diff --git a/Linux-PAM-1.1.7-docs.tar.bz2 b/Linux-PAM-1.1.7-docs.tar.bz2 deleted file mode 100644 index 411e830..0000000 --- a/Linux-PAM-1.1.7-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4b0d4824888c509214a216487caa636ee8a456268b3a51f7ba7920175e9ac24d -size 147833 diff --git a/Linux-PAM-1.1.7.tar.bz2 b/Linux-PAM-1.1.7.tar.bz2 deleted file mode 100644 index 19330d7..0000000 --- a/Linux-PAM-1.1.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7fef52d86f16f8b39b13211dc3092b8eeb5bc2890e64e64cb7731629c6438e63 -size 1149359 diff --git a/Linux-PAM-1.1.8-docs.tar.bz2 b/Linux-PAM-1.1.8-docs.tar.bz2 new file mode 100644 index 0000000..476906e --- /dev/null +++ b/Linux-PAM-1.1.8-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c4bb6a0e8307d2ab5611457fecf20fcbd6cdfff51dea524f0f06c74e4f3b4ff8 +size 147887 diff --git a/Linux-PAM-1.1.8.tar.bz2 b/Linux-PAM-1.1.8.tar.bz2 new file mode 100644 index 0000000..2b0db42 --- /dev/null +++ b/Linux-PAM-1.1.8.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c4b1f23a236d169e2496fea20721578d864ba00f7242d2b41d81050ac87a1e55 +size 1148944 diff --git a/git-20130916.diff b/git-20130916.diff deleted file mode 100644 index 62efb2c..0000000 --- a/git-20130916.diff +++ /dev/null @@ -1,56 +0,0 @@ -diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c -index 865dc29..8ec4449 100644 ---- a/modules/pam_unix/pam_unix_acct.c -+++ b/modules/pam_unix/pam_unix_acct.c -@@ -121,7 +121,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, - if (geteuid() == 0) { - /* must set the real uid to 0 so the helper will not error - out if pam is called from setuid binary (su, sudo...) */ -- setuid(0); -+ if (setuid(0) == -1) { -+ pam_syslog(pamh, LOG_ERR, "setuid failed: %m"); -+ printf("-1\n"); -+ fflush(stdout); -+ _exit(PAM_AUTHINFO_UNAVAIL); -+ } - } - - /* exec binary helper */ -diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c -index 9bc1cd9..9aae3b0 100644 ---- a/modules/pam_unix/pam_unix_passwd.c -+++ b/modules/pam_unix/pam_unix_passwd.c -@@ -255,7 +255,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const - close(fds[0]); /* close here to avoid possible SIGPIPE above */ - close(fds[1]); - /* wait for helper to complete: */ -- while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR); -+ while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); - if (rc<0) { - pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m"); - retval = PAM_AUTHTOK_ERR; -diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c -index d8f4a6f..19d72e6 100644 ---- a/modules/pam_unix/support.c -+++ b/modules/pam_unix/support.c -@@ -176,7 +176,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, - free (val); - - /* read number of rounds for crypt algo */ -- if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { -+ if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { - val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); - - if (val) { -@@ -586,7 +586,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, - if (geteuid() == 0) { - /* must set the real uid to 0 so the helper will not error - out if pam is called from setuid binary (su, sudo...) */ -- setuid(0); -+ if (setuid(0) == -1) { -+ D(("setuid failed")); -+ _exit(PAM_AUTHINFO_UNAVAIL); -+ } - } - - /* exec binary helper */ diff --git a/pam.changes b/pam.changes index 847d710..7385c2d 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Sep 20 09:43:38 CEST 2013 - kukuk@suse.de + +- Update to official release 1.1.8 (1.1.7 + git-20130916.diff) +- Remove needless pam_tally-deprecated.diff patch + ------------------------------------------------------------------- Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index c670f8a..315c885 100644 --- a/pam.spec +++ b/pam.spec @@ -34,7 +34,7 @@ BuildRequires: libselinux-devel %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 # -Version: 1.1.7 +Version: 1.1.8 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0+ or BSD-3-Clause @@ -52,8 +52,6 @@ Source6: common-password.pamd Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf -Patch0: pam_tally-deprecated.diff -Patch1: git-20130916.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -97,8 +95,6 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 -%patch0 -p0 -%patch1 -p1 %build export CFLAGS="%optflags -DNDEBUG" diff --git a/pam_tally-deprecated.diff b/pam_tally-deprecated.diff deleted file mode 100644 index dc22524..0000000 --- a/pam_tally-deprecated.diff +++ /dev/null @@ -1,38 +0,0 @@ ---- modules/pam_tally/pam_tally.c -+++ modules/pam_tally/pam_tally.c 2009/03/27 10:52:56 -@@ -630,6 +630,8 @@ - const char - *user; - -+ pam_syslog (pamh, LOG_INFO, "pam_tally is deprecated and obsoleted by pam_tally2"); -+ - rvcheck = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); - if ( rvcheck != PAM_SUCCESS ) - RETURN_ERROR( rvcheck ); -@@ -664,6 +666,8 @@ - const char - *user; - -+ pam_syslog (pamh, LOG_INFO, "pam_tally is deprecated and obsoleted by pam_tally2"); -+ - rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); - if ( rv != PAM_SUCCESS ) - RETURN_ERROR( rv ); -@@ -709,6 +713,8 @@ - const char - *user; - -+ pam_syslog (pamh, LOG_INFO, "pam_tally is deprecated and obsoleted by pam_tally2"); -+ - rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv); - if ( rv != PAM_SUCCESS ) - RETURN_ERROR( rv ); -@@ -815,6 +821,8 @@ - exit(0); - } - -+ fprintf (stderr, "\npam_tally is deprecated and pam_tally2 should be used instead\n\n"); -+ - umask(077); - - /*