Accepting request 199213 from Linux-PAM

- Replace fix-compiler-warnings.diff with current git snapshot (git-20130916.diff) for pam_unix.so: - fix glibc warnings - fix syntax error in SELinux code - fix crash at login OBS-URL: https://build.opensuse.org/request/show/199213 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=65
2013-09-16 14:24:01 +00:00 · 2013-09-16 14:24:01 +00:00 · 9d9f7967c9
commit 9d9f7967c9
parent b50e85fada 7e0a049e63
4 changed files with 67 additions and 43 deletions
--- a/fix-compiler-warnings.diff
+++ b/fix-compiler-warnings.diff
@ -1,41 +0,0 @@
--- modules/pam_unix/pam_unix_acct.c
-+++ modules/pam_unix/pam_unix_acct.c	2013/09/12 07:19:05
-@@ -121,7 +121,12 @@
-     if (geteuid() == 0) {
-       /* must set the real uid to 0 so the helper will not error
-          out if pam is called from setuid binary (su, sudo...) */
-      setuid(0);
-+      if (setuid(0) == -1) {
-+          pam_syslog(pamh, LOG_ERR, "setuid failed: %m");
-+          printf("-1\n");
-+          fflush(stdout);
-+          _exit(PAM_AUTHINFO_UNAVAIL);
-+      }
-     }
- 
-     /* exec binary helper */
--- modules/pam_unix/pam_unix_passwd.c
-+++ modules/pam_unix/pam_unix_passwd.c	2013/09/12 07:24:40
-@@ -255,7 +255,7 @@
- 	close(fds[0]);       /* close here to avoid possible SIGPIPE above */
- 	close(fds[1]);
- 	/* wait for helper to complete: */
-	while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR);
-+	while ((rc=waitpid(child, &retval, 0) < 0) && errno == EINTR);
- 	if (rc<0) {
- 	  pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m");
- 	  retval = PAM_AUTHTOK_ERR;
--- modules/pam_unix/support.c
-+++ modules/pam_unix/support.c	2013/09/12 07:20:51
-@@ -586,7 +586,10 @@
- 	if (geteuid() == 0) {
-           /* must set the real uid to 0 so the helper will not error
- 	     out if pam is called from setuid binary (su, sudo...) */
-	  setuid(0);
-+	  if (setuid(0) == -1) {
-+             D(("setuid failed"));
-+	     _exit(PAM_AUTHINFO_UNAVAIL);
-+          }
- 	}
- 
- 	/* exec binary helper */
--- a/git-20130916.diff
+++ b/git-20130916.diff
@ -0,0 +1,56 @@
+diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
+index 865dc29..8ec4449 100644
+--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
+@@ -121,7 +121,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
+     if (geteuid() == 0) {
+       /* must set the real uid to 0 so the helper will not error
+          out if pam is called from setuid binary (su, sudo...) */
+-      setuid(0);
+      if (setuid(0) == -1) {
+          pam_syslog(pamh, LOG_ERR, "setuid failed: %m");
+          printf("-1\n");
+          fflush(stdout);
+          _exit(PAM_AUTHINFO_UNAVAIL);
+      }
+     }
+ 
+     /* exec binary helper */
+diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
+index 9bc1cd9..9aae3b0 100644
+--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
+@@ -255,7 +255,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const
+ 	close(fds[0]);       /* close here to avoid possible SIGPIPE above */
+ 	close(fds[1]);
+ 	/* wait for helper to complete: */
+-	while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR);
+	while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR);
+ 	if (rc<0) {
+ 	  pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m");
+ 	  retval = PAM_AUTHTOK_ERR;
+diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
+index d8f4a6f..19d72e6 100644
+--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
+@@ -176,7 +176,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
+ 	  free (val);
+ 
+ 	  /* read number of rounds for crypt algo */
+-	  if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) {
+	  if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) {
+ 	    val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS);
+ 
+ 	    if (val) {
+@@ -586,7 +586,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
+ 	if (geteuid() == 0) {
+           /* must set the real uid to 0 so the helper will not error
+ 	     out if pam is called from setuid binary (su, sudo...) */
+-	  setuid(0);
+	  if (setuid(0) == -1) {
+             D(("setuid failed"));
+	     _exit(PAM_AUTHINFO_UNAVAIL);
+          }
+ 	}
+ 
+ 	/* exec binary helper */
--- a/pam.changes
+++ b/pam.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de
+
+- Replace fix-compiler-warnings.diff with current git snapshot
+  (git-20130916.diff) for pam_unix.so:
+  - fix glibc warnings
+  - fix syntax error in SELinux code
+  - fix crash at login
+
 -------------------------------------------------------------------
 Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de

--- a/pam.spec
+++ b/pam.spec
@ -53,7 +53,7 @@ Source7:        common-session.pamd
 Source8:        etc.environment
 Source9:        baselibs.conf
 Patch0:         pam_tally-deprecated.diff
-Patch1:         fix-compiler-warnings.diff
+Patch1:         git-20130916.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -98,7 +98,7 @@ building both PAM-aware applications and modules for use with PAM.
 %prep
 %setup -q -n Linux-PAM-%{version} -b 1
 %patch0 -p0
-%patch1 -p0
+%patch1 -p1

 %build
 export CFLAGS="%optflags -DNDEBUG"