rpms/vixie-cron/devel vixie-cron-4.1-_34-pam_fail_close_session.patch, NONE, 1.1 vixie-cron.spec, 1.43, 1.44
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Apr 5 15:10:04 UTC 2005
Update of /cvs/dist/rpms/vixie-cron/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv25262
Modified Files:
vixie-cron.spec
Added Files:
vixie-cron-4.1-_34-pam_fail_close_session.patch
Log Message:
call pam_close_session if pam_setcred fails; fix bug 151145: selinux segfault in chroot
vixie-cron-4.1-_34-pam_fail_close_session.patch:
do_command.c | 1 +
1 files changed, 1 insertion(+)
--- NEW FILE vixie-cron-4.1-_34-pam_fail_close_session.patch ---
--- vixie-cron-4.1/do_command.c.pam_fail_close_session 2005-04-05 10:40:13.138078000 -0400
+++ vixie-cron-4.1/do_command.c 2005-04-05 10:44:42.008938000 -0400
@@ -33,6 +33,7 @@
#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
+ pam_close_session(pamh, PAM_SILENT); \
pam_end(pamh, retcode); exit(1); \
}
#endif
Index: vixie-cron.spec
===================================================================
RCS file: /cvs/dist/rpms/vixie-cron/devel/vixie-cron.spec,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- vixie-cron.spec 15 Mar 2005 14:34:07 -0000 1.43
+++ vixie-cron.spec 5 Apr 2005 15:10:02 -0000 1.44
@@ -7,7 +7,7 @@
Summary: The Vixie cron daemon for executing specified programs at set times.
Name: vixie-cron
Version: 4.1
-Release: 26_FC4
+Release: 28_FC4
Epoch: 1
License: distributable
Group: System Environment/Base
@@ -48,6 +48,7 @@
Patch31: vixie-cron-4.1-_31-allow_pam_access.patch
Patch32: vixie-cron-4.1-_32-no_mail_rcpt_safe_p.patch
Patch33: vixie-cron-4.1-_33-fix_selinux_segfault.patch
+Patch34: vixie-cron-4.1-_34-pam_fail_close_session.patch
Buildroot: %{_tmppath}/%{name}-%{version}-root
Requires: sysklogd >= 1.3.33-6, bash >= 2.0
@@ -112,6 +113,7 @@
%patch31 -p1 -b .allow_pam_access
%patch32 -p1 -b .no_mail_rcpt_safe_p
%patch33 -p1 -b .fix_selinux_segfault
+%patch34 -p1 -b .pam_fail_close_session.patch
%build
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS"
@@ -169,6 +171,11 @@
%config(noreplace) /etc/sysconfig/crond
%changelog
+* Tue Apr 05 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-24_EL
+- Required for EAL Audit certification:
+- If pam_setcred should fail, the pam_session could fail to be
+- closed, leaving autofs user directories still mounted.
+
* Tue Mar 15 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-26_FC4
- fix bug 151145: segfault if cronjob runs without any SELinux user
- security context (eg. in a broken chroot environment)
More information about the fedora-cvs-commits
mailing list