rpms/pam/devel Linux-PAM-0.99.7.0.tar.bz2.sign, NONE, 1.1 pam-0.99.7.0-dbpam.patch, NONE, 1.1 pam-0.99.7.0-namespace-level.patch, NONE, 1.1 pam-0.99.7.0-namespace-no-unmount.patch, NONE, 1.1 pam-0.99.7.0-redhat-modules.patch, NONE, 1.1 pam-0.99.7.0-selinux-build.patch, NONE, 1.1 .cvsignore, 1.40, 1.41 pam.spec, 1.139, 1.140 sources, 1.42, 1.43 Linux-PAM-0.99.6.2.tar.bz2.sign, 1.1, NONE pam-0.99.4.0-dbpam.patch, 1.1, NONE pam-0.99.5.0-redhat-modules.patch, 1.1, NONE pam-0.99.6.0-succif-session.patch, 1.1, NONE pam-0.99.6.2-doc-add-ids.patch, 1.1, NONE pam-0.99.6.2-ja-no-shortcut.patch, 1.1, NONE pam-0.99.6.2-keyinit-setgid.patch, 1.2, NONE pam-0.99.6.2-namespace-level.patch, 1.1, NONE pam-0.99.6.2-namespace-no-unmount.patch, 1.1, NONE pam-0.99.6.2-namespace-overflow.patch, 1.1, NONE pam-0.99.6.2-reconf.patch, 1.1, NONE pam-0.99.6.2-unix-username.patch, 1.1, NONE pam_namespace-10.patch, 1.1, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Jan 19 17:42:23 UTC 2007
- Previous message (by thread): rpms/docbook-style-xsl/devel .cvsignore, 1.15, 1.16 docbook-style-xsl.Makefile, 1.2, 1.3 docbook-style-xsl.spec, 1.28, 1.29 sources, 1.15, 1.16 docbook-xsl-lists.patch, 1.2, NONE docbook-xsl-sp.patch, 1.1, NONE
- Next message (by thread): rpms/hunspell/devel hunspell-1.1.4-sharedlibs.patch, 1.1, 1.2 hunspell.spec, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/dist/rpms/pam/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv24421
Modified Files:
.cvsignore pam.spec sources
Added Files:
Linux-PAM-0.99.7.0.tar.bz2.sign pam-0.99.7.0-dbpam.patch
pam-0.99.7.0-namespace-level.patch
pam-0.99.7.0-namespace-no-unmount.patch
pam-0.99.7.0-redhat-modules.patch
pam-0.99.7.0-selinux-build.patch
Removed Files:
Linux-PAM-0.99.6.2.tar.bz2.sign pam-0.99.4.0-dbpam.patch
pam-0.99.5.0-redhat-modules.patch
pam-0.99.6.0-succif-session.patch
pam-0.99.6.2-doc-add-ids.patch
pam-0.99.6.2-ja-no-shortcut.patch
pam-0.99.6.2-keyinit-setgid.patch
pam-0.99.6.2-namespace-level.patch
pam-0.99.6.2-namespace-no-unmount.patch
pam-0.99.6.2-namespace-overflow.patch
pam-0.99.6.2-reconf.patch pam-0.99.6.2-unix-username.patch
pam_namespace-10.patch
Log Message:
* Fri Jan 19 2007 Tomas Mraz <tmraz at redhat.com> 0.99.7.0-1
- upgrade to new upstream version
- drop pam_stack module as it is obsolete
- some changes to silence rpmlint
--- NEW FILE Linux-PAM-0.99.7.0.tar.bz2.sign ---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: See http://www.kernel.org/signature.html for info
iD8DBQBFrqNOyGugalF9Dw4RAu8XAJ4va0VeqHoD4bvB3mG8h+0Rpzk1aACfY0eR
6+CQiju/QXqny24knVRj1cI=
=miOa
-----END PGP SIGNATURE-----
pam-0.99.7.0-dbpam.patch:
configure.in | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE pam-0.99.7.0-dbpam.patch ---
--- Linux-PAM-0.99.7.0/configure.in.dbpam 2007-01-19 07:39:09.000000000 -0500
+++ Linux-PAM-0.99.7.0/configure.in 2007-01-19 07:40:07.000000000 -0500
@@ -348,7 +348,7 @@
WITH_DB=$enableval, WITH_DB=yes)
if test x"$WITH_DB" != xno ; then
if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then
- AC_CHECK_LIB([db], [db_create], LIBDB="-ldb", LIBDB="")
+ AC_CHECK_LIB([db], [db_create_pam], LIBDB="-ldb", LIBDB="")
if test -z "$LIBDB" ; then
AC_CHECK_LIB([db], [dbm_store], LIBDB="-ldb", LIBDB="")
fi
pam-0.99.7.0-namespace-level.patch:
namespace.conf | 16 +++------
namespace.conf.5.xml | 18 +++++-----
pam_namespace.c | 90 ++++++++++++++++++++++++++++++++++++++-------------
pam_namespace.h | 4 +-
4 files changed, 87 insertions(+), 41 deletions(-)
--- NEW FILE pam-0.99.7.0-namespace-level.patch ---
--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c.level 2007-01-19 08:33:11.000000000 -0500
+++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c 2007-01-19 08:33:11.000000000 -0500
@@ -244,23 +244,29 @@
}
strcpy(poly.dir, dir);
strcpy(poly.instance_prefix, instance_prefix);
- if (strcmp(method, "user") == 0)
- poly.method = USER;
+
+ poly.method = NONE;
+ if (strcmp(method, "user") == 0)
+ poly.method = USER;
+
#ifdef WITH_SELINUX
- else if (strcmp(method, "context") == 0) {
+ if (strcmp(method, "level") == 0) {
if (idata->flags & PAMNS_CTXT_BASED_INST)
- poly.method = CONTEXT;
+ poly.method = LEVEL;
else
poly.method = USER;
- } else if (strcmp(method, "both") == 0) {
+ }
+
+ if (strcmp(method, "context") == 0) {
if (idata->flags & PAMNS_CTXT_BASED_INST)
- poly.method = BOTH;
+ poly.method = CONTEXT;
else
poly.method = USER;
}
#endif
- else {
+
+ if ( poly.method == NONE) {
pam_syslog(idata->pamh, LOG_NOTICE, "Illegal method");
goto skipping;
}
@@ -448,19 +454,23 @@
return PAM_SESSION_ERR;
}
+ if (polyptr->method == USER) return PAM_SUCCESS;
+
+ rc = getexeccon(&scon);
+ if (rc < 0 || scon == NULL) {
+ pam_syslog(idata->pamh, LOG_ERR,
+ "Error getting exec context, %m");
+ return PAM_SESSION_ERR;
+ }
+
/*
* If polyinstantiating based on security context, get current
* process security context, get security class for directories,
* and ask the policy to provide security context of the
* polyinstantiated instance directory.
*/
- if ((polyptr->method == CONTEXT) || (polyptr->method == BOTH)) {
- rc = getexeccon(&scon);
- if (rc < 0 || scon == NULL) {
- pam_syslog(idata->pamh, LOG_ERR,
- "Error getting exec context, %m");
- return PAM_SESSION_ERR;
- }
+
+ if (polyptr->method == CONTEXT) {
tclass = string_to_security_class("dir");
if (security_compute_member(scon, *origcon, tclass,
@@ -473,7 +483,48 @@
pam_syslog(idata->pamh, LOG_DEBUG,
"member context returned by policy %s", *i_context);
freecon(scon);
+ return PAM_SUCCESS;
}
+
+ /*
+ * If polyinstantiating based on security level, get current
+ * process security context, get security class for directories,
+ * and change the directories MLS Level to match process.
+ */
+
+ if (polyptr->method == LEVEL) {
+ context_t scontext = NULL;
+ context_t fcontext = NULL;
+ rc = PAM_SESSION_ERR;
+
+ scontext = context_new(scon);
+ if (! scontext) {
+ pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+ goto fail;
+ }
+ fcontext = context_new(*origcon);
+ if (! fcontext) {
+ pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+ goto fail;
+ }
+ if (context_range_set(fcontext, context_range_get(scontext)) != 0) {
+ pam_syslog(idata->pamh, LOG_ERR, "Unable to set MLS Componant of context");
+ goto fail;
+ }
+ *i_context=strdup(context_str(fcontext));
+ if (! *i_context) {
+ pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+ goto fail;
+ }
+
+ rc = PAM_SUCCESS;
+ fail:
+ context_free(scontext);
+ context_free(fcontext);
+ freecon(scon);
+ return rc;
+ }
+ /* Should never get here */
return PAM_SUCCESS;
}
#endif
@@ -514,19 +565,14 @@
break;
#ifdef WITH_SELINUX
+ case LEVEL:
case CONTEXT:
- if (asprintf(i_name, "%s", *i_context) < 0) {
- *i_name = NULL;
- rc = PAM_SESSION_ERR;
- }
- break;
-
- case BOTH:
if (asprintf(i_name, "%s_%s", *i_context, idata->user) < 0) {
*i_name = NULL;
rc = PAM_SESSION_ERR;
}
break;
+
#endif /* WITH_SELINUX */
default:
@@ -1158,7 +1204,7 @@
#ifdef WITH_SELINUX
if (is_selinux_enabled())
idata.flags |= PAMNS_SELINUX_ENABLED;
- if (ctxt_based_inst_needed())
+ if (ctxt_based_inst_needed())
idata.flags |= PAMNS_CTXT_BASED_INST;
#endif
--- Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.level 2006-06-27 09:07:43.000000000 -0400
+++ Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf 2007-01-19 08:33:11.000000000 -0500
@@ -4,12 +4,10 @@
#
# Uncommenting the following three lines will polyinstantiate
# /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will
-# be polyinstantiated based on both security context as well as user
-# name, whereas home directory will be polyinstantiated based on
-# security context only. Polyinstantion will not be performed for
-# user root and adm for directories /tmp and /var/tmp, whereas home
-# directories will be polyinstantiated for all users. The user name
-# and/or context is appended to the instance prefix.
+# be polyinstantiated based on the MLS level part of the security context as well as user
+# name, Polyinstantion will not be performed for user root and adm for directories
+# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users.
+# The user name and context is appended to the instance prefix.
#
# Note that instance directories do not have to reside inside the
# polyinstantiated directory. In the examples below, instances of /tmp
@@ -25,6 +23,6 @@
# caution, as it will reduce security and isolation achieved by
# polyinstantiation.
#
-#/tmp /tmp-inst/ both root,adm
-#/var/tmp /var/tmp/tmp-inst/ both root,adm
-#$HOME $HOME/$USER.inst/inst- context
+#/tmp /tmp-inst/ level root,adm
+#/var/tmp /var/tmp/tmp-inst/ level root,adm
+#$HOME $HOME/$USER.inst/ level
--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h.level 2007-01-19 08:33:11.000000000 -0500
+++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h 2007-01-19 08:33:11.000000000 -0500
@@ -63,6 +63,7 @@
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
+#include <selinux/context.h>
#endif
#ifndef CLONE_NEWNS
@@ -93,9 +94,10 @@
* or both
*/
enum polymethod {
+ NONE,
USER,
CONTEXT,
- BOTH,
+ LEVEL,
};
/*
--- Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.5.xml.level 2006-06-27 09:07:43.000000000 -0400
+++ Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.5.xml 2007-01-19 08:33:11.000000000 -0500
@@ -22,7 +22,7 @@
<para>
This module allows setup of private namespaces with polyinstantiated
directories. Directories can be polyinstantiated based on user name
- or, in the case of SELinux, user name, security context or both. If an
+ or, in the case of SELinux, user name, sensitivity level or complete security context. If an
executable script <filename>/etc/security/namespace.init</filename>
exists, it is used to initialize the namespace every time a new instance
directory is setup. The script receives the polyinstantiated
@@ -72,10 +72,10 @@
<para>
The third field, <replaceable>method</replaceable>, is the method
used for polyinstantiation. It can take 3 different values; "user"
- for polyinstantiation based on user name, "context" for
- polyinstantiation based on process security context, and "both"
- for polyinstantiation based on both user name and security context.
- Methods "context" and "both" are only available with SELinux. This
+ for polyinstantiation based on user name, "level" for
+ polyinstantiation based on process MLS level and user name, and "context" for
+ polyinstantiation based on process security context and user name
+ Methods "context" and "level" are only available with SELinux. This
field cannot be blank.
</para>
@@ -98,9 +98,9 @@
<literallayout>
# The following three lines will polyinstantiate /tmp,
# /var/tmp and user's home directories. /tmp and /var/tmp
- # will be polyinstantiated based on both security context
+ # will be polyinstantiated based on the security level
# as well as user name, whereas home directory will be
- # polyinstantiated based on security context only.
+ # polyinstantiated based on the full security context and user name.
# Polyinstantiation will not be performed for user root
# and adm for directories /tmp and /var/tmp, whereas home
# directories will be polyinstantiated for all users.
@@ -112,8 +112,8 @@
# will reside within the directories that are being
# polyinstantiated.
#
- /tmp /tmp-inst/ both root,adm
- /var/tmp /var/tmp/tmp-inst/ both root,adm
+ /tmp /tmp-inst/ level root,adm
+ /var/tmp /var/tmp/tmp-inst/ level root,adm
$HOME $HOME/$USER.inst/inst- context
</literallayout>
pam-0.99.7.0-namespace-no-unmount.patch:
README.xml | 8 ++++++++
pam_namespace.8.xml | 19 +++++++++++++++++++
pam_namespace.c | 18 ++++++++++++++++++
pam_namespace.h | 1 +
4 files changed, 46 insertions(+)
--- NEW FILE pam-0.99.7.0-namespace-no-unmount.patch ---
--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c.no-unmount 2006-10-24 07:45:36.000000000 -0400
+++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c 2007-01-19 08:08:58.000000000 -0500
@@ -1266,12 +1266,30 @@
idata.flags |= PAMNS_DEBUG;
if (strcmp(argv[i], "ignore_config_error") == 0)
idata.flags |= PAMNS_IGN_CONFIG_ERR;
+ if (strcmp(argv[i], "no_unmount_on_close") == 0)
+ idata.flags |= PAMNS_NO_UNMOUNT_ON_CLOSE;
}
if (idata.flags & PAMNS_DEBUG)
pam_syslog(idata.pamh, LOG_DEBUG, "close_session - start");
/*
+ * For certain trusted programs such as newrole, open session
+ * is called from a child process while the parent perfoms
+ * close session and pam end functions. For these commands
+ * pam_close_session should not perform the unmount of the
+ * polyinstantiatied directory because it will result in
+ * undoing of parents polyinstantiatiaion. These commands
+ * will invoke pam_namespace with the "no_unmount_on_close"
+ * argument.
+ */
+ if (idata.flags & PAMNS_NO_UNMOUNT_ON_CLOSE) {
+ if (idata.flags & PAMNS_DEBUG)
+ pam_syslog(idata.pamh, LOG_DEBUG, "close_session - sucessful");
+ return PAM_SUCCESS;
+ }
+
+ /*
* Lookup user and fill struct items
*/
retval = pam_get_item(idata.pamh, PAM_USER, (void*) &user_name );
--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.8.xml.no-unmount 2006-06-27 09:07:44.000000000 -0400
+++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.8.xml 2007-01-19 07:45:02.000000000 -0500
@@ -43,6 +43,9 @@
<arg choice="opt">
ignore_instance_parent_mode
</arg>
+ <arg choice="opt">
+ no_unmount_on_close
+ </arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -179,6 +182,22 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>no_unmount_on_close</option>
+ </term>
+ <listitem>
+ <para>
+ For certain trusted programs such as newrole, open session
+ is called from a child process while the parent perfoms
+ close session and pam end functions. For these commands
+ use this option to instruct pam_close_session to not
+ unmount the bind mounted polyinstantiated directory in the
+ parent.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
--- Linux-PAM-0.99.7.0/modules/pam_namespace/README.xml.no-unmount 2006-06-28 03:22:43.000000000 -0400
+++ Linux-PAM-0.99.7.0/modules/pam_namespace/README.xml 2007-01-19 07:45:02.000000000 -0500
@@ -121,6 +121,14 @@
the restrictive mode of 000. Using this option, an administrator
can choose to ignore the mode of the instance parent.
+ no_unmount_on_close
+ For certain trusted programs such as newrole, open session
+ is called from a child process while the parent perfoms
+ close session and pam end functions. For these commands
+ use this option to instruct pam_close_session to not
+ unmount the bind mounted polyinstantiated directory in the
+ parent.
+
MODULE SERVICES PROVIDED:
session open_session and close_session
--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h.no-unmount 2006-07-28 07:59:28.000000000 -0400
+++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h 2007-01-19 07:45:02.000000000 -0500
@@ -86,6 +86,7 @@
#define PAMNS_GEN_HASH 0x00002000 /* Generate md5 hash for inst names */
#define PAMNS_IGN_CONFIG_ERR 0x00004000 /* Ignore format error in conf file */
#define PAMNS_IGN_INST_PARENT_MODE 0x00008000 /* Ignore instance parent mode */
+#define PAMNS_NO_UNMOUNT_ON_CLOSE 0x00010000 /* no unmount at session close */
/*
* Polyinstantiation method options, based on user, security context
pam-0.99.7.0-redhat-modules.patch:
configure.in | 4 ++++
modules/Makefile.am | 2 ++
2 files changed, 6 insertions(+)
--- NEW FILE pam-0.99.7.0-redhat-modules.patch ---
--- Linux-PAM-0.99.5.0/configure.in.redhat-modules 2006-06-28 09:25:02.000000000 +0200
+++ Linux-PAM-0.99.5.0/configure.in 2006-06-30 10:24:35.000000000 +0200
@@ -492,6 +492,10 @@
libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
po/Makefile.in \
modules/Makefile \
+ modules/pam_chroot/Makefile modules/pam_console/Makefile \
+ modules/pam_postgresok/Makefile \
+ modules/pam_rps/Makefile \
+ modules/pam_timestamp/Makefile modules/pam_tally2/Makefile \
modules/pam_access/Makefile modules/pam_cracklib/Makefile \
modules/pam_debug/Makefile modules/pam_deny/Makefile \
modules/pam_echo/Makefile modules/pam_env/Makefile \
--- Linux-PAM-0.99.5.0/modules/Makefile.am.redhat-modules 2006-06-27 16:21:08.000000000 +0200
+++ Linux-PAM-0.99.5.0/modules/Makefile.am 2006-06-30 10:27:02.000000000 +0200
@@ -3,6 +3,8 @@
#
SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
+ pam_chroot pam_console pam_postgresok pam_rps \
+ pam_timestamp pam_tally2 \
pam_env pam_filter pam_ftp pam_group pam_issue pam_keyinit \
pam_lastlog pam_limits pam_listfile pam_localuser pam_mail \
pam_mkhomedir pam_motd pam_nologin pam_permit pam_rhosts pam_rootok \
pam-0.99.7.0-selinux-build.patch:
Makefile.am | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
--- NEW FILE pam-0.99.7.0-selinux-build.patch ---
--- Linux-PAM-0.99.7.0/modules/pam_selinux/Makefile.am.build 2006-06-21 02:35:26.000000000 -0400
+++ Linux-PAM-0.99.7.0/modules/pam_selinux/Makefile.am 2007-01-19 11:12:06.000000000 -0500
@@ -22,10 +22,11 @@
AM_LDFLAGS = -no-undefined \
-L$(top_builddir)/libpam -lpam @LIBSELINUX@
-pam_selinux_check_LDFLAGS = -L$(top_builddir)/libpam_misc -lpam_misc
+pam_selinux_check_LDFLAGS = $(AM_LDFLAGS) -L$(top_builddir)/libpam_misc -lpam_misc
+pam_selinux_la_LDFLAGS = $(AM_LDFLAGS)
if HAVE_VERSIONING
- pam_selinux_la_LDFLAGS = -avoid-version -module \
+ pam_selinux_la_LDFLAGS += -avoid-version -module \
-Wl,--version-script=$(srcdir)/../modules.map
endif
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/pam/devel/.cvsignore,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- .cvsignore 13 Nov 2006 21:05:40 -0000 1.40
+++ .cvsignore 19 Jan 2007 17:42:21 -0000 1.41
@@ -1,3 +1,5 @@
-Linux-PAM-0.99.6.2.tar.bz2
-pam-redhat-0.99.6-2.tar.bz2
db-4.5.20.tar.gz
+*.src.rpm
+*.tar.bz2
+Linux-PAM-0.99.7.0.tar.bz2
+pam-redhat-0.99.7-1.tar.bz2
Index: pam.spec
===================================================================
RCS file: /cvs/dist/rpms/pam/devel/pam.spec,v
retrieving revision 1.139
retrieving revision 1.140
diff -u -r1.139 -r1.140
--- pam.spec 16 Jan 2007 19:35:46 -0000 1.139
+++ pam.spec 19 Jan 2007 17:42:21 -0000 1.140
@@ -6,12 +6,12 @@
%define pwdb_version 0.62
%define db_version 4.5.20
%define db_conflicting_version 4.6.0
-%define pam_redhat_version 0.99.6-2
+%define pam_redhat_version 0.99.7-1
Summary: A security tool which provides authentication for applications
Name: pam
-Version: 0.99.6.2
-Release: 8%{?dist}
+Version: 0.99.7.0
+Release: 1%{?dist}
License: GPL or BSD
Group: System Environment/Base
Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
@@ -24,32 +24,27 @@
Source8: dlopen.sh
Source9: system-auth.5
Source10: config-util.5
-Patch1: pam-0.99.5.0-redhat-modules.patch
+Patch1: pam-0.99.7.0-redhat-modules.patch
+Patch2: pam-0.99.7.0-selinux-build.patch
Patch21: pam-0.78-unix-hpux-aging.patch
-Patch34: pam-0.99.4.0-dbpam.patch
+Patch34: pam-0.99.7.0-dbpam.patch
Patch70: pam-0.99.2.1-selinux-nofail.patch
Patch80: pam-0.99.6.2-selinux-drop-multiple.patch
Patch81: pam-0.99.3.0-cracklib-try-first-pass.patch
Patch82: pam-0.99.3.0-tally-fail-close.patch
Patch84: pam-0.99.6.2-selinux-keycreate.patch
-Patch85: pam-0.99.6.0-succif-session.patch
-Patch86: pam-0.99.6.2-namespace-no-unmount.patch
+Patch86: pam-0.99.7.0-namespace-no-unmount.patch
Patch87: pam-0.99.6.2-namespace-preserve-uid.patch
-Patch88: pam-0.99.6.2-doc-add-ids.patch
-Patch89: pam-0.99.6.2-namespace-overflow.patch
-Patch90: pam-0.99.6.2-keyinit-setgid.patch
-Patch91: pam-0.99.6.2-unix-username.patch
Patch92: pam-0.99.6.2-selinux-select-context.patch
-Patch93: pam-0.99.6.2-namespace-level.patch
-Patch94: pam-0.99.6.2-ja-no-shortcut.patch
+Patch93: pam-0.99.7.0-namespace-level.patch
Patch95: pam-0.99.6.2-selinux-use-current-range.patch
-Patch100: pam-0.99.6.2-reconf.patch
-BuildRoot: %{_tmppath}/%{name}-root
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: cracklib, cracklib-dicts >= 2.8
-Obsoletes: pamconfig
-Prereq: grep, mktemp, sed, coreutils, /sbin/ldconfig
-BuildRequires: autoconf, automake, libtool
+Requires(pre): grep, coreutils
+Requires(post): mktemp, sed, coreutils, /sbin/ldconfig
+BuildRequires: autoconf >= 2.60
+BuildRequires: automake, libtool
BuildRequires: bison, flex, sed
BuildRequires: cracklib-devel, cracklib-dicts >= 2.8
BuildRequires: perl, pkgconfig, gettext
@@ -96,6 +91,7 @@
cp %{SOURCE7} .
%patch1 -p1 -b .redhat-modules
+%patch2 -p1 -b .build
%patch21 -p1 -b .unix-hpux-aging
%patch34 -p1 -b .dbpam
%patch70 -p1 -b .nofail
@@ -103,19 +99,12 @@
%patch81 -p1 -b .try-first-pass
%patch82 -p1 -b .fail-close
%patch84 -p1 -b .keycreate
-%patch85 -p0 -b .session
%patch86 -p1 -b .no-unmount
%patch87 -p1 -b .preserve-uid
-%patch88 -p0 -b .add-ids
-%patch89 -p1 -b .overflow
-%patch90 -p1 -b .setgid
-%patch91 -p1 -b .username
%patch92 -p1 -b .select-context
-%patch93 -p1 -b .selinux-namespace
-%patch94 -p1 -b .no-shortcut
+%patch93 -p1 -b .level
%patch95 -p1 -b .range
-%patch100 -p1 -b .reconf
-#autoreconf
+autoreconf
%build
CFLAGS="-fPIC $RPM_OPT_FLAGS" ; export CFLAGS
@@ -170,6 +159,11 @@
# Install the binaries, libraries, and modules.
make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=:
+# RPM uses docs from source tree
+rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
+# Included in setup package
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment
+
# Install default configuration files.
install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
install -m 644 other.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/other
@@ -327,6 +321,7 @@
/%{_lib}/security/pam_echo.so
/%{_lib}/security/pam_env.so
/%{_lib}/security/pam_exec.so
+/%{_lib}/security/pam_faildelay.so
/%{_lib}/security/pam_filter.so
/%{_lib}/security/pam_ftp.so
/%{_lib}/security/pam_group.so
@@ -351,7 +346,6 @@
/%{_lib}/security/pam_selinux.so
/%{_lib}/security/pam_securetty.so
/%{_lib}/security/pam_shells.so
-/%{_lib}/security/pam_stack.so
/%{_lib}/security/pam_stress.so
/%{_lib}/security/pam_succeed_if.so
/%{_lib}/security/pam_tally.so
@@ -401,6 +395,11 @@
%doc doc/adg/*.txt doc/adg/html
%changelog
+* Fri Jan 19 2007 Tomas Mraz <tmraz at redhat.com> 0.99.7.0-1
+- upgrade to new upstream version
+- drop pam_stack module as it is obsolete
+- some changes to silence rpmlint
+
* Tue Jan 16 2007 Tomas Mraz <tmraz at redhat.com> 0.99.6.2-8
- properly include /var/log/faillog and tallylog as ghosts
and create them in post script (#209646)
@@ -432,7 +431,7 @@
- don't overflow a buffer in pam_namespace (#211989)
* Mon Oct 16 2006 Tomas Mraz <tmraz at redhat.com> 0.99.6.2-3.2
-- /var/log/faillog and tallylog must be %config(noreplace)
+- /var/log/faillog and tallylog must be config(noreplace)
* Fri Oct 13 2006 Tomas Mraz <tmraz at redhat.com> 0.99.6.2-3.1
- preserve effective uid in namespace.init script (LSPP for newrole)
@@ -733,7 +732,7 @@
- #134941 pam_console should check X11 socket only on login
* Tue Oct 19 2004 Tomas Mraz <tmraz at redhat.com> 0.77-63
-- Fix checking of group %group syntax in pam_limits
+- Fix checking of group %%group syntax in pam_limits
- Drop fencepost patch as it was already fixed
by upstream change from 0.75 to 0.77
- Fix brokenshadow patch
@@ -1349,7 +1348,7 @@
- add 'sed' to the buildprereq list (#24666)
* Sun Jan 21 2001 Matt Wilson <msw at redhat.com>
-- added "exit 0" to the end of the %pre script
+- added "exit 0" to the end of the pre script
* Fri Jan 19 2001 Nalin Dahyabhai <nalin at redhat.com>
- self-hosting fix from Guy Streeter
@@ -1493,7 +1492,7 @@
- try to make pam_console a little more discriminating
* Mon Jun 19 2000 Nalin Dahyabhai <nalin at redhat.com>
-- symlink libpam.so to libpam.so.%{version}, and likewise for libpam_misc
+- symlink libpam.so to libpam.so.%%{version}, and likewise for libpam_misc
- reverse order of checks in _unix_getpwnam for pam_unix
* Wed Jun 14 2000 Preston Brown <pbrown at redhat.com>
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/pam/devel/sources,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- sources 13 Nov 2006 21:05:40 -0000 1.42
+++ sources 19 Jan 2007 17:42:21 -0000 1.43
@@ -1,3 +1,3 @@
-52844c64efa6f8b6a9ed702eec341a4c Linux-PAM-0.99.6.2.tar.bz2
-03b4148754928c045b28650f14f427af pam-redhat-0.99.6-2.tar.bz2
b0f1c777708cb8e9d37fb47e7ed3312d db-4.5.20.tar.gz
+e4c9e503ac6af0efdd6031a46bdf506f Linux-PAM-0.99.7.0.tar.bz2
+66845048120c71205bd3363264f2bfe7 pam-redhat-0.99.7-1.tar.bz2
--- Linux-PAM-0.99.6.2.tar.bz2.sign DELETED ---
--- pam-0.99.4.0-dbpam.patch DELETED ---
--- pam-0.99.5.0-redhat-modules.patch DELETED ---
--- pam-0.99.6.0-succif-session.patch DELETED ---
--- pam-0.99.6.2-doc-add-ids.patch DELETED ---
--- pam-0.99.6.2-ja-no-shortcut.patch DELETED ---
--- pam-0.99.6.2-keyinit-setgid.patch DELETED ---
--- pam-0.99.6.2-namespace-level.patch DELETED ---
--- pam-0.99.6.2-namespace-no-unmount.patch DELETED ---
--- pam-0.99.6.2-namespace-overflow.patch DELETED ---
--- pam-0.99.6.2-reconf.patch DELETED ---
--- pam-0.99.6.2-unix-username.patch DELETED ---
--- pam_namespace-10.patch DELETED ---
- Previous message (by thread): rpms/docbook-style-xsl/devel .cvsignore, 1.15, 1.16 docbook-style-xsl.Makefile, 1.2, 1.3 docbook-style-xsl.spec, 1.28, 1.29 sources, 1.15, 1.16 docbook-xsl-lists.patch, 1.2, NONE docbook-xsl-sp.patch, 1.1, NONE
- Next message (by thread): rpms/hunspell/devel hunspell-1.1.4-sharedlibs.patch, 1.1, 1.2 hunspell.spec, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list