|
@@ -1,5 +1,5 @@
|
|
|
%bcond_with systemd
|
|
|
-%define pam_redhat_version 1.2.0
|
|
|
+%define pam_redhat_version 1.3.0
|
|
|
|
|
|
%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
|
|
|
|
|
@@ -7,8 +7,8 @@
|
|
|
Summary: A security tool which provides authentication for applications
|
|
|
Summary(ja): アプリケーションに認証の仕組みを提供するセキュリティツール
|
|
|
Name: pam
|
|
|
-Version: 1.6.1
|
|
|
-Release: 1%{?_dist_release}%{?with_systemd:.systemd}
|
|
|
+Version: 1.7.0
|
|
|
+Release: 2%{?_dist_release}%{?with_systemd:.systemd}
|
|
|
Group: system
|
|
|
Vendor: Project Vine
|
|
|
Distribution: Vine Linux
|
|
@@ -36,11 +36,11 @@ Source15: pamtmp.conf
|
|
|
Source16: postlogin.pamd
|
|
|
Source17: postlogin.5
|
|
|
Source18: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
|
|
-Patch1: pam-1.6.0-redhat-modules.patch
|
|
|
-Patch2: pam-1.6.0-noflex.patch
|
|
|
-Patch3: pam-1.5.3-unix-nomsg.patch
|
|
|
-
|
|
|
-#Patch1000: pam-1.5.1-ja.po.patch
|
|
|
+Patch1: pam-1.7.0-redhat-modules.patch
|
|
|
+Patch2: pam-1.5.3-unix-nomsg.patch
|
|
|
+Patch3: pam-1.7.0-fop-optional.patch
|
|
|
+# https://github.com/linux-pam/linux-pam/commit/940747f88c16e029b69a74e80a2e94f65cb3e628
|
|
|
+Patch4: pam-1.5.1-pam-access-resolve-ip.patch
|
|
|
|
|
|
%define _sbindir /sbin
|
|
|
%define _moduledir /%{_lib}/security
|
|
@@ -57,8 +57,8 @@ Patch3: pam-1.5.3-unix-nomsg.patch
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
Requires: cracklib, cracklib-dicts >= 2.8
|
|
|
Requires: libpwquality
|
|
|
-BuildRequires: autoconf >= 2.60
|
|
|
-BuildRequires: automake, libtool
|
|
|
+Requires: gdbm
|
|
|
+BuildRequires: meson, ninja
|
|
|
BuildRequires: bison, flex, sed
|
|
|
BuildRequires: cracklib, cracklib-dicts >= 2.8
|
|
|
BuildRequires: perl, pkgconfig, gettext
|
|
@@ -73,9 +73,11 @@ Requires: libselinux >= 1.33.2
|
|
|
BuildRequires: glibc >= 2.3.90-37
|
|
|
Requires: glibc >= 2.3.90-37
|
|
|
# Following deps are necessary only to build the pam library documentation.
|
|
|
-BuildRequires: linuxdoc-tools, w3m, libxslt
|
|
|
-BuildRequires: docbook-style-xsl, docbook-dtds
|
|
|
-BuildRequires: libdb-devel
|
|
|
+BuildRequires: linuxdoc-tools, libxslt
|
|
|
+BuildRequires: docbook5-style-xsl
|
|
|
+BuildRequires: docbook5-schemas
|
|
|
+BuildRequires: gdbm-devel
|
|
|
+BuildRequires: libeconf-devel
|
|
|
# pam.d/login in old util-linux uses obsolete pam module.
|
|
|
Conflicts: util-linux < 2.14
|
|
|
|
|
@@ -162,58 +164,35 @@ perl -pi -e "s/\/lib \/usr\/lib/\/lib \/usr\/lib \/lib64 \/usr\/lib64/" m4/libto
|
|
|
mv pam-redhat-%{pam_redhat_version}/* modules
|
|
|
|
|
|
cp %{SOURCE18} .
|
|
|
-
|
|
|
-%patch1 -p1 -b .redhat-modules
|
|
|
-%patch2 -p1 -b .noflex
|
|
|
-%patch3 -p1 -b .nomsg
|
|
|
-
|
|
|
-## security patch(es)
|
|
|
-#none
|
|
|
-
|
|
|
-sed -i -e 's/WITH_SELINUX/!WITH_SELINUX/g' \
|
|
|
- modules/pam_pwhistory/Makefile.am \
|
|
|
- modules/pam_unix/Makefile.am
|
|
|
-
|
|
|
-autoreconf -i
|
|
|
+%autopatch -p1
|
|
|
|
|
|
|
|
|
%build
|
|
|
-%configure \
|
|
|
- --disable-rpath \
|
|
|
- --disable-static \
|
|
|
- --disable-prelude \
|
|
|
- --libdir=/%{_lib} \
|
|
|
- --includedir=%{_includedir}/security \
|
|
|
- --enable-isadir=../..%{_moduledir} \
|
|
|
+%meson \
|
|
|
+ -Dsecuredir=%{_moduledir} \
|
|
|
+ -Disadir=../..%{_moduledir} \
|
|
|
+ -Daudit=enabled \
|
|
|
%if %{with systemd}
|
|
|
- --with-systemdunitdir=%{_unitdir} \
|
|
|
-%endif
|
|
|
-%if ! %{WITH_SELINUX}
|
|
|
- --disable-selinux \
|
|
|
+ -Dsystemdunitdir=%{_unitdir} \
|
|
|
%endif
|
|
|
-%if ! %{WITH_AUDIT}
|
|
|
- --disable-audit \
|
|
|
+%if %{without nis}
|
|
|
+ -Dnis=disabled \
|
|
|
%endif
|
|
|
- --enable-openssl \
|
|
|
- --enable-lastlog
|
|
|
-make -C po update-gmo
|
|
|
-make
|
|
|
-# we do not use _smp_mflags because the build of sources in yacc/flex fails
|
|
|
+ -Dlogind=disabled \
|
|
|
+ -Dopenssl=enabled \
|
|
|
+ -Dpam_lastlog=enabled \
|
|
|
+ -Dpam_userdb=enabled \
|
|
|
+ -Ddb=gdbm \
|
|
|
+ -Dselinux=disabled
|
|
|
+%meson_build
|
|
|
|
|
|
|
|
|
%install
|
|
|
-rm -rf %{buildroot}
|
|
|
-
|
|
|
-mkdir -p doc/txts
|
|
|
-for readme in modules/pam_*/README ; do
|
|
|
- cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
|
|
|
-done
|
|
|
-
|
|
|
# Install the macros file
|
|
|
install -D -m 644 %{SOURCE3} %{buildroot}%{_rpmconfigdir}/macros.d/macros.%{name}
|
|
|
|
|
|
# Install the binaries, libraries, and modules.
|
|
|
-make install DESTDIR=%{buildroot} LDCONFIG=:
|
|
|
+%meson_install
|
|
|
|
|
|
%if %{WITH_SELINUX}
|
|
|
# Temporary compat link
|
|
@@ -255,19 +234,24 @@ done
|
|
|
|
|
|
# Remove .la files and make new .so links -- this depends on the value
|
|
|
# of _libdir not changing, and *not* being /usr/lib.
|
|
|
-install -d -m 755 %{buildroot}%{_libdir}
|
|
|
for lib in libpam libpamc libpam_misc ; do
|
|
|
-pushd %{buildroot}%{_libdir}
|
|
|
-ln -sf ../../%{_lib}/${lib}.so.*.* ${lib}.so
|
|
|
-popd
|
|
|
-rm -f %{buildroot}/%{_lib}/${lib}.so
|
|
|
-rm -f %{buildroot}/%{_lib}/${lib}.la
|
|
|
+ rm -f %{buildroot}%{_libdir}/${lib}.la
|
|
|
done
|
|
|
rm -f %{buildroot}%{_moduledir}/*.la
|
|
|
|
|
|
-mv -f %{buildroot}/%{_lib}/pkgconfig %{buildroot}/%{_libdir}/pkgconfig
|
|
|
+%if 0
|
|
|
+install -d -m 755 %{buildroot}%{_libdir}
|
|
|
+for lib in libpam libpamc libpam_misc ; do
|
|
|
+ pushd %{buildroot}%{_libdir}
|
|
|
+ mv -f ${lib}.so.*.* ../../%{_lib}/
|
|
|
+ ln -sf ../../%{_lib}/${lib}.so.*.* ${lib}.so
|
|
|
+ popd
|
|
|
+ rm -f %{buildroot}/%{_lib}/${lib}.so
|
|
|
+ rm -f %{buildroot}/%{_lib}/${lib}.la
|
|
|
+done
|
|
|
sed -i -e 's|^libdir=.*$|libdir=%{_libdir}|' \
|
|
|
%{buildroot}/%{_libdir}/pkgconfig/*.pc
|
|
|
+%endif
|
|
|
|
|
|
# Duplicate doc file sets.
|
|
|
rm -fr %{buildroot}/usr/share/doc/pam
|
|
@@ -277,11 +261,27 @@ install -m755 -d %{buildroot}/lib/security
|
|
|
|
|
|
%if %{with systemd}
|
|
|
# Install the file for autocreation of /run subdirectories on boot
|
|
|
-install -m644 -D %{SOURCE15} %{buildroot}%{_prefix}/lib/tmpfiles.d/pam.conf
|
|
|
+install -m644 -D %{SOURCE15} %{buildroot}%{_tmpfilesdir}/pam.conf
|
|
|
+# Install systemd unit file.
|
|
|
+install -m644 -D %{_vpath_builddir}/modules/pam_namespace/pam_namespace.service \
|
|
|
+ %{buildroot}%{_unitdir}/pam_namespace.service
|
|
|
%else
|
|
|
rm -f %{buildroot}/usr/lib/systemd/system/pam_namespace.service
|
|
|
%endif
|
|
|
|
|
|
+# Install doc files to unified location.
|
|
|
+install -d -m 755 %{buildroot}%{_pkgdocdir}/{adg/html,mwg/html,sag/html}
|
|
|
+install -p -m 644 doc/specs/rfc86.0.txt %{buildroot}%{_pkgdocdir}
|
|
|
+for i in adg mwg sag; do
|
|
|
+ install -p -m 644 %{_vpath_builddir}/doc/$i/*.txt %{buildroot}%{_pkgdocdir}/$i
|
|
|
+%if 0%{?build_pdf}
|
|
|
+ install -p -m 644 %{_vpath_builddir}/doc/$i/*.pdf %{buildroot}%{_pkgdocdir}/$i
|
|
|
+%endif
|
|
|
+ cp -pr %{_vpath_builddir}/doc/$i/html/* %{buildroot}%{_pkgdocdir}/$i/html
|
|
|
+done
|
|
|
+find %{buildroot}%{_pkgdocdir} -type d | xargs chmod 755
|
|
|
+find %{buildroot}%{_pkgdocdir} -type f | xargs chmod 644
|
|
|
+
|
|
|
%find_lang Linux-PAM
|
|
|
|
|
|
|
|
@@ -308,24 +308,20 @@ done
|
|
|
|
|
|
# Check for module problems. Specifically, check that every module we just
|
|
|
# installed can actually be loaded by a minimal PAM-aware application.
|
|
|
-/sbin/ldconfig -n %{buildroot}/%{_lib}
|
|
|
+/sbin/ldconfig -n %{buildroot}%{_libdir}
|
|
|
for module in %{buildroot}%{_moduledir}/pam*.so ; do
|
|
|
- if ! env LD_LIBRARY_PATH=%{buildroot}/%{_lib} \
|
|
|
- %{SOURCE11} -ldl -lpam -L%{buildroot}/%{_libdir} ${module} ; then
|
|
|
+ if ! env LD_LIBRARY_PATH=%{buildroot}%{_libdir} \
|
|
|
+ %{SOURCE11} -ldl -lpam -L%{buildroot}%{_libdir} ${module} ; then
|
|
|
echo ERROR module: ${module} cannot be loaded.
|
|
|
exit 1
|
|
|
fi
|
|
|
done
|
|
|
|
|
|
|
|
|
-%clean
|
|
|
-rm -rf %{buildroot}
|
|
|
-
|
|
|
-
|
|
|
%files -f Linux-PAM.lang
|
|
|
-%defattr(-,root,root)
|
|
|
%license Copyright
|
|
|
%license gpl-2.0.txt
|
|
|
+%doc %{_pkgdocdir}
|
|
|
%dir %{_pamconfdir}
|
|
|
%dir %{_pamvendordir}
|
|
|
%config(noreplace) %{_pamconfdir}/other
|
|
@@ -336,14 +332,13 @@ rm -rf %{buildroot}
|
|
|
%config(noreplace) %{_pamconfdir}/config-util
|
|
|
%config(noreplace) %{_pamconfdir}/postlogin
|
|
|
%{_rpmconfigdir}/macros.d/macros.%{name}
|
|
|
-/%{_lib}/libpam.so.*
|
|
|
-/%{_lib}/libpamc.so.*
|
|
|
-/%{_lib}/libpam_misc.so.*
|
|
|
+%{_libdir}/libpam.so.*
|
|
|
+%{_libdir}/libpamc.so.*
|
|
|
+%{_libdir}/libpam_misc.so.*
|
|
|
%{_sbindir}/faillock
|
|
|
%{_sbindir}/pam_namespace_helper
|
|
|
%attr(4755,root,root) %{_sbindir}/pam_timestamp_check
|
|
|
%attr(4755,root,root) %{_sbindir}/unix_chkpwd
|
|
|
-%attr(0700,root,root) %{_sbindir}/unix_update
|
|
|
%attr(0755,root,root) %{_sbindir}/mkhomedir_helper
|
|
|
%attr(0755,root,root) %{_sbindir}/pwhistory_helper
|
|
|
%if "%{_lib}" != "lib"
|
|
@@ -442,7 +437,6 @@ rm -rf %{buildroot}
|
|
|
%endif
|
|
|
|
|
|
%files devel
|
|
|
-%defattr(-,root,root)
|
|
|
%doc doc/specs/rfc86.0.txt
|
|
|
%{_includedir}/security/
|
|
|
%{_mandir}/man3/*
|
|
@@ -453,11 +447,10 @@ rm -rf %{buildroot}
|
|
|
|
|
|
%if %{build_compat32}
|
|
|
%files -n compat32-%{name}
|
|
|
-%defattr(-,root,root)
|
|
|
%dir %{_pamconfdir}
|
|
|
-/%{_lib}/libpam.so.*
|
|
|
-/%{_lib}/libpamc.so.*
|
|
|
-/%{_lib}/libpam_misc.so.*
|
|
|
+%{_libdir}/libpam.so.*
|
|
|
+%{_libdir}/libpamc.so.*
|
|
|
+%{_libdir}/libpam_misc.so.*
|
|
|
%dir /%{_lib}/security
|
|
|
%dir %{_moduledir}
|
|
|
%{_moduledir}/pam_access.so
|
|
@@ -517,7 +510,6 @@ rm -rf %{buildroot}
|
|
|
%{_moduledir}/pam_filter
|
|
|
|
|
|
%files -n compat32-%{name}-devel
|
|
|
-%defattr(-,root,root)
|
|
|
%{_libdir}/libpam.so
|
|
|
%{_libdir}/libpamc.so
|
|
|
%{_libdir}/libpam_misc.so
|
|
@@ -525,6 +517,12 @@ rm -rf %{buildroot}
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
+* Mon Dec 2 2024 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.7.0-2
|
|
|
+- added Patch4 to fix CVE-2024-10963.
|
|
|
+
|
|
|
+* Sat Nov 16 2024 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.7.0-1
|
|
|
+- updated to 1.7.0.
|
|
|
+
|
|
|
* Wed Apr 10 2024 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.6.1-1
|
|
|
- updated to 1.6.1.
|
|
|
|