diff --git a/pam-1.3.1-namespace-mntopts.patch b/pam-1.3.1-namespace-mntopts.patch index 111da4b..3249157 100644 --- a/pam-1.3.1-namespace-mntopts.patch +++ b/pam-1.3.1-namespace-mntopts.patch @@ -21,25 +21,25 @@ index c7698cb..a94b49e 100644 diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c -index f541f89..0fd59fb 100644 +index f541f89..660c7a1 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c -@@ -230,6 +230,78 @@ static int parse_iscript_params(char *params, struct polydir_s *poly) +@@ -230,6 +230,73 @@ static int parse_iscript_params(char *params, struct polydir_s *poly) return 0; } +struct mntflag { + const char *name; -+ size_t size; ++ size_t len; + unsigned long flag; +}; + -+#define LITERAL_AND_SIZE(x) x, sizeof(x) ++#define LITERAL_AND_LEN(x) x, sizeof(x) - 1 + +static const struct mntflag mntflags[] = { -+ { LITERAL_AND_SIZE("noexec"), MS_NOEXEC }, -+ { LITERAL_AND_SIZE("nosuid"), MS_NOSUID }, -+ { LITERAL_AND_SIZE("nodev"), MS_NODEV } ++ { LITERAL_AND_LEN("noexec"), MS_NOEXEC }, ++ { LITERAL_AND_LEN("nosuid"), MS_NOSUID }, ++ { LITERAL_AND_LEN("nodev"), MS_NODEV } + }; + +static int filter_mntopts(const char *opts, char **filtered, @@ -49,16 +49,12 @@ index f541f89..0fd59fb 100644 + const char *end; + char *dest; + -+ *filtered = NULL; ++ dest = *filtered = NULL; + *mountflags = 0; + + if (origlen == 0) + return 0; + -+ dest = *filtered = calloc(1, origlen); -+ if (*filtered == NULL) -+ return -1; -+ + do { + size_t len; + int i; @@ -71,9 +67,9 @@ index f541f89..0fd59fb 100644 + } + + for (i = 0; i < (int)(sizeof(mntflags)/sizeof(mntflags[0])); i++) { -+ if (mntflags[i].size - 1 != len) ++ if (mntflags[i].len != len) + continue; -+ if (strncmp(mntflags[i].name, opts, len) == 0) { ++ if (memcmp(mntflags[i].name, opts, len) == 0) { + *mountflags |= mntflags[i].flag; + opts = end; + break; @@ -81,29 +77,28 @@ index f541f89..0fd59fb 100644 + } + + if (opts != end) { -+ if (dest != *filtered) { ++ if (dest != NULL) { + *dest = ','; + ++dest; ++ } else { ++ dest = *filtered = calloc(1, origlen + 1); ++ if (dest == NULL) ++ return -1; + } -+ strncpy(dest, opts, len); ++ memcpy(dest, opts, len); + dest += len; + } + + opts = end + 1; + } while (end != NULL); + -+ if (dest == *filtered) { -+ /* nothing left */ -+ free(dest); -+ *filtered = NULL; -+ } + return 0; +} + static int parse_method(char *method, struct polydir_s *poly, struct instance_data *idata) { -@@ -289,7 +361,8 @@ static int parse_method(char *method, struct polydir_s *poly, +@@ -289,7 +356,8 @@ static int parse_method(char *method, struct polydir_s *poly, break; } free(poly->mount_opts); /* if duplicate mntopts specified */ @@ -113,7 +108,7 @@ index f541f89..0fd59fb 100644 pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error"); return -1; } -@@ -1484,7 +1557,7 @@ static int ns_setup(struct polydir_s *polyptr, +@@ -1484,7 +1552,7 @@ static int ns_setup(struct polydir_s *polyptr, } if (polyptr->method == TMPFS) { diff --git a/pam.spec b/pam.spec index 27124b9..9e5c3b9 100644 --- a/pam.spec +++ b/pam.spec @@ -1,9 +1,9 @@ -%global pam_redhat_version 1.1.1 +%global pam_redhat_version 1.1.2 Summary: An extensible library which provides authentication for applications Name: pam Version: 1.3.1 -Release: 20%{?dist} +Release: 21%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ # - this option is redundant as the BSD license allows that anyway. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. @@ -399,6 +399,9 @@ done %doc doc/specs/rfc86.0.txt %changelog +* Wed Dec 17 2019 Tomáš Mráz 1.3.1-21 +- pam_faillock: Fix regression in admin_group support + * Wed Oct 16 2019 Tomáš Mráz 1.3.1-20 - pam_namespace: Support noexec, nosuid and nodev flags for tmpfs mounts - Drop tallylog and pam_tally documentation diff --git a/sources b/sources index 916efbf..654e1b4 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ SHA512 (Linux-PAM-1.3.1.tar.xz) = 6bc8e2a5b64686f0a23846221c5228c88418ba485b17c53b3a12f91262b5bb73566d6b6a5daa1f63bbae54310aee918b987e44a72ce809b4e7c668f0fadfe08e SHA512 (Linux-PAM-1.3.1.tar.xz.asc) = 8b3ad3f4f29fad663e375296dca00f736b3de764f11d7b7aa615d00efe1c702c9060f244967f2d84d8ef3a342c3a1f8eba6dd52847df427bb3ce0ff765a8108a -SHA512 (pam-redhat-1.1.1.tar.bz2) = 45adff01e1a1370c5bcfa539e9eb98337301bf9b63446a433fb4d45b60cd631aae9d6afe0a92e8736836e44f6c7d099f97d26fcea06592ef769481908a82fc43 +SHA512 (pam-redhat-1.1.2.tar.bz2) = 9e70376a4b33d0e0df1a2f8158b25b540559f3c952a435574e619262f0d2da71d381336a06edee08a032c5096d7ae24cb7fc91a8cf8518dd5ad4f93d62b7d582