diff --git a/1000-modify-translate-file.patch b/1000-modify-translate-file.patch deleted file mode 100644 index 51b4bf08552dcc9e0b3651ab69dfe47694c96996..0000000000000000000000000000000000000000 --- a/1000-modify-translate-file.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 5cdab47071200ae45c9b44ff4a894ab9a0566f81 Mon Sep 17 00:00:00 2001 -From: songmingliang -Date: Fri, 17 Jun 2022 19:03:58 +0800 -Subject: [PATCH] modify translate file - ---- - po/zh_CN.po | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/po/zh_CN.po b/po/zh_CN.po -index 33c257d..244d967 100644 ---- a/po/zh_CN.po -+++ b/po/zh_CN.po -@@ -534,9 +534,7 @@ msgid "Your account has expired; please contact your system administrator" - msgstr "您的帐户已失效;请与系统管理员取得联系" - - #: modules/pam_unix/pam_unix_acct.c:261 --#, fuzzy --msgid "" --"You are required to change your password immediately (administrator enforced)" -+msgid "You are required to change your password immediately (administrator enforced)" - msgstr "您需要立即更改密码(root 强制)" - - #: modules/pam_unix/pam_unix_acct.c:267 --- -2.27.0 - diff --git a/pam-1.3.1-pam-misc-configurable.patch b/pam-1.3.1-pam-misc-configurable.patch new file mode 100644 index 0000000000000000000000000000000000000000..045e70e17b84d237dd5c8b4ffc6ef5ba4c869601 --- /dev/null +++ b/pam-1.3.1-pam-misc-configurable.patch @@ -0,0 +1,29 @@ +diff -up Linux-PAM-1.3.1/configure.ac.pam-misc-configurable Linux-PAM-1.3.1/configure.ac +--- Linux-PAM-1.3.1/configure.ac.pam-misc-configurable 2023-06-26 09:57:00.243146563 +0200 ++++ Linux-PAM-1.3.1/configure.ac 2023-06-26 09:59:45.353636685 +0200 +@@ -621,6 +621,13 @@ if test x"$opt_kerneloverflowuid" == x; + fi + AC_DEFINE_UNQUOTED(PAM_USERTYPE_OVERFLOW_UID, $opt_kerneloverflowuid, [Kernel overflow uid.]) + ++AC_ARG_WITH([misc-conv-bufsize], ++AS_HELP_STRING([--with-misc-conv-bufsize=], ++ [Size of input buffer for libpam_misc's misc_conv() conversation function, default=4096]), ++ [], ++ [with_misc_conv_bufsize=4096]) ++AC_DEFINE_UNQUOTED(PAM_MISC_CONV_BUFSIZE, $with_misc_conv_bufsize, [libpam_misc misc_conv() buffer size.]) ++ + dnl Files to be created from when we run configure + AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \ + libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \ +diff -up Linux-PAM-1.3.1/libpam_misc/misc_conv.c.pam-misc-configurable Linux-PAM-1.3.1/libpam_misc/misc_conv.c +--- Linux-PAM-1.3.1/libpam_misc/misc_conv.c.pam-misc-configurable 2023-06-26 09:57:00.242146560 +0200 ++++ Linux-PAM-1.3.1/libpam_misc/misc_conv.c 2023-06-26 10:00:38.023787972 +0200 +@@ -18,7 +18,7 @@ + #include + #include + +-#define INPUTSIZE PAM_MAX_MSG_SIZE /* maximum length of input+1 */ ++#define INPUTSIZE PAM_MISC_CONV_BUFSIZE /* maximum length of input+1 */ + #define CONV_ECHO_ON 1 /* types of echo state */ + #define CONV_ECHO_OFF 0 + diff --git a/pam.spec b/pam.spec index 2bdfbb8db2641c7193ca7de5629c0d39518585c7..ef5955332e5f4959aa119d8ac270e840817cc4a4 100644 --- a/pam.spec +++ b/pam.spec @@ -1,10 +1,9 @@ -%define anolis_release .0.1 %define pam_redhat_version 0.99.11 Summary: An extensible library which provides authentication for applications Name: pam Version: 1.3.1 -Release: 25%{anolis_release}%{?dist} +Release: 27%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ # - this option is redundant as the BSD license allows that anyway. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. @@ -98,8 +97,9 @@ Patch62: pam-1.5.1-pam-lastlog-check-localtime_r-return-value.patch Patch63: pam-1.5.1-pam-faillock-clarify-missing-user.patch # https://github.com/linux-pam/linux-pam/commit/10086bc69663fa819277af244eeb5b629a2403b8 Patch64: pam-1.5.1-pam-faillock-avoid-logging-erroneous.patch - -Patch1000: 1000-modify-translate-file.patch +# https://github.com/linux-pam/linux-pam/commit/55f206447a1e4ee26e307e7a9c069236e823b1a5 +# https://github.com/linux-pam/linux-pam/commit/80bfda5962e5be3daa70e0fc8c75fc97d1c55121 +Patch65: pam-1.3.1-pam-misc-configurable.patch %define _pamlibdir %{_libdir} %define _moduledir %{_libdir}/security @@ -212,7 +212,7 @@ cp %{SOURCE18} . %patch62 -p1 -b .pam-lastlog-check-localtime_r-return-value %patch63 -p1 -b .pam-faillock-clarify-missing-user %patch64 -p1 -b .pam-faillock-avoid-logging-erroneous -%patch1000 -p1 +%patch65 -p1 -b .pam-misc-configurable autoreconf -i @@ -466,8 +466,11 @@ done %doc doc/specs/rfc86.0.txt %changelog -* Tue May 30 2023 songmingliang - 1.3.1-25.0.1 -- fix: modify translation file(https://bugzilla.openanolis.cn/show_bug.cgi?id=1354) +* Mon Jun 26 2023 Iker Pedrosa - 1.3.1-27 +- pam_misc: make length of misc_conv() configurable and set to 4096. Resolves: #2209785 + +* Tue May 16 2023 Iker Pedrosa - 1.3.1-26 +- smartcard-auth: modify the content to remove unnecessary modules. Resolves: #1983683 * Tue Nov 29 2022 Iker Pedrosa - 1.3.1-25 - pam_motd: avoid unnecessary logging. Resolves: #2091062 diff --git a/smartcard-auth.pamd b/smartcard-auth.pamd index 95727701d445c3798243d2359de17b45656a2784..e8a67455059d3378a53031cfd6d30b1ad9d4df6c 100644 --- a/smartcard-auth.pamd +++ b/smartcard-auth.pamd @@ -1,19 +1,4 @@ #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authselect is run. -auth required pam_env.so -auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card -auth required pam_deny.so - -account required pam_unix.so -account sufficient pam_localuser.so -account sufficient pam_succeed_if.so uid < 500 quiet -account required pam_permit.so - -password optional pam_pkcs11.so - -session optional pam_keyinit.so revoke -session required pam_limits.so --session optional pam_systemd.so -session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid -session required pam_unix.so +auth sufficient pam_sss.so allow_missing_name