OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=17

2008-09-26 13:07:06 +00:00 · 2008-09-26 13:07:06 +00:00 · c6e9103e10
commit c6e9103e10
parent 513de029ac
4 changed files with 100 additions and 1 deletions
--- a/pam.changes
+++ b/pam.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Sep 26 13:44:21 CEST 2008 - kukuk@suse.de
+
+- pam_tally: fix fd leak
+- pam_mail: fix "quiet" option
+
 -------------------------------------------------------------------
 Fri Aug 29 15:17:50 CEST 2008 - kukuk@suse.de

--- a/pam.spec
+++ b/pam.spec
@ -35,7 +35,7 @@ License:        BSD 3-Clause; GPL v2 or later
 Group:          System/Libraries
 AutoReqProv:    on
 Version:        1.0.2
-Release:        1
+Release:        8
 Summary:        A Security Tool that Provides Authentication for Applications
 Obsoletes:      pam-laus
 Source:         Linux-PAM-%{version}.tar.bz2
@ -55,6 +55,8 @@ Patch3:         pam_sepermit.diff
 Patch4:         pam-1.0.1-namespace-create.patch
 Patch5:         pam-1.0.0-selinux-env-params.patch
 Patch6:         Linux-PAM-docu-generated.diff
+Patch7:         pam_mail.diff
+Patch8:         pam_tally-fdleak.diff

 %description
 PAM (Pluggable Authentication Modules) is a system security tool that
@ -103,6 +105,8 @@ building both PAM-aware applications and modules for use with PAM.
 %patch4 -p1
 %patch5 -p0
 %patch6 -p1
+%patch7 -p0
+%patch8 -p0

 %build
 CFLAGS="$RPM_OPT_FLAGS" \
@ -304,6 +308,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libpam_misc.so

 %changelog
+* Fri Sep 26 2008 kukuk@suse.de
+- pam_tally: fix fd leak
+- pam_mail: fix "quiet" option
 * Fri Aug 29 2008 kukuk@suse.de
 - Update to version 1.0.2 (fix SELinux regression)
 - enhance pam_tally [FATE#303753]
--- a/pam_mail.diff
+++ b/pam_mail.diff
@ -0,0 +1,49 @@
+2008-09-25  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	* modules/pam_mail/pam_mail.c (report_mail): Fix logic of
+	"quiet" option (Patch from Andreas Henriksson <andreas@fatal.se>)
+
+	* modules/pam_mail/pam_mail.8.xml: Fix typo.
+
+diff -u -r1.5 pam_mail.8.xml
+--- modules/pam_mail/pam_mail.8.xml	18 Aug 2008 13:29:24 -0000	1.5
+++ modules/pam_mail/pam_mail.8.xml	25 Sep 2008 11:51:29 -0000
+@@ -40,7 +40,7 @@
+ 	nopen
+       </arg>
+       <arg choice="opt">
+-	quit
+	quiet
+       </arg>
+       <arg choice="opt">
+ 	standard
+--- modules/pam_mail/pam_mail.c	30 Apr 2007 10:56:24 -0000	1.19
+++ modules/pam_mail/pam_mail.c	25 Sep 2008 11:51:29 -0000
+@@ -303,8 +303,13 @@
+ {
+     int retval;
+ 
+-    if (!(ctrl & PAM_MAIL_SILENT) ||
+-	((ctrl & PAM_QUIET_MAIL) && type == HAVE_NEW_MAIL))
+    if ((ctrl & PAM_MAIL_SILENT) ||
+	((ctrl & PAM_QUIET_MAIL) && type != HAVE_NEW_MAIL))
+      {
+	D(("keeping quiet"));
+	retval = PAM_SUCCESS;
+      }
+    else
+       {
+ 	if (ctrl & PAM_STANDARD_MAIL)
+ 	  switch (type)
+@@ -345,11 +350,6 @@
+ 	      break;
+ 	    }
+       }
+-    else
+-      {
+-	D(("keeping quiet"));
+-	retval = PAM_SUCCESS;
+-      }
+ 
+     D(("returning %s", pam_strerror(pamh, retval)));
+     return retval;
--- a/pam_tally-fdleak.diff
+++ b/pam_tally-fdleak.diff
@ -0,0 +1,37 @@
+2008-09-25  Tomas Mraz <t8m@centrum.cz>
+
+        * modules/pam_tally/pam_tally.c(get_tally): Fix syslog message.
+        (tally_check): Open faillog read only. Close file descriptor.
+        Fix typos in messages.
+
+--- modules/pam_tally/pam_tally.c	9 Jul 2008 12:23:23 -0000	1.30
+++ modules/pam_tally/pam_tally.c	19 Sep 2008 12:29:21 -0000
+@@ -350,7 +350,7 @@ get_tally(pam_handle_t *pamh, tally_t *t
+     }
+ 
+     if ( ! ( *TALLY = fopen(filename,(*tally!=TALLY_HI)?"r+":"r") ) ) {
+-      pam_syslog(pamh, LOG_ALERT, "Error opening %s for update", filename);
+      pam_syslog(pamh, LOG_ALERT, "Error opening %s for %s", filename, *tally!=TALLY_HI?"update":"read");
+ 
+ /* Discovering why account service fails: e/uid are target user.
+  *
+@@ -504,7 +504,7 @@ tally_check (time_t oldtime, pam_handle_
+   tally_t
+     deny          = opts->deny;
+   tally_t
+-    tally         = 0;  /* !TALLY_HI --> Log opened for update */
+    tally         = TALLY_HI;
+   long
+     lock_time     = opts->lock_time;
+ 
+@@ -515,6 +515,10 @@ tally_check (time_t oldtime, pam_handle_
+     i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp);
+     if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); }
+ 
+    if ( TALLY != NULL ) {
+      fclose(TALLY);
+    }
+
+     if ( !(opts->ctrl & OPT_MAGIC_ROOT) || getuid() ) {       /* magic_root skips tally check */
+ 
+       /* To deny or not to deny; that is the question */