import pam-1.3.1-27.el8

1 year ago · b41c7d58d4
parent 675fe283df
commit b41c7d58d4
3 changed files with 41 additions and 17 deletions
--- a/SOURCES/pam-1.3.1-pam-misc-configurable.patch
+++ b/SOURCES/pam-1.3.1-pam-misc-configurable.patch
@ -0,0 +1,29 @@
+diff -up Linux-PAM-1.3.1/configure.ac.pam-misc-configurable Linux-PAM-1.3.1/configure.ac
+--- Linux-PAM-1.3.1/configure.ac.pam-misc-configurable	2023-06-26 09:57:00.243146563 +0200
+++ Linux-PAM-1.3.1/configure.ac	2023-06-26 09:59:45.353636685 +0200
+@@ -621,6 +621,13 @@ if test x"$opt_kerneloverflowuid" == x;
+ fi
+ AC_DEFINE_UNQUOTED(PAM_USERTYPE_OVERFLOW_UID, $opt_kerneloverflowuid, [Kernel overflow uid.])
+ 
+AC_ARG_WITH([misc-conv-bufsize],
+AS_HELP_STRING([--with-misc-conv-bufsize=<number>],
+    [Size of input buffer for libpam_misc's misc_conv() conversation function, default=4096]),
+    [],
+    [with_misc_conv_bufsize=4096])
+AC_DEFINE_UNQUOTED(PAM_MISC_CONV_BUFSIZE, $with_misc_conv_bufsize, [libpam_misc misc_conv() buffer size.])
+
+ dnl Files to be created from when we run configure
+ AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \
+ 	libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
+diff -up Linux-PAM-1.3.1/libpam_misc/misc_conv.c.pam-misc-configurable Linux-PAM-1.3.1/libpam_misc/misc_conv.c
+--- Linux-PAM-1.3.1/libpam_misc/misc_conv.c.pam-misc-configurable	2023-06-26 09:57:00.242146560 +0200
+++ Linux-PAM-1.3.1/libpam_misc/misc_conv.c	2023-06-26 10:00:38.023787972 +0200
+@@ -18,7 +18,7 @@
+ #include <security/pam_appl.h>
+ #include <security/pam_misc.h>
+ 
+-#define INPUTSIZE PAM_MAX_MSG_SIZE           /* maximum length of input+1 */
+#define INPUTSIZE PAM_MISC_CONV_BUFSIZE      /* maximum length of input+1 */
+ #define CONV_ECHO_ON  1                            /* types of echo state */
+ #define CONV_ECHO_OFF 0
+ 
--- a/SOURCES/smartcard-auth.pamd
+++ b/SOURCES/smartcard-auth.pamd
@ -1,19 +1,4 @@
 #%PAM-1.0
 # This file is auto-generated.
 # User changes will be destroyed the next time authselect is run.
-auth        required      pam_env.so
-auth        [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card
-auth        required      pam_deny.so
-
-account     required      pam_unix.so
-account     sufficient    pam_localuser.so
-account     sufficient    pam_succeed_if.so uid < 500 quiet
-account     required      pam_permit.so
-
-password    optional      pam_pkcs11.so
-
-session     optional      pam_keyinit.so revoke
-session     required      pam_limits.so
-session     optional      pam_systemd.so
-session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
-session     required      pam_unix.so
+auth sufficient pam_sss.so allow_missing_name
--- a/SPECS/pam.spec
+++ b/SPECS/pam.spec
@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.3.1
-Release: 25%{?dist}
+Release: 27%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -97,6 +97,9 @@ Patch62: pam-1.5.1-pam-lastlog-check-localtime_r-return-value.patch
 Patch63: pam-1.5.1-pam-faillock-clarify-missing-user.patch
 # https://github.com/linux-pam/linux-pam/commit/10086bc69663fa819277af244eeb5b629a2403b8
 Patch64: pam-1.5.1-pam-faillock-avoid-logging-erroneous.patch
+# https://github.com/linux-pam/linux-pam/commit/55f206447a1e4ee26e307e7a9c069236e823b1a5
+# https://github.com/linux-pam/linux-pam/commit/80bfda5962e5be3daa70e0fc8c75fc97d1c55121
+Patch65: pam-1.3.1-pam-misc-configurable.patch

 %define _pamlibdir %{_libdir}
 %define _moduledir %{_libdir}/security
@ -209,6 +212,7 @@ cp %{SOURCE18} .
 %patch62 -p1 -b .pam-lastlog-check-localtime_r-return-value
 %patch63 -p1 -b .pam-faillock-clarify-missing-user
 %patch64 -p1 -b .pam-faillock-avoid-logging-erroneous
+%patch65 -p1 -b .pam-misc-configurable

 autoreconf -i

@ -462,6 +466,12 @@ done
 %doc doc/specs/rfc86.0.txt

 %changelog
+* Mon Jun 26 2023 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-27
+- pam_misc: make length of misc_conv() configurable and set to 4096. Resolves: #2209785
+
+* Tue May 16 2023 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-26
+- smartcard-auth: modify the content to remove unnecessary modules. Resolves: #1983683
+
 * Tue Nov 29 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-25
 - pam_motd: avoid unnecessary logging. Resolves: #2091062
 - pam_lastlog: check localtime_r() return value. Resolves: #2012871