $with_misc_conv_bufsize, [libpam_misc misc_conv() buffer size.])
AM_CONDITIONAL([COND_BUILD_PAM_KEYINIT], [test "$have_key_syscalls" = 1])
--
2.41.0

@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications Summary: An extensible library which provides authentication for applications
Name: pam Name: pam
Version: 1.5.1 Version: 1.5.1
Release: 14%{?dist} Release: 15%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ # The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway. # - this option is redundant as the BSD license allows that anyway.
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -48,6 +48,9 @@ Patch11: pam-1.5.1-pam-lastlog-check-localtime_r-return-value.patch
Patch12: pam-1.5.1-pam-faillock-clarify-missing-user.patch Patch12: pam-1.5.1-pam-faillock-clarify-missing-user.patch
# https://github.com/linux-pam/linux-pam/commit/10086bc69663fa819277af244eeb5b629a2403b8 # https://github.com/linux-pam/linux-pam/commit/10086bc69663fa819277af244eeb5b629a2403b8
Patch13: pam-1.5.1-pam-faillock-avoid-logging-erroneous.patch Patch13: pam-1.5.1-pam-faillock-avoid-logging-erroneous.patch
# https://github.com/linux-pam/linux-pam/commit/55f206447a1e4ee26e307e7a9c069236e823b1a5
# https://github.com/linux-pam/linux-pam/commit/80bfda5962e5be3daa70e0fc8c75fc97d1c55121
Patch14: pam-1.5.1-pam-misc-configurable.patch
%global _pamlibdir %{_libdir} %global _pamlibdir %{_libdir}
%global _moduledir %{_libdir}/security %global _moduledir %{_libdir}/security
@ -143,6 +146,7 @@ cp %{SOURCE18} .
%patch11 -p1 -b .pam-lastlog-check-localtime_r-return-value %patch11 -p1 -b .pam-lastlog-check-localtime_r-return-value
%patch12 -p1 -b .pam-faillock-clarify-missing-user %patch12 -p1 -b .pam-faillock-clarify-missing-user
%patch13 -p1 -b .pam-faillock-avoid-logging-erroneous %patch13 -p1 -b .pam-faillock-avoid-logging-erroneous
%patch14 -p1 -b .pam-misc-configurable
autoreconf -i autoreconf -i
@ -398,6 +402,9 @@ done
%doc doc/sag/*.txt doc/sag/html %doc doc/sag/*.txt doc/sag/html
%changelog %changelog
* Mon Jun 26 2023 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-15
- pam_misc: make length of misc_conv() configurable and set to 4096. Resolves: #2215007
* Tue Nov 29 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-14 * Tue Nov 29 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-14
- pam_lastlog: check localtime_r() return value. Resolves: #2130124 - pam_lastlog: check localtime_r() return value. Resolves: #2130124
- pam_faillock: clarify missing user faillock files after reboot. Resolves: #2126632 - pam_faillock: clarify missing user faillock files after reboot. Resolves: #2126632

Loading…
Cancel
Save