Sat Feb 15 02:42:28 UTC 202020200215024228

a/kernel-generic-5.4.20-x86_64-1.txz:  Upgraded.
a/kernel-huge-5.4.20-x86_64-1.txz:  Upgraded.
a/kernel-modules-5.4.20-x86_64-1.txz:  Upgraded.
a/shadow-4.8.1-x86_64-3.txz:  Rebuilt.
a/util-linux-2.35.1-x86_64-3.txz:  Rebuilt.
d/kernel-headers-5.4.20-x86-1.txz:  Upgraded.
k/kernel-source-5.4.20-noarch-1.txz:  Upgraded.
l/ConsoleKit2-1.2.1-x86_64-2.txz:  Rebuilt.
l/dconf-editor-3.34.4-x86_64-1.txz:  Upgraded.
l/libxkbcommon-0.10.0-x86_64-1.txz:  Added.
l/openal-soft-1.19.1-x86_64-1.txz:  Added.
l/qt5-5.13.2-x86_64-1.txz:  Added.
  Thanks to alienBOB.
n/openssh-8.2p1-x86_64-1.txz:  Upgraded.
  Potentially incompatible changes:
  * ssh(1), sshd(8): the removal of "ssh-rsa" from the accepted
    CASignatureAlgorithms list.
  * ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1
    from the default key exchange proposal for both the client and
    server.
  * ssh-keygen(1): the command-line options related to the generation
    and screening of safe prime numbers used by the
    diffie-hellman-group-exchange-* key exchange algorithms have
    changed. Most options have been folded under the -O flag.
  * sshd(8): the sshd listener process title visible to ps(1) has
    changed to include information about the number of connections that
    are currently attempting authentication and the limits configured
    by MaxStartups.
x/mesa-19.3.4-x86_64-2.txz:  Rebuilt.
  Reverted "[PATCH] swr: Fix GCC 4.9 checks." which makes X fail to start with
  an illegal instruction on some hardware.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-2_pam.txz:  Rebuilt.
  Rebuilt with --disable-libcgmanager to fix setting limits on PAM.
  Thanks to gattocarlo.
testing/packages/PAM/openssh-8.2p1-x86_64-1_pam.txz:  Upgraded.
testing/packages/PAM/shadow-4.8.1-x86_64-3_pam.txz:  Rebuilt.
  Moved some of the /etc/pam.d/ file to the util-linux package where they
  more properly belong.
testing/packages/PAM/util-linux-2.35.1-x86_64-3_pam.txz:  Rebuilt.
  Added some /etc/pam.d/ files previously in the shadow package.
  Changed /etc/pam.d/{chfn,chsh} and made chfn/chsh setuid root to fix them.
  Added /etc/pam.d/{runuser,runuser-l}.
usb-and-pxe-installers/usbboot.img:  Rebuilt.

9 files changed, 75 insertions, 1 deletions

diff --git a/source/a/util-linux/doinst.sh b/source/a/util-linux/doinst.sh
index da24e743..8277c0e6 100644
--- a/source/a/util-linux/doinst.sh
+++ b/source/a/util-linux/doinst.sh
@@ -22,6 +22,12 @@ config etc/rc.d/rc.serial.new
 config etc/rc.d/rc.setterm.new
 config etc/serial.conf.new
 
+for configfile in chfn.new chsh.new login.new runuser.new runuser-l.new su.new su-l.new ; do
+  if [ -r etc/pam.d/$configfile ]; then
+    config etc/pam.d/$configfile
+  fi
+done
+
 if [ -r etc/default/su.new ]; then
   config etc/default/su.new
 fi
diff --git a/source/a/util-linux/pam.d/chfn b/source/a/util-linux/pam.d/chfn
new file mode 100644
index 00000000..2dbc0aaf
--- /dev/null
+++ b/source/a/util-linux/pam.d/chfn
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth       sufficient   pam_rootok.so
+auth       include      system-auth
+account    include      system-auth
+password   include      system-auth
+session    include      system-auth
diff --git a/source/a/util-linux/pam.d/chsh b/source/a/util-linux/pam.d/chsh
new file mode 100644
index 00000000..2dbc0aaf
--- /dev/null
+++ b/source/a/util-linux/pam.d/chsh
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth       sufficient   pam_rootok.so
+auth       include      system-auth
+account    include      system-auth
+password   include      system-auth
+session    include      system-auth
diff --git a/source/a/util-linux/pam.d/login b/source/a/util-linux/pam.d/login
new file mode 100644
index 00000000..eb312199
--- /dev/null
+++ b/source/a/util-linux/pam.d/login
@@ -0,0 +1,11 @@
+#%PAM-1.0
+auth		required	pam_securetty.so
+auth		include		system-auth
+auth		include		postlogin
+account		required	pam_nologin.so
+account		include		system-auth
+password	include		system-auth
+session		include		system-auth
+session		include		postlogin
+session		required	pam_loginuid.so
+session		optional	pam_ck_connector.so nox11
diff --git a/source/a/util-linux/pam.d/runuser b/source/a/util-linux/pam.d/runuser
new file mode 100644
index 00000000..37f0e84e
--- /dev/null
+++ b/source/a/util-linux/pam.d/runuser
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+session		optional	pam_keyinit.so revoke
+session		required	pam_limits.so
+session		required	pam_unix.so
diff --git a/source/a/util-linux/pam.d/runuser-l b/source/a/util-linux/pam.d/runuser-l
new file mode 100644
index 00000000..fa1e4d83
--- /dev/null
+++ b/source/a/util-linux/pam.d/runuser-l
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		include		runuser
+session		optional	pam_keyinit.so force revoke
+session		include		runuser
diff --git a/source/a/util-linux/pam.d/su b/source/a/util-linux/pam.d/su
new file mode 100644
index 00000000..c7c81487
--- /dev/null
+++ b/source/a/util-linux/pam.d/su
@@ -0,0 +1,11 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth		sufficient	pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+#auth		required	pam_wheel.so use_uid
+auth		include		system-auth
+account		include		system-auth
+password	include		system-auth
+session		include		system-auth
+session		optional	pam_xauth.so
diff --git a/source/a/util-linux/pam.d/su-l b/source/a/util-linux/pam.d/su-l
new file mode 100644
index 00000000..656a139a
--- /dev/null
+++ b/source/a/util-linux/pam.d/su-l
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth		include		su
+account		include		su
+password	include		su
+session		optional	pam_keyinit.so force revoke
+session		include		su
diff --git a/source/a/util-linux/util-linux.SlackBuild b/source/a/util-linux/util-linux.SlackBuild
index 1d101d46..2f0688be 100755
--- a/source/a/util-linux/util-linux.SlackBuild
+++ b/source/a/util-linux/util-linux.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=util-linux
 VERSION=${VERSION:-$(echo util-linux*.tar.xz | cut -d - -f 3  | rev | cut -f 3- -d . | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
 
 ADJTIMEXVERS=1.29
 SETSERIALVERS=2.17
@@ -90,6 +90,17 @@ if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
   cp -a $CWD/su.default $PKG/etc/default/su.new
   chown root:root $PKG/etc/default/su.new
   chmod 644 $PKG/etc/default/su.new
+  # Add /etc/pam.d config files:
+  rm -rf $PKG/etc/pam.d
+  mkdir -p $PKG/etc/pam.d
+  for file in $CWD/pam.d/* ; do
+    cp -a ${file} $PKG/etc/pam.d/
+  done
+  # Ensure correct perms/ownership on files in /etc/pam.d/:
+  chown root:root $PKG/etc/pam.d/*
+  chmod 644 $PKG/etc/pam.d/*
+  # Don't clobber existing config files:
+  find $PKG/etc/pam.d -type f -exec mv {} {}.new \;
 else
   LOGIN_OPTIONS="--disable-login"
 fi
@@ -150,6 +161,14 @@ CFLAGS="$SLKCFLAGS" \
 make $NUMJOBS || make || exit 1
 make install $NUMJOBS DESTDIR=$PKG || exit 1
 
+# These need to be setuid root to work properly (only built for PAM):
+if [ -r $PKG/usr/bin/chfn ]; then
+  chmod 4711 $PKG/usr/bin/chfn
+fi
+if [ -r $PKG/usr/bin/chsh ]; then
+  chmod 4711 $PKG/usr/bin/chsh
+fi
+
 # Build python3 bindings for libmount:
 make clean
 CFLAGS="$SLKCFLAGS" \