aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2024-03-27 17:09:11 +0100
committerNatanael Copa <ncopa@alpinelinux.org>2024-03-28 13:24:26 +0000
commitab2b90f360975d784d2d706cf5a40d3c1a9c2276 (patch)
tree4d111cd3d971802630bbac7367f956efed564755
parentaf5650ccc6c064800754e70da76f6634f8033220 (diff)
main/linux-pam: security upgrade to 1.6.0HEADmaster
-rw-r--r--main/linux-pam/APKBUILD17
-rw-r--r--main/linux-pam/no-examples.patch24
-rw-r--r--main/linux-pam/pam_namespace.patch39
3 files changed, 49 insertions, 31 deletions
diff --git a/main/linux-pam/APKBUILD b/main/linux-pam/APKBUILD
index ef2c5f348cc..7b8209a277b 100644
--- a/main/linux-pam/APKBUILD
+++ b/main/linux-pam/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=linux-pam
-pkgver=1.5.3
-pkgrel=8
+pkgver=1.6.0
+pkgrel=0
pkgdesc="Linux PAM (Pluggable Authentication Modules for Linux)"
url="https://www.kernel.org/pub/linux/libs/pam"
arch="all"
@@ -24,7 +24,7 @@ subpackages="$pkgname-dev $pkgname-manual::noarch $pkgname-doc"
source="
https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver.tar.xz
https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver-docs.tar.xz
- no-examples.patch
+ pam_namespace.patch
base-auth.pamd
base-account.pamd
@@ -38,6 +38,8 @@ source="
builddir="$srcdir"/Linux-PAM-$pkgver
# secfixes:
+# 1.6.0-r0:
+# - CVE-2024-22365
# 1.5.1-r0:
# - CVE-2020-27780
@@ -54,7 +56,8 @@ build() {
--infodir=/usr/share/info \
--localstatedir=/var \
--disable-nls \
- --disable-db
+ --disable-db \
+ --disable-examples
make
}
@@ -91,9 +94,9 @@ manual() {
}
sha512sums="
-af88e8c1b6a9b737ffaffff7dd9ed8eec996d1fbb5804fb76f590bed66d8a1c2c6024a534d7a7b6d18496b300f3d6571a08874cf406cd2e8cea1d5eff49c136a Linux-PAM-1.5.3.tar.xz
-a9082823da88e0054d74e13aef872519ced5fbef25c8cc1a7e3a99160f835aa09c9ef701b6ec507acd3b540da0019288424bb4c8ebd828181ea90450db1494a9 Linux-PAM-1.5.3-docs.tar.xz
-9407f38d0dc0f24eb3e1c74ecc3ac78ddbe9f9882a4738fa82bfb387be30f5bff5599b11cb2d70705a299587697d967ddf57923b9bd0270d05f71cc5140f8d62 no-examples.patch
+7af07edb71a79275ad7f7f3bd82a4619b12a23a10f5fb2e5d810c6aadb718fd739ed17ca336c3420945d48d326e91874d8e45cfc5a4bf01a0cc5f9663bd2a0ad Linux-PAM-1.6.0.tar.xz
+e21d939c71edfccfce5378fce0b317b7deadffa21a84b11164baa10bdf129354f01291d15df2e0a2db5e21b47578be8ddca477cb95f735b3cc10d32972df46de Linux-PAM-1.6.0-docs.tar.xz
+e9593ffb9bc29368c8e12fef770562bffd84001053bee5c4b0b859d4b39c675a13c1f9b689c619b78f61eee23a152e5a64ece4cca81d4306049a9108167cc708 pam_namespace.patch
988e4ba32fe6b7adeb4898c784eb40d6f88f3fca78ead82b61686f0e1597f306abb3ee338aa2e4cf2db0191b8c1a7e319332e7f6d6aed3ab381f71c0a3355de9 base-auth.pamd
5d3e960ead44dcb2b3f732825482eefab9a9ffa4d4d5fc1d30cbf2fe8c5c896f1114a0ad3a6c606fa9fbf5c43400388f4ee8d7fca8110721eabfc9691004756b base-account.pamd
b3a900d6067ba04faa8016d9408da75917e8c0502020a4048bba1de2ca54c705c4d5f8307e759080fd5a9d5f3522f52a708803f1f01627eac56d9d7c6d363d13 base-password.pamd
diff --git a/main/linux-pam/no-examples.patch b/main/linux-pam/no-examples.patch
deleted file mode 100644
index e40ca6cd967..00000000000
--- a/main/linux-pam/no-examples.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-these don't build and aren't installed
---
-diff --git a/Makefile.in b/Makefile.in
-index f7e2c44..f98b2a2 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -176,7 +176,7 @@ ETAGS = etags
- CTAGS = ctags
- CSCOPE = cscope
- DIST_SUBDIRS = libpam tests libpamc libpam_misc modules po conf \
-- examples xtests doc
-+ xtests doc
- am__DIST_COMMON = $(srcdir)/Make.xml.rules.in $(srcdir)/Makefile.in \
- $(srcdir)/config.h.in $(top_srcdir)/build-aux/compile \
- $(top_srcdir)/build-aux/config.guess \
-@@ -426,7 +426,7 @@ top_build_prefix = @top_build_prefix@
- top_builddir = @top_builddir@
- top_srcdir = @top_srcdir@
- AUTOMAKE_OPTIONS = 1.9 gnu dist-xz no-dist-gzip check-news
--SUBDIRS = libpam tests libpamc libpam_misc modules po conf examples \
-+SUBDIRS = libpam tests libpamc libpam_misc modules po conf \
- xtests $(am__append_1)
- CLEANFILES = *~
- EXTRA_DIST = pgp.keys.asc CHANGELOG ChangeLog-CVS Copyright
diff --git a/main/linux-pam/pam_namespace.patch b/main/linux-pam/pam_namespace.patch
new file mode 100644
index 00000000000..a0fad12b024
--- /dev/null
+++ b/main/linux-pam/pam_namespace.patch
@@ -0,0 +1,39 @@
+From cc9d40b7cdbd3e15ccaa324a0dda1680ef9dea13 Mon Sep 17 00:00:00 2001
+From: Jacob Heider <jacob@pkgx.dev>
+Date: Wed, 17 Jan 2024 11:49:26 -0500
+Subject: [PATCH] pam_namespace: include stdint.h
+
+pam_namespace.c makes use of SIZE_MAX but doesn't include stdint.h,
+resulting in the following build failures on 1.6.0:
+
+ pam_namespace.c: In function 'process_line':
+ pam_namespace.c:649:41: error: 'SIZE_MAX' undeclared (first use in this function)
+ 649 | if (count > UINT_MAX || count > SIZE_MAX / sizeof(uid_t)) {
+ | ^~~~~~~~
+ pam_namespace.c:41:1: note: 'SIZE_MAX' is defined in header '<stdint.h>'; did you forget to '#include <stdint.h>'?
+ 40 | #include "argv_parse.h"
+ +++ |+#include <stdint.h>
+ 41 |
+ pam_namespace.c:649:41: note: each undeclared identifier is reported only once for each function it appears in
+ 649 | if (count > UINT_MAX || count > SIZE_MAX / sizeof(uid_t)) {
+ | ^~~~~~~~
+
+Fixes: v1.6.0~100 ("pam_namespace: validate amount of uids in config")
+Resolves: https://github.com/linux-pam/linux-pam/issues/733
+---
+ modules/pam_namespace/pam_namespace.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
+index f72d67189..b16731c22 100644
+--- a/modules/pam_namespace/pam_namespace.c
++++ b/modules/pam_namespace/pam_namespace.c
+@@ -34,6 +34,8 @@
+
+ #define _ATFILE_SOURCE
+
++#include "config.h"
++#include <stdint.h>
+ #include "pam_cc_compat.h"
+ #include "pam_inline.h"
+ #include "pam_namespace.h"