diff --git a/backport-log-about-failure-to-execute-unix_chkpwd.patch b/backport-log-about-failure-to-execute-unix_chkpwd.patch new file mode 100644 index 0000000000000000000000000000000000000000..04270651325da5971477f2f6c061135e4963e294 --- /dev/null +++ b/backport-log-about-failure-to-execute-unix_chkpwd.patch @@ -0,0 +1,25 @@ +From e41bb6a698623127ff2bc0f4af832d1d498f6920 Mon Sep 17 00:00:00 2001 +From: jiawenhao +Date: Mon, 21 Apr 2025 16:39:40 +0800 +Subject: [PATCH] log-about-failure-to-execute-unix_chkpwd + +--- + modules/pam_unix/pam_unix_passwd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index c341741..446ee7e 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -286,7 +286,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned long long ctrl, + DIAG_POP_IGNORE_CAST_QUAL; + + /* should not get here: exit with error */ +- D(("helper binary is not available")); ++ pam_syslog(pamh, LOG_ERR, "failed to execute %s: %m", UPDATE_HELPER); + _exit(PAM_AUTHINFO_UNAVAIL); + } else if (child > 0) { + /* wait for child */ +-- +2.27.0 + diff --git a/pam.spec b/pam.spec index 480987f1e5abea884cd70d2c81944d6c28129a7b..c3ac517b1d9f4c3e0411bcc951edc78990b4624d 100644 --- a/pam.spec +++ b/pam.spec @@ -4,7 +4,7 @@ %define _pamconfdir %{_sysconfdir}/pam.d Name: pam Version: 1.5.3 -Release: 8 +Release: 9 Summary: Pluggable Authentication Modules for Linux License: BSD and GPLv2+ URL: http://www.linux-pam.org/ @@ -28,6 +28,7 @@ Patch5: backport-CVE-2024-10963.patch Patch6: backport-CVE-2024-10041.patch Patch7: backport-CVE-2024-10041-pam_unix-try-to-set-uid-to-0-for-unix_chkpwd.patch Patch8: backport-libpam-use-close_range-to-close-file-descriptors.patch +Patch9: backport-log-about-failure-to-execute-unix_chkpwd.patch Patch9000:change-ndbm-to-gdbm.patch Patch9001:add-sm3-crypt-support.patch @@ -182,6 +183,9 @@ make check %changelog +* Mon Apr 21 2025 jiawenhao - 1.5.3-9 +- log about failure to execute unix_chkpwd(8) + * Mon Mar 24 2025 hugel - 1.5.3-8 - backport patch libpam use close_range() to close file descriptors