From 89104a5aa4035e0a8dc1a05a6ef49cc0f0969f3f Mon Sep 17 00:00:00 2001 From: jiawenhao Date: Mon, 21 Apr 2025 16:46:24 +0800 Subject: [PATCH] pam_unix: log about failure to execute unix_chkpwd(8) https://github.com/linux-pam/linux-pam/commit/97325c0ca92d0d44ee77681e802b383099c91e0d Signed-off-by: jiawenhao --- ...about-failure-to-execute-unix_chkpwd.patch | 25 +++++++++++++++++++ pam.spec | 6 ++++- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 backport-log-about-failure-to-execute-unix_chkpwd.patch diff --git a/backport-log-about-failure-to-execute-unix_chkpwd.patch b/backport-log-about-failure-to-execute-unix_chkpwd.patch new file mode 100644 index 0000000..0427065 --- /dev/null +++ b/backport-log-about-failure-to-execute-unix_chkpwd.patch @@ -0,0 +1,25 @@ +From e41bb6a698623127ff2bc0f4af832d1d498f6920 Mon Sep 17 00:00:00 2001 +From: jiawenhao +Date: Mon, 21 Apr 2025 16:39:40 +0800 +Subject: [PATCH] log-about-failure-to-execute-unix_chkpwd + +--- + modules/pam_unix/pam_unix_passwd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index c341741..446ee7e 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -286,7 +286,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned long long ctrl, + DIAG_POP_IGNORE_CAST_QUAL; + + /* should not get here: exit with error */ +- D(("helper binary is not available")); ++ pam_syslog(pamh, LOG_ERR, "failed to execute %s: %m", UPDATE_HELPER); + _exit(PAM_AUTHINFO_UNAVAIL); + } else if (child > 0) { + /* wait for child */ +-- +2.27.0 + diff --git a/pam.spec b/pam.spec index 480987f..c3ac517 100644 --- a/pam.spec +++ b/pam.spec @@ -4,7 +4,7 @@ %define _pamconfdir %{_sysconfdir}/pam.d Name: pam Version: 1.5.3 -Release: 8 +Release: 9 Summary: Pluggable Authentication Modules for Linux License: BSD and GPLv2+ URL: http://www.linux-pam.org/ @@ -28,6 +28,7 @@ Patch5: backport-CVE-2024-10963.patch Patch6: backport-CVE-2024-10041.patch Patch7: backport-CVE-2024-10041-pam_unix-try-to-set-uid-to-0-for-unix_chkpwd.patch Patch8: backport-libpam-use-close_range-to-close-file-descriptors.patch +Patch9: backport-log-about-failure-to-execute-unix_chkpwd.patch Patch9000:change-ndbm-to-gdbm.patch Patch9001:add-sm3-crypt-support.patch @@ -182,6 +183,9 @@ make check %changelog +* Mon Apr 21 2025 jiawenhao - 1.5.3-9 +- log about failure to execute unix_chkpwd(8) + * Mon Mar 24 2025 hugel - 1.5.3-8 - backport patch libpam use close_range() to close file descriptors -- Gitee