From ec63e9063a1f2a673a6467435a62cd1016d4785f Mon Sep 17 00:00:00 2001 From: anolis-bot Date: Tue, 10 May 2022 21:10:01 +0800 Subject: [PATCH] import pam-1.3.1-16.el8.src.rpm --- Linux-PAM-1.3.1.tar.xz | Bin Linux-PAM-1.3.1.tar.xz.asc | 0 config-util.5 | 0 config-util.pamd | 0 fingerprint-auth.pamd | 0 gpl-2.0.txt | 0 other.pamd | 0 pam-1.1.0-console-nochmod.patch | 0 pam-1.1.0-notally.patch | 0 pam-1.1.1-console-errmsg.patch | 0 pam-1.1.3-nouserenv.patch | 0 pam-1.1.6-limits-user.patch | 0 pam-1.1.8-audit-user-mgmt.patch | 0 pam-1.1.8-full-relro.patch | 0 pam-1.2.0-redhat-modules.patch | 0 pam-1.2.0-unix-no-fallback.patch | 0 pam-1.2.1-console-devname.patch | 0 pam-1.2.1-faillock-admin-group.patch | 0 pam-1.2.1-faillock.patch | 0 pam-1.3.0-pwhistory-helper.patch | 0 pam-1.3.0-unix-nomsg.patch | 0 pam-1.3.1-audit-error.patch | 0 pam-1.3.1-authtok-verify-fix.patch | 0 pam-1.3.1-console-build.patch | 0 pam-1.3.1-coverity.patch | 0 pam-1.3.1-faillock-update.patch | 0 pam-1.3.1-fds-closing.patch | 0 pam-1.3.1-lastlog-no-showfailed.patch | 0 pam-1.3.1-lastlog-unlimited-fsize.patch | 0 pam-1.3.1-motd-manpage.patch | 0 pam-1.3.1-namespace-gdm-doc.patch | 0 pam-1.3.1-namespace-mntopts.patch | 0 pam-1.3.1-noflex.patch | 0 pam-1.3.1-pam-limits-unlimited-value.patch | 78 ++++++++++++++++++ pam-1.3.1-pam-modutil-close-write.patch | 0 ...b-prevent-garbage-characters-from-db.patch | 0 pam-1.3.1-pam-usertype.patch | 0 pam-1.3.1-tty-audit-manfix.patch | 0 pam-1.3.1-unix-improve-logging.patch | 0 pam-1.3.1-wheel-pam_ruser-fallback.patch | 0 pam-redhat-0.99.11.tar.bz2 | Bin pam.spec | 9 +- pamtmp.conf | 0 password-auth.pamd | 0 postlogin.5 | 0 postlogin.pamd | 0 smartcard-auth.pamd | 0 system-auth.5 | 0 system-auth.pamd | 0 49 files changed, 86 insertions(+), 1 deletion(-) mode change 100644 => 100755 Linux-PAM-1.3.1.tar.xz mode change 100644 => 100755 Linux-PAM-1.3.1.tar.xz.asc mode change 100644 => 100755 config-util.5 mode change 100644 => 100755 config-util.pamd mode change 100644 => 100755 fingerprint-auth.pamd mode change 100644 => 100755 gpl-2.0.txt mode change 100644 => 100755 other.pamd mode change 100644 => 100755 pam-1.1.0-console-nochmod.patch mode change 100644 => 100755 pam-1.1.0-notally.patch mode change 100644 => 100755 pam-1.1.1-console-errmsg.patch mode change 100644 => 100755 pam-1.1.3-nouserenv.patch mode change 100644 => 100755 pam-1.1.6-limits-user.patch mode change 100644 => 100755 pam-1.1.8-audit-user-mgmt.patch mode change 100644 => 100755 pam-1.1.8-full-relro.patch mode change 100644 => 100755 pam-1.2.0-redhat-modules.patch mode change 100644 => 100755 pam-1.2.0-unix-no-fallback.patch mode change 100644 => 100755 pam-1.2.1-console-devname.patch mode change 100644 => 100755 pam-1.2.1-faillock-admin-group.patch mode change 100644 => 100755 pam-1.2.1-faillock.patch mode change 100644 => 100755 pam-1.3.0-pwhistory-helper.patch mode change 100644 => 100755 pam-1.3.0-unix-nomsg.patch mode change 100644 => 100755 pam-1.3.1-audit-error.patch mode change 100644 => 100755 pam-1.3.1-authtok-verify-fix.patch mode change 100644 => 100755 pam-1.3.1-console-build.patch mode change 100644 => 100755 pam-1.3.1-coverity.patch mode change 100644 => 100755 pam-1.3.1-faillock-update.patch mode change 100644 => 100755 pam-1.3.1-fds-closing.patch mode change 100644 => 100755 pam-1.3.1-lastlog-no-showfailed.patch mode change 100644 => 100755 pam-1.3.1-lastlog-unlimited-fsize.patch mode change 100644 => 100755 pam-1.3.1-motd-manpage.patch mode change 100644 => 100755 pam-1.3.1-namespace-gdm-doc.patch mode change 100644 => 100755 pam-1.3.1-namespace-mntopts.patch mode change 100644 => 100755 pam-1.3.1-noflex.patch create mode 100755 pam-1.3.1-pam-limits-unlimited-value.patch mode change 100644 => 100755 pam-1.3.1-pam-modutil-close-write.patch mode change 100644 => 100755 pam-1.3.1-pam-userdb-prevent-garbage-characters-from-db.patch mode change 100644 => 100755 pam-1.3.1-pam-usertype.patch mode change 100644 => 100755 pam-1.3.1-tty-audit-manfix.patch mode change 100644 => 100755 pam-1.3.1-unix-improve-logging.patch mode change 100644 => 100755 pam-1.3.1-wheel-pam_ruser-fallback.patch mode change 100644 => 100755 pam-redhat-0.99.11.tar.bz2 mode change 100644 => 100755 pam.spec mode change 100644 => 100755 pamtmp.conf mode change 100644 => 100755 password-auth.pamd mode change 100644 => 100755 postlogin.5 mode change 100644 => 100755 postlogin.pamd mode change 100644 => 100755 smartcard-auth.pamd mode change 100644 => 100755 system-auth.5 mode change 100644 => 100755 system-auth.pamd diff --git a/Linux-PAM-1.3.1.tar.xz b/Linux-PAM-1.3.1.tar.xz old mode 100644 new mode 100755 diff --git a/Linux-PAM-1.3.1.tar.xz.asc b/Linux-PAM-1.3.1.tar.xz.asc old mode 100644 new mode 100755 diff --git a/config-util.5 b/config-util.5 old mode 100644 new mode 100755 diff --git a/config-util.pamd b/config-util.pamd old mode 100644 new mode 100755 diff --git a/fingerprint-auth.pamd b/fingerprint-auth.pamd old mode 100644 new mode 100755 diff --git a/gpl-2.0.txt b/gpl-2.0.txt old mode 100644 new mode 100755 diff --git a/other.pamd b/other.pamd old mode 100644 new mode 100755 diff --git a/pam-1.1.0-console-nochmod.patch b/pam-1.1.0-console-nochmod.patch old mode 100644 new mode 100755 diff --git a/pam-1.1.0-notally.patch b/pam-1.1.0-notally.patch old mode 100644 new mode 100755 diff --git a/pam-1.1.1-console-errmsg.patch b/pam-1.1.1-console-errmsg.patch old mode 100644 new mode 100755 diff --git a/pam-1.1.3-nouserenv.patch b/pam-1.1.3-nouserenv.patch old mode 100644 new mode 100755 diff --git a/pam-1.1.6-limits-user.patch b/pam-1.1.6-limits-user.patch old mode 100644 new mode 100755 diff --git a/pam-1.1.8-audit-user-mgmt.patch b/pam-1.1.8-audit-user-mgmt.patch old mode 100644 new mode 100755 diff --git a/pam-1.1.8-full-relro.patch b/pam-1.1.8-full-relro.patch old mode 100644 new mode 100755 diff --git a/pam-1.2.0-redhat-modules.patch b/pam-1.2.0-redhat-modules.patch old mode 100644 new mode 100755 diff --git a/pam-1.2.0-unix-no-fallback.patch b/pam-1.2.0-unix-no-fallback.patch old mode 100644 new mode 100755 diff --git a/pam-1.2.1-console-devname.patch b/pam-1.2.1-console-devname.patch old mode 100644 new mode 100755 diff --git a/pam-1.2.1-faillock-admin-group.patch b/pam-1.2.1-faillock-admin-group.patch old mode 100644 new mode 100755 diff --git a/pam-1.2.1-faillock.patch b/pam-1.2.1-faillock.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.0-pwhistory-helper.patch b/pam-1.3.0-pwhistory-helper.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.0-unix-nomsg.patch b/pam-1.3.0-unix-nomsg.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-audit-error.patch b/pam-1.3.1-audit-error.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-authtok-verify-fix.patch b/pam-1.3.1-authtok-verify-fix.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-console-build.patch b/pam-1.3.1-console-build.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-coverity.patch b/pam-1.3.1-coverity.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-faillock-update.patch b/pam-1.3.1-faillock-update.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-fds-closing.patch b/pam-1.3.1-fds-closing.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-lastlog-no-showfailed.patch b/pam-1.3.1-lastlog-no-showfailed.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-lastlog-unlimited-fsize.patch b/pam-1.3.1-lastlog-unlimited-fsize.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-motd-manpage.patch b/pam-1.3.1-motd-manpage.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-namespace-gdm-doc.patch b/pam-1.3.1-namespace-gdm-doc.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-namespace-mntopts.patch b/pam-1.3.1-namespace-mntopts.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-noflex.patch b/pam-1.3.1-noflex.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-pam-limits-unlimited-value.patch b/pam-1.3.1-pam-limits-unlimited-value.patch new file mode 100755 index 0000000..1cf063c --- /dev/null +++ b/pam-1.3.1-pam-limits-unlimited-value.patch @@ -0,0 +1,78 @@ +diff -up Linux-PAM-1.3.1/modules/pam_limits/limits.conf.5.xml.pam-limits-unlimited-value Linux-PAM-1.3.1/modules/pam_limits/limits.conf.5.xml +--- Linux-PAM-1.3.1/modules/pam_limits/limits.conf.5.xml.pam-limits-unlimited-value 2022-01-28 09:45:41.431606850 +0100 ++++ Linux-PAM-1.3.1/modules/pam_limits/limits.conf.5.xml 2022-01-28 09:47:31.732430391 +0100 +@@ -275,6 +275,8 @@ + All items support the values -1, + unlimited or infinity indicating no limit, + except for priority and nice. ++ If nofile is to be set to one of these values, ++ it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3)). + + + If a hard limit or soft limit of a resource is set to a valid value, +diff -up Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c.pam-limits-unlimited-value Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c +--- Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c.pam-limits-unlimited-value 2022-01-28 09:45:41.415606731 +0100 ++++ Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c 2022-01-28 09:45:41.431606850 +0100 +@@ -487,6 +487,41 @@ static int init_limits(pam_handle_t *pam + return retval; + } + ++/* ++ * Read the contents of and return it in *valuep ++ * return 1 if conversion succeeds, result is in *valuep ++ * return 0 if conversion fails, *valuep is untouched. ++ */ ++static int ++value_from_file(const char *pathname, rlim_t *valuep) ++{ ++ char buf[128]; ++ FILE *fp; ++ int retval; ++ ++ retval = 0; ++ ++ if ((fp = fopen(pathname, "r")) != NULL) { ++ if (fgets(buf, sizeof(buf), fp) != NULL) { ++ char *endptr; ++ unsigned long long value; ++ ++ errno = 0; ++ value = strtoull(buf, &endptr, 10); ++ if (endptr != buf && ++ (value != ULLONG_MAX || errno == 0) && ++ (unsigned long long) (rlim_t) value == value) { ++ *valuep = (rlim_t) value; ++ retval = 1; ++ } ++ } ++ ++ fclose(fp); ++ } ++ ++ return retval; ++} ++ + static void + process_limit (const pam_handle_t *pamh, int source, const char *lim_type, + const char *lim_item, const char *lim_value, +@@ -652,6 +687,20 @@ process_limit (const pam_handle_t *pamh, + rlimit_value = 20 - int_value; + break; + #endif ++ case RLIMIT_NOFILE: ++ /* ++ * If nofile is to be set to "unlimited", try to set it to ++ * the value in /proc/sys/fs/nr_open instead. ++ */ ++ if (rlimit_value == RLIM_INFINITY) { ++ if (!value_from_file("/proc/sys/fs/nr_open", &rlimit_value)) ++ pam_syslog(pamh, LOG_WARNING, ++ "Cannot set \"nofile\" to a sensible value"); ++ else if (ctrl & PAM_DEBUG_ARG) ++ pam_syslog(pamh, LOG_DEBUG, "Setting \"nofile\" limit to %llu", ++ (unsigned long long) rlimit_value); ++ } ++ break; + } + + if ( (limit_item != LIMIT_LOGIN) diff --git a/pam-1.3.1-pam-modutil-close-write.patch b/pam-1.3.1-pam-modutil-close-write.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-pam-userdb-prevent-garbage-characters-from-db.patch b/pam-1.3.1-pam-userdb-prevent-garbage-characters-from-db.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-pam-usertype.patch b/pam-1.3.1-pam-usertype.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-tty-audit-manfix.patch b/pam-1.3.1-tty-audit-manfix.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-unix-improve-logging.patch b/pam-1.3.1-unix-improve-logging.patch old mode 100644 new mode 100755 diff --git a/pam-1.3.1-wheel-pam_ruser-fallback.patch b/pam-1.3.1-wheel-pam_ruser-fallback.patch old mode 100644 new mode 100755 diff --git a/pam-redhat-0.99.11.tar.bz2 b/pam-redhat-0.99.11.tar.bz2 old mode 100644 new mode 100755 diff --git a/pam.spec b/pam.spec old mode 100644 new mode 100755 index 551c746..56d1104 --- a/pam.spec +++ b/pam.spec @@ -3,7 +3,7 @@ Summary: An extensible library which provides authentication for applications Name: pam Version: 1.3.1 -Release: 15%{?dist} +Release: 16%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ # - this option is redundant as the BSD license allows that anyway. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. @@ -67,6 +67,8 @@ Patch48: pam-1.3.1-wheel-pam_ruser-fallback.patch Patch49: pam-1.3.1-namespace-gdm-doc.patch # https://github.com/linux-pam/linux-pam/commit/a7453aeeb398d6cbb7a709c4e2a1d75905220fff Patch50: pam-1.3.1-pam-userdb-prevent-garbage-characters-from-db.patch +# https://github.com/linux-pam/linux-pam/commit/3234488f2c52a021eec87df1990d256314c21bff +Patch51: pam-1.3.1-pam-limits-unlimited-value.patch %define _pamlibdir %{_libdir} %define _moduledir %{_libdir}/security @@ -165,6 +167,8 @@ cp %{SOURCE18} . %patch48 -p1 -b .wheel-pam_ruser-fallback %patch49 -p1 -b .namespace-gdm-doc %patch50 -p1 -b .pam-userdb-prevent-garbage-characters-from-db +%patch51 -p1 -b .pam-limits-unlimited-value + autoreconf -i %build @@ -410,6 +414,9 @@ done %doc doc/specs/rfc86.0.txt %changelog +* Fri Jan 28 2022 Iker Pedrosa - 1.3.1-16 +- pam_limits: "Unlimited" is not a valid value for RLIMIT_NOFILE. Resolves: #2047655 + * Mon May 3 2021 Iker Pedrosa 1.3.1-15 - pam_userdb: Prevent garbage characters from db (#1791965) diff --git a/pamtmp.conf b/pamtmp.conf old mode 100644 new mode 100755 diff --git a/password-auth.pamd b/password-auth.pamd old mode 100644 new mode 100755 diff --git a/postlogin.5 b/postlogin.5 old mode 100644 new mode 100755 diff --git a/postlogin.pamd b/postlogin.pamd old mode 100644 new mode 100755 diff --git a/smartcard-auth.pamd b/smartcard-auth.pamd old mode 100644 new mode 100755 diff --git a/system-auth.5 b/system-auth.5 old mode 100644 new mode 100755 diff --git a/system-auth.pamd b/system-auth.pamd old mode 100644 new mode 100755 -- Gitee