New upstream version 1.5.2

author: Steve Langasek <steve.langasek@canonical.com> 2022-08-16 22:06:15 -0700
committer: Steve Langasek <steve.langasek@canonical.com> 2022-08-16 22:06:15 -0700
commit: 99d0d1c5c4f07332daa86e73981267a761bc966e (patch)
tree: a56fe41110023676d7082028cbaa47ca4b6e6164 /modules/pam_env
parent: f6d08ed47a3da3c08345bce2ca366e961c52ad7c (diff)
parent: 40f7d85f3736d058c26de1dafa4fed46de7d75ef (diff)
7 files changed, 50 insertions, 28 deletions
diff --git a/modules/pam_env/Makefile.in b/modules/pam_env/Makefile.in
index b422c591..255458f5 100644
--- a/modules/pam_env/Makefile.in
+++ b/modules/pam_env/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_env
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -378,6 +381,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -422,6 +426,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -435,6 +442,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -454,7 +463,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -501,8 +509,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -513,6 +519,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -562,7 +569,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -570,9 +576,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -582,6 +585,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -1004,7 +1008,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_env/README b/modules/pam_env/README
index 1542f6d7..a040caf7 100644
--- a/modules/pam_env/README
+++ b/modules/pam_env/README
@@ -57,7 +57,12 @@ user_envfile=filename
 user_readenv=0|1
 
     Turns on or off the reading of the user specific environment file. 0 is
-    off, 1 is on. By default this option is off.
+    off, 1 is on. By default this option is off as user supplied environment
+    variables in the PAM environment could affect behavior of subsequent
+    modules in the stack without the consent of the system administrator.
+
+    Due to problematic security this functionality is deprecated since the
+    1.5.0 version and will be removed completely at some point in the future.
 
 EXAMPLES
 
@@ -83,7 +88,7 @@ Now some simple variables
       NNTPSERVER     DEFAULT=localhost
       PATH           DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
       :/usr/bin:/usr/local/bin/X11:/usr/bin/X11
-      XDG_DATA_HOME  @{HOME}/share/
+      XDG_DATA_HOME  DEFAULT=@{HOME}/share/
 
 
 Silly examples of escaped variables, just to show how they work.
diff --git a/modules/pam_env/pam_env.8 b/modules/pam_env/pam_env.8
index f674024c..8b0d5199 100644
--- a/modules/pam_env/pam_env.8
+++ b/modules/pam_env/pam_env.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_env
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_ENV" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_ENV" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -101,7 +101,9 @@ file to override the default\&.The syntax is the same as for
 .PP
 \fBuser_readenv=\fR\fB\fI0|1\fR\fR
 .RS 4
-Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is off\&.
+Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is off as user supplied environment variables in the PAM environment could affect behavior of subsequent modules in the stack without the consent of the system administrator\&.
+.sp
+Due to problematic security this functionality is deprecated since the 1\&.5\&.0 version and will be removed completely at some point in the future\&.
 .RE
 .SH "MODULE TYPES PROVIDED"
 .PP
diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml
index b765e527..75ff862b 100644
--- a/modules/pam_env/pam_env.8.xml
+++ b/modules/pam_env/pam_env.8.xml
@@ -158,7 +158,15 @@
         <listitem>
           <para>
             Turns on or off the reading of the user specific environment
-            file. 0 is off, 1 is on. By default this option is off.
+            file. 0 is off, 1 is on. By default this option is off as user
+            supplied environment variables in the PAM environment could affect
+            behavior of subsequent modules in the stack without the consent
+            of the system administrator.
+          </para>
+          <para>
+            Due to problematic security this functionality is deprecated
+            since the 1.5.0 version and will be removed completely at some
+            point in the future.
           </para>
         </listitem>
       </varlistentry>
diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
index 79d43722..f5f8cead 100644
--- a/modules/pam_env/pam_env.c
+++ b/modules/pam_env/pam_env.c
@@ -120,6 +120,9 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
 	  pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
     }
 
+    if (*user_readenv)
+	pam_syslog(pamh, LOG_DEBUG, "deprecated reading of user environment enabled");
+
     return ctrl;
 }
 
@@ -311,7 +314,7 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len)
 	    D(("_assemble_line: corrupted or binary file"));
 	    return -1;
 	}
-	if (p[strlen(p)-1] != '\n') {
+	if (p[strlen(p)-1] != '\n' && !feof(f)) {
 	    D(("_assemble_line: line too long"));
 	    return -1;
 	}
diff --git a/modules/pam_env/pam_env.conf.5 b/modules/pam_env/pam_env.conf.5
index 3a7155b0..40fd118b 100644
--- a/modules/pam_env/pam_env.conf.5
+++ b/modules/pam_env/pam_env.conf.5
@@ -2,12 +2,12 @@
 .\"     Title: pam_env.conf
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_ENV\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_ENV\&.CONF" "5" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -36,7 +36,7 @@ The
 file specifies the environment variables to be set, unset or modified by
 \fBpam_env\fR(8)\&. When someone logs in, this file is read and the environment variables are set according\&.
 .PP
-Each line starts with the variable name, there are then two possible options for each variable DEFAULT and OVERRIDE\&. DEFAULT allows and administrator to set the value of the variable to some default value, if none is supplied then the empty string is assumed\&. The OVERRIDE option tells pam_env that it should enter in its value (overriding the default value) if there is one to use\&. OVERRIDE is not used, "" is assumed and no override will be done\&.
+Each line starts with the variable name, there are then two possible options for each variable DEFAULT and OVERRIDE\&. DEFAULT allows an administrator to set the value of the variable to some default value, if none is supplied then the empty string is assumed\&. The OVERRIDE option tells pam_env that it should enter in its value (overriding the default value) if there is one to use\&. OVERRIDE is not used, "" is assumed and no override will be done\&.
 .PP
 \fIVARIABLE\fR
 [\fIDEFAULT=[value]\fR] [\fIOVERRIDE=[value]\fR]
@@ -99,7 +99,7 @@ Now some simple variables
       NNTPSERVER     DEFAULT=localhost
       PATH           DEFAULT=${HOME}/bin:/usr/local/bin:/bin\e
       :/usr/bin:/usr/local/bin/X11:/usr/bin/X11
-      XDG_DATA_HOME  @{HOME}/share/
+      XDG_DATA_HOME  DEFAULT=@{HOME}/share/
     
 .fi
 .if n \{\
diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml
index c47f17d9..fca046fe 100644
--- a/modules/pam_env/pam_env.conf.5.xml
+++ b/modules/pam_env/pam_env.conf.5.xml
@@ -29,7 +29,7 @@
     </para>
     <para>
       Each line starts with the variable name, there are then two possible
-      options for each variable DEFAULT and OVERRIDE. DEFAULT allows and
+      options for each variable DEFAULT and OVERRIDE. DEFAULT allows an
       administrator to set the value of the variable  to some default
       value, if none is supplied then the empty string is assumed. The
       OVERRIDE option tells pam_env that it should enter in its value
@@ -103,7 +103,7 @@
       NNTPSERVER     DEFAULT=localhost
       PATH           DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
       :/usr/bin:/usr/local/bin/X11:/usr/bin/X11
-      XDG_DATA_HOME  @{HOME}/share/
+      XDG_DATA_HOME  DEFAULT=@{HOME}/share/
     </programlisting>
 
     <para>
author	Steve Langasek <steve.langasek@canonical.com>	2022-08-16 22:06:15 -0700
committer	Steve Langasek <steve.langasek@canonical.com>	2022-08-16 22:06:15 -0700
commit	99d0d1c5c4f07332daa86e73981267a761bc966e (patch)
tree	a56fe41110023676d7082028cbaa47ca4b6e6164 /modules/pam_env
parent	f6d08ed47a3da3c08345bce2ca366e961c52ad7c (diff)
parent	40f7d85f3736d058c26de1dafa4fed46de7d75ef (diff)