From 7cde3ca9e7c5de666cc607e737f984a52f94e021 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Sat, 15 Feb 2020 02:42:28 +0000 Subject: Sat Feb 15 02:42:28 UTC 2020 a/kernel-generic-5.4.20-x86_64-1.txz: Upgraded. a/kernel-huge-5.4.20-x86_64-1.txz: Upgraded. a/kernel-modules-5.4.20-x86_64-1.txz: Upgraded. a/shadow-4.8.1-x86_64-3.txz: Rebuilt. a/util-linux-2.35.1-x86_64-3.txz: Rebuilt. d/kernel-headers-5.4.20-x86-1.txz: Upgraded. k/kernel-source-5.4.20-noarch-1.txz: Upgraded. l/ConsoleKit2-1.2.1-x86_64-2.txz: Rebuilt. l/dconf-editor-3.34.4-x86_64-1.txz: Upgraded. l/libxkbcommon-0.10.0-x86_64-1.txz: Added. l/openal-soft-1.19.1-x86_64-1.txz: Added. l/qt5-5.13.2-x86_64-1.txz: Added. Thanks to alienBOB. n/openssh-8.2p1-x86_64-1.txz: Upgraded. Potentially incompatible changes: * ssh(1), sshd(8): the removal of "ssh-rsa" from the accepted CASignatureAlgorithms list. * ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1 from the default key exchange proposal for both the client and server. * ssh-keygen(1): the command-line options related to the generation and screening of safe prime numbers used by the diffie-hellman-group-exchange-* key exchange algorithms have changed. Most options have been folded under the -O flag. * sshd(8): the sshd listener process title visible to ps(1) has changed to include information about the number of connections that are currently attempting authentication and the limits configured by MaxStartups. x/mesa-19.3.4-x86_64-2.txz: Rebuilt. Reverted "[PATCH] swr: Fix GCC 4.9 checks." which makes X fail to start with an illegal instruction on some hardware. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-2_pam.txz: Rebuilt. Rebuilt with --disable-libcgmanager to fix setting limits on PAM. Thanks to gattocarlo. testing/packages/PAM/openssh-8.2p1-x86_64-1_pam.txz: Upgraded. testing/packages/PAM/shadow-4.8.1-x86_64-3_pam.txz: Rebuilt. Moved some of the /etc/pam.d/ file to the util-linux package where they more properly belong. testing/packages/PAM/util-linux-2.35.1-x86_64-3_pam.txz: Rebuilt. Added some /etc/pam.d/ files previously in the shadow package. Changed /etc/pam.d/{chfn,chsh} and made chfn/chsh setuid root to fix them. Added /etc/pam.d/{runuser,runuser-l}. usb-and-pxe-installers/usbboot.img: Rebuilt. --- source/a/util-linux/doinst.sh | 6 ++++++ source/a/util-linux/pam.d/chfn | 6 ++++++ source/a/util-linux/pam.d/chsh | 6 ++++++ source/a/util-linux/pam.d/login | 11 +++++++++++ source/a/util-linux/pam.d/runuser | 5 +++++ source/a/util-linux/pam.d/runuser-l | 4 ++++ source/a/util-linux/pam.d/su | 11 +++++++++++ source/a/util-linux/pam.d/su-l | 6 ++++++ source/a/util-linux/util-linux.SlackBuild | 21 ++++++++++++++++++++- 9 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 source/a/util-linux/pam.d/chfn create mode 100644 source/a/util-linux/pam.d/chsh create mode 100644 source/a/util-linux/pam.d/login create mode 100644 source/a/util-linux/pam.d/runuser create mode 100644 source/a/util-linux/pam.d/runuser-l create mode 100644 source/a/util-linux/pam.d/su create mode 100644 source/a/util-linux/pam.d/su-l (limited to 'source/a/util-linux') diff --git a/source/a/util-linux/doinst.sh b/source/a/util-linux/doinst.sh index da24e7435..8277c0e65 100644 --- a/source/a/util-linux/doinst.sh +++ b/source/a/util-linux/doinst.sh @@ -22,6 +22,12 @@ config etc/rc.d/rc.serial.new config etc/rc.d/rc.setterm.new config etc/serial.conf.new +for configfile in chfn.new chsh.new login.new runuser.new runuser-l.new su.new su-l.new ; do + if [ -r etc/pam.d/$configfile ]; then + config etc/pam.d/$configfile + fi +done + if [ -r etc/default/su.new ]; then config etc/default/su.new fi diff --git a/source/a/util-linux/pam.d/chfn b/source/a/util-linux/pam.d/chfn new file mode 100644 index 000000000..2dbc0aafd --- /dev/null +++ b/source/a/util-linux/pam.d/chfn @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth include system-auth +account include system-auth +password include system-auth +session include system-auth diff --git a/source/a/util-linux/pam.d/chsh b/source/a/util-linux/pam.d/chsh new file mode 100644 index 000000000..2dbc0aafd --- /dev/null +++ b/source/a/util-linux/pam.d/chsh @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth include system-auth +account include system-auth +password include system-auth +session include system-auth diff --git a/source/a/util-linux/pam.d/login b/source/a/util-linux/pam.d/login new file mode 100644 index 000000000..eb3121996 --- /dev/null +++ b/source/a/util-linux/pam.d/login @@ -0,0 +1,11 @@ +#%PAM-1.0 +auth required pam_securetty.so +auth include system-auth +auth include postlogin +account required pam_nologin.so +account include system-auth +password include system-auth +session include system-auth +session include postlogin +session required pam_loginuid.so +session optional pam_ck_connector.so nox11 diff --git a/source/a/util-linux/pam.d/runuser b/source/a/util-linux/pam.d/runuser new file mode 100644 index 000000000..37f0e84e7 --- /dev/null +++ b/source/a/util-linux/pam.d/runuser @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so diff --git a/source/a/util-linux/pam.d/runuser-l b/source/a/util-linux/pam.d/runuser-l new file mode 100644 index 000000000..fa1e4d835 --- /dev/null +++ b/source/a/util-linux/pam.d/runuser-l @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth include runuser +session optional pam_keyinit.so force revoke +session include runuser diff --git a/source/a/util-linux/pam.d/su b/source/a/util-linux/pam.d/su new file mode 100644 index 000000000..c7c814877 --- /dev/null +++ b/source/a/util-linux/pam.d/su @@ -0,0 +1,11 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required pam_wheel.so use_uid +auth include system-auth +account include system-auth +password include system-auth +session include system-auth +session optional pam_xauth.so diff --git a/source/a/util-linux/pam.d/su-l b/source/a/util-linux/pam.d/su-l new file mode 100644 index 000000000..656a139a8 --- /dev/null +++ b/source/a/util-linux/pam.d/su-l @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include su +account include su +password include su +session optional pam_keyinit.so force revoke +session include su diff --git a/source/a/util-linux/util-linux.SlackBuild b/source/a/util-linux/util-linux.SlackBuild index 1d101d46c..2f0688bef 100755 --- a/source/a/util-linux/util-linux.SlackBuild +++ b/source/a/util-linux/util-linux.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=util-linux VERSION=${VERSION:-$(echo util-linux*.tar.xz | cut -d - -f 3 | rev | cut -f 3- -d . | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} ADJTIMEXVERS=1.29 SETSERIALVERS=2.17 @@ -90,6 +90,17 @@ if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then cp -a $CWD/su.default $PKG/etc/default/su.new chown root:root $PKG/etc/default/su.new chmod 644 $PKG/etc/default/su.new + # Add /etc/pam.d config files: + rm -rf $PKG/etc/pam.d + mkdir -p $PKG/etc/pam.d + for file in $CWD/pam.d/* ; do + cp -a ${file} $PKG/etc/pam.d/ + done + # Ensure correct perms/ownership on files in /etc/pam.d/: + chown root:root $PKG/etc/pam.d/* + chmod 644 $PKG/etc/pam.d/* + # Don't clobber existing config files: + find $PKG/etc/pam.d -type f -exec mv {} {}.new \; else LOGIN_OPTIONS="--disable-login" fi @@ -150,6 +161,14 @@ CFLAGS="$SLKCFLAGS" \ make $NUMJOBS || make || exit 1 make install $NUMJOBS DESTDIR=$PKG || exit 1 +# These need to be setuid root to work properly (only built for PAM): +if [ -r $PKG/usr/bin/chfn ]; then + chmod 4711 $PKG/usr/bin/chfn +fi +if [ -r $PKG/usr/bin/chsh ]; then + chmod 4711 $PKG/usr/bin/chsh +fi + # Build python3 bindings for libmount: make clean CFLAGS="$SLKCFLAGS" \ -- cgit v1.2.3