From 4c8f5ad6ee34b2f65e0a52a59a15af2ddef8b250 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Thu, 13 Oct 2011 12:55:42 -0700 Subject: debian/patches-applied/{007_modules_pam_unix,055_pam_unix_nullok_secure}: drop unneeded no-op change to reduce delta from upstream. --- debian/changelog | 2 + debian/patches-applied/007_modules_pam_unix | 58 +++++++---------------- debian/patches-applied/055_pam_unix_nullok_secure | 49 ++++++++++--------- 3 files changed, 44 insertions(+), 65 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 5f1e105f..1b1a7dcf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -9,6 +9,8 @@ pam (1.1.3-5) UNRELEASED; urgency=low debian/patches-applied/026_pam_unix_passwd_unknown_user, debian/patches-applied/054_pam_security_abstract_securetty_handling: improve descriptions. + * debian/patches-applied/{007_modules_pam_unix,055_pam_unix_nullok_secure}: + drop unneeded no-op change to reduce delta from upstream. -- Kees Cook Thu, 13 Oct 2011 12:31:03 -0700 diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix index 07f27629..1388556e 100644 --- a/debian/patches-applied/007_modules_pam_unix +++ b/debian/patches-applied/007_modules_pam_unix @@ -1,7 +1,7 @@ -Index: pam.deb/modules/pam_unix/pam_unix_passwd.c +Index: pam-debian/modules/pam_unix/pam_unix_passwd.c =================================================================== ---- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c -+++ pam.deb/modules/pam_unix/pam_unix_passwd.c +--- pam-debian.orig/modules/pam_unix/pam_unix_passwd.c 2011-10-10 16:22:05.790699739 -0700 ++++ pam-debian/modules/pam_unix/pam_unix_passwd.c 2011-10-10 16:24:49.656776455 -0700 @@ -87,6 +87,9 @@ unsigned long versnum, unsigned int proto); #endif /* GNU libc 2.1 */ @@ -33,32 +33,10 @@ Index: pam.deb/modules/pam_unix/pam_unix_passwd.c /* */ const char *user; -Index: pam.deb/modules/pam_unix/support.c +Index: pam-debian/modules/pam_unix/support.h =================================================================== ---- pam.deb.orig/modules/pam_unix/support.c -+++ pam.deb/modules/pam_unix/support.c -@@ -81,6 +81,7 @@ - D(("SILENT")); - set(UNIX__QUIET, ctrl); - } -+ - /* now parse the arguments to this module */ - - while (argc-- > 0) { -@@ -90,7 +91,8 @@ - - for (j = 0; j < UNIX_CTRLS_; ++j) { - if (unix_args[j].token -- && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) { -+ && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) -+ { - break; - } - } -Index: pam.deb/modules/pam_unix/support.h -=================================================================== ---- pam.deb.orig/modules/pam_unix/support.h -+++ pam.deb/modules/pam_unix/support.h +--- pam-debian.orig/modules/pam_unix/support.h 2011-10-10 16:22:05.742699130 -0700 ++++ pam-debian/modules/pam_unix/support.h 2011-10-10 16:24:49.656776455 -0700 @@ -90,8 +90,9 @@ password hash algorithms */ #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ @@ -134,10 +112,10 @@ Index: pam.deb/modules/pam_unix/support.h }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -Index: pam.deb/modules/pam_unix/pam_unix.8.xml +Index: pam-debian/modules/pam_unix/pam_unix.8.xml =================================================================== ---- pam.deb.orig/modules/pam_unix/pam_unix.8.xml -+++ pam.deb/modules/pam_unix/pam_unix.8.xml +--- pam-debian.orig/modules/pam_unix/pam_unix.8.xml 2011-10-10 16:22:05.822700144 -0700 ++++ pam-debian/modules/pam_unix/pam_unix.8.xml 2011-10-10 16:24:49.656776455 -0700 @@ -333,8 +333,81 @@ @@ -222,10 +200,10 @@ Index: pam.deb/modules/pam_unix/pam_unix.8.xml -Index: pam.deb/modules/pam_unix/obscure.c +Index: pam-debian/modules/pam_unix/obscure.c =================================================================== ---- /dev/null -+++ pam.deb/modules/pam_unix/obscure.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ pam-debian/modules/pam_unix/obscure.c 2011-10-10 16:24:49.656776455 -0700 @@ -0,0 +1,198 @@ +/* + * Copyright 1989 - 1994, Julianne Frances Haugh @@ -425,10 +403,10 @@ Index: pam.deb/modules/pam_unix/obscure.c + + return msg; +} -Index: pam.deb/modules/pam_unix/Makefile.am +Index: pam-debian/modules/pam_unix/Makefile.am =================================================================== ---- pam.deb.orig/modules/pam_unix/Makefile.am -+++ pam.deb/modules/pam_unix/Makefile.am +--- pam-debian.orig/modules/pam_unix/Makefile.am 2011-10-10 16:22:05.754699282 -0700 ++++ pam-debian/modules/pam_unix/Makefile.am 2011-10-10 16:24:49.656776455 -0700 @@ -41,7 +41,7 @@ pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ @@ -438,10 +416,10 @@ Index: pam.deb/modules/pam_unix/Makefile.am bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c bigcrypt_CFLAGS = $(AM_CFLAGS) -Index: pam.deb/modules/pam_unix/pam_unix.8 +Index: pam-debian/modules/pam_unix/pam_unix.8 =================================================================== ---- pam.deb.orig/modules/pam_unix/pam_unix.8 -+++ pam.deb/modules/pam_unix/pam_unix.8 +--- pam-debian.orig/modules/pam_unix/pam_unix.8 2011-10-10 16:22:05.802699891 -0700 ++++ pam-debian/modules/pam_unix/pam_unix.8 2011-10-10 16:24:49.656776455 -0700 @@ -1,161 +1,22 @@ +'\" t .\" Title: pam_unix diff --git a/debian/patches-applied/055_pam_unix_nullok_secure b/debian/patches-applied/055_pam_unix_nullok_secure index 5e694e12..c30b2cf6 100644 --- a/debian/patches-applied/055_pam_unix_nullok_secure +++ b/debian/patches-applied/055_pam_unix_nullok_secure @@ -7,11 +7,11 @@ Authors: Sam Hartman , Upstream status: not yet submitted -Index: pam.deb/modules/pam_unix/support.c +Index: pam-debian/modules/pam_unix/support.c =================================================================== ---- pam.deb.orig/modules/pam_unix/support.c -+++ pam.deb/modules/pam_unix/support.c -@@ -85,15 +85,22 @@ +--- pam-debian.orig/modules/pam_unix/support.c 2011-10-10 16:25:36.000000000 -0700 ++++ pam-debian/modules/pam_unix/support.c 2011-10-10 17:51:23.078413270 -0700 +@@ -84,14 +84,22 @@ /* now parse the arguments to this module */ while (argc-- > 0) { @@ -22,8 +22,7 @@ Index: pam.deb/modules/pam_unix/support.c for (j = 0; j < UNIX_CTRLS_; ++j) { - if (unix_args[j].token -- && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) -- { +- && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) { - break; + if (unix_args[j].token) { + sl = strlen(unix_args[j].token); @@ -39,7 +38,7 @@ Index: pam.deb/modules/pam_unix/support.c } } -@@ -452,6 +459,7 @@ +@@ -448,6 +456,7 @@ child = fork(); if (child == 0) { int i=0; @@ -47,7 +46,7 @@ Index: pam.deb/modules/pam_unix/support.c struct rlimit rlim; static char *envp[] = { NULL }; char *args[] = { NULL, NULL, NULL, NULL }; -@@ -479,7 +487,18 @@ +@@ -475,7 +484,18 @@ /* exec binary helper */ args[0] = strdup(CHKPWD_HELPER); args[1] = x_strdup(user); @@ -67,7 +66,7 @@ Index: pam.deb/modules/pam_unix/support.c args[2]=strdup("nullok"); } else { args[2]=strdup("nonull"); -@@ -560,6 +579,17 @@ +@@ -556,6 +576,17 @@ if (on(UNIX__NONULL, ctrl)) return 0; /* will fail but don't let on yet */ @@ -85,7 +84,7 @@ Index: pam.deb/modules/pam_unix/support.c /* UNIX passwords area */ retval = get_pwd_hash(pamh, name, &pwd, &salt); -@@ -646,7 +676,8 @@ +@@ -642,7 +673,8 @@ } } } else { @@ -95,10 +94,10 @@ Index: pam.deb/modules/pam_unix/support.c } if (retval == PAM_SUCCESS) { -Index: pam.deb/modules/pam_unix/support.h +Index: pam-debian/modules/pam_unix/support.h =================================================================== ---- pam.deb.orig/modules/pam_unix/support.h -+++ pam.deb/modules/pam_unix/support.h +--- pam-debian.orig/modules/pam_unix/support.h 2011-10-10 16:24:49.000000000 -0700 ++++ pam-debian/modules/pam_unix/support.h 2011-10-10 17:51:23.078413270 -0700 @@ -91,8 +91,9 @@ #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ #define UNIX_MIN_PASS_LEN 27 /* min length for password */ @@ -137,10 +136,10 @@ Index: pam.deb/modules/pam_unix/support.h extern int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user, int *daysleft); #endif /* _PAM_UNIX_SUPPORT_H */ -Index: pam.deb/modules/pam_unix/Makefile.am +Index: pam-debian/modules/pam_unix/Makefile.am =================================================================== ---- pam.deb.orig/modules/pam_unix/Makefile.am -+++ pam.deb/modules/pam_unix/Makefile.am +--- pam-debian.orig/modules/pam_unix/Makefile.am 2011-10-10 16:24:49.000000000 -0700 ++++ pam-debian/modules/pam_unix/Makefile.am 2011-10-10 17:51:23.078413270 -0700 @@ -29,7 +29,8 @@ pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif @@ -151,10 +150,10 @@ Index: pam.deb/modules/pam_unix/Makefile.am securelib_LTLIBRARIES = pam_unix.la -Index: pam.deb/modules/pam_unix/README +Index: pam-debian/modules/pam_unix/README =================================================================== ---- pam.deb.orig/modules/pam_unix/README -+++ pam.deb/modules/pam_unix/README +--- pam-debian.orig/modules/pam_unix/README 2011-10-10 16:21:55.000000000 -0700 ++++ pam-debian/modules/pam_unix/README 2011-10-10 17:51:23.078413270 -0700 @@ -57,7 +57,16 @@ The default action of this module is to not permit the user access to a @@ -173,10 +172,10 @@ Index: pam.deb/modules/pam_unix/README try_first_pass -Index: pam.deb/modules/pam_unix/pam_unix.8 +Index: pam-debian/modules/pam_unix/pam_unix.8 =================================================================== ---- pam.deb.orig/modules/pam_unix/pam_unix.8 -+++ pam.deb/modules/pam_unix/pam_unix.8 +--- pam-debian.orig/modules/pam_unix/pam_unix.8 2011-10-10 16:24:49.000000000 -0700 ++++ pam-debian/modules/pam_unix/pam_unix.8 2011-10-10 17:51:23.078413270 -0700 @@ -79,7 +79,14 @@ .RS 4 The default action of this module is to not permit the user access to a service if their official password is blank\&. The @@ -193,10 +192,10 @@ Index: pam.deb/modules/pam_unix/pam_unix.8 .RE .PP \fBtry_first_pass\fR -Index: pam.deb/modules/pam_unix/pam_unix.8.xml +Index: pam-debian/modules/pam_unix/pam_unix.8.xml =================================================================== ---- pam.deb.orig/modules/pam_unix/pam_unix.8.xml -+++ pam.deb/modules/pam_unix/pam_unix.8.xml +--- pam-debian.orig/modules/pam_unix/pam_unix.8.xml 2011-10-10 16:24:49.000000000 -0700 ++++ pam-debian/modules/pam_unix/pam_unix.8.xml 2011-10-10 17:51:23.078413270 -0700 @@ -135,7 +135,24 @@ The default action of this module is to not permit the -- cgit v1.2.3