!89 upgrade version to 1.5.3

From: @dongyuzhen Reviewed-by: @houmingyong Signed-off-by: @houmingyong
2023-07-18 03:32:46 +00:00 · 2023-07-18 03:32:46 +00:00 · aaad15d19d
commit aaad15d19d
parent 47b8ad17ce 8011e6ccb2
9 changed files with 83 additions and 97 deletions
--- a/1003-Change-chinese-translation.patch
+++ b/1003-Change-chinese-translation.patch
@ -1,24 +0,0 @@
-From 92c97988c58661e9df3b5e710de22717359c4783 Mon Sep 17 00:00:00 2001
-From: longcheng <longcheng@kylinos.com.cn>
-Date: Thu, 17 Mar 2022 17:17:35 +0800
-Subject: [PATCH] Change chinese translation
-
---
- po/zh_CN.po | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/po/zh_CN.po b/po/zh_CN.po
-index 4f8e040..ba7e901 100644
--- a/po/zh_CN.po
-+++ b/po/zh_CN.po
-@@ -478,7 +478,7 @@ msgstr "您必须选择一个更长的密码。"
- #: modules/pam_unix/pam_unix_passwd.c:692
- #, c-format
- msgid "Changing password for %s."
-msgstr "为 %s 更改 STRESS 密码。"
-+msgstr "为 %s 更改密码。"
- 
- #: modules/pam_unix/pam_unix_passwd.c:722
- msgid "You must wait longer to change your password."
-- 
-2.27.0
--- a/Linux-PAM-1.5.2.tar.xz
+++ b/Linux-PAM-1.5.2.tar.xz
--- a/Linux-PAM-1.5.2.tar.xz.asc
+++ b/Linux-PAM-1.5.2.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIcBAABCgAGBQJhMg48AAoJEKgEH6g54W42TUgP/0feavEYuZpjTWche32Ug2nu
-h6TGQbqkAasDexkHf6S2p+LYbt/6Nl+EpzOtELY/F3qRq8aYgTlHpJETSSBcZ++t
-tIhoaPAhEt+N5vb4YfTQcYIGihdgAzQCj0LViEuG/1PgSUjPdbW8RyvfJTw6I3Ch
-XUulrEwyudPCZHDpdW06DMv2we/7oTzrWHVDEmY/TTFKCvDSuAixLrxZrLO/MRK4
-huhXhe3oGv+TtLCqPcr0nJDTl44XNQOTbP/Dl+EI/5tXlDLXLH+IiPEMvnDRbsdd
-ngqdwM6wsOenEtlcA27YkDID/FRwgGJILKNaaUKSIa/uk8Tzy+Lx0j1wKEmE8P4T
-JI+24IIP5Gw8Sxd+NB8lSjtHXlyJF8psAFRWnTb67mgVTXruDXo771Mhqqy2Vu74
-sjf03w6jYrcGGKHlr7Q08jncghmMHFdW6jAcOG02oNO1oNrSu67MjAIqFox36Byu
-FmCajrGBwCR6bWmHCFRGT9qESWg9zRjPL7vkVBmAQg4J4og8FExUi8wBqt1zFH8W
-vGTgCDB/Oue3nYTws27hNKEeYumA8emOHyCG4n80vyA6DbRp+7nrtcDnJQir0lzf
-8UfWxooIJNqFH9ohnAqMTqJbKJkjLswLnTVpuyJvgzDwGl4sdSvIToxTo/2jp2W+
-q1y3BpSxAA1wOd9/mTM+
-=KMIz
-----END PGP SIGNATURE-----
--- a/Linux-PAM-1.5.3.tar.xz
+++ b/Linux-PAM-1.5.3.tar.xz
--- a/Linux-PAM-1.5.3.tar.xz.asc
+++ b/Linux-PAM-1.5.3.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJkWBFQAAoJEKgEH6g54W42OoMP/R1O9dvpncrR4DfD3yJViTPw
+To3isPszsdHhw/uZUzCBEUMxhJgUgefzHGAng1EbTyX2eTLk/cnLY8pZLXr3pzC0
+5CfacxAqgjK8B/7CbchsZQCDal84E5jR8qyzVCM3IPxZQfpiR3HJzXVjhg/gnBcY
+L6v7FbLpcdM2keHHT1C/hyQfTnzyIdmwyzRdE1DF3ERbe3/1VlNmANNOacZ1H2T9
+Hs5dVIFiXwOO11Xku42oOo99LCqXyIsRnEogBFCORHNjD7B88lCdJAHssBdvWq5t
+/CJnoGtJrVCXs11JVPSNyW0rm24rZH9YCC6yVRIuMq6jjMBawFUlMAqamLoSA3hK
+4BPuPqQjHYk/D5H+m0HF2qRDpz76Bj1zdmYofqspeJf4QJOyOpMSXFY3pgsohuKW
+P8YQ44cAkmMswFqMSKGi9EVnf6SVXWQFoHJhtlbUgi7ef/4IICrbtgSSE96OGdlg
+Sdoplu3n+1HClaYqlHbjkd/m0Hc8QvOjovctb0Zoclnlup+u2JH4rDNqjxFUvkWB
+8CeILjebgBrNRqAFDx7fKBEQyHs5FLOtUU1SwBLXXSyMCHuMhr/tKBHcbDgMhpVP
+IiIyYGyEGUoIR/er5AgIX9e6/zcQbc8OvY+gTu9t+tw+HIt8hGvUUkuYX8LB1k6r
+zf06e/iTT4GL6AhJtbh3
+=2hyW
+-----END PGP SIGNATURE-----
--- a/add-sm3-crypt-support.patch
+++ b/add-sm3-crypt-support.patch
@ -4,8 +4,8 @@ Date: Fri, 14 Jan 2022 11:46:20 +0800
 Subject: [PATCH] add sm3 crypt support

 ---
- modules/pam_unix/pam_unix.8.xml |  16 +++-
 modules/pam_unix/pam_unix.8     |   9 +-
+ modules/pam_unix/pam_unix.8.xml |  16 +++-
 modules/pam_unix/passverify.c   |   5 +-
 modules/pam_unix/support.c      |   4 +-
 modules/pam_unix/support.h      |   6 +-
@ -18,17 +18,39 @@ Subject: [PATCH] add sm3 crypt support
 create mode 100644 xtests/tst-pam_unix5.pamd
 create mode 100644 xtests/tst-pam_unix5.sh

+diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8
+index 438717f..6f31c10 100644
+--- a/modules/pam_unix/pam_unix.8
+++ b/modules/pam_unix/pam_unix.8
+@@ -201,9 +201,16 @@ When a user changes their password next, encrypt it with the yescrypt algorithm\
+ function\&.
+ .RE
+ .PP
+sm3
+.RS 4
+When a user changes their password next, encrypt it with the SM3 algorithm\&. The SM3 algorithm must be supported by the
+\fBcrypt\fR(3)
+function\&.
+.RE
+.PP
+ rounds=n
+ .RS 4
+-Set the optional number of rounds of the SHA256, SHA512, blowfish, gost\-yescrypt, and yescrypt password hashing algorithms to
+Set the optional number of rounds of the SHA256, SHA512, blowfish, gost\-yescrypt, yescrypt and SM3 password hashing algorithms to
+ \fIn\fR\&.
+ .RE
+ .PP
 diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
-index 9f9c818..02713ce 100644
+index dfc0427..7d61869 100644
 --- a/modules/pam_unix/pam_unix.8.xml
 +++ b/modules/pam_unix/pam_unix.8.xml
-@@ -369,6 +369,20 @@
+@@ -366,6 +366,20 @@
           </para>
         </listitem>
       </varlistentry>
 +      <varlistentry>
 +        <term>
-+          <option>sm3</option>
+          sm3
 +        </term>
 +        <listitem>
 +          <para>
@ -42,8 +64,8 @@ index 9f9c818..02713ce 100644
 +      </varlistentry>
       <varlistentry>
         <term>
-           <option>rounds=<replaceable>n</replaceable></option>
-@@ -376,7 +390,7 @@
+           rounds=n
+@@ -373,7 +387,7 @@
         <listitem>
           <para>
             Set the optional number of rounds of the SHA256, SHA512,
@ -52,30 +74,8 @@ index 9f9c818..02713ce 100644
             algorithms to
             <replaceable>n</replaceable>.
           </para>
-diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8
-index d9cdea5..d37a3f3 100644
--- a/modules/pam_unix/pam_unix.8
-+++ b/modules/pam_unix/pam_unix.8
-@@ -201,9 +201,16 @@ When a user changes their password next, encrypt it with the yescrypt algorithm\
- function\&.
- .RE
- .PP
-+\fBsm3\fR
-+.RS 4
-+When a user changes their password next, encrypt it with the SM3 algorithm\&. The SM3 algorithm must be supported by the
-+\fBcrypt\fR(3)
-+function\&.
-+.RE
-+.PP
- \fBrounds=\fR\fB\fIn\fR\fR
- .RS 4
-Set the optional number of rounds of the SHA256, SHA512, blowfish, gost\-yescrypt, and yescrypt password hashing algorithms to
-+Set the optional number of rounds of the SHA256, SHA512, blowfish, gost\-yescrypt, yescrypt and SM3 password hashing algorithms to
- \fIn\fR\&.
- .RE
- .PP
 diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
-index f2474a5..a54785d 100644
+index 81b10d8..1aee153 100644
 --- a/modules/pam_unix/passverify.c
 +++ b/modules/pam_unix/passverify.c
@@ -445,6 +445,8 @@ PAMH_ARG_DECL(char * create_password_hash,
@ -95,10 +95,10 @@ index f2474a5..a54785d 100644
 +			   on(UNIX_SHA512_PASS, ctrl) ? "sha512" :
 +			   on(UNIX_SM3_PASS, ctrl) ? "sm3" : algoid);
 		if(sp) {
- 		   memset(sp, '\0', strlen(sp));
+ 		   pam_overwrite_string(sp);
 		}
 diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
-index 27ca712..7b62c14 100644
+index 043273d..4052868 100644
 --- a/modules/pam_unix/support.c
 +++ b/modules/pam_unix/support.c
@@ -99,7 +99,7 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
@ -120,7 +120,7 @@ index 27ca712..7b62c14 100644
 				/* don't care about bogus values */
 				*rounds = 0;
 diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
-index 19754dc..c18750c 100644
+index 8105400..b5712b5 100644
 --- a/modules/pam_unix/support.h
 +++ b/modules/pam_unix/support.h
@@ -101,10 +101,11 @@ typedef struct {
@ -146,7 +146,7 @@ index 19754dc..c18750c 100644
 
 #define UNIX_DEFAULTS  (unix_args[UNIX__NONULL].flag)
 diff --git a/xtests/Makefile.am b/xtests/Makefile.am
-index 70f8441..28df170 100644
+index acf9746..33693de 100644
 --- a/xtests/Makefile.am
 +++ b/xtests/Makefile.am
@@ -14,9 +14,9 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
@ -161,7 +161,7 @@ index 70f8441..28df170 100644
 	access.conf tst-pam_access1.pamd tst-pam_access1.sh \
 	tst-pam_access2.pamd tst-pam_access2.sh \
 	tst-pam_access3.pamd tst-pam_access3.sh \
-@@ -39,7 +39,7 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
+@@ -40,7 +40,7 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
 
 XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \
 	tst-pam_dispatch4 tst-pam_dispatch5 \
@ -386,5 +386,5 @@ index 0000000..a6be19b
 +/usr/sbin/userdel -r tstpamunix 2> /dev/null
 +exit $RET
 -- 
-2.31.1.windows.1
+2.33.0

--- a/bugfix-pam-1.1.8-faillock-systemtime.patch
+++ b/bugfix-pam-1.1.8-faillock-systemtime.patch
@ -4,22 +4,27 @@ Date: Mon, 27 Jul 2020 09:34:43 +0800
 Subject: [PATCH] bugfix pam 1.1.8 faillock systemtime

 ---
- modules/pam_faillock/pam_faillock.c | 21 +++++++++++++++++++--
- 1 file changed, 19 insertions(+), 2 deletions(-)
+ modules/pam_faillock/faillock_config.h |  1 +
+ modules/pam_faillock/pam_faillock.c    | 20 ++++++++++++++++++--
+ 2 files changed, 19 insertions(+), 2 deletions(-)

-diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c
-index 5b5cc2c..600e3f6 100644
--- a/modules/pam_faillock/pam_faillock.c
-+++ b/modules/pam_faillock/pam_faillock.c
-@@ -91,6 +91,7 @@ struct options {
+diff --git a/modules/pam_faillock/faillock_config.h b/modules/pam_faillock/faillock_config.h
+index 04bc699..d649ce1 100644
+--- a/modules/pam_faillock/faillock_config.h
+++ b/modules/pam_faillock/faillock_config.h
+@@ -75,6 +75,7 @@ struct options {
 	int is_admin;
 	uint64_t now;
 	int fatal_error;
 +	int time_jumped;
- };
 
- static int read_config_file(
-@@ -121,6 +122,7 @@ args_parse(pam_handle_t *pamh, int argc, const char **argv,
+ 	unsigned int reset;
+ 	const char *progname;
+diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c
+index ca1c703..8fbab77 100644
+--- a/modules/pam_faillock/pam_faillock.c
+++ b/modules/pam_faillock/pam_faillock.c
+@@ -76,6 +76,7 @@ args_parse(pam_handle_t *pamh, int argc, const char **argv,
 	opts->fail_interval = 900;
 	opts->unlock_time = 600;
 	opts->root_unlock_time = MAX_TIME_INTERVAL+1;
@ -27,7 +32,7 @@ index 5b5cc2c..600e3f6 100644
 
 	for (i = 0; i < argc; ++i) {
 		const char *str = pam_str_skip_prefix(argv[i], "conf=");
-@@ -464,8 +466,6 @@ check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies
+@@ -219,8 +220,6 @@ check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies
 			latest_time = tallies->records[i].time;
 	}
 
@ -36,7 +41,7 @@ index 5b5cc2c..600e3f6 100644
 	failures = 0;
 	for (i = 0; i < tallies->count; i++) {
 		if ((tallies->records[i].status & TALLY_STATUS_VALID) &&
-@@ -476,6 +476,19 @@ check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies
+@@ -231,6 +230,19 @@ check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies
 
 	opts->failures = failures;
 
@ -56,7 +61,7 @@ index 5b5cc2c..600e3f6 100644
 	if (opts->deny && failures >= opts->deny) {
 		if ((!opts->is_admin && opts->unlock_time && latest_time + opts->unlock_time < opts->now) ||
 			(opts->is_admin && opts->root_unlock_time && latest_time + opts->root_unlock_time < opts->now)) {
-@@ -712,6 +725,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
+@@ -489,6 +501,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 					rv = PAM_IGNORE; /* this return value should be ignored */
 					write_tally(pamh, &opts, &tallies, &fd);
 				}
@ -68,5 +73,5 @@ index 5b5cc2c..600e3f6 100644
 		}
 	}
 -- 
-2.23.0
+2.33.0

--- a/change-ndbm-to-gdbm.patch
+++ b/change-ndbm-to-gdbm.patch
@ -8,10 +8,10 @@ Subject: [PATCH] change ndbm to gdbm
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/configure.ac b/configure.ac
-index d537907..ecbaa2d 100644
+index b9b0f83..7262199 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -435,7 +435,7 @@ if test x"$WITH_DB" !=xno ; then
+@@ -447,7 +447,7 @@ if test x"$WITH_DB" != xno ; then
               LIBS=$old_libs
         fi
         if test -z "$LIBDB" ; then
@ -21,4 +21,5 @@ index d537907..ecbaa2d 100644
                 AC_CHECK_HEADERS(ndbm.h)
             fi
 -- 
-2.23.0
+2.33.0
+
--- a/pam.spec
+++ b/pam.spec
@ -3,8 +3,8 @@
 %define _secconfdir %{_sysconfdir}/security
 %define _pamconfdir %{_sysconfdir}/pam.d
 Name: pam
-Version: 1.5.2
-Release: 6
+Version: 1.5.3
+Release: 1
 Summary: Pluggable Authentication Modules for Linux
 License: BSD and GPLv2+
 URL: http://www.linux-pam.org/
@ -23,7 +23,6 @@ Provides: %{name}-sm3 = %{version}-%{release}
 Patch1: bugfix-pam-1.1.8-faillock-systemtime.patch
 Patch9000:change-ndbm-to-gdbm.patch
 Patch9001:add-sm3-crypt-support.patch
-Patch9002:1003-Change-chinese-translation.patch

 BuildRequires: autoconf automake libtool bison flex sed cracklib-devel gdbm-devel
 BuildRequires: perl-interpreter pkgconfig gettext-devel libtirpc-devel libnsl2-devel
@ -61,7 +60,8 @@ autoreconf -i
 	--includedir=%{_includedir}/security \
 	--disable-static \
 	--disable-prelude \
-	--enable-db=ndbm
+	--enable-db=ndbm \
+	--enable-lastlog

 make -C po update-gmo
 %make_build
@ -155,6 +155,7 @@ fi
 %config(noreplace) %{_secconfdir}/opasswd
 %config(noreplace) %{_secconfdir}/sepermit.conf
 %config(noreplace) %{_secconfdir}/faillock.conf
+%config(noreplace) %{_secconfdir}/pwhistory.conf
 %dir /var/run/sepermit
 %ghost %verify(not md5 size mtime) /var/log/tallylog
 %dir /var/run/faillock
@ -178,6 +179,9 @@ fi


 %changelog
+* Fri Jul 14 2023 dongyuzhen <dongyuzhen@h-partners.com> - 1.5.3-1
+- upgrade version to 1.5.3
+
 * Thu Mar 09 2023 wangyu <wangyu283@huawei.com> - 1.5.2-6
 - revert: bugfix with cannot open database file