From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bNzYk1GGNz309S for ; Fri, 20 Jun 2025 13:57:14 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bNzYf4x7Tz307y for ; Fri, 20 Jun 2025 13:57:10 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bNzYd3HJ9z5v; Fri, 20 Jun 2025 13:57:09 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1750427829; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=qcbnjwnz2OZn14gwh+huhd30dIJE3ppzgapAb06DeMo=; b=xz/0xXImYkyN+guTQVfX9l6MNv7apt6yKovkt58AyJrPbuxhM0lqpyBiK2Nc94tNYpo2gz uM+LfkeWOF2x0MDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1750427829; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=qcbnjwnz2OZn14gwh+huhd30dIJE3ppzgapAb06DeMo=; b=JOTQszGQzWh1b8ujVC5OnWHfoUgOL+m+aONqbjFj6sBSZE0Pp7iF5Nb2BF4Vr4OqjO0Ekd Y0Xos4ZUIqdcjsMyYSu4SuicV9XYuLK5lEeIToXApf++dgjnpvHilTRONhbXHv7OfRW2xc zPrvBkUCceHrr4FbXR8qcgscyFHQNObvf/p2SE8lIWnI4+Iprybydix8ZDh0eWZteRz+th 0D4XIKBMK8Ea8QpVlJNYzP4dh4CIq9MLYpgPxPlFzaZKM5QStackvN/8aLAbIEKkP384Bd /ogIWlO3GEsijayhBhzK0T/JYcDtMaFuv7RKt/8Pg4VGp0Rrfh3INGafdTttwQ== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] pam: Update to version 1.7.1 Date: Fri, 20 Jun 2025 15:57:07 +0200 Message-ID: <20250620135707.2487215-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit - Update from version 1.7.0 to 1.7.1 - Update of rootfile not required - This version fixes a CVE. However this is for a local to root permission escalation. So unlikely to be an issue for IPFire if access is tightly controlled. Also the vulnerability is related to pam_access and requires the configuration file for that to be defined with user rules that can be confused with hostnames. pam_access.so is installed on IPFire but no configuration file. - Although the risk for IPFire is very low it makes sense to update to the fix. Signed-off-by: Adolf Belka --- lfs/pam | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/pam b/lfs/pam index b2847d0a6..577d40aa1 100644 --- a/lfs/pam +++ b/lfs/pam @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.7.0 +VER = 1.7.1 THISAPP = Linux-PAM-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -45,7 +45,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 39c8c2ccc6f7d125d12d49439ae44cb8fe115f0529549269246e54f4b4de0b3b24c1099e4d3fa39d4e477af8a92b66dd6dc2cb93f0643ab7b56bcaabdd3b8539 +$(DL_FILE)_BLAKE2 = 0a64d7dbf6bb7e3d2c36ea1f29c3217d3e43a1cc0ba8adf2ee8a117946a53bd26634ebd70ff3b99a72f7373df6694ee054dc7eddab04e43bbc8f5b0e9e56b3bc install : $(TARGET) -- 2.49.0