diff options
| author | Steve Langasek <steve.langasek@canonical.com> | 2020-08-12 00:10:13 +0000 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2020-08-12 09:22:19 -0700 |
| commit | 16f5abae39c08a58be2cbb78746ddd1753be91a1 (patch) | |
| tree | d346db0cda4d4dd3c34fb0e0753aa5b41c426220 | |
| parent | bcf03cab9b41de1d9b3c3a4b389ccc298a505f76 (diff) | |
| download | pam-16f5abae39c08a58be2cbb78746ddd1753be91a1.tar.gz pam-16f5abae39c08a58be2cbb78746ddd1753be91a1.tar.bz2 pam-16f5abae39c08a58be2cbb78746ddd1753be91a1.zip | |
debian/patches-applied/nullok_secure-compat.patch: Support nullok_secure as a deprecated alias for nullok.
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/patches-applied/nullok_secure-compat.patch | 27 | ||||
| -rw-r--r-- | debian/patches-applied/series | 1 |
3 files changed, 30 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 82d8b2dd..28224bb3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,8 @@ pam (1.4.0-1) UNRELEASED; urgency=medium * Drop patches to implement "nullok_secure" option for pam_unix. Closes: #674857, #936071, LP: #1860826. * debian/patches-applied/cve-2010-4708.patch: drop, applied upstream. + * debian/patches-applied/nullok_secure-compat.patch: Support + nullok_secure as a deprecated alias for nullok. -- Steve Langasek <vorlon@debian.org> Tue, 11 Aug 2020 14:58:13 -0700 diff --git a/debian/patches-applied/nullok_secure-compat.patch b/debian/patches-applied/nullok_secure-compat.patch new file mode 100644 index 00000000..d85aa9fe --- /dev/null +++ b/debian/patches-applied/nullok_secure-compat.patch @@ -0,0 +1,27 @@ +Description: Support nullok_secure as a deprecated alias for nullok +Author: Steve Langasek <vorlon@debian.org> +Last-Update: 2020-08-11 + +Index: pam/modules/pam_unix/support.h +=================================================================== +--- pam.orig/modules/pam_unix/support.h ++++ pam/modules/pam_unix/support.h +@@ -102,8 +102,9 @@ + #define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */ + #define UNIX_NULLRESETOK 33 /* allow empty password if password reset is enforced */ + #define UNIX_OBSCURE_CHECKS 34 /* enable obscure checks on passwords */ ++#define UNIX_NULLOK_SECURE 35 /* deprecated alias for nullok */ + /* -------------- */ +-#define UNIX_CTRLS_ 35 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 36 /* number of ctrl arguments defined */ + + #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl)) + +@@ -147,6 +148,7 @@ + /* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(0x6EC22000ULL), 0x40000000, 1}, + /* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 0x80000000, 0}, + /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x100000000, 0}, ++/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200ULL), 0, 0}, + }; + + #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) diff --git a/debian/patches-applied/series b/debian/patches-applied/series index 689f2dcf..4d562185 100644 --- a/debian/patches-applied/series +++ b/debian/patches-applied/series @@ -20,3 +20,4 @@ no_PATH_MAX_on_hurd lib_security_multiarch_compat pam-limits-nofile-fd-setsize-cap fix-autoreconf.patch +nullok_secure-compat.patch |