From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH] pam: Update to 1.3.0 Date: Wed, 12 Oct 2016 11:10:37 +0200 Message-ID: <1476263437-3038-1-git-send-email-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0361488492984536295==" List-Id: --===============0361488492984536295== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is a major update to the latest available version of pam. * Adjust source download location. * Replace various hardcode path. * Enable testsuite. * Drop SELinux support. Fixes #11219. Signed-off-by: Stefan Schantl --- pam/pam.nm | 25 +++++++--- pam/patches/pam-1.1.5-unix-no-fallback.patch | 69 --------------------------= -- 2 files changed, 18 insertions(+), 76 deletions(-) delete mode 100644 pam/patches/pam-1.1.5-unix-no-fallback.patch diff --git a/pam/pam.nm b/pam/pam.nm index 54be8d0..1f4da19 100644 --- a/pam/pam.nm +++ b/pam/pam.nm @@ -4,7 +4,7 @@ ############################################################################= ### =20 name =3D pam -version =3D 1.1.6 +version =3D 1.3.0 release =3D 1 thisapp =3D Linux-PAM-%{version} =20 @@ -22,7 +22,7 @@ end # This is the old location that might be revived in future # source_dl =3D http://ftp.us.kernel.org/pub/linux/libs/pam/library/ =20 -source_dl =3D https://fedorahosted.org/releases/l/i/linux-pam/ +source_dl =3D http://www.linux-pam.org/library/ =20 build requires @@ -30,24 +30,35 @@ build bison cracklib-devel flex - libselinux-devel end =20 + export LD_LIBRARY_PATH =3D %{DIR_APP}/libpam/.libs + configure_options +=3D \ --includedir=3D%{includedir}/security \ --docdir=3D/usr/share/doc/Linux-PAM-%{version} \ --enable-read-both-confs \ --disable-rpath =20 + test + # Temporary copy our pam config files to the sysconfdir + # the chroot environment. They are required by various tests + # of the testsuite. + cp -avf %{DIR_SOURCE}/pam.d %{sysconfdir} + + # Run the testsuite. + make check + end + install_cmds #useradd -D -b /home #sed -i 's/yes/no/' %{BUILDROOT}/etc/default/useradd - mkdir -pv %{BUILDROOT}/etc/security + mkdir -pv %{BUILDROOT}%{sysconfdir}/security install -v -m644 %{DIR_SOURCE}/pam_env.conf \ - %{BUILDROOT}/etc/security/pam_env.conf + %{BUILDROOT}%{sysconfdir}/security/pam_env.conf =20 # Included in setup package - rm -f %{BUILDROOT}/etc/environment + rm -f %{BUILDROOT}%{sysconfdir}/environment =20 # Install man pages. mkdir -pv %{BUILDROOT}%{mandir}/man5 @@ -61,7 +72,7 @@ end packages package %{name} configfiles - /etc/pam.d + %{sysconfdir}/pam.d end end =20 diff --git a/pam/patches/pam-1.1.5-unix-no-fallback.patch b/pam/patches/pam-1= .1.5-unix-no-fallback.patch deleted file mode 100644 index 7857196..0000000 --- a/pam/patches/pam-1.1.5-unix-no-fallback.patch +++ /dev/null @@ -1,69 +0,0 @@ -diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback Linux-P= AM-1.1.5/modules/pam_unix/pam_unix.8.xml ---- Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback 2011-06-21 1= 1:04:56.000000000 +0200 -+++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml 2012-05-09 11:54:34.4420= 36404 +0200 -@@ -265,11 +265,10 @@ - - - When a user changes their password next, -- encrypt it with the SHA256 algorithm. If the -- SHA256 algorithm is not known to the -+ encrypt it with the SHA256 algorithm. The -+ SHA256 algorithm must be supported by the - crypt3 -- function, -- fall back to MD5. -+ function. - - - -@@ -280,11 +279,10 @@ - - - When a user changes their password next, -- encrypt it with the SHA512 algorithm. If the -- SHA512 algorithm is not known to the -+ encrypt it with the SHA512 algorithm. The -+ SHA512 algorithm must be supported by the - crypt3 -- function, -- fall back to MD5. -+ function. - - - -@@ -295,11 +293,10 @@ - - - When a user changes their password next, -- encrypt it with the blowfish algorithm. If the -- blowfish algorithm is not known to the -+ encrypt it with the blowfish algorithm. The -+ blowfish algorithm must be supported by the - crypt3 -- function, -- fall back to MD5. -+ function. - - - -diff -up Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback Linux-PAM= -1.1.5/modules/pam_unix/passverify.c ---- Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback 2012-05-09 11:= 48:12.409632377 +0200 -+++ Linux-PAM-1.1.5/modules/pam_unix/passverify.c 2012-05-09 11:48:36.953172= 291 +0200 -@@ -427,15 +427,14 @@ PAMH_ARG_DECL(char * create_password_has - if (!sp || strncmp(algoid, sp, strlen(algoid)) !=3D 0) { - /* libxcrypt/libc doesn't know the algorithm, use MD5 */ - pam_syslog(pamh, LOG_ERR, -- "Algo %s not supported by the crypto backend, " -- "falling back to MD5\n", -+ "Algo %s not supported by the crypto backend.\n", - on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : - on(UNIX_SHA256_PASS, ctrl) ? "sha256" : - on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); - if(sp) { - memset(sp, '\0', strlen(sp)); - } -- return crypt_md5_wrapper(password); -+ return NULL; - } -=20 - return x_strdup(sp); --=20 2.7.4 --===============0361488492984536295==--