- Update from version 1.6.1 to 1.7.0 - Update of rootfile - pam is now only built via meson. Therefore meson and ninja had to be moved to before pam. This required python3 and python3-setuptools, expta, libffi, gdbm & sqlite to also be moved before meson to ensure build was successful and that the python3 rootfile had all the required python files included. - Changelog 1.7.0 * build: changed build system from autotools to meson. * libpam_misc: use ECHOCTL in the terminal input * pam_access: support UID and GID in access.conf * pam_env: install environment file in vendordir if vendordir is enabled * pam_issue: only count class user if logind support is enabled * pam_limits: use systemd-logind instead of utmp if logind support is enabled * pam_unix: compare password hashes in constant time * Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/pam | 300 ++++++++++++++++++------------------ lfs/pam | 26 ++-- make.sh | 16 +- 3 files changed, 172 insertions(+), 170 deletions(-)
diff --git a/config/rootfiles/common/pam b/config/rootfiles/common/pam index c38cb9ea5..b98913526 100644 --- a/config/rootfiles/common/pam +++ b/config/rootfiles/common/pam @@ -15,92 +15,52 @@ etc/security #lib/security #lib/security/faillock #lib/security/mkhomedir_helper -#lib/security/pam_access.la lib/security/pam_access.so -#lib/security/pam_canonicalize_user.la #lib/security/pam_canonicalize_user.so -#lib/security/pam_debug.la #lib/security/pam_debug.so -#lib/security/pam_deny.la lib/security/pam_deny.so -#lib/security/pam_echo.la #lib/security/pam_echo.so -#lib/security/pam_env.la lib/security/pam_env.so -#lib/security/pam_exec.la lib/security/pam_exec.so -#lib/security/pam_faildelay.la lib/security/pam_faildelay.so -#lib/security/pam_faillock.la #lib/security/pam_faillock.so #lib/security/pam_filter -#lib/security/pam_filter.la #lib/security/pam_filter.so #lib/security/pam_filter/upperLOWER -#lib/security/pam_ftp.la #lib/security/pam_ftp.so -#lib/security/pam_group.la lib/security/pam_group.so -#lib/security/pam_issue.la lib/security/pam_issue.so -#lib/security/pam_keyinit.la lib/security/pam_keyinit.so -#lib/security/pam_limits.la lib/security/pam_limits.so -#lib/security/pam_listfile.la #lib/security/pam_listfile.so -#lib/security/pam_localuser.la #lib/security/pam_localuser.so -#lib/security/pam_loginuid.la lib/security/pam_loginuid.so -#lib/security/pam_mail.la lib/security/pam_mail.so -#lib/security/pam_mkhomedir.la #lib/security/pam_mkhomedir.so -#lib/security/pam_motd.la #lib/security/pam_motd.so -#lib/security/pam_namespace.la #lib/security/pam_namespace.so #lib/security/pam_namespace_helper -#lib/security/pam_nologin.la lib/security/pam_nologin.so -#lib/security/pam_permit.la lib/security/pam_permit.so -#lib/security/pam_pwhistory.la lib/security/pam_pwhistory.so -#lib/security/pam_rhosts.la lib/security/pam_rhosts.so -#lib/security/pam_rootok.la #lib/security/pam_rootok.so -#lib/security/pam_securetty.la #lib/security/pam_securetty.so -#lib/security/pam_setquota.la #lib/security/pam_setquota.so -#lib/security/pam_shells.la lib/security/pam_shells.so -#lib/security/pam_stress.la #lib/security/pam_stress.so -#lib/security/pam_succeed_if.la #lib/security/pam_succeed_if.so -#lib/security/pam_time.la #lib/security/pam_time.so -#lib/security/pam_timestamp.la #lib/security/pam_timestamp.so #lib/security/pam_timestamp_check -#lib/security/pam_umask.la #lib/security/pam_umask.so -#lib/security/pam_unix.la lib/security/pam_unix.so -#lib/security/pam_userdb.la #lib/security/pam_userdb.so -#lib/security/pam_usertype.la #lib/security/pam_usertype.so -#lib/security/pam_warn.la #lib/security/pam_warn.so -#lib/security/pam_wheel.la #lib/security/pam_wheel.so -#lib/security/pam_xauth.la #lib/security/pam_xauth.so +#lib/security/pwhistory_helper lib/security/unix_chkpwd #usr/include/security #usr/include/security/_pam_compat.h @@ -113,15 +73,12 @@ lib/security/unix_chkpwd #usr/include/security/pam_misc.h #usr/include/security/pam_modules.h #usr/include/security/pam_modutil.h -#usr/lib/libpam.la #usr/lib/libpam.so usr/lib/libpam.so.0 usr/lib/libpam.so.0.85.1 -#usr/lib/libpam_misc.la #usr/lib/libpam_misc.so usr/lib/libpam_misc.so.0 usr/lib/libpam_misc.so.0.82.1 -#usr/lib/libpamc.la #usr/lib/libpamc.so usr/lib/libpamc.so.0 usr/lib/libpamc.so.0.82.1 @@ -131,108 +88,153 @@ usr/lib/libpamc.so.0.82.1 #usr/lib/systemd #usr/lib/systemd/system #usr/lib/systemd/system/pam_namespace.service -#usr/share/doc/Linux-PAM -#usr/share/doc/Linux-PAM/draft-morgan-pam-current.txt -#usr/share/doc/Linux-PAM/index.html -#usr/share/doc/Linux-PAM/rfc86.0.txt -#usr/share/man/man3/misc_conv.3 -#usr/share/man/man3/pam.3 -#usr/share/man/man3/pam_acct_mgmt.3 -#usr/share/man/man3/pam_authenticate.3 -#usr/share/man/man3/pam_chauthtok.3 -#usr/share/man/man3/pam_close_session.3 -#usr/share/man/man3/pam_conv.3 -#usr/share/man/man3/pam_end.3 -#usr/share/man/man3/pam_error.3 -#usr/share/man/man3/pam_fail_delay.3 -#usr/share/man/man3/pam_get_authtok.3 -#usr/share/man/man3/pam_get_authtok_noverify.3 -#usr/share/man/man3/pam_get_authtok_verify.3 -#usr/share/man/man3/pam_get_data.3 -#usr/share/man/man3/pam_get_item.3 -#usr/share/man/man3/pam_get_user.3 -#usr/share/man/man3/pam_getenv.3 -#usr/share/man/man3/pam_getenvlist.3 -#usr/share/man/man3/pam_info.3 -#usr/share/man/man3/pam_misc_drop_env.3 -#usr/share/man/man3/pam_misc_paste_env.3 -#usr/share/man/man3/pam_misc_setenv.3 -#usr/share/man/man3/pam_open_session.3 -#usr/share/man/man3/pam_prompt.3 -#usr/share/man/man3/pam_putenv.3 -#usr/share/man/man3/pam_set_data.3 -#usr/share/man/man3/pam_set_item.3 -#usr/share/man/man3/pam_setcred.3 -#usr/share/man/man3/pam_sm_acct_mgmt.3 -#usr/share/man/man3/pam_sm_authenticate.3 -#usr/share/man/man3/pam_sm_chauthtok.3 -#usr/share/man/man3/pam_sm_close_session.3 -#usr/share/man/man3/pam_sm_open_session.3 -#usr/share/man/man3/pam_sm_setcred.3 -#usr/share/man/man3/pam_start.3 -#usr/share/man/man3/pam_strerror.3 -#usr/share/man/man3/pam_syslog.3 -#usr/share/man/man3/pam_verror.3 -#usr/share/man/man3/pam_vinfo.3 -#usr/share/man/man3/pam_vprompt.3 -#usr/share/man/man3/pam_vsyslog.3 -#usr/share/man/man3/pam_xauth_data.3 -#usr/share/man/man5/access.conf.5 -#usr/share/man/man5/environment.5 -#usr/share/man/man5/faillock.conf.5 -#usr/share/man/man5/group.conf.5 -#usr/share/man/man5/limits.conf.5 -#usr/share/man/man5/namespace.conf.5 -#usr/share/man/man5/pam.conf.5 -#usr/share/man/man5/pam.d.5 -#usr/share/man/man5/pam_env.conf.5 -#usr/share/man/man5/pwhistory.conf.5 -#usr/share/man/man5/time.conf.5 -#usr/share/man/man8/PAM.8 -#usr/share/man/man8/faillock.8 -#usr/share/man/man8/mkhomedir_helper.8 -#usr/share/man/man8/pam.8 -#usr/share/man/man8/pam_access.8 -#usr/share/man/man8/pam_canonicalize_user.8 -#usr/share/man/man8/pam_debug.8 -#usr/share/man/man8/pam_deny.8 -#usr/share/man/man8/pam_echo.8 -#usr/share/man/man8/pam_env.8 -#usr/share/man/man8/pam_exec.8 -#usr/share/man/man8/pam_faildelay.8 -#usr/share/man/man8/pam_faillock.8 -#usr/share/man/man8/pam_filter.8 -#usr/share/man/man8/pam_ftp.8 -#usr/share/man/man8/pam_group.8 -#usr/share/man/man8/pam_issue.8 -#usr/share/man/man8/pam_keyinit.8 -#usr/share/man/man8/pam_limits.8 -#usr/share/man/man8/pam_listfile.8 -#usr/share/man/man8/pam_localuser.8 -#usr/share/man/man8/pam_loginuid.8 -#usr/share/man/man8/pam_mail.8 -#usr/share/man/man8/pam_mkhomedir.8 -#usr/share/man/man8/pam_motd.8 -#usr/share/man/man8/pam_namespace.8 -#usr/share/man/man8/pam_namespace_helper.8 -#usr/share/man/man8/pam_nologin.8 -#usr/share/man/man8/pam_permit.8 -#usr/share/man/man8/pam_pwhistory.8 -#usr/share/man/man8/pam_rhosts.8 -#usr/share/man/man8/pam_rootok.8 -#usr/share/man/man8/pam_securetty.8 -#usr/share/man/man8/pam_setquota.8 -#usr/share/man/man8/pam_shells.8 -#usr/share/man/man8/pam_stress.8 -#usr/share/man/man8/pam_succeed_if.8 -#usr/share/man/man8/pam_time.8 -#usr/share/man/man8/pam_timestamp.8 -#usr/share/man/man8/pam_timestamp_check.8 -#usr/share/man/man8/pam_umask.8 -#usr/share/man/man8/pam_unix.8 -#usr/share/man/man8/pam_userdb.8 -#usr/share/man/man8/pam_usertype.8 -#usr/share/man/man8/pam_warn.8 -#usr/share/man/man8/pam_wheel.8 -#usr/share/man/man8/pam_xauth.8 -#usr/share/man/man8/unix_chkpwd.8 +#usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/am +#usr/share/locale/am/LC_MESSAGES +#usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ar +#usr/share/locale/ar/LC_MESSAGES +#usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/as +#usr/share/locale/as/LC_MESSAGES +#usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/az +#usr/share/locale/az/LC_MESSAGES +#usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/bn +#usr/share/locale/bn/LC_MESSAGES +#usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/bn_IN +#usr/share/locale/bn_IN/LC_MESSAGES +#usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/bs +#usr/share/locale/bs/LC_MESSAGES +#usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/cy +#usr/share/locale/cy/LC_MESSAGES +#usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/de_CH +#usr/share/locale/de_CH/LC_MESSAGES +#usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/fa +#usr/share/locale/fa/LC_MESSAGES +#usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/gu +#usr/share/locale/gu/LC_MESSAGES +#usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/he +#usr/share/locale/he/LC_MESSAGES +#usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/hi +#usr/share/locale/hi/LC_MESSAGES +#usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/is +#usr/share/locale/is/LC_MESSAGES +#usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/km +#usr/share/locale/km/LC_MESSAGES +#usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/kn +#usr/share/locale/kn/LC_MESSAGES +#usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/kw_GB +#usr/share/locale/kw_GB/LC_MESSAGES +#usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/mk +#usr/share/locale/mk/LC_MESSAGES +#usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ml +#usr/share/locale/ml/LC_MESSAGES +#usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/mn +#usr/share/locale/mn/LC_MESSAGES +#usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/mr +#usr/share/locale/mr/LC_MESSAGES +#usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/my +#usr/share/locale/my/LC_MESSAGES +#usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ne +#usr/share/locale/ne/LC_MESSAGES +#usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/nn +#usr/share/locale/nn/LC_MESSAGES +#usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/or +#usr/share/locale/or/LC_MESSAGES +#usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/pa +#usr/share/locale/pa/LC_MESSAGES +#usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/si +#usr/share/locale/si/LC_MESSAGES +#usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/sr@latin +#usr/share/locale/sr@latin/LC_MESSAGES +#usr/share/locale/sr@latin/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/te +#usr/share/locale/te/LC_MESSAGES +#usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/tg +#usr/share/locale/tg/LC_MESSAGES +#usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ur +#usr/share/locale/ur/LC_MESSAGES +#usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/yo +#usr/share/locale/yo/LC_MESSAGES +#usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/zh_HK +#usr/share/locale/zh_HK/LC_MESSAGES +#usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/zu +#usr/share/locale/zu/LC_MESSAGES +#usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo diff --git a/lfs/pam b/lfs/pam index 8e5b6f602..8f3d144f8 100644 --- a/lfs/pam +++ b/lfs/pam @@ -24,7 +24,7 @@
include Config
-VER = 1.6.1 +VER = 1.7.0
THISAPP = Linux-PAM-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 649b4ff892fbd3eb90adcbd9ccc5b3f5df51bf1c79b9084c7a1613c432587b13b81761d1eb4f31ef12d58843d16af24a3c441d0b6f5d2f2a1db9c8da15a61e2f +$(DL_FILE)_BLAKE2 = 39c8c2ccc6f7d125d12d49439ae44cb8fe115f0529549269246e54f4b4de0b3b24c1099e4d3fa39d4e477af8a92b66dd6dc2cb93f0643ab7b56bcaabdd3b8539
install : $(TARGET)
@@ -71,17 +71,17 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE) - cd $(DIR_APP) && ./configure --libdir=/usr/lib \ - --sbindir=/lib/security \ - --enable-securedir=/lib/security \ - --enable-read-both-confs \ - --disable-nls - - cd $(DIR_APP) && make $(MAKETUNING) - cd $(DIR_APP) && make install - + cd $(DIR_APP) && meson setup \ + --libdir=/usr/lib \ + --sbindir=/lib/security \ + -D securedir=/lib/security \ + -D read-both-confs=true \ + -D nis=disabled \ + -D docs=disabled \ + builddir/ + cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING) + cd $(DIR_APP) && ninja -C builddir/ install # Install configuration - -mkdir -p /etc/pam.d - + -mkdir -p /etc/pam.d @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/make.sh b/make.sh index 35a602f62..abeb1dd88 100755 --- a/make.sh +++ b/make.sh @@ -1479,6 +1479,14 @@ build_system() { lfsmake2 openssl lfsmake2 popt lfsmake2 libedit + lfsmake2 expat + lfsmake2 libffi + lfsmake2 gdbm + lfsmake2 sqlite + lfsmake2 python3 + lfsmake2 python3-setuptools + lfsmake2 ninja + lfsmake2 meson lfsmake2 pam lfsmake2 libcap lfsmake2 libcap-ng @@ -1501,22 +1509,14 @@ build_system() { lfsmake2 iproute2 lfsmake2 screen lfsmake2 elfutils - lfsmake2 expat lfsmake2 libconfig lfsmake2 curl lfsmake2 libarchive lfsmake2 cmake lfsmake2 json-c lfsmake2 tcl - lfsmake2 libffi - lfsmake2 gdbm - lfsmake2 sqlite - lfsmake2 python3 - lfsmake2 python3-setuptools lfsmake2 python3-MarkupSafe lfsmake2 python3-Jinja2 - lfsmake2 ninja - lfsmake2 meson lfsmake2 kmod lfsmake2 udev lfsmake2 libusb