Sat Jun 13 20:40:31 UTC 202020200613204031

a/pam-1.4.0-x86_64-1.txz:  Upgraded.
  IMPORTANT NOTE: This update removes the pam_cracklib and pam_tally2 modules.
  None of our current configuration files in /etc/pam.d/ use either of those,
  but if the configuration files on your machine do you'll need to comment out
  or remove those lines, otherwise you may experience login failures.
a/shadow-4.8.1-x86_64-9.txz:  Rebuilt.
  /etc/pam.d/system-auth: prefix lines that call pam_gnome_keyring.so with '-'
  to avoid spamming the logs about failures.
a/sysvinit-scripts-2.1-noarch-32.txz:  Rebuilt.
  rc.S: create /var/run/faillock directory for pam_faillock(8).
a/util-linux-2.35.2-x86_64-2.txz:  Rebuilt.
  /etc/pam.d/login: change the example for locking an account for too many
  failed login attempts to use pam_faillock instead of pam_tally2.
l/imagemagick-7.0.10_19-x86_64-1.txz:  Upgraded.
l/libzip-1.7.1-x86_64-1.txz:  Upgraded.
n/openssh-8.3p1-x86_64-2.txz:  Rebuilt.
  /etc/pam.d/sshd: change the example for locking an account for too many
  failed login attempts to use pam_faillock instead of pam_tally2.

2 files changed, 0 insertions, 46 deletions

diff --git a/source/a/pam/patches/pam.pam_tally2.no.fsync.patch b/source/a/pam/patches/pam.pam_tally2.no.fsync.patch
deleted file mode 100644
index 15b40115d..000000000
--- a/source/a/pam/patches/pam.pam_tally2.no.fsync.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From b136bff25e93be6f11de74aca03569022364b973 Mon Sep 17 00:00:00 2001
-From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
-Date: Mon, 25 Feb 2019 20:50:48 +0100
-Subject: [PATCH] pam_tally2: Remove unnecessary fsync()
-
-pam_tally2 does fsync() after writing to a tally file.
-This causes hard drive cache flushes on every failed SSH login on many
-(if not most) filesystems.
-And an internet-exposed machine can have a lot of these failed logins.
-
-This operation however doesn't seem to be necessary - the pam_tally2
-module does not do any operation which would need explicit post-crash
-ordering, it just does simple file reads and writes.
-And doing a fsync() after them doesn't close any race if the system happens
-to crash between a write being posted and its fsync() completion.
-
-Let's remove this operation to get rid of all these extra cache flushes.
----
- modules/pam_tally2/pam_tally2.c | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c
-index 984edf6a..ce7f5aee 100644
---- a/modules/pam_tally2/pam_tally2.c
-+++ b/modules/pam_tally2/pam_tally2.c
-@@ -484,10 +484,6 @@ set_tally(pam_handle_t *pamh, uid_t uid,
-         }
-     }
- 
--    if (fsync(*tfile)) {
--      pam_syslog(pamh, LOG_ALERT, "update (fsync) failed for %s: %m", filename);
--      return PAM_AUTH_ERR;
--    }
-     return PAM_SUCCESS;
- }
diff --git a/source/a/pam/patches/pam.pam_tally2.slackware.diff b/source/a/pam/patches/pam.pam_tally2.slackware.diff
deleted file mode 100644
index 8ab853210..000000000
--- a/source/a/pam/patches/pam.pam_tally2.slackware.diff
+++ /dev/null
@@ -1,11 +0,0 @@
---- ./modules/Makefile.am.orig	2019-07-16 13:18:28.619322386 -0500
-+++ ./modules/Makefile.am	2019-07-16 13:45:49.260371056 -0500
-@@ -10,7 +10,7 @@
- 	pam_mkhomedir pam_motd pam_namespace pam_nologin \
- 	pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
- 	pam_selinux pam_sepermit pam_shells pam_stress \
--	pam_succeed_if pam_time pam_timestamp \
-+	pam_succeed_if pam_tally2 pam_time pam_timestamp \
- 	pam_tty_audit pam_umask \
- 	pam_unix pam_userdb pam_warn pam_wheel pam_xauth
-