diff --git a/Linux-PAM-1.1.0-CVS.diff b/Linux-PAM-1.1.0-CVS.diff new file mode 100644 index 0000000..43ed339 --- /dev/null +++ b/Linux-PAM-1.1.0-CVS.diff @@ -0,0 +1,185 @@ +? make.log +Index: ChangeLog +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/ChangeLog,v +retrieving revision 1.464 +retrieving revision 1.467 +diff -u -r1.464 -r1.467 +--- ChangeLog 19 Jun 2009 14:45:29 -0000 1.464 ++++ ChangeLog 26 Jun 2009 12:23:28 -0000 1.467 +@@ -1,3 +1,16 @@ ++2009-06-26 Thorsten Kukuk ++ ++ * modules/pam_unix/pam_unix_passwd.c: Remove dead SELinux ++ code. ++ ++ * modules/pam_lastlog/pam_lastlog.c (last_login_failed): Fix ++ usage of wrong variable [bug#2809661]. ++ ++2009-06-25 Thorsten Kukuk ++ ++ * configure.in: Rename crypt_gensalt_rn to crypt_gensalt_r ++ * modules/pam_unix/passverify.c: Likewise. ++ + 2009-06-19 Thorsten Kukuk + + * release version 1.1.0 +Index: configure.in +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/configure.in,v +retrieving revision 1.135 +retrieving revision 1.136 +diff -u -r1.135 -r1.136 +--- configure.in 19 Jun 2009 14:45:30 -0000 1.135 ++++ configure.in 26 Jun 2009 09:55:25 -0000 1.136 +@@ -363,8 +363,8 @@ + AC_CHECK_HEADERS(xcrypt.h crypt.h) + BACKUP_LIBS=$LIBS + AC_SEARCH_LIBS([crypt],[xcrypt crypt], LIBCRYPT="-l$ac_lib", LIBCRYPT="") +-AC_CHECK_FUNCS(crypt_r crypt_gensalt_rn) +-LIBS=$BACKUP_LIBS ++AC_CHECK_FUNCS(crypt_r crypt_gensalt_r) ++Libs=$BACKUP_LIBS + AC_SUBST(LIBCRYPT) + if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then + AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.]) +Index: modules/pam_lastlog/pam_lastlog.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_lastlog/pam_lastlog.c,v +retrieving revision 1.24 +retrieving revision 1.25 +diff -u -r1.24 -r1.25 +--- modules/pam_lastlog/pam_lastlog.c 30 Sep 2008 14:40:39 -0000 1.24 ++++ modules/pam_lastlog/pam_lastlog.c 26 Jun 2009 12:07:11 -0000 1.25 +@@ -454,7 +454,7 @@ + goto cleanup; + } + } +- ++ + if (line != NULL || date != NULL || host != NULL) { + /* TRANSLATORS: "Last failed login: from on " */ + pam_info(pamh, _("Last failed login:%s%s%s"), +@@ -471,7 +471,7 @@ + failed), + failed); + #else +- if (daysleft == 1) ++ if (failed == 1) + retval = asprintf(&line, + _("There was %d failed login attempt since the last successful login."), + failed); +Index: modules/pam_unix/pam_unix_passwd.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_unix/pam_unix_passwd.c,v +retrieving revision 1.55 +retrieving revision 1.56 +diff -u -r1.55 -r1.56 +--- modules/pam_unix/pam_unix_passwd.c 11 May 2009 14:52:31 -0000 1.55 ++++ modules/pam_unix/pam_unix_passwd.c 26 Jun 2009 12:23:28 -0000 1.56 +@@ -1,7 +1,7 @@ + /* + * Main coding by Elliot Lee , Red Hat Software. + * Copyright (C) 1996. +- * Copyright (c) Jan Rêkorajski, 1999. ++ * Copyright (c) Jan Rêkorajski, 1999. + * Copyright (c) Red Hat, Inc., 2007, 2008. + * + * Redistribution and use in source and binary forms, with or without +@@ -61,11 +61,6 @@ + #include + #include + #include +-#ifdef WITH_SELINUX +-static int selinux_enabled=-1; +-#include +-#define SELINUX_ENABLED (selinux_enabled!=-1 ? selinux_enabled : (selinux_enabled=is_selinux_enabled()>0)) +-#endif + + #include + +@@ -196,7 +191,7 @@ + + snprintf(buffer, sizeof(buffer), "%d", remember); + args[4] = x_strdup(buffer); +- ++ + execve(UPDATE_HELPER, args, envp); + + /* should not get here: exit with error */ +@@ -698,7 +693,7 @@ + pass_new = NULL; + } + retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new); +- ++ + if (retval != PAM_SUCCESS && off(UNIX_NOT_SET_PASS, ctrl)) { + pam_set_item(pamh, PAM_AUTHTOK, NULL); + } +Index: modules/pam_unix/passverify.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_unix/passverify.c,v +retrieving revision 1.12 +retrieving revision 1.13 +diff -u -r1.12 -r1.13 +--- modules/pam_unix/passverify.c 25 Mar 2009 10:54:23 -0000 1.12 ++++ modules/pam_unix/passverify.c 26 Jun 2009 09:55:25 -0000 1.13 +@@ -274,7 +274,7 @@ + } + if ((curdays - spent->sp_lstchg < spent->sp_min) + && (spent->sp_min != -1)) { +- /* ++ /* + * The last password change was too recent. This error will be ignored + * if no password change is attempted. + */ +@@ -403,11 +403,11 @@ + return crypted; + } + +-#ifdef HAVE_CRYPT_GENSALT_RN ++#ifdef HAVE_CRYPT_GENSALT_R + if (on(UNIX_BLOWFISH_PASS, ctrl)) { + char entropy[17]; + crypt_make_salt(entropy, sizeof(entropy) - 1); +- sp = crypt_gensalt_rn(algoid, rounds, ++ sp = crypt_gensalt_r (algoid, rounds, + entropy, sizeof(entropy), + salt, sizeof(salt)); + } else { +@@ -420,7 +420,7 @@ + /* For now be conservative so the resulting hashes + * are not too long. 8 bytes of salt prevents dictionary + * attacks well enough. */ +-#ifdef HAVE_CRYPT_GENSALT_RN ++#ifdef HAVE_CRYPT_GENSALT_R + } + #endif + sp = crypt(password, salt); +@@ -684,7 +684,7 @@ + D(("fflush or fsync error writing entries to old passwords file: %m")); + err = 1; + } +- ++ + if (fclose(pwfile)) { + D(("fclose error writing entries to old passwords file: %m")); + err = 1; +@@ -804,7 +804,7 @@ + D(("fflush or fsync error writing entries to password file: %m")); + err = 1; + } +- ++ + if (fclose(pwfile)) { + D(("fclose error writing entries to password file: %m")); + err = 1; +@@ -930,7 +930,7 @@ + D(("fflush or fsync error writing entries to shadow file: %m")); + err = 1; + } +- ++ + if (fclose(pwfile)) { + D(("fclose error writing entries to shadow file: %m")); + err = 1; diff --git a/pam.changes b/pam.changes index 1db3034..eb233f8 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jun 26 14:46:21 CEST 2009 - kukuk@suse.de + +- Add fixes from CVS + ------------------------------------------------------------------- Wed Jun 24 09:52:29 CEST 2009 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 11420a5..d381ac1 100644 --- a/pam.spec +++ b/pam.spec @@ -44,7 +44,7 @@ Obsoletes: pam-64bit %endif # Version: 1.1.0 -Release: 1 +Release: 2 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 @@ -56,6 +56,7 @@ Source6: common-password.pamd Source7: common-session.pamd Source8: etc.environment Patch: pam_tally-deprecated.diff +Patch1: Linux-PAM-1.1.0-CVS.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -104,8 +105,15 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch -p0 +%patch1 -p0 %build +aclocal -I m4 --install --force +autoheader +libtoolize --force --automake --copy +automake --add-missing --copy +autoreconf +chmod 755 configure CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \ ./configure \ --infodir=%{_infodir} \