Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in at 2011-10-25 16:47:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam", Maintainer is "mc@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2011-09-23 12:21:33.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2011-10-25 16:47:31.000000000 +0200
@@ -1,0 +2,7 @@
+Tue Oct 25 14:24:27 CEST 2011 - mc@suse.de
+
+- pam_tally2: remove invalid options from manpage (bnc#726071)
+- fix possible overflow and DOS in pam_env (bnc#724480)
+ CVE-2011-3148, CVE-2011-3149
+
+-------------------------------------------------------------------
New:
----
bug-724480_pam_env-fix-dos.patch
bug-724480_pam_env-fix-overflow.patch
pam_tally2-man.dif
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam.spec ++++++
--- /var/tmp/diff_new_pack.OwaaM8/_old 2011-10-25 16:47:36.000000000 +0200
+++ /var/tmp/diff_new_pack.OwaaM8/_new 2011-10-25 16:47:36.000000000 +0200
@@ -52,6 +52,9 @@
Source8: etc.environment
Source9: baselibs.conf
Patch0: pam_tally-deprecated.diff
+Patch1: bug-724480_pam_env-fix-overflow.patch
+Patch2: bug-724480_pam_env-fix-dos.patch
+Patch3: pam_tally2-man.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -101,6 +104,9 @@
%prep
%setup -q -n Linux-PAM-%{version} -b 1
%patch0 -p0
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
%build
CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \
++++++ bug-724480_pam_env-fix-dos.patch ++++++
Description: abort when encountering an overflowed environment variable
expansion (CVE-2011-3149).
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565
Author: Kees Cook
Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c
===================================================================
--- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c
+++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c
@@ -570,6 +570,7 @@ static int _expand_arg(pam_handle_t *pam
D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
pam_syslog (pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>",
tmp, tmpptr);
+ return PAM_ABORT;
}
continue;
}
@@ -631,6 +632,7 @@ static int _expand_arg(pam_handle_t *pam
D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
pam_syslog (pamh, LOG_ERR,
"Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
+ return PAM_ABORT;
}
}
} /* if ('{' != *orig++) */
@@ -642,6 +644,7 @@ static int _expand_arg(pam_handle_t *pam
D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
pam_syslog(pamh, LOG_ERR,
"Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
+ return PAM_ABORT;
}
}
} /* for (;*orig;) */
++++++ bug-724480_pam_env-fix-overflow.patch ++++++
Description: correctly count leading whitespace when parsing environment
file (CVE-2011-3148).
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469
Author: Kees Cook
Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c
===================================================================
--- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c
+++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c
@@ -290,6 +290,7 @@ static int _assemble_line(FILE *f, char
char *p = buffer;
char *s, *os;
int used = 0;
+ int whitespace;
/* loop broken with a 'break' when a non-'\\n' ended line is read */
@@ -312,8 +313,10 @@ static int _assemble_line(FILE *f, char
/* skip leading spaces --- line may be blank */
- s = p + strspn(p, " \n\t");
+ whitespace = strspn(p, " \n\t");
+ s = p + whitespace;
if (*s && (*s != '#')) {
+ used += whitespace;
os = s;
/*
++++++ pam_tally2-man.dif ++++++
Index: Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8
===================================================================
--- Linux-PAM-1.1.4.orig/modules/pam_tally2/pam_tally2.8
+++ Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8
@@ -269,13 +269,6 @@ If the module is invoked by a user with
\fBsu\fR, otherwise this argument should be omitted\&.
.RE
.PP
-\fBno_lock_time\fR
-.RS 4
-Do not use the \&.fail_locktime field in
-\FC/var/log/faillog\F[]
-for this user\&.
-.RE
-.PP
\fBeven_deny_root\fR
.RS 4
Root account can become unavailable\&.
Index: Linux-PAM-1.1.4/modules/pam_tally2/README
===================================================================
--- Linux-PAM-1.1.4.orig/modules/pam_tally2/README
+++ Linux-PAM-1.1.4/modules/pam_tally2/README
@@ -76,10 +76,6 @@ AUTH OPTIONS
incremented. The sysadmin should use this for user launched services,
like su, otherwise this argument should be omitted.
- no_lock_time
-
- Do not use the .fail_locktime field in /var/log/faillog for this user.
-
even_deny_root
Root account can become unavailable.
Index: Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8.xml
===================================================================
--- Linux-PAM-1.1.4.orig/modules/pam_tally2/pam_tally2.8.xml
+++ Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8.xml
@@ -238,17 +238,6 @@
</varlistentry>
<varlistentry>
<term>
- <option>no_lock_time</option>
- </term>
- <listitem>
- <para>
- Do not use the .fail_locktime field in
- <filename>/var/log/faillog</filename> for this user.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
<option>even_deny_root</option>
</term>
<listitem>
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org