- Remove pam_unix-login.defs.diff, not needed anymore

OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=115
2013-09-12 08:06:49 +00:00 · 2013-09-12 08:06:49 +00:00 · 0539a57d53
commit 0539a57d53
parent ecd568a2d8
10 changed files with 62 additions and 261 deletions
--- a/Linux-PAM-1.1.6-docs.tar.bz2
+++ b/Linux-PAM-1.1.6-docs.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0244321b1c4b8a71064d984880566890cc809b1c77bdd0550f121fa7d8450497
-size 147359
--- a/Linux-PAM-1.1.6.tar.bz2
+++ b/Linux-PAM-1.1.6.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bab887d6280f47fc3963df3b95735a27a16f0f663636163ddf3acab5f1149fc2
-size 1147538
--- a/Linux-PAM-1.1.7-docs.tar.bz2
+++ b/Linux-PAM-1.1.7-docs.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4b0d4824888c509214a216487caa636ee8a456268b3a51f7ba7920175e9ac24d
+size 147833
--- a/Linux-PAM-1.1.7.tar.bz2
+++ b/Linux-PAM-1.1.7.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7fef52d86f16f8b39b13211dc3092b8eeb5bc2890e64e64cb7731629c6438e63
+size 1149359
--- a/fix-compiler-warnings.diff
+++ b/fix-compiler-warnings.diff
@ -0,0 +1,41 @@
+--- modules/pam_unix/pam_unix_acct.c
+++ modules/pam_unix/pam_unix_acct.c	2013/09/12 07:19:05
+@@ -121,7 +121,12 @@
+     if (geteuid() == 0) {
+       /* must set the real uid to 0 so the helper will not error
+          out if pam is called from setuid binary (su, sudo...) */
+-      setuid(0);
+      if (setuid(0) == -1) {
+          pam_syslog(pamh, LOG_ERR, "setuid failed: %m");
+          printf("-1\n");
+          fflush(stdout);
+          _exit(PAM_AUTHINFO_UNAVAIL);
+      }
+     }
+ 
+     /* exec binary helper */
+--- modules/pam_unix/pam_unix_passwd.c
+++ modules/pam_unix/pam_unix_passwd.c	2013/09/12 07:24:40
+@@ -255,7 +255,7 @@
+ 	close(fds[0]);       /* close here to avoid possible SIGPIPE above */
+ 	close(fds[1]);
+ 	/* wait for helper to complete: */
+-	while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR);
+	while ((rc=waitpid(child, &retval, 0) < 0) && errno == EINTR);
+ 	if (rc<0) {
+ 	  pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m");
+ 	  retval = PAM_AUTHTOK_ERR;
+--- modules/pam_unix/support.c
+++ modules/pam_unix/support.c	2013/09/12 07:20:51
+@@ -586,7 +586,10 @@
+ 	if (geteuid() == 0) {
+           /* must set the real uid to 0 so the helper will not error
+ 	     out if pam is called from setuid binary (su, sudo...) */
+-	  setuid(0);
+	  if (setuid(0) == -1) {
+             D(("setuid failed"));
+	     _exit(PAM_AUTHINFO_UNAVAIL);
+          }
+ 	}
+ 
+ 	/* exec binary helper */
--- a/missing-DESTDIR.diff
+++ b/missing-DESTDIR.diff
@ -1,38 +0,0 @@
-From d7e6b921cd34f7ad8fc4d05065c75d13ba330896 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Fri, 17 Aug 2012 12:46:40 +0000
-Subject: Add missing $(DESTDIR) when making directories on install.
-
-modules/pam_namespace/Makefile.am: Add missing $(DESTDIR) when making
-$(namespaceddir) on install.
-modules/pam_sepermit/Makefile.am: Add missing $(DESTDIR) when making
-$(sepermitlockdir) on install.
---
-diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am
-index a28f196..ebb00f3 100644
--- a/modules/pam_namespace/Makefile.am
-+++ b/modules/pam_namespace/Makefile.am
-@@ -40,7 +40,7 @@ if HAVE_UNSHARE
-   secureconf_SCRIPTS = namespace.init
- 
- install-data-local:
-	mkdir -p $(namespaceddir)
-+	mkdir -p $(DESTDIR)$(namespaceddir)
- endif
- 
- 
-diff --git a/modules/pam_sepermit/Makefile.am b/modules/pam_sepermit/Makefile.am
-index cfc5594..bc82275 100644
--- a/modules/pam_sepermit/Makefile.am
-+++ b/modules/pam_sepermit/Makefile.am
-@@ -35,7 +35,7 @@ if HAVE_LIBSELINUX
-   securelib_LTLIBRARIES = pam_sepermit.la
- 
- install-data-local:
-	mkdir -p $(sepermitlockdir)
-+	mkdir -p $(DESTDIR)$(sepermitlockdir)
- endif
- if ENABLE_REGENERATE_MAN
- noinst_DATA = README pam_sepermit.8 sepermit.conf.5
--
-cgit v0.9.0.2
--- a/pam-fix-includes.patch
+++ b/pam-fix-includes.patch
@ -1,10 +0,0 @@
--- modules/pam_unix/pam_unix_passwd.c
-+++ modules/pam_unix/pam_unix_passwd.c
-@@ -54,6 +54,7 @@
- #include <ctype.h>
- #include <sys/time.h>
- #include <sys/stat.h>
-+#include <sys/resource.h>
- 
- #include <signal.h>
- #include <errno.h>
--- a/pam.changes
+++ b/pam.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de
+
+- Remove pam_unix-login.defs.diff, not needed anymore 
+
+-------------------------------------------------------------------
+Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de
+
+- Update to version 1.1.7 (bugfix release)
+  - Drop missing-DESTDIR.diff and pam-fix-includes.patch
+  - fix-compiler-warnings.diff: fix unchecked setuid return code
+
 -------------------------------------------------------------------
 Tue Aug  6 10:30:13 CEST 2013 - mc@suse.de

--- a/pam.spec
+++ b/pam.spec
@ -30,14 +30,11 @@ BuildRequires:  pkgconfig(libtirpc)
 %if %{enable_selinux}
 BuildRequires:  libselinux-devel
 %endif
-BuildRequires:  autoconf
-BuildRequires:  automake
-BuildRequires:  libtool
 %define libpam_so_version 0.83.1
 %define libpam_misc_so_version 0.82.0
 %define libpamc_so_version 0.82.1
-
-Version:        1.1.6
+#
+Version:        1.1.7
 Release:        0
 Summary:        A Security Tool that Provides Authentication for Applications
 License:        GPL-2.0+ or BSD-3-Clause
@ -56,9 +53,7 @@ Source7:        common-session.pamd
 Source8:        etc.environment
 Source9:        baselibs.conf
 Patch0:         pam_tally-deprecated.diff
-Patch1:         pam-fix-includes.patch
-Patch2:         missing-DESTDIR.diff
-Patch3:         pam_unix-login.defs.diff
+Patch1:         fix-compiler-warnings.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -104,11 +99,8 @@ building both PAM-aware applications and modules for use with PAM.
 %setup -q -n Linux-PAM-%{version} -b 1
 %patch0 -p0
 %patch1 -p0
-%patch2 -p1
-%patch3 -p1

 %build
-autoreconf -i
 export CFLAGS="%optflags -DNDEBUG"
 %configure \
 	--sbindir=/sbin \
--- a/pam_unix-login.defs.diff
+++ b/pam_unix-login.defs.diff
@ -1,196 +0,0 @@
-Use hash from /etc/login.defs as default if no
-other one is specified as argument.
-
-* modules/pam_unix/support.c: Add search_key, call from __set_ctrl
-* modules/pam_unix/support.h: Add define for /etc/login.defs
-* modules/pam_unix/pam_unix.8.xml: Document new behavior.
-* modules/pam_umask/pam_umask.c: Add missing NULL pointer check
-
-diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c
-index 6d2ec1a..863f038 100644
--- a/modules/pam_umask/pam_umask.c
-+++ b/modules/pam_umask/pam_umask.c
-@@ -1,5 +1,5 @@
- /*
- * Copyright (c) 2005, 2006, 2007, 2010 Thorsten Kukuk <kukuk@thkukuk.de>
-+ * Copyright (c) 2005, 2006, 2007, 2010, 2013 Thorsten Kukuk <kukuk@thkukuk.de>
-  *
-  * Redistribution and use in source and binary forms, with or without
-  * modification, are permitted provided that the following conditions
-@@ -112,6 +112,10 @@ search_key (const char *filename)
-         {
-           buflen = BUF_SIZE;
-           buf = malloc (buflen);
-+	  if (buf == NULL) {
-+	    fclose (fp);
-+	    return NULL;
-+	  }
-         }
-       buf[0] = '\0';
-       if (fgets (buf, buflen - 1, fp) == NULL)
-diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
-index 0a42d7a..9ce084e 100644
--- a/modules/pam_unix/pam_unix.8.xml
-+++ b/modules/pam_unix/pam_unix.8.xml
-@@ -81,7 +81,9 @@
- 
-     <para>
-       The password component of this module performs the task of updating
-      the user's password.
-+      the user's password. The default encryption hash is taken from the
-+      <emphasis remap='B'>ENCRYPT_METHOD</emphasis> variable from
-+      <emphasis>/etc/login.defs</emphasis>
-     </para>
- 
-     <para>
-@@ -393,6 +395,9 @@ session    required   pam_unix.so
-     <title>SEE ALSO</title>
-     <para>
-       <citerefentry>
-+	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
-+      </citerefentry>,
-+      <citerefentry>
- 	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
-       </citerefentry>,
-       <citerefentry>
-diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
-index ab04535..527c380 100644
--- a/modules/pam_unix/support.c
-+++ b/modules/pam_unix/support.c
-@@ -37,6 +37,80 @@
- #define SELINUX_ENABLED 0
- #endif
- 
-+static char *
-+search_key (const char *filename)
-+{
-+  FILE *fp;
-+  char *buf = NULL;
-+  size_t buflen = 0;
-+  char *retval = NULL;
-+
-+  fp = fopen (filename, "r");
-+  if (NULL == fp)
-+    return NULL;
-+
-+  while (!feof (fp))
-+    {
-+      char *tmp, *cp;
-+#if defined(HAVE_GETLINE)
-+      ssize_t n = getline (&buf, &buflen, fp);
-+#elif defined (HAVE_GETDELIM)
-+      ssize_t n = getdelim (&buf, &buflen, '\n', fp);
-+#else
-+      ssize_t n;
-+
-+      if (buf == NULL)
-+        {
-+          buflen = BUF_SIZE;
-+          buf = malloc (buflen);
-+	  if (buf == NULL) {
-+	    fclose (fp);
-+	    return NULL;
-+	  }
-+        }
-+      buf[0] = '\0';
-+      if (fgets (buf, buflen - 1, fp) == NULL)
-+        break;
-+      else if (buf != NULL)
-+        n = strlen (buf);
-+      else
-+        n = 0;
-+#endif /* HAVE_GETLINE / HAVE_GETDELIM */
-+      cp = buf;
-+
-+      if (n < 1)
-+        break;
-+
-+      tmp = strchr (cp, '#');  /* remove comments */
-+      if (tmp)
-+        *tmp = '\0';
-+      while (isspace ((int)*cp))    /* remove spaces and tabs */
-+        ++cp;
-+      if (*cp == '\0')        /* ignore empty lines */
-+        continue;
-+
-+      if (cp[strlen (cp) - 1] == '\n')
-+        cp[strlen (cp) - 1] = '\0';
-+
-+      tmp = strsep (&cp, " \t=");
-+      if (cp != NULL)
-+        while (isspace ((int)*cp) || *cp == '=')
-+          ++cp;
-+
-+      if (strcasecmp (tmp, "ENCRYPT_METHOD") == 0)
-+        {
-+          retval = strdup (cp);
-+          break;
-+        }
-+    }
-+  fclose (fp);
-+
-+  free (buf);
-+
-+  return retval;
-+}
-+
-+
- /* this is a front-end for module-application conversations */
- 
- int _make_remark(pam_handle_t * pamh, unsigned int ctrl,
-@@ -58,6 +132,8 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
- 	      int *pass_min_len, int argc, const char **argv)
- {
- 	unsigned int ctrl;
-+	char *val;
-+	int j;
- 
- 	D(("called."));
- 
-@@ -81,10 +157,28 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
- 		D(("SILENT"));
- 		set(UNIX__QUIET, ctrl);
- 	}
-+
-+	/* preset encryption method with value from /etc/login.defs */
-+	val = search_key (LOGIN_DEFS);
-+	if (val) {
-+	  for (j = 0; j < UNIX_CTRLS_; ++j) {
-+	    if (unix_args[j].token
-+		&& !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) {
-+	      break;
-+	    }
-+	  }
-+	  if (j >= UNIX_CTRLS_) {
-+	    pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD value [%s]", val);
-+	  } else {
-+	    ctrl &= unix_args[j].mask;	/* for turning things off */
-+	    ctrl |= unix_args[j].flag;	/* for turning things on  */
-+	  }
-+	  free (val);
-+	}
-+
- 	/* now parse the arguments to this module */
- 
- 	for (; argc-- > 0; ++argv) {
-		int j;
- 
- 		D(("pam_unix arg: %s", *argv));
- 
-diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
-index db4cd95..d21e349 100644
--- a/modules/pam_unix/support.h
-+++ b/modules/pam_unix/support.h
-@@ -8,6 +8,12 @@
- #include <pwd.h>
- 
- /*
-+ * File to read value of ENCRYPT_METHOD from.
-+ */
-+#define LOGIN_DEFS "/etc/login.defs"
-+
-+
-+/*
-  * here is the string to inform the user that the new passwords they
-  * typed were not the same.
-  */