| Age | Commit message (Collapse) | Author |
|---|
|
Dropped upstreamed patches(commit-id):
- add-checks-for-crypt-returning-NULL.patch(8dc056c)
- destdirfix.patch(d7e6b92)
- libpam-fix-for-CVE-2010-4708.patch(4c430f6)
Dropped backported patches(commit-id):
- pam_timestamp-fix-potential-directory-traversal-issu.patch(9dcead8)
- reflect-the-enforce_for_root-semantics-change-in-pam.patch(bd07ad3)
Forward ported patches:
- pam-unix-nullok-secure.patch
- crypt_configure.patch
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Surfaced when building with musl This details are in patch headers
Enabel innetgr.patch for musl as well
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
There's not bash specific syntax in the xtests scripts:
$ cd Linux-PAM-1.1.6/xtests
# replace /bin/bash to /bin/sh and check the bashisms:
$ checkbashisms *.sh
No output
So the runtime dependency to bash could be removed.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
v2 changes:
* update format for commit log
* add Upstream-Status for patch
Multiple directory traversal vulnerabilities in pam_timestamp.c in the
pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to
create aribitrary files or possibly bypass authentication via a .. (dot
dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY
value to the check_tty funtion, which is used by the
format_timestamp_name function.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2583
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
So that sysvinit images don't warn on every login only add it to common-session
if systemd is a DISTRO_FEATURE.
[ YOCTO #3805 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
To be secure, change behavior of the OTHER entries to warn and deny
access to everything by stating pam_deny.so on all services.
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Debian patch to add a new 'nullok_secure' option to pam_unix, which
accepts users with null passwords only when the applicant is connected
from a tty listed in /etc/securetty.
The original pam_unix.so was configured with nullok_secure in
meta/recipes-extended/pam/libpam/pam.d/common-auth, but no such code
exists actually.
The patch set comes from:
http://patch-tracker.debian.org/patch/series/view/pam/1.1.3-7.1/054_pam_security_abstract_securetty_handling
http://patch-tracker.debian.org/patch/series/view/pam/1.1.3-7.1/055_pam_unix_nullok_secure
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Change default for user_readenv to 0 and document the
new default for user_readenv.
This fix from:
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env
/pam_env.c?r1=1.22&r2=1.23&view=patch
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env
/pam_env.8.xml?r1=1.7&r2=1.8&view=patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patches from linux-pam git repo to fix test case
tst-pam_pwhistory1 failure.
[YOCTO #4107]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This make screen/tmux/etc work as intended.
Signed-off-by: Martin Donnelly <martin.donnelly@ge.com>
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop include-sys-resource.patch already fixed upstream
LIC_FILE_CHKSUM change is due to deletion of space in
COPYING file see
http://git.fedorahosted.org/cgit/linux-pam.git/commit/COPYING?id=1814aec611a5f9e03eceee81237ad3a3f51c954a
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
pam_unix_acct.c: In function '_unix_run_verify_binary':
pam_unix_acct.c:97:19: error: storage size of 'rlim' isn't known
pam_unix_acct.c:106:19: error: 'RLIMIT_NOFILE' undeclared (first use in
this function)
pam_unix_acct.c:106:19: note: each undeclared identifier is reported
only once for each function it appears in
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update libpam to 1.1.4, and add dependecy cracklib because run xtexts will
need pam-plugin-cracklib.
There are some additional checks under subdirectory xtests and make it
as a subpackage libpam-xtests.
Signed-off-by: Kang Kai <kai.kang@windriver.com>
|
|
Add Upstream-Status tag to patches for the following recipes:
openssh
dbus-glib
expat
opensp
sgml-common
at
cpio (GPLv3 version)
libpam
icu
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* Removed obsolete crossbinary patch
* Added source checksums
* Added LIC_FILES_CHKSUM and SUMMARY entries
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
|
Amarnath Valluri
Khem Raj
Wenzong Fan
Yue Tao
Ross Burton
Ming Liu
Kai Kang
Richard Purdie
Koen Kooi
Scott Garman