rpms/pam/F-9 pam-1.0.4-unix-safeguards.patch, 1.1, 1.2 pam.spec, 1.181, 1.182
Tomáš Mráz
tmraz at fedoraproject.org
Tue Mar 17 14:18:21 UTC 2009
Author: tmraz
Update of /cvs/pkgs/rpms/pam/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3799
Modified Files:
pam-1.0.4-unix-safeguards.patch pam.spec
Log Message:
* Tue Mar 17 2009 Tomas Mraz <tmraz at redhat.com> 1.0.4-2
- update to new upstream minor release (bugfixes and
minor security fixes)
- drop tests for not pulling in libpthread (as NPTL should
be safe)
pam-1.0.4-unix-safeguards.patch:
Index: pam-1.0.4-unix-safeguards.patch
===================================================================
RCS file: /cvs/pkgs/rpms/pam/F-9/pam-1.0.4-unix-safeguards.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- pam-1.0.4-unix-safeguards.patch 17 Mar 2009 12:14:00 -0000 1.1
+++ pam-1.0.4-unix-safeguards.patch 17 Mar 2009 14:17:51 -0000 1.2
@@ -1,6 +1,6 @@
diff -up Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c
---- Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c.safeguards 2009-03-17 11:20:22.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c 2009-03-17 11:20:22.000000000 +0100
+--- Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c.safeguards 2009-03-17 11:25:11.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c 2009-03-17 11:25:11.000000000 +0100
@@ -139,7 +139,7 @@ static int _unix_run_update_binary(pam_h
const char *fromwhat, const char *towhat, int remember)
{
@@ -60,8 +60,8 @@
return retval;
diff -up Linux-PAM-1.0.4/modules/pam_unix/support.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/support.c
---- Linux-PAM-1.0.4/modules/pam_unix/support.c.safeguards 2009-03-17 11:20:22.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/support.c 2009-03-17 11:20:22.000000000 +0100
+--- Linux-PAM-1.0.4/modules/pam_unix/support.c.safeguards 2009-03-17 11:25:11.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/support.c 2009-03-17 11:25:11.000000000 +0100
@@ -396,7 +396,7 @@ static int _unix_run_helper_binary(pam_h
unsigned int ctrl, const char *user)
{
@@ -115,7 +115,7 @@
D(("returning %d", retval));
diff -up Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c
--- Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c.safeguards 2009-03-03 10:00:31.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c 2009-03-17 11:20:22.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c 2009-03-17 15:14:09.000000000 +0100
@@ -65,7 +65,7 @@ int _unix_run_verify_binary(pam_handle_t
const char *user, int *daysleft)
{
@@ -125,7 +125,7 @@
D(("running verify_binary"));
/* create a pipe for the messages */
-@@ -85,29 +85,29 @@ int _unix_run_verify_binary(pam_handle_t
+@@ -85,29 +85,32 @@ int _unix_run_verify_binary(pam_handle_t
* The "noreap" module argument is provided so that the admin can
* override this behavior.
*/
@@ -149,6 +149,9 @@
- close(fds[0]);
+ /* reopen stdout as pipe */
dup2(fds[1], STDOUT_FILENO);
++ /* and replace also the stdin so we do not exec the helper with
++ tty as stdin, it will not read anything from there anyway */
++ dup2(fds[0], STDIN_FILENO);
/* XXX - should really tidy up PAM here too */
@@ -164,7 +167,7 @@
}
}
-@@ -126,7 +126,6 @@ int _unix_run_verify_binary(pam_handle_t
+@@ -126,7 +129,6 @@ int _unix_run_verify_binary(pam_handle_t
pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m");
/* should not get here: exit with error */
@@ -172,7 +175,7 @@
D(("helper binary is not available"));
printf("-1\n");
exit(PAM_AUTHINFO_UNAVAIL);
-@@ -162,9 +161,11 @@ int _unix_run_verify_binary(pam_handle_t
+@@ -162,9 +164,11 @@ int _unix_run_verify_binary(pam_handle_t
}
close(fds[0]);
}
@@ -188,7 +191,7 @@
}
diff -up Linux-PAM-1.0.4/modules/pam_unix/passverify.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/passverify.c
--- Linux-PAM-1.0.4/modules/pam_unix/passverify.c.safeguards 2009-03-02 16:02:22.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/passverify.c 2009-03-17 11:20:22.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/passverify.c 2009-03-17 11:25:11.000000000 +0100
@@ -117,7 +117,7 @@ verify_pwd_hash(const char *p, char *has
p = NULL; /* no longer needed here */
@@ -260,7 +263,7 @@
_exit(sig);
diff -up Linux-PAM-1.0.4/modules/pam_unix/support.h.safeguards Linux-PAM-1.0.4/modules/pam_unix/support.h
--- Linux-PAM-1.0.4/modules/pam_unix/support.h.safeguards 2008-01-23 16:35:13.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/support.h 2009-03-17 11:24:55.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/support.h 2009-03-17 11:25:11.000000000 +0100
@@ -127,6 +127,7 @@ static const UNIX_Ctrls unix_args[UNIX_C
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
Index: pam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam/F-9/pam.spec,v
retrieving revision 1.181
retrieving revision 1.182
diff -u -r1.181 -r1.182
--- pam.spec 17 Mar 2009 13:06:43 -0000 1.181
+++ pam.spec 17 Mar 2009 14:17:51 -0000 1.182
@@ -5,7 +5,7 @@
Summary: A security tool which provides authentication for applications
Name: pam
Version: 1.0.4
-Release: 1%{?dist}
+Release: 2%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
# pam_rhosts_auth module is BSD with advertising
@@ -384,7 +384,7 @@
%doc doc/adg/*.txt doc/adg/html
%changelog
-* Tue Mar 17 2009 Tomas Mraz <tmraz at redhat.com> 1.0.4-1
+* Tue Mar 17 2009 Tomas Mraz <tmraz at redhat.com> 1.0.4-2
- update to new upstream minor release (bugfixes and
minor security fixes)
- drop tests for not pulling in libpthread (as NPTL should
More information about the scm-commits
mailing list