From 4e2b9702bce768e509377488e94d7c81936a86ea Mon Sep 17 00:00:00 2001 From: Tomáš Mráz Date: Mar 17 2009 11:00:51 +0000 Subject: - update to new upstream minor release (bugfixes and minor security fixes) --- diff --git a/.cvsignore b/.cvsignore index 649c80a..a8403ec 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,4 +1,4 @@ *.src.rpm *.tar.bz2 pam-redhat-0.99.9-1.tar.bz2 -Linux-PAM-1.0.2.tar.bz2 +Linux-PAM-1.0.4.tar.bz2 diff --git a/Linux-PAM-1.0.2.tar.bz2.sign b/Linux-PAM-1.0.2.tar.bz2.sign deleted file mode 100644 index 5348578..0000000 --- a/Linux-PAM-1.0.2.tar.bz2.sign +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.9 (GNU/Linux) -Comment: See http://www.kernel.org/signature.html for info - -iD8DBQBIt8Q3yGugalF9Dw4RAnJQAJ9hxQ8qCSTFxs0hKZnT1iuPIld0VwCfV4pa -mxTaEK08wwAQ2bYjsDhh01s= -=rPNX ------END PGP SIGNATURE----- diff --git a/Linux-PAM-1.0.4.tar.bz2.sign b/Linux-PAM-1.0.4.tar.bz2.sign new file mode 100644 index 0000000..a13c802 --- /dev/null +++ b/Linux-PAM-1.0.4.tar.bz2.sign @@ -0,0 +1,8 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (GNU/Linux) +Comment: See http://www.kernel.org/signature.html for info + +iD8DBQBJrSJPyGugalF9Dw4RAt6qAJ9wJV8q96TSxBLtv4vgCWGPzuV68QCfZtlc +4R0aLQhcPhQbfNEmepdABj0= +=0Acn +-----END PGP SIGNATURE----- diff --git a/pam-1.0.1-autoreconf.patch b/pam-1.0.1-autoreconf.patch deleted file mode 100644 index b16250b..0000000 --- a/pam-1.0.1-autoreconf.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -up Linux-PAM-1.0.1/configure.in.autoreconf Linux-PAM-1.0.1/configure.in ---- Linux-PAM-1.0.1/configure.in.autoreconf 2008-05-19 17:45:00.000000000 +0200 -+++ Linux-PAM-1.0.1/configure.in 2008-05-20 15:24:54.000000000 +0200 -@@ -72,7 +72,7 @@ fi - AM_CONDITIONAL([STATIC_MODULES], [test "$STATIC_MODULES" != "no"]) - - dnl Checks for programs. --AC_GNU_SOURCE -+AC_USE_SYSTEM_EXTENSIONS - AC_PROG_CC - AC_PROG_YACC - AM_PROG_LEX -@@ -491,8 +491,7 @@ AM_GNU_GETTEXT_VERSION - AM_GNU_GETTEXT([external]) - AC_CHECK_FUNCS(dngettext) - --AH_VERBATIM([_ZZENABLE_NLS], --[#ifdef ENABLE_NLS -+AH_BOTTOM([#ifdef ENABLE_NLS - #include - #define _(msgid) dgettext(PACKAGE, msgid) - #define N_(msgid) msgid diff --git a/pam-1.0.2-tally-fdleak.patch b/pam-1.0.2-tally-fdleak.patch deleted file mode 100644 index 045ee95..0000000 --- a/pam-1.0.2-tally-fdleak.patch +++ /dev/null @@ -1,36 +0,0 @@ -Index: pam_tally.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_tally/pam_tally.c,v -retrieving revision 1.30 -diff -u -p -r1.30 pam_tally.c ---- pam/modules/pam_tally/pam_tally.c 9 Jul 2008 12:23:23 -0000 1.30 -+++ pam/modules/pam_tally/pam_tally.c 19 Sep 2008 12:29:21 -0000 -@@ -350,7 +350,7 @@ get_tally(pam_handle_t *pamh, tally_t *t - } - - if ( ! ( *TALLY = fopen(filename,(*tally!=TALLY_HI)?"r+":"r") ) ) { -- pam_syslog(pamh, LOG_ALERT, "Error opening %s for update", filename); -+ pam_syslog(pamh, LOG_ALERT, "Error opening %s for %s", filename, *tally!=TALLY_HI?"update":"read"); - - /* Discovering why account service fails: e/uid are target user. - * -@@ -504,7 +504,7 @@ tally_check (time_t oldtime, pam_handle_ - tally_t - deny = opts->deny; - tally_t -- tally = 0; /* !TALLY_HI --> Log opened for update */ -+ tally = TALLY_HI; - long - lock_time = opts->lock_time; - -@@ -515,6 +515,10 @@ tally_check (time_t oldtime, pam_handle_ - i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp); - if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); } - -+ if ( TALLY != NULL ) { -+ fclose(TALLY); -+ } -+ - if ( !(opts->ctrl & OPT_MAGIC_ROOT) || getuid() ) { /* magic_root skips tally check */ - - /* To deny or not to deny; that is the question */ diff --git a/pam-1.0.4-autoreconf.patch b/pam-1.0.4-autoreconf.patch new file mode 100644 index 0000000..7a959b7 --- /dev/null +++ b/pam-1.0.4-autoreconf.patch @@ -0,0 +1,12 @@ +diff -up Linux-PAM-1.0.4/configure.in.autoreconf Linux-PAM-1.0.4/configure.in +--- Linux-PAM-1.0.4/configure.in.autoreconf 2009-03-16 16:57:54.000000000 +0100 ++++ Linux-PAM-1.0.4/configure.in 2009-03-16 16:57:54.000000000 +0100 +@@ -72,7 +72,7 @@ fi + AM_CONDITIONAL([STATIC_MODULES], [test "$STATIC_MODULES" != "no"]) + + dnl Checks for programs. +-AC_GNU_SOURCE ++AC_USE_SYSTEM_EXTENSIONS + AC_PROG_CC + AC_PROG_YACC + AM_PROG_LEX diff --git a/pam-1.0.4-unix-root-update.patch b/pam-1.0.4-unix-root-update.patch new file mode 100644 index 0000000..2d3505e --- /dev/null +++ b/pam-1.0.4-unix-root-update.patch @@ -0,0 +1,23 @@ +diff -up Linux-PAM-1.0.4/modules/pam_unix/unix_update.c.root-update Linux-PAM-1.0.4/modules/pam_unix/unix_update.c +--- Linux-PAM-1.0.4/modules/pam_unix/unix_update.c.root-update 2008-02-21 22:12:30.000000000 +0100 ++++ Linux-PAM-1.0.4/modules/pam_unix/unix_update.c 2009-03-17 11:20:22.000000000 +0100 +@@ -71,11 +71,14 @@ set_password(const char *forwho, const c + goto done; + } + +- /* does pass agree with the official one? +- we always allow change from null pass */ +- retval = helper_verify_password(forwho, pass, 1); +- if (retval != PAM_SUCCESS) { +- goto done; ++ /* If real caller uid is not root we must verify that ++ received old pass agrees with the current one. ++ We always allow change from null pass. */ ++ if (getuid()) { ++ retval = helper_verify_password(forwho, pass, 1); ++ if (retval != PAM_SUCCESS) { ++ goto done; ++ } + } + + /* first, save old password */ diff --git a/pam-1.0.4-unix-safeguards.patch b/pam-1.0.4-unix-safeguards.patch new file mode 100644 index 0000000..5379c03 --- /dev/null +++ b/pam-1.0.4-unix-safeguards.patch @@ -0,0 +1,271 @@ +diff -up Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c +--- Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c.safeguards 2009-03-17 11:20:22.000000000 +0100 ++++ Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c 2009-03-17 11:20:22.000000000 +0100 +@@ -139,7 +139,7 @@ static int _unix_run_update_binary(pam_h + const char *fromwhat, const char *towhat, int remember) + { + int retval, child, fds[2]; +- void (*sighandler)(int) = NULL; ++ struct sigaction newsa, oldsa; + + D(("called.")); + /* create a pipe for the password */ +@@ -157,13 +157,15 @@ static int _unix_run_update_binary(pam_h + * The "noreap" module argument is provided so that the admin can + * override this behavior. + */ +- sighandler = signal(SIGCHLD, SIG_DFL); ++ memset(&newsa, '\0', sizeof(newsa)); ++ newsa.sa_handler = SIG_DFL; ++ sigaction(SIGCHLD, &newsa, &oldsa); + } + + /* fork */ + child = fork(); + if (child == 0) { +- size_t i=0; ++ int i=0; + struct rlimit rlim; + static char *envp[] = { NULL }; + char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; +@@ -171,15 +173,14 @@ static int _unix_run_update_binary(pam_h + + /* XXX - should really tidy up PAM here too */ + +- close(0); close(1); + /* reopen stdin as pipe */ +- close(fds[1]); + dup2(fds[0], STDIN_FILENO); + + if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { +- for (i=2; i < rlim.rlim_max; i++) { +- if ((unsigned int)fds[0] != i) +- close(i); ++ if (rlim.rlim_max >= MAX_FD_NO) ++ rlim.rlim_max = MAX_FD_NO; ++ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) { ++ close(i); + } + } + +@@ -239,8 +240,8 @@ static int _unix_run_update_binary(pam_h + retval = PAM_AUTH_ERR; + } + +- if (sighandler != SIG_ERR) { +- (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ ++ if (off(UNIX_NOREAP, ctrl)) { ++ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ + } + + return retval; +diff -up Linux-PAM-1.0.4/modules/pam_unix/support.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/support.c +--- Linux-PAM-1.0.4/modules/pam_unix/support.c.safeguards 2009-03-17 11:20:22.000000000 +0100 ++++ Linux-PAM-1.0.4/modules/pam_unix/support.c 2009-03-17 11:20:22.000000000 +0100 +@@ -396,7 +396,7 @@ static int _unix_run_helper_binary(pam_h + unsigned int ctrl, const char *user) + { + int retval, child, fds[2]; +- void (*sighandler)(int) = NULL; ++ struct sigaction newsa, oldsa; + + D(("called.")); + /* create a pipe for the password */ +@@ -414,7 +414,9 @@ static int _unix_run_helper_binary(pam_h + * The "noreap" module argument is provided so that the admin can + * override this behavior. + */ +- sighandler = signal(SIGCHLD, SIG_DFL); ++ memset(&newsa, '\0', sizeof(newsa)); ++ newsa.sa_handler = SIG_DFL; ++ sigaction(SIGCHLD, &newsa, &oldsa); + } + + /* fork */ +@@ -427,15 +429,14 @@ static int _unix_run_helper_binary(pam_h + + /* XXX - should really tidy up PAM here too */ + +- close(0); close(1); + /* reopen stdin as pipe */ +- close(fds[1]); + dup2(fds[0], STDIN_FILENO); + + if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { +- for (i=2; i < (int)rlim.rlim_max; i++) { +- if (fds[0] != i) +- close(i); ++ if (rlim.rlim_max >= MAX_FD_NO) ++ rlim.rlim_max = MAX_FD_NO; ++ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) { ++ close(i); + } + } + +@@ -488,8 +489,8 @@ static int _unix_run_helper_binary(pam_h + retval = PAM_AUTH_ERR; + } + +- if (sighandler != SIG_ERR) { +- (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ ++ if (off(UNIX_NOREAP, ctrl)) { ++ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ + } + + D(("returning %d", retval)); +diff -up Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c +--- Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c.safeguards 2009-03-03 10:00:31.000000000 +0100 ++++ Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c 2009-03-17 11:20:22.000000000 +0100 +@@ -65,7 +65,7 @@ int _unix_run_verify_binary(pam_handle_t + const char *user, int *daysleft) + { + int retval=0, child, fds[2]; +- void (*sighandler)(int) = NULL; ++ struct sigaction newsa, oldsa; + D(("running verify_binary")); + + /* create a pipe for the messages */ +@@ -85,29 +85,29 @@ int _unix_run_verify_binary(pam_handle_t + * The "noreap" module argument is provided so that the admin can + * override this behavior. + */ +- sighandler = signal(SIGCHLD, SIG_DFL); ++ memset(&newsa, '\0', sizeof(newsa)); ++ newsa.sa_handler = SIG_DFL; ++ sigaction(SIGCHLD, &newsa, &oldsa); + } + + /* fork */ + child = fork(); + if (child == 0) { +- size_t i=0; ++ int i=0; + struct rlimit rlim; + static char *envp[] = { NULL }; + char *args[] = { NULL, NULL, NULL, NULL }; + +- close(0); close(1); +- /* reopen stdin as pipe */ +- close(fds[0]); ++ /* reopen stdout as pipe */ + dup2(fds[1], STDOUT_FILENO); + + /* XXX - should really tidy up PAM here too */ + + if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { +- for (i=2; i < rlim.rlim_max; i++) { +- if ((unsigned int)fds[1] != i) { +- close(i); +- } ++ if (rlim.rlim_max >= MAX_FD_NO) ++ rlim.rlim_max = MAX_FD_NO; ++ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) { ++ close(i); + } + } + +@@ -126,7 +126,6 @@ int _unix_run_verify_binary(pam_handle_t + + pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m"); + /* should not get here: exit with error */ +- close (fds[1]); + D(("helper binary is not available")); + printf("-1\n"); + exit(PAM_AUTHINFO_UNAVAIL); +@@ -162,9 +161,11 @@ int _unix_run_verify_binary(pam_handle_t + } + close(fds[0]); + } +- if (sighandler != SIG_ERR) { +- (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ ++ ++ if (off(UNIX_NOREAP, ctrl)) { ++ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ + } ++ + D(("Returning %d",retval)); + return retval; + } +diff -up Linux-PAM-1.0.4/modules/pam_unix/passverify.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/passverify.c +--- Linux-PAM-1.0.4/modules/pam_unix/passverify.c.safeguards 2009-03-02 16:02:22.000000000 +0100 ++++ Linux-PAM-1.0.4/modules/pam_unix/passverify.c 2009-03-17 11:20:22.000000000 +0100 +@@ -117,7 +117,7 @@ verify_pwd_hash(const char *p, char *has + p = NULL; /* no longer needed here */ + + /* the moment of truth -- do we agree with the password? */ +- D(("comparing state of pp[%s] and salt[%s]", pp, salt)); ++ D(("comparing state of pp[%s] and hash[%s]", pp, hash)); + + if (pp && strcmp(pp, hash) == 0) { + retval = PAM_SUCCESS; +@@ -675,8 +675,13 @@ save_old_password(const char *forwho, co + } + } + ++ if (fflush(pwfile) || fsync(fileno(pwfile))) { ++ D(("fflush or fsync error writing entries to old passwords file: %m")); ++ err = 1; ++ } ++ + if (fclose(pwfile)) { +- D(("error writing entries to old passwords file: %m")); ++ D(("fclose error writing entries to old passwords file: %m")); + err = 1; + } + +@@ -795,8 +800,13 @@ unix_update_passwd(pam_handle_t *pamh, c + } + fclose(opwfile); + ++ if (fflush(pwfile) || fsync(fileno(pwfile))) { ++ D(("fflush or fsync error writing entries to password file: %m")); ++ err = 1; ++ } ++ + if (fclose(pwfile)) { +- D(("error writing entries to password file: %m")); ++ D(("fclose error writing entries to password file: %m")); + err = 1; + } + +@@ -925,8 +935,13 @@ unix_update_shadow(pam_handle_t *pamh, c + } + fclose(opwfile); + ++ if (fflush(pwfile) || fsync(fileno(pwfile))) { ++ D(("fflush or fsync error writing entries to shadow file: %m")); ++ err = 1; ++ } ++ + if (fclose(pwfile)) { +- D(("error writing entries to shadow file: %m")); ++ D(("fclose error writing entries to shadow file: %m")); + err = 1; + } + +@@ -1007,8 +1022,12 @@ su_sighandler(int sig) + { + #ifndef SA_RESETHAND + /* emulate the behaviour of the SA_RESETHAND flag */ +- if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) +- signal(sig, SIG_DFL); ++ if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) { ++ struct sigaction sa; ++ memset(&sa, '\0, sizeof(sa)); ++ sa.sa_handler = SIG_DFL; ++ sigaction(sig, &sa, NULL); ++ } + #endif + if (sig > 0) { + _exit(sig); +diff -up Linux-PAM-1.0.4/modules/pam_unix/support.h.safeguards Linux-PAM-1.0.4/modules/pam_unix/support.h +--- Linux-PAM-1.0.4/modules/pam_unix/support.h.safeguards 2008-01-23 16:35:13.000000000 +0100 ++++ Linux-PAM-1.0.4/modules/pam_unix/support.h 2009-03-17 11:24:55.000000000 +0100 +@@ -127,6 +127,7 @@ static const UNIX_Ctrls unix_args[UNIX_C + + #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) + ++#define MAX_FD_NO 2000000 + + /* use this to free strings. ESPECIALLY password strings */ + diff --git a/pam.spec b/pam.spec index cae7e3c..fc950dc 100644 --- a/pam.spec +++ b/pam.spec @@ -2,8 +2,8 @@ Summary: A security tool which provides authentication for applications Name: pam -Version: 1.0.2 -Release: 2%{?dist} +Version: 1.0.4 +Release: 1%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, # pam_rhosts_auth module is BSD with advertising @@ -20,18 +20,19 @@ Source9: system-auth.5 Source10: config-util.5 Source11: 90-nproc.conf Patch1: pam-0.99.7.0-redhat-modules.patch -Patch5: pam-1.0.1-autoreconf.patch +Patch5: pam-1.0.4-autoreconf.patch Patch10: pam-1.0.0-sepermit-screensaver.patch Patch12: pam-1.0.0-selinux-env-params.patch Patch21: pam-0.99.10.0-unix-audit-failed.patch Patch22: pam-1.0.1-unix-prompts.patch Patch31: pam-1.0.1-cracklib-try-first-pass.patch Patch32: pam-1.0.1-tally-fail-close.patch -Patch33: pam-1.0.2-tally-fdleak.patch Patch41: pam-1.0.1-namespace-create.patch Patch42: pam-1.0.2-cracklib-pwquality.patch Patch43: pam-0.99.6.2-lastlog-failed.patch Patch44: pam-1.0.2-many-groups.patch +Patch45: pam-1.0.4-unix-safeguards.patch +Patch46: pam-1.0.4-unix-root-update.patch %define _sbindir /sbin %define _moduledir /%{_lib}/security @@ -61,7 +62,6 @@ Requires: audit-libs >= 1.0.8 BuildRequires: libselinux-devel >= 1.33.2 Requires: libselinux >= 1.33.2 %endif -BuildRequires: glibc >= 2.3.90-37 Requires: glibc >= 2.3.90-37 BuildRequires: db4-devel # Following deps are necessary only to build the pam library documentation. @@ -101,11 +101,12 @@ mv pam-redhat-%{pam_redhat_version}/* modules %patch22 -p1 -b .prompts %patch31 -p1 -b .try-first-pass %patch32 -p1 -b .fail-close -%patch33 -p1 -b .fdleak %patch41 -p1 -b .create %patch42 -p1 -b .pwquality %patch43 -p1 -b .failed %patch44 -p1 -b .many-groups +%patch45 -p1 -b .safeguards +%patch46 -p1 -b .root-update autoreconf @@ -335,6 +336,10 @@ fi %doc doc/adg/*.txt doc/adg/html %changelog +* Tue Mar 17 2009 Tomas Mraz 1.0.4-1 +- update to new upstream minor release (bugfixes and + minor security fixes) + * Tue Sep 23 2008 Tomas Mraz 1.0.2-2 - new password quality checks in pam_cracklib - report failed logins from btmp in pam_lastlog diff --git a/sources b/sources index 65ea264..dc18662 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ 26152d9c691715756b514dbf9cab9cd8 pam-redhat-0.99.9-1.tar.bz2 -fc5e35645b75befae28c88b711b28ffb Linux-PAM-1.0.2.tar.bz2 +189171821b56aaf791cc890d0707ea82 Linux-PAM-1.0.4.tar.bz2