[Buildroot] [PATCH 1/1] packages/linux-pam: bump version to 1.1.8 -> 1.2.1
Brendan Heading
brendanheading at gmail.com
Sun Aug 23 19:02:58 UTC 2015
Move to the latest release of linux-pam. This allows us to remove
a number of patches and consolidate the existing ones :
- 0001-configure.patch
- 0007-rhosts.patch
these two patches deal with the ruserok function, which is not
usable with uclibc. Consolidated into
0002-Conditionally-compile-per-ruserok-availability.patch.
- 0003-group.patch
- 0005-succeed.patch
- 0006-time.patch
these three patches deal with the innetgr function, which is not
usable with uclibc. Consolidated into
0003-Conditionally-compile-per-innetgr-availability.patch.
- 0004-mkdir.patch
Fixed in upstream, no longer required.
- 0002-doc-makefile-am.patch
renamed to 0001-doc-makefile-am.patch.
- 0008-fix-CVE-2014-2583.patch
- 0009-fix-CVE-2013-7041.patch
These patches are already included in the new release and so
can be safely deleted.
---
v1 - I thought rather than patching linux-pam 1.1.8 to fix the
musl compilation issues, we may as well bump to the newer
version first. I have the musl patches waiting, but thought it
better to submit this first. This patch includes only the changes
necessary to get linux-pam 1.2.1 building under uclibc and glibc
(ie just the version bump).
The original set of patches seemed unnecessarily fragmented so
I've consolidated them into larger patches based on which
aspect they were fixing. Makes dealing with the set of patches
a little more convenient. Also added Upstream-status indications
which were not originally present. Once we are happy here
I will look at submitting these where appropriate.
---
Signed-off-by: Brendan Heading <brendanheading at gmail.com>
---
package/linux-pam/0001-configure.patch | 19 -----
...akefile-am.patch => 0001-doc-makefile-am.patch} | 3 +
...tionally-compile-per-ruserok-availability.patch | 49 +++++++++++++
...tionally-compile-per-innetgr-availability.patch | 84 ++++++++++++++++++++++
package/linux-pam/0003-group.patch | 26 -------
package/linux-pam/0004-mkdir.patch | 17 -----
package/linux-pam/0005-succeed.patch | 31 --------
package/linux-pam/0006-time.patch | 26 -------
package/linux-pam/0007-rhosts.patch | 24 -------
package/linux-pam/0008-fix-CVE-2014-2583.patch | 53 --------------
package/linux-pam/0009-fix-CVE-2013-7041.patch | 50 -------------
package/linux-pam/linux-pam.hash | 2 +-
package/linux-pam/linux-pam.mk | 2 +-
13 files changed, 138 insertions(+), 248 deletions(-)
delete mode 100644 package/linux-pam/0001-configure.patch
rename package/linux-pam/{0002-doc-makefile-am.patch => 0001-doc-makefile-am.patch} (91%)
create mode 100644 package/linux-pam/0002-Conditionally-compile-per-ruserok-availability.patch
create mode 100644 package/linux-pam/0003-Conditionally-compile-per-innetgr-availability.patch
delete mode 100644 package/linux-pam/0003-group.patch
delete mode 100644 package/linux-pam/0004-mkdir.patch
delete mode 100644 package/linux-pam/0005-succeed.patch
delete mode 100644 package/linux-pam/0006-time.patch
delete mode 100644 package/linux-pam/0007-rhosts.patch
delete mode 100644 package/linux-pam/0008-fix-CVE-2014-2583.patch
delete mode 100644 package/linux-pam/0009-fix-CVE-2013-7041.patch
diff --git a/package/linux-pam/0001-configure.patch b/package/linux-pam/0001-configure.patch
deleted file mode 100644
index d39261f..0000000
--- a/package/linux-pam/0001-configure.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Add check for ruserok
-
-ruserok is not available/functional in uclibc, provide conditions for compilation
-where needed.
-
-Signed-off-by: Dmitry Golubovsky <golubovsky at gmail.com>
-
-diff -urN a/configure.in b/configure.in
---- a/configure.in 2012-08-17 03:48:24.000000000 -0500
-+++ b/configure.in 2013-07-17 09:49:23.760254684 -0500
-@@ -526,7 +526,7 @@
- AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
- AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
- AC_CHECK_FUNCS(getgrouplist getline getdelim)
--AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af)
-+AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af ruserok)
-
- AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
- AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
diff --git a/package/linux-pam/0002-doc-makefile-am.patch b/package/linux-pam/0001-doc-makefile-am.patch
similarity index 91%
rename from package/linux-pam/0002-doc-makefile-am.patch
rename to package/linux-pam/0001-doc-makefile-am.patch
index 8fa2dda..ac3ff2b 100644
--- a/package/linux-pam/0002-doc-makefile-am.patch
+++ b/package/linux-pam/0001-doc-makefile-am.patch
@@ -3,6 +3,9 @@ Disable generation of documentation
Generation of documentation is not necessary in Buildroot, disable it completely.
Signed-off-by: Dmitry Golubovsky <golubovsky at gmail.com>
+Signed-off-by: Brendan Heading <brendanheading at gmail.com>
+
+Upstream-status: inappropriate
diff -urN a/doc/Makefile.am b/doc/Makefile.am
--- a/doc/Makefile.am 2012-08-15 06:08:43.000000000 -0500
diff --git a/package/linux-pam/0002-Conditionally-compile-per-ruserok-availability.patch b/package/linux-pam/0002-Conditionally-compile-per-ruserok-availability.patch
new file mode 100644
index 0000000..cec642d
--- /dev/null
+++ b/package/linux-pam/0002-Conditionally-compile-per-ruserok-availability.patch
@@ -0,0 +1,49 @@
+ruserok is not available/functional in uclibc, provide conditions
+for compilation where needed.
+
+Patch originally by Dmitry Golubovsky <golubovsky at gmail.com> -
+porting to linux-pam 1.2.1.
+
+Signed-off-by: Brendan Heading <brendanheading at gmail.com>
+
+Upstream-status: pending
+
+---
+ configure.ac | 2 +-
+ modules/pam_rhosts/pam_rhosts.c | 6 +++++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 08e4530..fd2fd23 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -542,7 +542,7 @@ AC_CHECK_FUNCS(fseeko getdomainname gethostname gettimeofday lckpwdf mkdir selec
+ AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
+ AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
+ AC_CHECK_FUNCS(getgrouplist getline getdelim)
+-AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af)
++AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af ruserok)
+
+ AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
+ AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
+diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c
+index bc9e76f..909db29 100644
+--- a/modules/pam_rhosts/pam_rhosts.c
++++ b/modules/pam_rhosts/pam_rhosts.c
+@@ -114,8 +114,12 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,
+ #ifdef HAVE_RUSEROK_AF
+ retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC);
+ #else
++ #ifdef HAVE_RUSEROK
+ retval = ruserok (rhost, as_root, ruser, luser);
+-#endif
++ #else
++ retval = -1;
++ #endif /* HAVE_RUSEROK */
++#endif /*HAVE_RUSEROK_AF */
+ if (retval != 0) {
+ if (!opt_silent || opt_debug)
+ pam_syslog(pamh, LOG_WARNING, "denied access to %s@%s as %s",
+--
+2.4.3
+
diff --git a/package/linux-pam/0003-Conditionally-compile-per-innetgr-availability.patch b/package/linux-pam/0003-Conditionally-compile-per-innetgr-availability.patch
new file mode 100644
index 0000000..4b516fa
--- /dev/null
+++ b/package/linux-pam/0003-Conditionally-compile-per-innetgr-availability.patch
@@ -0,0 +1,84 @@
+innetgr is not available/functional in uclibc, provide conditions for
+compilation.
+
+Patch originally by Dmitry Golubovsky <golubovsky at gmail.com> - porting
+to linux-pam 1.2.1.
+
+Signed-off-by: Brendan Heading <brendanheading at gmail.com>
+
+Upstream-status: pending
+
+---
+ modules/pam_group/pam_group.c | 8 +++++++-
+ modules/pam_succeed_if/pam_succeed_if.c | 4 ++++
+ modules/pam_time/pam_time.c | 8 +++++++-
+ 3 files changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
+index be5f20f..0982de8 100644
+--- a/modules/pam_group/pam_group.c
++++ b/modules/pam_group/pam_group.c
+@@ -655,8 +655,14 @@ static int check_account(pam_handle_t *pamh, const char *service,
+ continue;
+ }
+ /* If buffer starts with @, we are using netgroups */
+- if (buffer[0] == '@')
++ if (buffer[0] == '@') {
++#ifdef HAVE_INNETGR
+ good &= innetgr (&buffer[1], NULL, user, NULL);
++#else
++ good = 0;
++ pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
++#endif /* HAVE_INNETGR */
++ }
+ /* otherwise, if the buffer starts with %, it's a UNIX group */
+ else if (buffer[0] == '%')
+ good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
+diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
+index aa828fc..c09d669 100644
+--- a/modules/pam_succeed_if/pam_succeed_if.c
++++ b/modules/pam_succeed_if/pam_succeed_if.c
+@@ -233,16 +233,20 @@ evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group)
+ static int
+ evaluate_innetgr(const char *host, const char *user, const char *group)
+ {
++#ifdef HAVE_INNETGR
+ if (innetgr(group, host, user, NULL) == 1)
+ return PAM_SUCCESS;
++#endif /* HAVE_INNETGR */
+ return PAM_AUTH_ERR;
+ }
+ /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
+ static int
+ evaluate_notinnetgr(const char *host, const char *user, const char *group)
+ {
++#ifdef HAVE_INNETGR
+ if (innetgr(group, host, user, NULL) == 0)
+ return PAM_SUCCESS;
++#endif /* HAVE_INNETGR */
+ return PAM_AUTH_ERR;
+ }
+
+diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
+index c94737c..4898fd2 100644
+--- a/modules/pam_time/pam_time.c
++++ b/modules/pam_time/pam_time.c
+@@ -554,8 +554,14 @@ check_account(pam_handle_t *pamh, const char *service,
+ continue;
+ }
+ /* If buffer starts with @, we are using netgroups */
+- if (buffer[0] == '@')
++ if (buffer[0] == '@') {
++#ifdef HAVE_INNETGR
+ good &= innetgr (&buffer[1], NULL, user, NULL);
++#else
++ good = 0;
++ pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
++#endif /* HAVE_INNETGR */
++ }
+ else
+ good &= logic_field(pamh, user, buffer, count, is_same);
+ D(("with user: %s", good ? "passes":"fails" ));
+--
+2.4.3
+
diff --git a/package/linux-pam/0003-group.patch b/package/linux-pam/0003-group.patch
deleted file mode 100644
index a94cf9e..0000000
--- a/package/linux-pam/0003-group.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Conditionally compile per innetgr availability
-
-innetgr is not available/functional in uclibc, provide conditions for compilation.
-
-Signed-off-by: Dmitry Golubovsky <golubovsky at gmail.com>
-
-Index: linux-pam-1.1.4/modules/pam_group/pam_group.c
-============================================================================
---- linux-pam-1.1.4/modules/pam_group/pam_group.c 2011-06-21 05:04:56.000000000 -0400
-+++ linux-pam-1.1.4/modules/pam_group/pam_group.c 2012-08-09 21:35:06.000000000 -0400
-@@ -655,8 +655,14 @@
- continue;
- }
- /* If buffer starts with @, we are using netgroups */
-- if (buffer[0] == '@')
-+ if (buffer[0] == '@') {
-+#ifdef HAVE_INNETGR
- good &= innetgr (&buffer[1], NULL, user, NULL);
-+#else
-+ good = 0;
-+ pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
-+#endif /* HAVE_INNETGR */
-+ }
- /* otherwise, if the buffer starts with %, it's a UNIX group */
- else if (buffer[0] == '%')
- good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
diff --git a/package/linux-pam/0004-mkdir.patch b/package/linux-pam/0004-mkdir.patch
deleted file mode 100644
index 00056da..0000000
--- a/package/linux-pam/0004-mkdir.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-$(mkdir_p) is obsolete for newer automake, use $(MKDIR_P) instead.
-Upstream should really gettextize with a newer version before packing up.
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
-
-diff -Nura Linux-PAM-1.1.7.orig/po/Makefile.in.in Linux-PAM-1.1.7/po/Makefile.in.in
---- Linux-PAM-1.1.7.orig/po/Makefile.in.in 2013-09-11 20:45:16.610770002 -0300
-+++ Linux-PAM-1.1.7/po/Makefile.in.in 2013-09-11 20:45:28.030145316 -0300
-@@ -31,7 +31,7 @@
- INSTALL = @INSTALL@
- INSTALL_DATA = @INSTALL_DATA@
- mkinstalldirs = $(SHELL) @install_sh@ -d
--mkdir_p = @mkdir_p@
-+mkdir_p = @MKDIR_P@
-
- GMSGFMT_ = @GMSGFMT@
- GMSGFMT_no = @GMSGFMT@
diff --git a/package/linux-pam/0005-succeed.patch b/package/linux-pam/0005-succeed.patch
deleted file mode 100644
index 8a675ef..0000000
--- a/package/linux-pam/0005-succeed.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Conditionally compile per innetgr availability
-
-innetgr is not available/functional in uclibc, provide conditions for compilation.
-
-Signed-off-by: Dmitry Golubovsky <golubovsky at gmail.com>
-
-Index: linux-pam-1.1.4/modules/pam_succeed_if/pam_succeed_if.c
-============================================================================
---- linux-pam-1.1.4/modules/pam_succeed_if/pam_succeed_if.c 2011-06-21 05:04:56.000000000 -0400
-+++ linux-pam-1.1.4/modules/pam_succeed_if/pam_succeed_if.c 2012-08-09 21:05:02.000000000 -0400
-@@ -233,16 +233,20 @@
- static int
- evaluate_innetgr(const char *host, const char *user, const char *group)
- {
-+#ifdef HAVE_INNETGR
- if (innetgr(group, host, user, NULL) == 1)
- return PAM_SUCCESS;
-+#endif /* HAVE_INNETGR */
- return PAM_AUTH_ERR;
- }
- /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
- static int
- evaluate_notinnetgr(const char *host, const char *user, const char *group)
- {
-+#ifdef HAVE_INNETGR
- if (innetgr(group, host, user, NULL) == 0)
- return PAM_SUCCESS;
-+#endif /* HAVE_INNETGR */
- return PAM_AUTH_ERR;
- }
-
diff --git a/package/linux-pam/0006-time.patch b/package/linux-pam/0006-time.patch
deleted file mode 100644
index 58d7c9f..0000000
--- a/package/linux-pam/0006-time.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Conditionally compile per innetgr availability
-
-innetgr is not available/functional in uclibc, provide conditions for compilation.
-
-Signed-off-by: Dmitry Golubovsky <golubovsky at gmail.com>
-
-Index: linux-pam-1.1.4/modules/pam_time/pam_time.c
-============================================================================
---- linux-pam-1.1.4/modules/pam_time/pam_time.c 2011-06-21 05:04:56.000000000 -0400
-+++ linux-pam-1.1.4/modules/pam_time/pam_time.c 2012-08-09 21:02:29.000000000 -0400
-@@ -554,8 +554,14 @@
- continue;
- }
- /* If buffer starts with @, we are using netgroups */
-- if (buffer[0] == '@')
-+ if (buffer[0] == '@') {
-+#ifdef HAVE_INNETGR
- good &= innetgr (&buffer[1], NULL, user, NULL);
-+#else
-+ good = 0;
-+ pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
-+#endif /* HAVE_INNETGR */
-+ }
- else
- good &= logic_field(pamh, user, buffer, count, is_same);
- D(("with user: %s", good ? "passes":"fails" ));
diff --git a/package/linux-pam/0007-rhosts.patch b/package/linux-pam/0007-rhosts.patch
deleted file mode 100644
index 58f9adb..0000000
--- a/package/linux-pam/0007-rhosts.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Conditionally compile per ruserok availability
-
-ruserok is not available/functional in uclibc, provide conditions for compilation.
-
-Signed-off-by: Dmitry Golubovsky <golubovsky at gmail.com>
-
-Index: linux-pam-1.1.4/modules/pam_rhosts/pam_rhosts.c
-============================================================================
---- linux-pam-1.1.4/modules/pam_rhosts/pam_rhosts.c 2011-06-21 05:04:56.000000000 -0400
-+++ linux-pam-1.1.4/modules/pam_rhosts/pam_rhosts.c 2012-08-09 21:19:34.000000000 -0400
-@@ -114,8 +114,12 @@
- #ifdef HAVE_RUSEROK_AF
- retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC);
- #else
-+ #ifdef HAVE_RUSEROK
- retval = ruserok (rhost, as_root, ruser, luser);
--#endif
-+ #else
-+ retval = -1;
-+ #endif /* HAVE_RUSEROK */
-+#endif /*HAVE_RUSEROK_AF */
- if (retval != 0) {
- if (!opt_silent || opt_debug)
- pam_syslog(pamh, LOG_WARNING, "denied access to %s@%s as %s",
diff --git a/package/linux-pam/0008-fix-CVE-2014-2583.patch b/package/linux-pam/0008-fix-CVE-2014-2583.patch
deleted file mode 100644
index a8b5f7b..0000000
--- a/package/linux-pam/0008-fix-CVE-2014-2583.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 9dcead87e6d7f66d34e7a56d11a30daca367dffb Mon Sep 17 00:00:00 2001
-From: "Dmitry V. Levin" <ldv at altlinux.org>
-Date: Wed, 26 Mar 2014 22:17:23 +0000
-Subject: pam_timestamp: fix potential directory traversal issue (ticket #27)
-
-pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of
-the timestamp pathname it creates, so extra care should be taken to
-avoid potential directory traversal issues.
-
-* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat
-"." and ".." tty values as invalid.
-(get_ruser): Treat "." and ".." ruser values, as well as any ruser
-value containing '/', as invalid.
-
-Fixes CVE-2014-2583.
-
-Reported-by: Sebastian Krahmer <krahmer at suse.de>
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
-
-diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
-index 5193733..b3f08b1 100644
---- a/modules/pam_timestamp/pam_timestamp.c
-+++ b/modules/pam_timestamp/pam_timestamp.c
-@@ -158,7 +158,7 @@ check_tty(const char *tty)
- tty = strrchr(tty, '/') + 1;
- }
- /* Make sure the tty wasn't actually a directory (no basename). */
-- if (strlen(tty) == 0) {
-+ if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) {
- return NULL;
- }
- return tty;
-@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen)
- if (pwd != NULL) {
- ruser = pwd->pw_name;
- }
-+ } else {
-+ /*
-+ * This ruser is used by format_timestamp_name as a component
-+ * of constructed timestamp pathname, so ".", "..", and '/'
-+ * are disallowed to avoid potential path traversal issues.
-+ */
-+ if (!strcmp(ruser, ".") ||
-+ !strcmp(ruser, "..") ||
-+ strchr(ruser, '/')) {
-+ ruser = NULL;
-+ }
- }
- if (ruser == NULL || strlen(ruser) >= ruserbuflen) {
- *ruserbuf = '\0';
---
-cgit v0.10.2
-
diff --git a/package/linux-pam/0009-fix-CVE-2013-7041.patch b/package/linux-pam/0009-fix-CVE-2013-7041.patch
deleted file mode 100644
index ed58807..0000000
--- a/package/linux-pam/0009-fix-CVE-2013-7041.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 57a1e2b274d0a6376d92ada9926e5c5741e7da20 Mon Sep 17 00:00:00 2001
-From: "Dmitry V. Levin" <ldv at altlinux.org>
-Date: Fri, 24 Jan 2014 22:18:32 +0000
-Subject: pam_userdb: fix password hash comparison
-
-Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed
-passwords support in pam_userdb, hashes are compared case-insensitively.
-This bug leads to accepting hashes for completely different passwords in
-addition to those that should be accepted.
-
-Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for
-modern password hashes with different lengths and settings, did not
-update the hash comparison accordingly, which leads to accepting
-computed hashes longer than stored hashes when the latter is a prefix
-of the former.
-
-* modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed
-hash whose length differs from the stored hash length.
-Compare computed and stored hashes case-sensitively.
-Fixes CVE-2013-7041.
-
-Bug-Debian: http://bugs.debian.org/731368
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
-
-diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
-index de8b5b1..ff040e6 100644
---- a/modules/pam_userdb/pam_userdb.c
-+++ b/modules/pam_userdb/pam_userdb.c
-@@ -222,12 +222,15 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
- } else {
- cryptpw = crypt (pass, data.dptr);
-
-- if (cryptpw) {
-- compare = strncasecmp (data.dptr, cryptpw, data.dsize);
-+ if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
-+ compare = memcmp(data.dptr, cryptpw, data.dsize);
- } else {
- compare = -2;
- if (ctrl & PAM_DEBUG_ARG) {
-- pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
-+ if (cryptpw)
-+ pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ");
-+ else
-+ pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
- }
- };
-
---
-cgit v0.10.2
-
diff --git a/package/linux-pam/linux-pam.hash b/package/linux-pam/linux-pam.hash
index 3f420c2..a6a26d1 100644
--- a/package/linux-pam/linux-pam.hash
+++ b/package/linux-pam/linux-pam.hash
@@ -1,2 +1,2 @@
# Locally computed hashes, not provided by upstream
-sha256 c4b1f23a236d169e2496fea20721578d864ba00f7242d2b41d81050ac87a1e55 Linux-PAM-1.1.8.tar.bz2
+sha256 342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 Linux-PAM-1.2.1.tar.bz2
diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk
index 26b627e..cf1b5b7 100644
--- a/package/linux-pam/linux-pam.mk
+++ b/package/linux-pam/linux-pam.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LINUX_PAM_VERSION = 1.1.8
+LINUX_PAM_VERSION = 1.2.1
LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.bz2
LINUX_PAM_SITE = http://linux-pam.org/library
LINUX_PAM_INSTALL_STAGING = YES
--
2.4.3
More information about the buildroot
mailing list