- Update to official release 1.1.8 (1.1.7 + git-20130916.diff)

- Remove needless pam_tally-deprecated.diff patch OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=119
2013-09-20 07:47:31 +00:00 · 2013-09-20 07:47:31 +00:00 · 6916c2ed44
commit 6916c2ed44
parent 7e0a049e63
8 changed files with 13 additions and 105 deletions
--- a/Linux-PAM-1.1.7-docs.tar.bz2
+++ b/Linux-PAM-1.1.7-docs.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:4b0d4824888c509214a216487caa636ee8a456268b3a51f7ba7920175e9ac24d
 size 147833
--- a/Linux-PAM-1.1.7.tar.bz2
+++ b/Linux-PAM-1.1.7.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:7fef52d86f16f8b39b13211dc3092b8eeb5bc2890e64e64cb7731629c6438e63
 size 1149359
--- a/Linux-PAM-1.1.8-docs.tar.bz2
+++ b/Linux-PAM-1.1.8-docs.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:c4bb6a0e8307d2ab5611457fecf20fcbd6cdfff51dea524f0f06c74e4f3b4ff8
 size 147887
--- a/Linux-PAM-1.1.8.tar.bz2
+++ b/Linux-PAM-1.1.8.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:c4b1f23a236d169e2496fea20721578d864ba00f7242d2b41d81050ac87a1e55
 size 1148944
--- a/git-20130916.diff
+++ b/git-20130916.diff
@ -1,56 +0,0 @@
 diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
 index 865dc29..8ec4449 100644
 --- a/modules/pam_unix/pam_unix_acct.c
 +++ b/modules/pam_unix/pam_unix_acct.c
@@ -121,7 +121,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
     if (geteuid() == 0) {
       /* must set the real uid to 0 so the helper will not error
          out if pam is called from setuid binary (su, sudo...) */
 -      setuid(0);
 +      if (setuid(0) == -1) {
 +          pam_syslog(pamh, LOG_ERR, "setuid failed: %m");
 +          printf("-1\n");
 +          fflush(stdout);
 +          _exit(PAM_AUTHINFO_UNAVAIL);
 +      }
     }
     /* exec binary helper */
 diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
 index 9bc1cd9..9aae3b0 100644
 --- a/modules/pam_unix/pam_unix_passwd.c
 +++ b/modules/pam_unix/pam_unix_passwd.c
@@ -255,7 +255,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const
 	close(fds[0]);       /* close here to avoid possible SIGPIPE above */
 	close(fds[1]);
 	/* wait for helper to complete: */
 -	while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR);
 +	while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR);
 	if (rc<0) {
 	  pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m");
 	  retval = PAM_AUTHTOK_ERR;
 diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
 index d8f4a6f..19d72e6 100644
 --- a/modules/pam_unix/support.c
 +++ b/modules/pam_unix/support.c
@@ -176,7 +176,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
 	  free (val);
 	  /* read number of rounds for crypt algo */
 -	  if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) {
 +	  if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) {
 	    val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS);
 	    if (val) {
@@ -586,7 +586,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
 	if (geteuid() == 0) {
           /* must set the real uid to 0 so the helper will not error
 	     out if pam is called from setuid binary (su, sudo...) */
 -	  setuid(0);
 +	  if (setuid(0) == -1) {
 +             D(("setuid failed"));
 +	     _exit(PAM_AUTHINFO_UNAVAIL);
 +          }
 	}
 	/* exec binary helper */
--- a/pam.changes
+++ b/pam.changes
@ -1,3 +1,9 @@
 -------------------------------------------------------------------
 Fri Sep 20 09:43:38 CEST 2013 - kukuk@suse.de
 - Update to official release 1.1.8 (1.1.7 + git-20130916.diff)
 - Remove needless pam_tally-deprecated.diff patch
 -------------------------------------------------------------------
 Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de
--- a/pam.spec
+++ b/pam.spec
@ -34,7 +34,7 @@ BuildRequires:  libselinux-devel
 %define libpam_misc_so_version 0.82.0
 %define libpamc_so_version 0.82.1
 #
-Version:        1.1.7
+Version:        1.1.8
 Release:        0
 Summary:        A Security Tool that Provides Authentication for Applications
 License:        GPL-2.0+ or BSD-3-Clause
@ -52,8 +52,6 @@ Source6:        common-password.pamd
 Source7:        common-session.pamd
 Source8:        etc.environment
 Source9:        baselibs.conf
 Patch0:         pam_tally-deprecated.diff
 Patch1:         git-20130916.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %description
@ -97,8 +95,6 @@ building both PAM-aware applications and modules for use with PAM.
 %prep
 %setup -q -n Linux-PAM-%{version} -b 1
 %patch0 -p0
 %patch1 -p1
 %build
 export CFLAGS="%optflags -DNDEBUG"
--- a/pam_tally-deprecated.diff
+++ b/pam_tally-deprecated.diff
@ -1,38 +0,0 @@
 --- modules/pam_tally/pam_tally.c
 +++ modules/pam_tally/pam_tally.c	2009/03/27 10:52:56
@@ -630,6 +630,8 @@
   const char
     *user;
 +  pam_syslog (pamh, LOG_INFO, "pam_tally is deprecated and obsoleted by pam_tally2");
 +
   rvcheck = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv);
   if ( rvcheck != PAM_SUCCESS )
       RETURN_ERROR( rvcheck );
@@ -664,6 +666,8 @@
   const char
     *user;
 +  pam_syslog (pamh, LOG_INFO, "pam_tally is deprecated and obsoleted by pam_tally2");
 +
   rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv);
   if ( rv != PAM_SUCCESS )
       RETURN_ERROR( rv );
@@ -709,6 +713,8 @@
   const char
     *user;
 +  pam_syslog (pamh, LOG_INFO, "pam_tally is deprecated and obsoleted by pam_tally2");
 +
   rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv);
   if ( rv != PAM_SUCCESS )
       RETURN_ERROR( rv );
@@ -815,6 +821,8 @@
     exit(0);
   }
 +  fprintf (stderr, "\npam_tally is deprecated and pam_tally2 should be used instead\n\n");
 +
   umask(077);
   /*