diff --git a/0005-Complete-Linux-PAM-compliance-for-forked-child-in-su.patch b/0005-Complete-Linux-PAM-compliance-for-forked-child-in-su.patch new file mode 100644 index 0000000..3475745 --- /dev/null +++ b/0005-Complete-Linux-PAM-compliance-for-forked-child-in-su.patch @@ -0,0 +1,53 @@ +From 962d3779ef1502ed234baea309cd75b2c1e2353a Mon Sep 17 00:00:00 2001 +From: "Andrew G. Morgan" +Date: Sat, 27 Nov 2021 21:00:22 -0800 +Subject: [PATCH] Complete Linux-PAM compliance for forked child in su and + login. + +As documented here: + +http://www.linux-pam.org/Linux-PAM-html/adg-interface-by-app-expected.html#adg-pam_end + +The child that is about to exec*() the user shell is supposed to pam_end() +with PAM_DATA_SILENT. This gives the modules a last chance to do a minor +cleanup of the module state before the user's shell is launched. + +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2037212 +Upstream: http://github.com/util-linux/util-linux/commit/4660286e9cdff6d95b49295674b96f83af10ea36 +Signed-off-by: Andrew G. Morgan +--- + login-utils/login.c | 3 +++ + login-utils/su-common.c | 3 +++ + 2 files changed, 6 insertions(+) + +diff --git a/login-utils/login.c b/login-utils/login.c +index 3657f04cd..c62e91e94 100644 +--- a/login-utils/login.c ++++ b/login-utils/login.c +@@ -1521,6 +1521,9 @@ int main(int argc, char **argv) + + child_argv[child_argc++] = NULL; + ++ /* http://www.linux-pam.org/Linux-PAM-html/adg-interface-by-app-expected.html#adg-pam_end */ ++ (void) pam_end(cxt.pamh, PAM_SUCCESS|PAM_DATA_SILENT); ++ + execvp(child_argv[0], child_argv + 1); + + if (!strcmp(child_argv[0], "/bin/sh")) +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +index afd0ea8ad..7d4826bbc 100644 +--- a/login-utils/su-common.c ++++ b/login-utils/su-common.c +@@ -1231,6 +1231,9 @@ int su_main(int argc, char **argv, int mode) + if (su->simulate_login && chdir(su->pwd->pw_dir) != 0) + warn(_("warning: cannot change directory to %s"), su->pwd->pw_dir); + ++ /* http://www.linux-pam.org/Linux-PAM-html/adg-interface-by-app-expected.html#adg-pam_end */ ++ (void) pam_end(su->pamh, PAM_SUCCESS|PAM_DATA_SILENT); ++ + if (shell) + run_shell(su, shell, command, argv + optind, max(0, argc - optind)); + +-- +2.31.1 + diff --git a/util-linux.spec b/util-linux.spec index 9daf0be..ee061e8 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -2,7 +2,7 @@ Summary: A collection of basic system utilities Name: util-linux Version: 2.37.2 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: http://en.wikipedia.org/wiki/Util-linux @@ -88,8 +88,6 @@ Requires: libsmartcols = %{version}-%{release} Requires: libfdisk = %{version}-%{release} Requires: util-linux-core = %{version}-%{release} -### Ready for upstream? -### # 151635 - makeing /var/log/lastlog Patch0: 0000-login-lastlog-create.patch # Add `/run/motd.d` to the hardcoded MOTD_FILE @@ -99,6 +97,8 @@ Patch1: 0001-login-default-motd-file.patch Patch2: 0002-tests-make-.-run.sh-more-robust.patch Patch3: 0003-tests-make-mount-fstab-all-more-robust.patch Patch4: 0004-tests-make-eject-umount-tests-more-robust.patch +# 2037212 - Complete Linux-PAM compliance for forked child in su and login +Patch5: 0005-Complete-Linux-PAM-compliance-for-forked-child-in-su.patch %description @@ -949,6 +949,9 @@ fi %{_libdir}/python*/site-packages/libmount/ %changelog +* Thu Jan 06 2022 Karel Zak 2.37.2-3 +- fix #2037212 - Complete Linux-PAM compliance for forked child in su and login + * Mon Aug 23 2021 Karel Zak - 2.37.2-2 - cleanup previous rebase (fix #1969348) - integrate upstream tests to CI