From 7cde3ca9e7c5de666cc607e737f984a52f94e021 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Sat, 15 Feb 2020 02:42:28 +0000 Subject: Sat Feb 15 02:42:28 UTC 2020 a/kernel-generic-5.4.20-x86_64-1.txz: Upgraded. a/kernel-huge-5.4.20-x86_64-1.txz: Upgraded. a/kernel-modules-5.4.20-x86_64-1.txz: Upgraded. a/shadow-4.8.1-x86_64-3.txz: Rebuilt. a/util-linux-2.35.1-x86_64-3.txz: Rebuilt. d/kernel-headers-5.4.20-x86-1.txz: Upgraded. k/kernel-source-5.4.20-noarch-1.txz: Upgraded. l/ConsoleKit2-1.2.1-x86_64-2.txz: Rebuilt. l/dconf-editor-3.34.4-x86_64-1.txz: Upgraded. l/libxkbcommon-0.10.0-x86_64-1.txz: Added. l/openal-soft-1.19.1-x86_64-1.txz: Added. l/qt5-5.13.2-x86_64-1.txz: Added. Thanks to alienBOB. n/openssh-8.2p1-x86_64-1.txz: Upgraded. Potentially incompatible changes: * ssh(1), sshd(8): the removal of "ssh-rsa" from the accepted CASignatureAlgorithms list. * ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1 from the default key exchange proposal for both the client and server. * ssh-keygen(1): the command-line options related to the generation and screening of safe prime numbers used by the diffie-hellman-group-exchange-* key exchange algorithms have changed. Most options have been folded under the -O flag. * sshd(8): the sshd listener process title visible to ps(1) has changed to include information about the number of connections that are currently attempting authentication and the limits configured by MaxStartups. x/mesa-19.3.4-x86_64-2.txz: Rebuilt. Reverted "[PATCH] swr: Fix GCC 4.9 checks." which makes X fail to start with an illegal instruction on some hardware. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-2_pam.txz: Rebuilt. Rebuilt with --disable-libcgmanager to fix setting limits on PAM. Thanks to gattocarlo. testing/packages/PAM/openssh-8.2p1-x86_64-1_pam.txz: Upgraded. testing/packages/PAM/shadow-4.8.1-x86_64-3_pam.txz: Rebuilt. Moved some of the /etc/pam.d/ file to the util-linux package where they more properly belong. testing/packages/PAM/util-linux-2.35.1-x86_64-3_pam.txz: Rebuilt. Added some /etc/pam.d/ files previously in the shadow package. Changed /etc/pam.d/{chfn,chsh} and made chfn/chsh setuid root to fix them. Added /etc/pam.d/{runuser,runuser-l}. usb-and-pxe-installers/usbboot.img: Rebuilt. --- source/a/util-linux/pam.d/chfn | 6 ++++++ source/a/util-linux/pam.d/chsh | 6 ++++++ source/a/util-linux/pam.d/login | 11 +++++++++++ source/a/util-linux/pam.d/runuser | 5 +++++ source/a/util-linux/pam.d/runuser-l | 4 ++++ source/a/util-linux/pam.d/su | 11 +++++++++++ source/a/util-linux/pam.d/su-l | 6 ++++++ 7 files changed, 49 insertions(+) create mode 100644 source/a/util-linux/pam.d/chfn create mode 100644 source/a/util-linux/pam.d/chsh create mode 100644 source/a/util-linux/pam.d/login create mode 100644 source/a/util-linux/pam.d/runuser create mode 100644 source/a/util-linux/pam.d/runuser-l create mode 100644 source/a/util-linux/pam.d/su create mode 100644 source/a/util-linux/pam.d/su-l (limited to 'source/a/util-linux/pam.d') diff --git a/source/a/util-linux/pam.d/chfn b/source/a/util-linux/pam.d/chfn new file mode 100644 index 000000000..2dbc0aafd --- /dev/null +++ b/source/a/util-linux/pam.d/chfn @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth include system-auth +account include system-auth +password include system-auth +session include system-auth diff --git a/source/a/util-linux/pam.d/chsh b/source/a/util-linux/pam.d/chsh new file mode 100644 index 000000000..2dbc0aafd --- /dev/null +++ b/source/a/util-linux/pam.d/chsh @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth include system-auth +account include system-auth +password include system-auth +session include system-auth diff --git a/source/a/util-linux/pam.d/login b/source/a/util-linux/pam.d/login new file mode 100644 index 000000000..eb3121996 --- /dev/null +++ b/source/a/util-linux/pam.d/login @@ -0,0 +1,11 @@ +#%PAM-1.0 +auth required pam_securetty.so +auth include system-auth +auth include postlogin +account required pam_nologin.so +account include system-auth +password include system-auth +session include system-auth +session include postlogin +session required pam_loginuid.so +session optional pam_ck_connector.so nox11 diff --git a/source/a/util-linux/pam.d/runuser b/source/a/util-linux/pam.d/runuser new file mode 100644 index 000000000..37f0e84e7 --- /dev/null +++ b/source/a/util-linux/pam.d/runuser @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so diff --git a/source/a/util-linux/pam.d/runuser-l b/source/a/util-linux/pam.d/runuser-l new file mode 100644 index 000000000..fa1e4d835 --- /dev/null +++ b/source/a/util-linux/pam.d/runuser-l @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth include runuser +session optional pam_keyinit.so force revoke +session include runuser diff --git a/source/a/util-linux/pam.d/su b/source/a/util-linux/pam.d/su new file mode 100644 index 000000000..c7c814877 --- /dev/null +++ b/source/a/util-linux/pam.d/su @@ -0,0 +1,11 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required pam_wheel.so use_uid +auth include system-auth +account include system-auth +password include system-auth +session include system-auth +session optional pam_xauth.so diff --git a/source/a/util-linux/pam.d/su-l b/source/a/util-linux/pam.d/su-l new file mode 100644 index 000000000..656a139a8 --- /dev/null +++ b/source/a/util-linux/pam.d/su-l @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include su +account include su +password include su +session optional pam_keyinit.so force revoke +session include su -- cgit v1.2.3-65-gdbad