diff options
| -rw-r--r-- | debian/changelog | 16 | ||||
| -rw-r--r-- | debian/patches-applied/pam_faillock_create_directory | 31 | ||||
| -rw-r--r-- | debian/patches-applied/series | 1 |
3 files changed, 48 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 783a8a31..29abc9b5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,19 @@ +pam (1.4.0-3) UNRELEASED; urgency=medium + + [ Josh Triplett ] + * libpam-runtime.postrm: Remove session-noninteractive files on purge, + Closes: #978601 + + [ Sam Hartman ] + * libpam-modules.install: Install pam_faillock binaries, Closes: #981092 + * debian/patches-applied/pam_unix_initialize_daysleft : Initialize days before password expire, Closes: #980285 + * pam-configs/unix: Default to yescript rather than sha512. From a theoretical security standpoint, it looks like yescript has similar security properties, assuming (as we typically do in the crypto protocol community) that sha256 is still reasonable. However, in terms of practical resistant to password cracking, particularly in terms of valuing space complexity as well as time complexity, yescript is superior, Closes: #978553 + * No infinite loop on purge of libpam-runtime, Closes: #977648 + * patches-applied/pam_faillock_create_directory: create /run/faillock when needed. + + + -- Sam Hartman <hartmans@debian.org> Mon, 01 Feb 2021 15:27:08 -0500 + pam (1.4.0-2) unstable; urgency=medium * Restart services on upgrade to 1.4.0. Closes: #978555. diff --git a/debian/patches-applied/pam_faillock_create_directory b/debian/patches-applied/pam_faillock_create_directory new file mode 100644 index 00000000..420e2937 --- /dev/null +++ b/debian/patches-applied/pam_faillock_create_directory @@ -0,0 +1,31 @@ +commit d54870f993e97fe75e2cd0470a3701d5af22877c +Author: Changqing Li <changqing.li@windriver.com> +Date: Tue Jan 12 14:45:34 2021 +0800 + + faillock: create tallydir before creating tallyfile + + The default tallydir is "/var/run/faillock", and this default + tallydir may not exist. + + Function open may fail as tallydir does not exist when creating + the tallyfile. Therefore, faillock will not work well. + + Fix this problem by creating tallydir before creating tallyfile + when the tallydir does not exist. + + Signed-off-by: Changqing Li <changqing.li@windriver.com> + +Index: pam/modules/pam_faillock/faillock.c +=================================================================== +--- pam.orig/modules/pam_faillock/faillock.c ++++ pam/modules/pam_faillock/faillock.c +@@ -74,6 +74,9 @@ open_tally (const char *dir, const char + + if (create) { + flags |= O_CREAT; ++ if (access(dir, F_OK) != 0) { ++ mkdir(dir, 0755); ++ } + } + + fd = open(path, flags, 0600); diff --git a/debian/patches-applied/series b/debian/patches-applied/series index 33b17b13..587a6366 100644 --- a/debian/patches-applied/series +++ b/debian/patches-applied/series @@ -23,3 +23,4 @@ fix-autoreconf.patch nullok_secure-compat.patch pam_unix_initialize_daysleft +pam_faillock_create_directory |