diff options
Diffstat (limited to 'sys-libs/pam_wrapper/files')
3 files changed, 87 insertions, 0 deletions
diff --git a/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-env-var-typo.patch b/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-env-var-typo.patch new file mode 100644 index 000000000000..0874e5daaf24 --- /dev/null +++ b/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-env-var-typo.patch @@ -0,0 +1,25 @@ +https://git.samba.org/?p=pam_wrapper.git;a=commit;h=9f0cccf7432dd9be1de953f9b13a7f9b06c40442 + +From 9f0cccf7432dd9be1de953f9b13a7f9b06c40442 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider <asn@cryptomilk.org> +Date: Fri, 10 Nov 2023 15:38:37 +0100 +Subject: [PATCH] pwrap: Fix PAM_WRAPPER_DISABLE_DEEPBIND environment variable +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Andreas Schneider <asn@cryptomilk.org> +Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> +--- a/src/pam_wrapper.c ++++ b/src/pam_wrapper.c +@@ -336,7 +336,7 @@ static void *pwrap_load_lib_handle(enum pwrap_lib lib) + + #ifdef RTLD_DEEPBIND + const char *env_preload = getenv("LD_PRELOAD"); +- const char *env_deepbind = getenv("UID_WRAPPER_DISABLE_DEEPBIND"); ++ const char *env_deepbind = getenv("PAM_WRAPPER_DISABLE_DEEPBIND"); + bool enable_deepbind = true; + + /* Don't do a deepbind if we run with libasan */ +-- +2.34.1 diff --git a/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-mkdir-race.patch b/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-mkdir-race.patch new file mode 100644 index 000000000000..f3c1458d6dce --- /dev/null +++ b/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-mkdir-race.patch @@ -0,0 +1,40 @@ +https://git.samba.org/?p=pam_wrapper.git;a=commitdiff;h=7bd24b0e54995da5f333575f97c9f1fa796fe0f1 + +From 7bd24b0e54995da5f333575f97c9f1fa796fe0f1 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Jan=20Kundr=C3=A1t?= <jan.kundrat@cesnet.cz> +Date: Mon, 6 Nov 2023 18:34:58 +0100 +Subject: [PATCH] die quickly upon mkdir failure +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +We just had this failure in our CI system that's currently running just +three PAM-wrapped tests in parallel. Since this is a classic TOCTOU race +(albeit in a test code, and therefore with little to no security +implications), the `mkdir` can fail, and when that happens it's much +better to just die quickly rather than continuing as if nothing +happened. + +Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz> +Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> +Reviewed-by: Andreas Schneider <asn@cryptomilk.org> +--- a/src/pam_wrapper.c ++++ b/src/pam_wrapper.c +@@ -893,6 +893,7 @@ static void pwrap_init(void) + PWRAP_LOG(PWRAP_LOG_ERROR, + "Failed to create pam_wrapper config dir: %s - %s", + tmp_config_dir, strerror(errno)); ++ exit(1); + } + + /* Create file with the PID of the the process */ +@@ -1121,6 +1122,7 @@ static void pwrap_init(void) + PWRAP_LOG(PWRAP_LOG_ERROR, + "Failed to create pam_wrapper config dir: %s - %s", + tmp_config_dir, strerror(errno)); ++ exit(1); + } + + /* Create file with the PID of the the process */ +-- +2.34.1 diff --git a/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-tests-import.patch b/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-tests-import.patch new file mode 100644 index 000000000000..884583c098b4 --- /dev/null +++ b/sys-libs/pam_wrapper/files/pam_wrapper-1.1.5-tests-import.patch @@ -0,0 +1,22 @@ +--- a/tests/pypamtest_test.py ++++ b/tests/pypamtest_test.py +@@ -15,19 +15,6 @@ class PyPamTestCase(unittest.TestCase): + self.assertSequenceEqual(test_result.errors, info_list) + + class PyPamTestImport(unittest.TestCase): +- def setUp(self): +- " Make sure we load the in-tree module " +- if sys.hexversion >= 0x3000000: +- self.modpath = os.path.join(os.getcwd(), "../src/python/python3") +- else: +- self.assertTrue(False) +- self.system_path = sys.path[:] +- sys.path = [ self.modpath ] +- +- def tearDown(self): +- " Restore the system path " +- sys.path = self.system_path +- + def testImport(self): + " Import the module " + try: |