* [PATCH] pam: update to 1.3.0
@ 2016-06-26 8:30 Marcel Lorenz
0 siblings, 0 replies; 2+ messages in thread
From: Marcel Lorenz @ 2016-06-26 8:30 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 6156 bytes --]
Signed-off-by: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
---
config/rootfiles/common/pam | 27 +++++++++++++++++++++------
lfs/pam | 27 +++++++++++++++------------
2 files changed, 36 insertions(+), 18 deletions(-)
diff --git a/config/rootfiles/common/pam b/config/rootfiles/common/pam
index 3335a54..060ed00 100644
--- a/config/rootfiles/common/pam
+++ b/config/rootfiles/common/pam
@@ -17,12 +17,13 @@ etc/security
#etc/security/pam_env.conf
#etc/security/time.conf
lib/libpam.so.0
-lib/libpam.so.0.81.10
+lib/libpam.so.0.84.2
lib/libpam_misc.so.0
-lib/libpam_misc.so.0.81.3
+lib/libpam_misc.so.0.82.1
lib/libpamc.so.0
-lib/libpamc.so.0.81.0
+lib/libpamc.so.0.82.1
#lib/security
+#lib/security/mkhomedir_helper
#lib/security/pam_access.la
lib/security/pam_access.so
#lib/security/pam_debug.la
@@ -71,6 +72,8 @@ lib/security/pam_mail.so
lib/security/pam_nologin.so
#lib/security/pam_permit.la
lib/security/pam_permit.so
+#lib/security/pam_pwhistory.la
+lib/security/pam_pwhistory.so
#lib/security/pam_rhosts.la
lib/security/pam_rhosts.so
#lib/security/pam_rootok.la
@@ -85,8 +88,14 @@ lib/security/pam_shells.so
#lib/security/pam_succeed_if.so
#lib/security/pam_tally.la
#lib/security/pam_tally.so
+#lib/security/pam_tally2
+#lib/security/pam_tally2.la
+lib/security/pam_tally2.so
#lib/security/pam_time.la
#lib/security/pam_time.so
+#lib/security/pam_timestamp.la
+lib/security/pam_timestamp.so
+#lib/security/pam_timestamp_check
#lib/security/pam_umask.la
#lib/security/pam_umask.so
#lib/security/pam_unix.la
@@ -133,6 +142,9 @@ usr/lib/libpamc.so
#usr/share/man/man3/pam_end.3
#usr/share/man/man3/pam_error.3
#usr/share/man/man3/pam_fail_delay.3
+#usr/share/man/man3/pam_get_authtok.3
+#usr/share/man/man3/pam_get_authtok_noverify.3
+#usr/share/man/man3/pam_get_authtok_verify.3
#usr/share/man/man3/pam_get_data.3
#usr/share/man/man3/pam_get_item.3
#usr/share/man/man3/pam_get_user.3
@@ -163,6 +175,7 @@ usr/lib/libpamc.so
#usr/share/man/man3/pam_vsyslog.3
#usr/share/man/man3/pam_xauth_data.3
#usr/share/man/man5/access.conf.5
+#usr/share/man/man5/environment.5
#usr/share/man/man5/group.conf.5
#usr/share/man/man5/limits.conf.5
#usr/share/man/man5/namespace.conf.5
@@ -171,9 +184,9 @@ usr/lib/libpamc.so
#usr/share/man/man5/pam_env.conf.5
#usr/share/man/man5/time.conf.5
#usr/share/man/man8/PAM.8
+#usr/share/man/man8/mkhomedir_helper.8
#usr/share/man/man8/pam.8
#usr/share/man/man8/pam_access.8
-#usr/share/man/man8/pam_cracklib.8
#usr/share/man/man8/pam_debug.8
#usr/share/man/man8/pam_deny.8
#usr/share/man/man8/pam_echo.8
@@ -196,14 +209,17 @@ usr/lib/libpamc.so
#usr/share/man/man8/pam_namespace.8
#usr/share/man/man8/pam_nologin.8
#usr/share/man/man8/pam_permit.8
+#usr/share/man/man8/pam_pwhistory.8
#usr/share/man/man8/pam_rhosts.8
#usr/share/man/man8/pam_rootok.8
#usr/share/man/man8/pam_securetty.8
#usr/share/man/man8/pam_shells.8
#usr/share/man/man8/pam_succeed_if.8
#usr/share/man/man8/pam_tally.8
+#usr/share/man/man8/pam_tally2.8
#usr/share/man/man8/pam_time.8
-#usr/share/man/man8/pam_tty_audit.8
+#usr/share/man/man8/pam_timestamp.8
+#usr/share/man/man8/pam_timestamp_check.8
#usr/share/man/man8/pam_umask.8
#usr/share/man/man8/pam_unix.8
#usr/share/man/man8/pam_userdb.8
@@ -212,4 +228,3 @@ usr/lib/libpamc.so
#usr/share/man/man8/pam_xauth.8
#usr/share/man/man8/unix_chkpwd.8
#usr/share/man/man8/unix_update.8
-#var/run/sepermit
diff --git a/lfs/pam b/lfs/pam
index 75557a4..351f73a 100644
--- a/lfs/pam
+++ b/lfs/pam
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2016 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 0.99.10.0
+VER = 1.3.0
THISAPP = Linux-PAM-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = be4dd1d34ac5933408e13e48f3eb710a
+$(DL_FILE)_MD5 = da4b2289b7cfb19583d54e9eaaef1c3a
install : $(TARGET)
@@ -69,20 +69,23 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure --libdir=/usr/lib \
- --sbindir=/lib/security \
- --enable-securedir=/lib/security \
- --enable-docdir=/usr/share/doc/Linux-PAM-$(VER) \
- --enable-read-both-confs --disable-nls
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure --libdir=/usr/lib \
+ --sysconfdir=/etc \
+ --libdir=/usr/lib \
+ --sbindir=/lib/security \
+ --enable-securedir=/lib/security \
+ --enable-docdir=/usr/share/doc/Linux-PAM-$(VER) \
+ --enable-read-both-confs \
+ --disable-nls
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
chmod -v 4755 /lib/security/unix_chkpwd
mv -v /lib/security/pam_tally /sbin
mv -v /usr/lib/libpam*.so.0* /lib
- ln -v -sf ../../lib/libpam.so.0.81.10 /usr/lib/libpam.so
- ln -v -sf ../../lib/libpamc.so.0.81.0 /usr/lib/libpamc.so
- ln -v -sf ../../lib/libpam_misc.so.0.81.3 /usr/lib/libpam_misc.so
+ ln -sfv /lib/libpam.so.0.84.2 /usr/lib/libpam.so
+ ln -sfv /lib/libpamc.so.0.82.1 /usr/lib/libpamc.so
+ ln -sfv /lib/libpam_misc.so.0.82.1 /usr/lib/libpam_misc.so
-mkdir -p /etc/pam.d
cp $(DIR_SRC)/config/pam/* /etc/pam.d
chown root.root -R /etc/pam.d
--
1.9.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH] pam: Update to 1.3.0
@ 2016-10-12 9:10 Stefan Schantl
0 siblings, 0 replies; 2+ messages in thread
From: Stefan Schantl @ 2016-10-12 9:10 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 5831 bytes --]
This is a major update to the latest available version of pam.
* Adjust source download location.
* Replace various hardcode path.
* Enable testsuite.
* Drop SELinux support.
Fixes #11219.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
pam/pam.nm | 25 +++++++---
pam/patches/pam-1.1.5-unix-no-fallback.patch | 69 ----------------------------
2 files changed, 18 insertions(+), 76 deletions(-)
delete mode 100644 pam/patches/pam-1.1.5-unix-no-fallback.patch
diff --git a/pam/pam.nm b/pam/pam.nm
index 54be8d0..1f4da19 100644
--- a/pam/pam.nm
+++ b/pam/pam.nm
@@ -4,7 +4,7 @@
###############################################################################
name = pam
-version = 1.1.6
+version = 1.3.0
release = 1
thisapp = Linux-PAM-%{version}
@@ -22,7 +22,7 @@ end
# This is the old location that might be revived in future
# source_dl = http://ftp.us.kernel.org/pub/linux/libs/pam/library/
-source_dl = https://fedorahosted.org/releases/l/i/linux-pam/
+source_dl = http://www.linux-pam.org/library/
build
requires
@@ -30,24 +30,35 @@ build
bison
cracklib-devel
flex
- libselinux-devel
end
+ export LD_LIBRARY_PATH = %{DIR_APP}/libpam/.libs
+
configure_options += \
--includedir=%{includedir}/security \
--docdir=/usr/share/doc/Linux-PAM-%{version} \
--enable-read-both-confs \
--disable-rpath
+ test
+ # Temporary copy our pam config files to the sysconfdir
+ # the chroot environment. They are required by various tests
+ # of the testsuite.
+ cp -avf %{DIR_SOURCE}/pam.d %{sysconfdir}
+
+ # Run the testsuite.
+ make check
+ end
+
install_cmds
#useradd -D -b /home
#sed -i 's/yes/no/' %{BUILDROOT}/etc/default/useradd
- mkdir -pv %{BUILDROOT}/etc/security
+ mkdir -pv %{BUILDROOT}%{sysconfdir}/security
install -v -m644 %{DIR_SOURCE}/pam_env.conf \
- %{BUILDROOT}/etc/security/pam_env.conf
+ %{BUILDROOT}%{sysconfdir}/security/pam_env.conf
# Included in setup package
- rm -f %{BUILDROOT}/etc/environment
+ rm -f %{BUILDROOT}%{sysconfdir}/environment
# Install man pages.
mkdir -pv %{BUILDROOT}%{mandir}/man5
@@ -61,7 +72,7 @@ end
packages
package %{name}
configfiles
- /etc/pam.d
+ %{sysconfdir}/pam.d
end
end
diff --git a/pam/patches/pam-1.1.5-unix-no-fallback.patch b/pam/patches/pam-1.1.5-unix-no-fallback.patch
deleted file mode 100644
index 7857196..0000000
--- a/pam/patches/pam-1.1.5-unix-no-fallback.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml
---- Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback 2011-06-21 11:04:56.000000000 +0200
-+++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml 2012-05-09 11:54:34.442036404 +0200
-@@ -265,11 +265,10 @@
- <listitem>
- <para>
- When a user changes their password next,
-- encrypt it with the SHA256 algorithm. If the
-- SHA256 algorithm is not known to the <citerefentry>
-+ encrypt it with the SHA256 algorithm. The
-+ SHA256 algorithm must be supported by the <citerefentry>
- <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
-- </citerefentry> function,
-- fall back to MD5.
-+ </citerefentry> function.
- </para>
- </listitem>
- </varlistentry>
-@@ -280,11 +279,10 @@
- <listitem>
- <para>
- When a user changes their password next,
-- encrypt it with the SHA512 algorithm. If the
-- SHA512 algorithm is not known to the <citerefentry>
-+ encrypt it with the SHA512 algorithm. The
-+ SHA512 algorithm must be supported by the <citerefentry>
- <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
-- </citerefentry> function,
-- fall back to MD5.
-+ </citerefentry> function.
- </para>
- </listitem>
- </varlistentry>
-@@ -295,11 +293,10 @@
- <listitem>
- <para>
- When a user changes their password next,
-- encrypt it with the blowfish algorithm. If the
-- blowfish algorithm is not known to the <citerefentry>
-+ encrypt it with the blowfish algorithm. The
-+ blowfish algorithm must be supported by the <citerefentry>
- <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
-- </citerefentry> function,
-- fall back to MD5.
-+ </citerefentry> function.
- </para>
- </listitem>
- </varlistentry>
-diff -up Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback Linux-PAM-1.1.5/modules/pam_unix/passverify.c
---- Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback 2012-05-09 11:48:12.409632377 +0200
-+++ Linux-PAM-1.1.5/modules/pam_unix/passverify.c 2012-05-09 11:48:36.953172291 +0200
-@@ -427,15 +427,14 @@ PAMH_ARG_DECL(char * create_password_has
- if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
- /* libxcrypt/libc doesn't know the algorithm, use MD5 */
- pam_syslog(pamh, LOG_ERR,
-- "Algo %s not supported by the crypto backend, "
-- "falling back to MD5\n",
-+ "Algo %s not supported by the crypto backend.\n",
- on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
- on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
- on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
- if(sp) {
- memset(sp, '\0', strlen(sp));
- }
-- return crypt_md5_wrapper(password);
-+ return NULL;
- }
-
- return x_strdup(sp);
--
2.7.4
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-10-12 9:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-26 8:30 [PATCH] pam: update to 1.3.0 Marcel Lorenz
2016-10-12 9:10 [PATCH] pam: Update " Stefan Schantl
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox