diff options
Diffstat (limited to 'debian/patches-applied')
| -rw-r--r-- | debian/patches-applied/006_docs_cleanup | 31 | ||||
| -rw-r--r-- | debian/patches-applied/015_hurd_portability | 60 | ||||
| -rw-r--r-- | debian/patches-applied/019_pam_listfile_quiet | 235 | ||||
| -rw-r--r-- | debian/patches-applied/024_debian_cracklib_dict_path | 86 | ||||
| -rw-r--r-- | debian/patches-applied/038_support_hurd | 106 | ||||
| -rw-r--r-- | debian/patches-applied/043_pam_unix_unknown_user_not_alert | 41 | ||||
| -rw-r--r-- | debian/patches-applied/046_pam_group_example | 27 | ||||
| -rw-r--r-- | debian/patches-applied/limits_wrong_strncpy | 92 | ||||
| -rw-r--r-- | debian/patches-applied/misc_conv_allow_sigint.patch | 28 | ||||
| -rw-r--r-- | debian/patches-applied/no_pthread_mutexes | 205 | ||||
| -rw-r--r-- | debian/patches-applied/series | 10 |
11 files changed, 0 insertions, 921 deletions
diff --git a/debian/patches-applied/006_docs_cleanup b/debian/patches-applied/006_docs_cleanup deleted file mode 100644 index b5dce7c6..00000000 --- a/debian/patches-applied/006_docs_cleanup +++ /dev/null @@ -1,31 +0,0 @@ -Upstream status: committed to CVS - -Index: Linux-PAM/doc/man/pam.conf-syntax.xml -=================================================================== ---- Linux-PAM/doc/man/pam.conf-syntax.xml.orig -+++ Linux-PAM/doc/man/pam.conf-syntax.xml -@@ -211,7 +211,8 @@ - <emphasis>authtok_disable_aging</emphasis>, - <emphasis>try_again</emphasis>, <emphasis>ignore</emphasis>, - <emphasis>abort</emphasis>, <emphasis>authtok_expired</emphasis>, -- <emphasis>module_unknown</emphasis>, <emphasis>bad_item</emphasis> -+ <emphasis>module_unknown</emphasis>, <emphasis>bad_item</emphasis>, -+ <emphasis>conv_again</emphasis>, <emphasis>incomplete</emphasis>, - and <emphasis>default</emphasis>. - </para> - <para> -Index: Linux-PAM/doc/man/pam.conf.5 -=================================================================== ---- Linux-PAM/doc/man/pam.conf.5.orig -+++ Linux-PAM/doc/man/pam.conf.5 -@@ -175,7 +175,9 @@ - \fIabort\fR, - \fIauthtok_expired\fR, - \fImodule_unknown\fR, --\fIbad_item\fR -+\fIbad_item\fR, -+\fIconv_again\fR, -+\fIincomplete\fR, - and - \fIdefault\fR. - .PP diff --git a/debian/patches-applied/015_hurd_portability b/debian/patches-applied/015_hurd_portability deleted file mode 100644 index 16510318..00000000 --- a/debian/patches-applied/015_hurd_portability +++ /dev/null @@ -1,60 +0,0 @@ -Patch from Debian bug #76119 -Authors: Igor Khavkine <i_khavki@alcor.concordia.ca> - -Upstream status: committed to CVS - -Index: Linux-PAM/configure.in -=================================================================== ---- Linux-PAM/configure.in.orig -+++ Linux-PAM/configure.in -@@ -389,7 +389,7 @@ - AC_HEADER_DIRENT - AC_HEADER_STDC - AC_HEADER_SYS_WAIT --AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h termio.h unistd.h sys/fsuid.h inittypes.h) -+AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h) - - AC_CHECK_HEADERS(crypt.h) - -Index: Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c -=================================================================== ---- Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c.orig -+++ Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c -@@ -64,11 +64,10 @@ - #include <sys/fsuid.h> - #endif /* HAVE_SYS_FSUID_H */ - #ifdef HAVE_NET_IF_H --#include <sys/if.h> -+#include <net/if.h> - #endif - #include <sys/types.h> - #include <sys/uio.h> --#include <net/if.h> - #include <netinet/in.h> - - #ifndef MAXDNAME -Index: Linux-PAM/modules/pam_limits/pam_limits.c -=================================================================== ---- Linux-PAM/modules/pam_limits/pam_limits.c.orig -+++ Linux-PAM/modules/pam_limits/pam_limits.c -@@ -280,8 +280,10 @@ - limit_item = RLIMIT_NOFILE; - else if (strcmp(lim_item, "memlock") == 0) - limit_item = RLIMIT_MEMLOCK; -+#ifdef RLIMIT_AS - else if (strcmp(lim_item, "as") == 0) - limit_item = RLIMIT_AS; -+#endif /*RLIMIT_AS*/ - #ifdef RLIMIT_LOCKS - else if (strcmp(lim_item, "locks") == 0) - limit_item = RLIMIT_LOCKS; -@@ -385,7 +387,9 @@ - case RLIMIT_CORE: - case RLIMIT_RSS: - case RLIMIT_MEMLOCK: -+#ifdef RLIMIT_AS - case RLIMIT_AS: -+#endif - if (rlimit_value != RLIM_INFINITY) - rlimit_value *= 1024; - break; diff --git a/debian/patches-applied/019_pam_listfile_quiet b/debian/patches-applied/019_pam_listfile_quiet deleted file mode 100644 index 113c9cfb..00000000 --- a/debian/patches-applied/019_pam_listfile_quiet +++ /dev/null @@ -1,235 +0,0 @@ -Patch for Debian bug #84428 - -Support a 'quiet' option to pam_listfile, to reduce the logging output - -Authors: Ben Collins <bcollins@debian.org>, - Steve Langasek <vorlon@debian.org> - -Upstream status: committed to CVS - -Index: Linux-PAM/modules/pam_listfile/pam_listfile.c -=================================================================== ---- Linux-PAM/modules/pam_listfile/pam_listfile.c.orig -+++ Linux-PAM/modules/pam_listfile/pam_listfile.c -@@ -68,7 +68,7 @@ - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -- int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2; -+ int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2, quiet=0; - const void *void_citemp; - const char *citemp; - char *ifname=NULL; -@@ -155,6 +155,8 @@ - apply_type=APPLY_TYPE_USER; - strncpy(apply_val,myval,sizeof(apply_val)-1); - } -+ } else if (!strcmp(mybuf,"quiet")) { -+ quiet = 1; - } else { - free(ifname); - pam_syslog(pamh,LOG_ERR, "Unknown option: %s",mybuf); -@@ -399,8 +401,9 @@ - #endif - (void) pam_get_item(pamh, PAM_SERVICE, &service); - (void) pam_get_user(pamh, &user_name, NULL); -- pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s", -- user_name, (const char *)service); -+ if (!quiet) -+ pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s", -+ user_name, (const char *)service); - return PAM_AUTH_ERR; - } - } -Index: Linux-PAM/modules/pam_listfile/pam_listfile.8 -=================================================================== ---- Linux-PAM/modules/pam_listfile/pam_listfile.8.orig -+++ Linux-PAM/modules/pam_listfile/pam_listfile.8 -@@ -1,11 +1,11 @@ - .\" Title: pam_listfile - .\" Author: --.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> --.\" Date: 06/22/2006 --.\" Manual: Linux\-PAM Manual --.\" Source: Linux\-PAM Manual -+.\" Generator: DocBook XSL Stylesheets v1.72.0 <http://docbook.sf.net/> -+.\" Date: 08/25/2007 -+.\" Manual: Linux-PAM Manual -+.\" Source: Linux-PAM Manual - .\" --.TH "PAM_LISTFILE" "8" "06/22/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LISTFILE" "8" "08/25/2007" "Linux\-PAM Manual" "Linux\-PAM Manual" - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) -@@ -14,7 +14,7 @@ - pam_listfile \- deny or allow services based on an arbitrary file - .SH "SYNOPSIS" - .HP 16 --\fBpam_listfile.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] -+\fBpam_listfile.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] [quiet] - .SH "DESCRIPTION" - .PP - pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file. -@@ -64,25 +64,40 @@ - No credentials are awarded by this module. - .SH "OPTIONS" - .PP --.TP 3n -+.PP - \fBitem=[tty|user|rhost|ruser|group|shell]\fR -+.RS 4 - What is listed in the file and should be checked for. --.TP 3n -+.RE -+.PP - \fBsense=[allow|deny]\fR -+.RS 4 - Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested. --.TP 3n -+.RE -+.PP - \fBfile=\fR\fB\fI/path/filename\fR\fR -+.RS 4 - File containing one item per line. The file needs to be a plain file and not world writeable. --.TP 3n -+.RE -+.PP - \fBonerr=[succeed|fail]\fR -+.RS 4 - What to do if something weird happens like being unable to open the file. --.TP 3n -+.RE -+.PP - \fBapply=[\fR\fB\fIuser\fR\fR\fB|\fR\fB\fI@group\fR\fR\fB]\fR -+.RS 4 - Restrict the user class for which the restriction apply. Note that with - \fBitem=[user|ruser|group]\fR - this oes not make sense, but for - \fBitem=[tty|rhost|shell]\fR - it have a meaning. -+.RE -+.PP -+\fBquiet\fR -+.RS 4 -+Do not treat service refusals or missing list files as errors that need to be logged. -+.RE - .SH "MODULE SERVICES PROVIDED" - .PP - The services -@@ -94,34 +109,44 @@ - are supported. - .SH "RETURN VALUES" - .PP --.TP 3n -+.PP - PAM_AUTH_ERR -+.RS 4 - Authentication failure. --.TP 3n -+.RE -+.PP - PAM_BUF_ERR -+.RS 4 - Memory buffer error. --.TP 3n -+.RE -+.PP - PAM_IGNORE -+.RS 4 - The rule does not apply to the - \fBapply\fR - option. --.TP 3n -+.RE -+.PP - PAM_SERVICE_ERR -+.RS 4 - Error in service module. --.TP 3n -+.RE -+.PP - PAM_SUCCESS -+.RS 4 - Success. -+.RE - .SH "EXAMPLES" - .PP - Classic 'ftpusers' authentication can be implemented with this entry in - \fI/etc/pam.d/ftpd\fR: - .sp --.RS 3n -+.RS 4 - .nf - # - # deny ftp\-access to users listed in the /etc/ftpusers file - # --auth required pam_listfile.so \\ -+auth required pam_listfile.so \e - onerr=succeed item=user sense=deny file=/etc/ftpusers - - .fi -@@ -137,12 +162,12 @@ - \fI/etc/pam.d/login\fR - entry like this: - .sp --.RS 3n -+.RS 4 - .nf - # - # permit login to users listed in /etc/loginusers - # --auth required pam_listfile.so \\ -+auth required pam_listfile.so \e - onerr=fail item=user sense=allow file=/etc/loginusers - - .fi -Index: Linux-PAM/modules/pam_listfile/pam_listfile.8.xml -=================================================================== ---- Linux-PAM/modules/pam_listfile/pam_listfile.8.xml.orig -+++ Linux-PAM/modules/pam_listfile/pam_listfile.8.xml -@@ -33,6 +33,9 @@ - <arg choice="opt"> - apply=[<replaceable>user</replaceable>|<replaceable>@group</replaceable>] - </arg> -+ <arg choice="opt"> -+ quiet -+ </arg> - </cmdsynopsis> - </refsynopsisdiv> - -@@ -155,6 +158,18 @@ - </para> - </listitem> - </varlistentry> -+ -+ <varlistentry> -+ <term> -+ <option>quiet</option> -+ </term> -+ <listitem> -+ <para> -+ Do not treat service refusals or missing list files as -+ errors that need to be logged. -+ </para> -+ </listitem> -+ </varlistentry> - </variablelist> - - </para> -Index: Linux-PAM/modules/pam_listfile/README -=================================================================== ---- Linux-PAM/modules/pam_listfile/README.orig -+++ Linux-PAM/modules/pam_listfile/README -@@ -58,6 +58,11 @@ - item=[user|ruser|group] this oes not make sense, but for item=[tty|rhost| - shell] it have a meaning. - -+quiet -+ -+ Do not treat service refusals or missing list files as errors that need to -+ be logged. -+ - EXAMPLES - - Classic 'ftpusers' authentication can be implemented with this entry in /etc/ diff --git a/debian/patches-applied/024_debian_cracklib_dict_path b/debian/patches-applied/024_debian_cracklib_dict_path deleted file mode 100644 index 229c87e8..00000000 --- a/debian/patches-applied/024_debian_cracklib_dict_path +++ /dev/null @@ -1,86 +0,0 @@ -Fix the cracklib autoconf check so that HAVE_CRACK_H gets defined. - -Don't copy around the cracklib dictpath into a fixed-width buffer, when -we can just point at the existing strings; and allow the means to -specify a default dictionary when no dictionary is specified in -pam.conf. - -Authors: Steve Langasek <vorlon@debian.org> - -Upstream status: committed to CVS - -Index: Linux-PAM/modules/pam_cracklib/pam_cracklib.c -=================================================================== ---- Linux-PAM/modules/pam_cracklib/pam_cracklib.c.orig -+++ Linux-PAM/modules/pam_cracklib/pam_cracklib.c -@@ -56,6 +56,10 @@ - extern char *FascistCheck(char *pw, const char *dictpath); - #endif - -+#ifndef CRACKLIB_DICTS -+#define CRACKLIB_DICTS NULL -+#endif -+ - /* For Translators: "%s%s" could be replaced with "<service> " or "". */ - #define PROMPT1 _("New %s%spassword: ") - /* For Translators: "%s%s" could be replaced with "<service> " or "". */ -@@ -94,7 +98,7 @@ - int oth_credit; - int use_authtok; - char prompt_type[BUFSIZ]; -- char cracklib_dictpath[PATH_MAX]; -+ char *cracklib_dictpath; - }; - - #define CO_RETRY_TIMES 1 -@@ -159,14 +163,15 @@ - } else if (!strncmp(*argv,"use_authtok",11)) { - opt->use_authtok = 1; - } else if (!strncmp(*argv,"dictpath=",9)) { -- strncpy(opt->cracklib_dictpath, *argv+9, -- sizeof(opt->cracklib_dictpath) - 1); -+ opt->cracklib_dictpath = *argv+9; -+ if (!*(opt->cracklib_dictpath)) { -+ opt->cracklib_dictpath = CRACKLIB_DICTS; -+ } - } else { - pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv); - } - } - opt->prompt_type[sizeof(opt->prompt_type) - 1] = '\0'; -- opt->cracklib_dictpath[sizeof(opt->cracklib_dictpath) - 1] = '\0'; - - return ctrl; - } -@@ -514,8 +519,7 @@ - options.use_authtok = CO_USE_AUTHTOK; - memset(options.prompt_type, 0, BUFSIZ); - strcpy(options.prompt_type,"UNIX"); -- memset(options.cracklib_dictpath, 0, -- sizeof (options.cracklib_dictpath)); -+ options.cracklib_dictpath = CRACKLIB_DICTS; - - ctrl = _pam_parse(pamh, &options, argc, argv); - -@@ -609,7 +613,7 @@ - const char *crack_msg; - - D(("against cracklib")); -- if ((crack_msg = FascistCheck(token1,options.cracklib_dictpath[0] == '\0'?NULL:options.cracklib_dictpath))) { -+ if ((crack_msg = FascistCheck(token1,options.cracklib_dictpath))) { - if (ctrl & PAM_DEBUG_ARG) - pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg); - pam_error(pamh, _("BAD PASSWORD: %s"), crack_msg); -Index: Linux-PAM/configure.in -=================================================================== ---- Linux-PAM/configure.in.orig -+++ Linux-PAM/configure.in -@@ -312,7 +312,7 @@ - AC_HELP_STRING([--disable-cracklib],[do not use cracklib]), - WITH_CRACKLIB=$enableval, WITH_CRACKLIB=yes) - if test x"$WITH_CRACKLIB" != xno ; then -- AC_CHECK_HEADER([crack.h], -+ AC_CHECK_HEADERS([crack.h], - AC_CHECK_LIB([crack], [FascistCheck], LIBCRACK="-lcrack", LIBCRACK="")) - else - LIBCRACK="" diff --git a/debian/patches-applied/038_support_hurd b/debian/patches-applied/038_support_hurd deleted file mode 100644 index 52e04327..00000000 --- a/debian/patches-applied/038_support_hurd +++ /dev/null @@ -1,106 +0,0 @@ -Prefer using getline() instead of a static buffer; makes pam_rhosts -portable to Hurd. - -Authors: Michal 'hramrach' Suchanek" <hramrach_l@centrum.cz>, - Steve Langasek <vorlon@debian.org> - -Upstream status: committed to CVS. - -Index: Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c -=================================================================== ---- Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c.orig -+++ Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c -@@ -293,7 +293,6 @@ - /* - luser is user entry from .rhosts/hosts.equiv file - ruser is user id on remote host -- rhost is the remote host name - */ - const void *user; - -@@ -348,11 +347,17 @@ - register const char *user; - register char *p; - int hcheck, ucheck; -- char buf[MAXHOSTNAMELEN + 128]; /* host + login */ -+ int retval = 1; -+#ifdef HAVE_GETLINE -+ char *buf=NULL; -+ size_t buflen=0; - -- buf[sizeof (buf)-1] = '\0'; /* terminate line */ -+ while (getline(&buf,&buflen,hostf) > 0) { -+#else -+ char buf[MAXHOSTNAMELEN + 128]; /* host + login */ - - while (fgets(buf, sizeof(buf), hostf) != NULL) { /* hostf file line */ -+#endif - p = buf; /* from beginning of file.. */ - - /* Skip empty or comment lines */ -@@ -401,7 +406,7 @@ - hcheck=__icheckhost(pamh, opts, raddr, buf, rhost); - - if (hcheck<0) -- return(1); -+ break; - - if (hcheck) { - /* Then check user part */ -@@ -411,18 +416,23 @@ - ucheck=__icheckuser(pamh, opts, user, ruser); - - /* Positive 'host user' match? */ -- if (ucheck>0) -- return(0); -+ if (ucheck>0) { -+ retval = 0; -+ break; -+ } - - /* Negative 'host -user' match? */ - if (ucheck<0) -- return(1); -+ break; - - /* Neither, go on looking for match */ - } - } -+#ifdef HAVE_GETLINE -+ if(buf)free(buf); -+#endif - -- return (1); -+ return retval; - } - - /* -Index: Linux-PAM/modules/pam_limits/pam_limits.c -=================================================================== ---- Linux-PAM/modules/pam_limits/pam_limits.c.orig -+++ Linux-PAM/modules/pam_limits/pam_limits.c -@@ -14,7 +14,7 @@ - */ - - #if !defined(linux) && !defined(__linux) --#error THIS CODE IS KNOWN TO WORK ONLY ON LINUX !!! -+#warning THIS CODE IS KNOWN TO WORK ONLY ON LINUX !!! - #endif - - #include "config.h" -Index: Linux-PAM/modules/pam_xauth/pam_xauth.c -=================================================================== ---- Linux-PAM/modules/pam_xauth/pam_xauth.c.orig -+++ Linux-PAM/modules/pam_xauth/pam_xauth.c -@@ -63,6 +63,11 @@ - #define XAUTHDEF ".Xauthority" - #define XAUTHTMP ".xauthXXXXXX" - -+/* Hurd compatibility */ -+#ifndef PATH_MAX -+#define PATH_MAX 4096 -+#endif -+ - /* Possible paths to xauth executable */ - static const char * const xauthpaths[] = { - #ifdef PAM_PATH_XAUTH diff --git a/debian/patches-applied/043_pam_unix_unknown_user_not_alert b/debian/patches-applied/043_pam_unix_unknown_user_not_alert deleted file mode 100644 index 1aafc4f6..00000000 --- a/debian/patches-applied/043_pam_unix_unknown_user_not_alert +++ /dev/null @@ -1,41 +0,0 @@ -Patch for Debian bugs #95220, #175900 - -A wrong username doesn't need to be logged as an 'alert', a 'warning' -should be sufficient. - -Authors: Sam Hartman <hartmans@debian.org> - -Upstream status: committed to CVS - -Index: Linux-PAM/modules/pam_unix/support.c -=================================================================== ---- Linux-PAM/modules/pam_unix/support.c.orig -+++ Linux-PAM/modules/pam_unix/support.c -@@ -675,12 +675,12 @@ - if (on(UNIX_AUDIT, ctrl)) { - /* this might be a typo and the user has given a password - instead of a username. Careful with this. */ -- pam_syslog(pamh, LOG_ALERT, -+ pam_syslog(pamh, LOG_WARNING, - "check pass; user (%s) unknown", name); - } else { - name = NULL; - if (on(UNIX_DEBUG, ctrl) || pwd == NULL) { -- pam_syslog(pamh, LOG_ALERT, -+ pam_syslog(pamh, LOG_WARNING, - "check pass; user unknown"); - } else { - /* don't log failure as another pam module can succeed */ -Index: Linux-PAM/modules/pam_unix/unix_chkpwd.c -=================================================================== ---- Linux-PAM/modules/pam_unix/unix_chkpwd.c.orig -+++ Linux-PAM/modules/pam_unix/unix_chkpwd.c -@@ -179,7 +179,7 @@ - } - } - if (pwd == NULL || salt == NULL) { -- _log_err(LOG_ALERT, "check pass; user unknown"); -+ _log_err(LOG_WARNING, "check pass; user unknown"); - p = NULL; - return PAM_USER_UNKNOWN; - } diff --git a/debian/patches-applied/046_pam_group_example b/debian/patches-applied/046_pam_group_example deleted file mode 100644 index c885c822..00000000 --- a/debian/patches-applied/046_pam_group_example +++ /dev/null @@ -1,27 +0,0 @@ -Patch for Debian bug #197080 - -Don't use the 'games' group as an example in group.conf, this is a -potential security hole. - -Authors: Peter Cordes <peter@llama.nslug.ns.ca> - -Upstream status: committed to CVS - -Index: Linux-PAM/modules/pam_group/group.conf -=================================================================== ---- Linux-PAM/modules/pam_group/group.conf.orig -+++ Linux-PAM/modules/pam_group/group.conf -@@ -88,10 +88,11 @@ - # - # another example: running 'xsh' on tty* (any ttyXXX device), - # the user 'sword' is given access to games (through membership of --# the floppy group) after work hours -+# the sound and play group) after work hours. (The games group owns -+# high-score files and so on, so don't ever give users access to it.) - # - --#xsh; tty* ;sword;!Wk0900-1800;games, sound -+#xsh; tty* ;sword;!Wk0900-1800;sound, play - #xsh; tty* ;*;Al0900-1800;floppy - - # diff --git a/debian/patches-applied/limits_wrong_strncpy b/debian/patches-applied/limits_wrong_strncpy deleted file mode 100644 index 155eab51..00000000 --- a/debian/patches-applied/limits_wrong_strncpy +++ /dev/null @@ -1,92 +0,0 @@ -Patch for Debian bug #331278 - -Remove a number of unnecessary string manipulations, including a -strncpy() that was acting on overlapping memory. - -Authors: Steve Langasek <vorlon@debian.org> - -Upstream status: committed to CVS - -Index: pam/Linux-PAM/modules/pam_limits/pam_limits.c -=================================================================== ---- pam.orig/Linux-PAM/modules/pam_limits/pam_limits.c -+++ pam/Linux-PAM/modules/pam_limits/pam_limits.c -@@ -492,8 +492,6 @@ - } - #undef CONF_FILE - -- /* init things */ -- memset(buf, 0, sizeof(buf)); - /* start the show */ - while (fgets(buf, LINE_LENGTH, fil) != NULL) { - char domain[LINE_LENGTH]; -@@ -502,46 +500,40 @@ - char value[LINE_LENGTH]; - int i; - size_t j; -- char *tptr; -+ char *tptr,*line; - -- tptr = buf; -+ line = buf; - /* skip the leading white space */ -- while (*tptr && isspace(*tptr)) -- tptr++; -- strncpy(buf, tptr, sizeof(buf)-1); -- buf[sizeof(buf)-1] = '\0'; -+ while (*line && isspace(*line)) -+ line++; - - /* Rip off the comments */ -- tptr = strchr(buf,'#'); -+ tptr = strchr(line,'#'); - if (tptr) - *tptr = '\0'; - /* Rip off the newline char */ -- tptr = strchr(buf,'\n'); -+ tptr = strchr(line,'\n'); - if (tptr) - *tptr = '\0'; - /* Anything left ? */ -- if (!strlen(buf)) { -- memset(buf, 0, sizeof(buf)); -+ if (!strlen(line)) - continue; -- } - -- memset(domain, 0, sizeof(domain)); -- memset(ltype, 0, sizeof(ltype)); -- memset(item, 0, sizeof(item)); -- memset(value, 0, sizeof(value)); -+ domain[0] = ltype[0] = item[0] = value[0] = '\0'; - -- i = sscanf(buf,"%s%s%s%s", domain, ltype, item, value); -+ i = sscanf(line,"%s%s%s%s", domain, ltype, item, value); - D(("scanned line[%d]: domain[%s], ltype[%s], item[%s], value[%s]", - i, domain, ltype, item, value)); - - for(j=0; j < strlen(ltype); j++) - ltype[j]=tolower(ltype[j]); -- for(j=0; j < strlen(item); j++) -- item[j]=tolower(item[j]); -- for(j=0; j < strlen(value); j++) -- value[j]=tolower(value[j]); - - if (i == 4) { /* a complete line */ -+ for(j=0; j < strlen(item); j++) -+ item[j]=tolower(item[j]); -+ for(j=0; j < strlen(value); j++) -+ value[j]=tolower(value[j]); -+ - if (strcmp(uname, domain) == 0) /* this user have a limit */ - process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); - else if (domain[0]=='@' && !pl->root) { -@@ -587,7 +579,7 @@ - return PAM_IGNORE; - } - } else { -- pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", buf); -+ pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", line); - } - } - fclose(fil); diff --git a/debian/patches-applied/misc_conv_allow_sigint.patch b/debian/patches-applied/misc_conv_allow_sigint.patch deleted file mode 100644 index 75ffe8b7..00000000 --- a/debian/patches-applied/misc_conv_allow_sigint.patch +++ /dev/null @@ -1,28 +0,0 @@ -Patch for Debian bug #1708 - -Don't block SIGINT in misc_conv, it's perfectly valid to allow the user -to interrupt at a prompt if the application hasn't otherwise blocked the -signal. - -Authors: Steve Langasek <vorlon@debian.org> - -Upstream status: committed to CVS - -Index: pam/Linux-PAM/libpam_misc/misc_conv.c -=================================================================== ---- pam.orig/Linux-PAM/libpam_misc/misc_conv.c -+++ pam/Linux-PAM/libpam_misc/misc_conv.c -@@ -150,12 +150,11 @@ - have_term = 1; - - /* -- * We make a simple attempt to block TTY signals from terminating -+ * We make a simple attempt to block TTY signals from suspending - * the conversation without giving PAM a chance to clean up. - */ - - sigemptyset(&nset); -- sigaddset(&nset, SIGINT); - sigaddset(&nset, SIGTSTP); - (void) sigprocmask(SIG_BLOCK, &nset, &oset); - diff --git a/debian/patches-applied/no_pthread_mutexes b/debian/patches-applied/no_pthread_mutexes deleted file mode 100644 index 8983e11e..00000000 --- a/debian/patches-applied/no_pthread_mutexes +++ /dev/null @@ -1,205 +0,0 @@ -Don't use pthread mutexes in libpam unnecessarily; this avoids linking -problems on non-Linux platforms. - -Authors: Steve Langasek <vorlon@debian.org> - -Upstream status: committed to CVS - -Index: pam/Linux-PAM/libpam/pam_modutil_getgrgid.c -=================================================================== ---- pam.orig/Linux-PAM/libpam/pam_modutil_getgrgid.c -+++ pam/Linux-PAM/libpam/pam_modutil_getgrgid.c -@@ -12,20 +12,9 @@ - #include <errno.h> - #include <limits.h> - #include <grp.h> --#include <pthread.h> - #include <stdio.h> - #include <stdlib.h> - --static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; --static void _pammodutil_lock(void) --{ -- pthread_mutex_lock(&_pammodutil_mutex); --} --static void _pammodutil_unlock(void) --{ -- pthread_mutex_unlock(&_pammodutil_mutex); --} -- - static int intlen(int number) - { - int len = 2; -@@ -95,13 +84,11 @@ - for (i = 0; i < INT_MAX; i++) { - sprintf(data_name, "_pammodutil_getgrgid_%ld_%d", - (long) gid, i); -- _pammodutil_lock(); - status = PAM_NO_MODULE_DATA; - if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { - status = pam_set_data(pamh, data_name, - result, pam_modutil_cleanup); - } -- _pammodutil_unlock(); - if (status == PAM_SUCCESS) { - break; - } -Index: pam/Linux-PAM/libpam/pam_modutil_getgrnam.c -=================================================================== ---- pam.orig/Linux-PAM/libpam/pam_modutil_getgrnam.c -+++ pam/Linux-PAM/libpam/pam_modutil_getgrnam.c -@@ -12,20 +12,9 @@ - #include <errno.h> - #include <limits.h> - #include <grp.h> --#include <pthread.h> - #include <stdio.h> - #include <stdlib.h> - --static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; --static void _pammodutil_lock(void) --{ -- pthread_mutex_lock(&_pammodutil_mutex); --} --static void _pammodutil_unlock(void) --{ -- pthread_mutex_unlock(&_pammodutil_mutex); --} -- - static int intlen(int number) - { - int len = 2; -@@ -84,13 +73,11 @@ - if (pamh != NULL) { - for (i = 0; i < INT_MAX; i++) { - sprintf(data_name, "_pammodutil_getgrnam_%s_%d", group, i); -- _pammodutil_lock(); - status = PAM_NO_MODULE_DATA; - if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { - status = pam_set_data(pamh, data_name, - result, pam_modutil_cleanup); - } -- _pammodutil_unlock(); - if (status == PAM_SUCCESS) { - break; - } -Index: pam/Linux-PAM/libpam/pam_modutil_getpwnam.c -=================================================================== ---- pam.orig/Linux-PAM/libpam/pam_modutil_getpwnam.c -+++ pam/Linux-PAM/libpam/pam_modutil_getpwnam.c -@@ -11,21 +11,10 @@ - - #include <errno.h> - #include <limits.h> --#include <pthread.h> - #include <pwd.h> - #include <stdio.h> - #include <stdlib.h> - --static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; --static void _pammodutil_lock(void) --{ -- pthread_mutex_lock(&_pammodutil_mutex); --} --static void _pammodutil_unlock(void) --{ -- pthread_mutex_unlock(&_pammodutil_mutex); --} -- - static int intlen(int number) - { - int len = 2; -@@ -84,13 +73,11 @@ - if (pamh != NULL) { - for (i = 0; i < INT_MAX; i++) { - sprintf(data_name, "_pammodutil_getpwnam_%s_%d", user, i); -- _pammodutil_lock(); - status = PAM_NO_MODULE_DATA; - if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { - status = pam_set_data(pamh, data_name, - result, pam_modutil_cleanup); - } -- _pammodutil_unlock(); - if (status == PAM_SUCCESS) { - break; - } -Index: pam/Linux-PAM/libpam/pam_modutil_getpwuid.c -=================================================================== ---- pam.orig/Linux-PAM/libpam/pam_modutil_getpwuid.c -+++ pam/Linux-PAM/libpam/pam_modutil_getpwuid.c -@@ -11,21 +11,10 @@ - - #include <errno.h> - #include <limits.h> --#include <pthread.h> - #include <pwd.h> - #include <stdio.h> - #include <stdlib.h> - --static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; --static void _pammodutil_lock(void) --{ -- pthread_mutex_lock(&_pammodutil_mutex); --} --static void _pammodutil_unlock(void) --{ -- pthread_mutex_unlock(&_pammodutil_mutex); --} -- - static int intlen(int number) - { - int len = 2; -@@ -95,13 +84,11 @@ - for (i = 0; i < INT_MAX; i++) { - sprintf(data_name, "_pammodutil_getpwuid_%ld_%d", - (long) uid, i); -- _pammodutil_lock(); - status = PAM_NO_MODULE_DATA; - if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { - status = pam_set_data(pamh, data_name, - result, pam_modutil_cleanup); - } -- _pammodutil_unlock(); - if (status == PAM_SUCCESS) { - break; - } -Index: pam/Linux-PAM/libpam/pam_modutil_getspnam.c -=================================================================== ---- pam.orig/Linux-PAM/libpam/pam_modutil_getspnam.c -+++ pam/Linux-PAM/libpam/pam_modutil_getspnam.c -@@ -11,21 +11,10 @@ - - #include <errno.h> - #include <limits.h> --#include <pthread.h> - #include <shadow.h> - #include <stdio.h> - #include <stdlib.h> - --static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; --static void _pammodutil_lock(void) --{ -- pthread_mutex_lock(&_pammodutil_mutex); --} --static void _pammodutil_unlock(void) --{ -- pthread_mutex_unlock(&_pammodutil_mutex); --} -- - static int intlen(int number) - { - int len = 2; -@@ -84,13 +73,11 @@ - if (pamh != NULL) { - for (i = 0; i < INT_MAX; i++) { - sprintf(data_name, "_pammodutil_getspnam_%s_%d", user, i); -- _pammodutil_lock(); - status = PAM_NO_MODULE_DATA; - if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { - status = pam_set_data(pamh, data_name, - result, pam_modutil_cleanup); - } -- _pammodutil_unlock(); - if (status == PAM_SUCCESS) { - break; - } diff --git a/debian/patches-applied/series b/debian/patches-applied/series index 796c3acb..e7c1c0f2 100644 --- a/debian/patches-applied/series +++ b/debian/patches-applied/series @@ -1,31 +1,21 @@ -006_docs_cleanup 007_modules_pam_unix 008_modules_pam_limits_chroot -015_hurd_portability -019_pam_listfile_quiet 021_nis_cleanup 022_pam_unix_group_time_miscfixes -024_debian_cracklib_dict_path 026_pam_unix_passwd_unknown_user 027_pam_limits_better_init_allow_explicit_root 031_pam_include -p2 032_pam_limits_EPERM_NOT_FATAL 036_pam_wheel_getlogin_considered_harmful -038_support_hurd hurd_no_setfsuid 040_pam_limits_log_failure -043_pam_unix_unknown_user_not_alert 045_pam_dispatch_jump_is_ignore -046_pam_group_example 049_pam_unix_sane_locking 054_pam_security_abstract_securetty_handling 055_pam_unix_nullok_secure 057_pam_unix_passwd_OOM_check 065_pam_unix_cracklib_disable -p2 PAM-manpage-section -p2 -no_pthread_mutexes -p2 -limits_wrong_strncpy -p2 -misc_conv_allow_sigint.patch -p2 pam_env_ignore_garbage.patch -p2 pam_tally_audit.patch autoconf.patch |