From f4b22a2f215f6f80558d9e4075c9de306c8b9953 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 16:22:53 +0200 Subject: Adding debian version 1.5.2-6+deb12u1. Signed-off-by: Daniel Baumann --- .../022_pam_unix_group_time_miscfixes | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 debian/patches-applied/022_pam_unix_group_time_miscfixes (limited to 'debian/patches-applied/022_pam_unix_group_time_miscfixes') diff --git a/debian/patches-applied/022_pam_unix_group_time_miscfixes b/debian/patches-applied/022_pam_unix_group_time_miscfixes new file mode 100644 index 0000000..8239fd9 --- /dev/null +++ b/debian/patches-applied/022_pam_unix_group_time_miscfixes @@ -0,0 +1,22 @@ +Description: handle the case of flags being empty or only PAM_SILENT, which is + documented in other PAM implementations as meaning PAM_ESTABLISH_CRED: + http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.basetechref%2Fdoc%2Fbasetrf1%2Fpam_setcred.htm + +Index: pam/modules/pam_group/pam_group.c +=================================================================== +--- pam.orig/modules/pam_group/pam_group.c ++++ pam/modules/pam_group/pam_group.c +@@ -754,9 +754,12 @@ + unsigned setting; + + /* only interested in establishing credentials */ ++ /* PAM docs say that an empty flag is to be treated as PAM_ESTABLISH_CRED. ++ Some people just pass PAM_SILENT, so cope with it, too. */ + + setting = flags; +- if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))) { ++ if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED)) ++ && (setting != 0) && (setting != PAM_SILENT)) { + D(("ignoring call - not for establishing credentials")); + return PAM_SUCCESS; /* don't fail because of this */ + } -- cgit v1.2.3