upg btrfs-origs oan
This commit is contained in:
parent
b81cb4bbb4
commit
8230d5b75e
6 changed files with 145 additions and 12 deletions
|
@ -6,7 +6,7 @@
|
|||
#-----------------------------------------| DESCRIPTION |---------------------------------------
|
||||
|
||||
pkgname=btrfs-progs
|
||||
pkgver=6.7
|
||||
pkgver=6.7.1
|
||||
pkgrel=01
|
||||
pkgdesc='Btrfs filesystem utilities w/o systemd'
|
||||
makedepends=('asciidoc' 'xmlto' 'python' 'python-setuptools' 'e2fsprogs'
|
||||
|
@ -72,10 +72,10 @@ license=('GPL-2.0-only')
|
|||
|
||||
validpgpkeys=('F2B41200C54EFB30380C1756C565D5F9D76D583B')
|
||||
|
||||
sha256sums=(c27f755185b9f2dab31f42e8a303d36bed2a3f3341cc6d75ee68a0a650a24767 # btrfs-progs-v6.7.tar.xz
|
||||
e44a1c6a33f06f38b4199db5c85202a930fd4e1a4e4f89b4cfce4afea0e61c01 # btrfs-progs-v6.7.tar.sign
|
||||
sha256sums=(24dc7b974f0a57ba0eca80f97440b840dfa85b0f1cb2c01bdfd97659a480b200 # btrfs-progs-v6.7.1.tar.xz
|
||||
181ebfef6c8fb7df1015478b5ecec2a33a49437ed1c4e48188eed722648b6ee1 # btrfs-progs-v6.7.1.tar.sign
|
||||
bbe60b35d1b1e2efc1308a8f54f1fdc6808240a81c5f5b4d75321b7ee86e41f4 # initcpio-install-btrfs
|
||||
35efeee8590d6d60c711ae9cdc918e4841ab61d10cb02359e65e36ebff95ffc5) # initcpio-hook-btrfs
|
||||
|
||||
## 548361394d138e6cf48440daa570458c5a018eea77c5a7fa24ed996991cf80d0 btrfs-progs-6.7-01-x86_64.pkg.tar.lz
|
||||
## 2b7c446a389b12c5e059dfff5f25782e39c0bdeb8589f4cc1000dc4b7ff5a1f1 btrfs-progs-6.7.1-01-x86_64.pkg.tar.lz
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
# Contributor: Tobias Powalowski <tpowa@archlinux.org>
|
||||
|
||||
pkgname=btrfs-progs
|
||||
pkgver=6.7
|
||||
pkgver=6.7.1
|
||||
pkgrel=1
|
||||
pkgdesc='Btrfs filesystem utilities'
|
||||
arch=('x86_64')
|
||||
|
@ -28,7 +28,7 @@ source=("https://www.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs/btrfs-
|
|||
install=btrfs-progs.install
|
||||
options=(!staticlibs)
|
||||
sha256sums=('SKIP'
|
||||
'c27f755185b9f2dab31f42e8a303d36bed2a3f3341cc6d75ee68a0a650a24767'
|
||||
'24dc7b974f0a57ba0eca80f97440b840dfa85b0f1cb2c01bdfd97659a480b200'
|
||||
'bbe60b35d1b1e2efc1308a8f54f1fdc6808240a81c5f5b4d75321b7ee86e41f4'
|
||||
'35efeee8590d6d60c711ae9cdc918e4841ab61d10cb02359e65e36ebff95ffc5'
|
||||
'eaa7af92d28bfa8940bb551560fd7be777f9f175292eaa72b5f6ef00fb240252'
|
||||
|
|
27
pam/470b5bdd8fd29d6b35e3a80f9a57bdd4b2438200.patch
Normal file
27
pam/470b5bdd8fd29d6b35e3a80f9a57bdd4b2438200.patch
Normal file
|
@ -0,0 +1,27 @@
|
|||
From 470b5bdd8fd29d6b35e3a80f9a57bdd4b2438200 Mon Sep 17 00:00:00 2001
|
||||
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
Date: Fri, 19 Jan 2024 10:09:00 +0100
|
||||
Subject: [PATCH] pam_unix: do not warn if password aging is disabled
|
||||
|
||||
Later checks will print a warning if daysleft is 0. If password
|
||||
aging is disabled, leave daysleft at -1.
|
||||
|
||||
Resolves: https://github.com/linux-pam/linux-pam/issues/743
|
||||
Fixes: 9ebc14085a3b ("pam_unix: allow disabled password aging")
|
||||
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
---
|
||||
modules/pam_unix/passverify.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
|
||||
index 5c4f862e7..1bc98fa25 100644
|
||||
--- a/modules/pam_unix/passverify.c
|
||||
+++ b/modules/pam_unix/passverify.c
|
||||
@@ -314,7 +314,6 @@ PAMH_ARG_DECL(int check_shadow_expiry,
|
||||
}
|
||||
if (spent->sp_lstchg < 0) {
|
||||
D(("password aging disabled"));
|
||||
- *daysleft = 0;
|
||||
return PAM_SUCCESS;
|
||||
}
|
||||
if (curdays < spent->sp_lstchg) {
|
24
pam/PKGBUILD
24
pam/PKGBUILD
|
@ -7,7 +7,7 @@
|
|||
|
||||
pkgname=pam
|
||||
pkgver=1.6.0
|
||||
pkgrel=03
|
||||
pkgrel=04
|
||||
pkgdesc="PAM (Pluggable Authentication Modules) library - w/o systemd"
|
||||
url="http://linux-pam.org"
|
||||
depends=('glibc' 'libtirpc' 'pambase' 'audit' 'libaudit.so' 'libxcrypt' 'libcrypt.so')
|
||||
|
@ -15,10 +15,24 @@ makedepends=('flex' 'w3m' 'docbook-xml>=4.4' 'docbook-xsl')
|
|||
provides=('libpam.so' 'libpamc.so' 'libpam_misc.so')
|
||||
backup=(etc/security/{access.conf,faillock.conf,group.conf,limits.conf,namespace.conf,namespace.init,pwhistory.conf,pam_env.conf,time.conf} etc/environment)
|
||||
source=(https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver{,-docs}.tar.xz{,.asc}
|
||||
https://github.com/linux-pam/linux-pam/commit/470b5bdd8fd29d6b35e3a80f9a57bdd4b2438200.patch
|
||||
https://github.com/linux-pam/linux-pam/commit/b7b96362087414e52524d3d9d9b3faa21e1db620.patch
|
||||
$pkgname.tmpfiles)
|
||||
|
||||
options=('!emptydirs')
|
||||
|
||||
prepare() {
|
||||
cd Linux-PAM-$pkgver
|
||||
# apply patch from the source array (should be a pacman feature)
|
||||
local src
|
||||
for src in "${source[@]}"; do
|
||||
src="${src%%::*}"
|
||||
src="${src##*/}"
|
||||
[[ $src = *.patch ]] || continue
|
||||
echo "Applying patch $src..."
|
||||
patch -Np1 < "../$src"
|
||||
done
|
||||
}
|
||||
|
||||
build() {
|
||||
cd Linux-PAM-$pkgver
|
||||
# prevent the installation of an unneeded systemd file:
|
||||
|
@ -67,7 +81,7 @@ post_install() {
|
|||
|
||||
arch=(x86_64)
|
||||
|
||||
license=('GPL2')
|
||||
license=('GPL-2.0-only')
|
||||
|
||||
validpgpkeys=(8C6BFD92EE0F42EDF91A6A736D1A7F052E5924BB # Thorsten Kukuk
|
||||
296D6F29A020808E8717A8842DB5BD89A340AEB7) #Dimitry V. Levin <ldv@altlinux.org>
|
||||
|
@ -76,7 +90,9 @@ sha256sums=(fff4a34e5bbee77e2e8f1992f27631e2329bcbf8a0563ddeb5c3389b4e3169ad #
|
|||
de8059f3c5ede8efe8feaa74db64e27f2a8d0b6efb119d6b7b7f9baea78dc57a # Linux-PAM-1.6.0.tar.xz.asc
|
||||
3e82730d3350795c42f3708f6609a92c1df841d518aa17c28fd702fe5ec23a32 # Linux-PAM-1.6.0-docs.tar.xz
|
||||
bc052464739edb68fc170b660253cca7adc596056cb2a60f11262639a3d3e1e9 # Linux-PAM-1.6.0-docs.tar.xz.asc
|
||||
ee7333ad2c8b2a710c73d8a2d202027d0c79d3628fefe58073f2d78ecefa121e # 470b5bdd8fd29d6b35e3a80f9a57bdd4b2438200.patch
|
||||
450760e1989f036acee157f91a3028264f8ce7fb0cbdd65eccf8a0fc0084497c # b7b96362087414e52524d3d9d9b3faa21e1db620.patch
|
||||
5631f224e90c4f0459361c2a5b250112e3a91ba849754bb6f67d69d683a2e5ac) # pam.tmpfiles
|
||||
|
||||
## 8fb425ef6dfe311d95408d4cac67f12389a7a5bc5dd81ba9cab6321818367384 pam-1.6.0-03-x86_64.pkg.tar.lz
|
||||
## 2b41498e68f35858bd73fa7b133bb24a9a6e6aa6b1847d9a1b9b169dae3906c1 pam-1.6.0-04-x86_64.pkg.tar.lz
|
||||
|
||||
|
|
|
@ -4,16 +4,18 @@
|
|||
|
||||
pkgname=pam
|
||||
pkgver=1.6.0
|
||||
pkgrel=3
|
||||
pkgrel=4
|
||||
pkgdesc="PAM (Pluggable Authentication Modules) library"
|
||||
arch=('x86_64')
|
||||
license=('GPL2')
|
||||
license=('GPL-2.0-only')
|
||||
url="http://linux-pam.org"
|
||||
depends=('glibc' 'libtirpc' 'pambase' 'audit' 'libaudit.so' 'libxcrypt' 'libcrypt.so')
|
||||
makedepends=('flex' 'w3m' 'docbook-xml>=4.4' 'docbook-xsl')
|
||||
provides=('libpam.so' 'libpamc.so' 'libpam_misc.so')
|
||||
backup=(etc/security/{access.conf,faillock.conf,group.conf,limits.conf,namespace.conf,namespace.init,pwhistory.conf,pam_env.conf,time.conf} etc/environment)
|
||||
source=(https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver{,-docs}.tar.xz{,.asc}
|
||||
https://github.com/linux-pam/linux-pam/commit/470b5bdd8fd29d6b35e3a80f9a57bdd4b2438200.patch
|
||||
https://github.com/linux-pam/linux-pam/commit/b7b96362087414e52524d3d9d9b3faa21e1db620.patch
|
||||
$pkgname.tmpfiles)
|
||||
validpgpkeys=(
|
||||
'8C6BFD92EE0F42EDF91A6A736D1A7F052E5924BB' # Thorsten Kukuk
|
||||
|
@ -24,10 +26,25 @@ sha256sums=('fff4a34e5bbee77e2e8f1992f27631e2329bcbf8a0563ddeb5c3389b4e3169ad'
|
|||
'SKIP'
|
||||
'3e82730d3350795c42f3708f6609a92c1df841d518aa17c28fd702fe5ec23a32'
|
||||
'SKIP'
|
||||
'ee7333ad2c8b2a710c73d8a2d202027d0c79d3628fefe58073f2d78ecefa121e'
|
||||
'450760e1989f036acee157f91a3028264f8ce7fb0cbdd65eccf8a0fc0084497c'
|
||||
'5631f224e90c4f0459361c2a5b250112e3a91ba849754bb6f67d69d683a2e5ac')
|
||||
|
||||
options=('!emptydirs')
|
||||
|
||||
prepare() {
|
||||
cd Linux-PAM-$pkgver
|
||||
# apply patch from the source array (should be a pacman feature)
|
||||
local src
|
||||
for src in "${source[@]}"; do
|
||||
src="${src%%::*}"
|
||||
src="${src##*/}"
|
||||
[[ $src = *.patch ]] || continue
|
||||
echo "Applying patch $src..."
|
||||
patch -Np1 < "../$src"
|
||||
done
|
||||
}
|
||||
|
||||
build() {
|
||||
cd Linux-PAM-$pkgver
|
||||
./configure \
|
||||
|
|
73
pam/b7b96362087414e52524d3d9d9b3faa21e1db620.patch
Normal file
73
pam/b7b96362087414e52524d3d9d9b3faa21e1db620.patch
Normal file
|
@ -0,0 +1,73 @@
|
|||
From b7b96362087414e52524d3d9d9b3faa21e1db620 Mon Sep 17 00:00:00 2001
|
||||
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
Date: Wed, 24 Jan 2024 18:57:42 +0100
|
||||
Subject: [PATCH] pam_unix: try to set uid to 0 for unix_chkpwd
|
||||
|
||||
The geteuid check does not cover all cases. If a program runs with
|
||||
elevated capabilities like CAP_SETUID then we can still check
|
||||
credentials of other users.
|
||||
|
||||
Keep logging for future analysis though.
|
||||
|
||||
Resolves: https://github.com/linux-pam/linux-pam/issues/747
|
||||
Fixes: b3020da7da38 ("pam_unix/passverify: always run the helper to obtain shadow password file entries")
|
||||
|
||||
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
---
|
||||
modules/pam_unix/pam_unix_acct.c | 17 +++++++++--------
|
||||
modules/pam_unix/support.c | 14 +++++++-------
|
||||
2 files changed, 16 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
|
||||
index 8f5ed3e0d..7ffcb9e3f 100644
|
||||
--- a/modules/pam_unix/pam_unix_acct.c
|
||||
+++ b/modules/pam_unix/pam_unix_acct.c
|
||||
@@ -110,14 +110,15 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned long long ctrl,
|
||||
_exit(PAM_AUTHINFO_UNAVAIL);
|
||||
}
|
||||
|
||||
- if (geteuid() == 0) {
|
||||
- /* must set the real uid to 0 so the helper will not error
|
||||
- out if pam is called from setuid binary (su, sudo...) */
|
||||
- if (setuid(0) == -1) {
|
||||
- pam_syslog(pamh, LOG_ERR, "setuid failed: %m");
|
||||
- printf("-1\n");
|
||||
- fflush(stdout);
|
||||
- _exit(PAM_AUTHINFO_UNAVAIL);
|
||||
+ /* must set the real uid to 0 so the helper will not error
|
||||
+ out if pam is called from setuid binary (su, sudo...) */
|
||||
+ if (setuid(0) == -1) {
|
||||
+ uid_t euid = geteuid();
|
||||
+ pam_syslog(pamh, euid == 0 ? LOG_ERR : LOG_DEBUG, "setuid failed: %m");
|
||||
+ if (euid == 0) {
|
||||
+ printf("-1\n");
|
||||
+ fflush(stdout);
|
||||
+ _exit(PAM_AUTHINFO_UNAVAIL);
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
|
||||
index d391973f9..69811048e 100644
|
||||
--- a/modules/pam_unix/support.c
|
||||
+++ b/modules/pam_unix/support.c
|
||||
@@ -562,13 +562,13 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
|
||||
_exit(PAM_AUTHINFO_UNAVAIL);
|
||||
}
|
||||
|
||||
- if (geteuid() == 0) {
|
||||
- /* must set the real uid to 0 so the helper will not error
|
||||
- out if pam is called from setuid binary (su, sudo...) */
|
||||
- if (setuid(0) == -1) {
|
||||
- D(("setuid failed"));
|
||||
- _exit(PAM_AUTHINFO_UNAVAIL);
|
||||
- }
|
||||
+ /* must set the real uid to 0 so the helper will not error
|
||||
+ out if pam is called from setuid binary (su, sudo...) */
|
||||
+ if (setuid(0) == -1) {
|
||||
+ D(("setuid failed"));
|
||||
+ if (geteuid() == 0) {
|
||||
+ _exit(PAM_AUTHINFO_UNAVAIL);
|
||||
+ }
|
||||
}
|
||||
|
||||
/* exec binary helper */
|
Loading…
Reference in a new issue