openembedded-core.git/meta/recipes-extended/pam/libpam, branch master Mirror of openembedded-core libpam: update to 1.3.0 2016-05-30T08:30:31+00:00 Maxin B. John maxin.john@intel.com 2016-05-25T14:07:39+00:00 ac512ff9fbe41428e3d71d3e943aaa871d8b155a 1.2.1 -> 1.3.0 Remove upstreamed patch: a) pam-no-innetgr.patch Refreshed the following patches for 1.3.0: a) crypt_configure.patch b) pam-unix-nullok-secure.patch Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
1.2.1 -> 1.3.0

Remove upstreamed patch:
        a) pam-no-innetgr.patch

Refreshed the following patches for 1.3.0:
        a) crypt_configure.patch
        b) pam-unix-nullok-secure.patch

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libpam: Fix build with musl 2015-12-12T23:31:45+00:00 Khem Raj raj.khem@gmail.com 2015-11-19T01:04:49+00:00 24097d8bb481ed1312c45b2e93527a271f56e4be Define strndupa if not available in libc additionally fix headers to explicitly needed include files which glibc was including indirectly Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Define strndupa if not available in libc additionally fix headers
to explicitly needed include files which glibc was including indirectly

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libpam: Fix build with uclibc 2015-10-24T11:17:28+00:00 Khem Raj raj.khem@gmail.com 2015-10-16T07:45:54+00:00 e4c8a15d36d05d2b17b1dcf1d4238616c5b814f5 libpam needs to adjust for posix utmpx uclibc now disables utmp Change-Id: Ibcb7cb621527f318eb8b6e2741647ccb4c6bb39c Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
libpam needs to adjust for posix utmpx
uclibc now disables utmp

Change-Id: Ibcb7cb621527f318eb8b6e2741647ccb4c6bb39c
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libpam: Fix patch broken during upgrade 2015-08-09T22:14:17+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2015-08-09T22:10:08+00:00 588e19058f631a1cc78002e1969a5459cd626afb "0x200" became "0200" during the upgrade to libpam 1.2.1 in: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=88dd997d9941b63ae9eead6690ecf2b785c0740c and this broke the IMAGE_FEATURES like debug-tweaks. I've converted all the values to octal here to match the original header file convention and make it clearer. [YOCTO #8033] Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
"0x200" became "0200" during the upgrade to libpam 1.2.1 in:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=88dd997d9941b63ae9eead6690ecf2b785c0740c
and this broke the IMAGE_FEATURES like debug-tweaks.

I've converted all the values to octal here to match the original
header file convention and make it clearer.

[YOCTO #8033]

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libpam: Upgrade v1.1.6 -> v1.2.1 2015-07-20T09:39:01+00:00 Amarnath Valluri amarnath.valluri@intel.com 2015-07-17T08:53:24+00:00 8683206f7ba85f693751415f896a0cc62931e3c4 Dropped upstreamed patches(commit-id): - add-checks-for-crypt-returning-NULL.patch(8dc056c) - destdirfix.patch(d7e6b92) - libpam-fix-for-CVE-2010-4708.patch(4c430f6) Dropped backported patches(commit-id): - pam_timestamp-fix-potential-directory-traversal-issu.patch(9dcead8) - reflect-the-enforce_for_root-semantics-change-in-pam.patch(bd07ad3) Forward ported patches: - pam-unix-nullok-secure.patch - crypt_configure.patch Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Dropped upstreamed patches(commit-id):
- add-checks-for-crypt-returning-NULL.patch(8dc056c)
- destdirfix.patch(d7e6b92)
- libpam-fix-for-CVE-2010-4708.patch(4c430f6)

Dropped backported patches(commit-id):
- pam_timestamp-fix-potential-directory-traversal-issu.patch(9dcead8)
- reflect-the-enforce_for_root-semantics-change-in-pam.patch(bd07ad3)

Forward ported patches:
- pam-unix-nullok-secure.patch
- crypt_configure.patch

Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libpam: Fix wrong crypt library detection 2015-06-08T16:30:51+00:00 Khem Raj raj.khem@gmail.com 2015-06-03T16:42:01+00:00 6ec229d8dec6a5978ebf6b264c332590c8be0b3a Surfaced when building with musl This details are in patch headers Enabel innetgr.patch for musl as well Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Surfaced when building with musl This details are in patch headers
Enabel innetgr.patch for musl as well

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libpam / xtests: remove bash dependency 2014-09-29T11:11:48+00:00 Wenzong Fan wenzong.fan@windriver.com 2014-09-16T03:10:57+00:00 1917bf7aa74aa1b86756c73c56537db2591115e5 There's not bash specific syntax in the xtests scripts: $ cd Linux-PAM-1.1.6/xtests # replace /bin/bash to /bin/sh and check the bashisms: $ checkbashisms *.sh No output So the runtime dependency to bash could be removed. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
There's not bash specific syntax in the xtests scripts:

  $ cd Linux-PAM-1.1.6/xtests
  # replace /bin/bash to /bin/sh and check the bashisms:
  $ checkbashisms *.sh
  No output

So the runtime dependency to bash could be removed.

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libpam: Security Advisory - CVE-2014-2583 2014-06-17T09:23:45+00:00 Yue Tao Yue.Tao@windriver.com 2014-06-17T08:23:59+00:00 69255c84ebd99629da8174e1e73fd8c715e49b52 v2 changes: * update format for commit log * add Upstream-Status for patch Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2583 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
v2 changes:
* update format for commit log
* add Upstream-Status for patch

Multiple directory traversal vulnerabilities in pam_timestamp.c in the
pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to
create aribitrary files or possibly bypass authentication via a .. (dot
dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY
value to the check_tty funtion, which is used by the
format_timestamp_name function.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2583

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libpam: only use pam_systemd.so if systemd is enabled 2013-09-20T11:17:13+00:00 Ross Burton ross.burton@intel.com 2013-09-19T15:03:21+00:00 3ccb0855a7a6b147e5025855c6376747ba72986a So that sysvinit images don't warn on every login only add it to common-session if systemd is a DISTRO_FEATURE. [ YOCTO #3805 ] Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
So that sysvinit images don't warn on every login only add it to common-session
if systemd is a DISTRO_FEATURE.

[ YOCTO #3805 ]

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libpam: deny all services for the OTHER entries 2013-07-31T05:56:27+00:00 Ming Liu ming.liu@windriver.com 2013-07-26T09:51:02+00:00 4ca0af699b5b4b3cf95b3e76482651949fd922ac To be secure, change behavior of the OTHER entries to warn and deny access to everything by stating pam_deny.so on all services. Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> 
To be secure, change behavior of the OTHER entries to warn and deny
access to everything by stating pam_deny.so on all services.

Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>