rpms/pam/devel pam-0.99.8.1-xauth-no-free.patch, NONE, 1.1 pam-0.99.7.1-namespace-homedir.patch, 1.2, 1.3 pam.spec, 1.158, 1.159
Tomas Mraz (tmraz)
fedora-extras-commits at redhat.com
Fri Sep 21 14:08:17 UTC 2007
Author: tmraz
Update of /cvs/pkgs/rpms/pam/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2735
Modified Files:
pam-0.99.7.1-namespace-homedir.patch pam.spec
Added Files:
pam-0.99.8.1-xauth-no-free.patch
Log Message:
* Fri Sep 21 2007 Tomas Mraz <tmraz at redhat.com> 0.99.8.1-9
- do not preserve contexts when copying skel and other namespace.init
fixes (#298941)
- do not free memory sent to putenv (#231698)
pam-0.99.8.1-xauth-no-free.patch:
--- NEW FILE pam-0.99.8.1-xauth-no-free.patch ---
diff -up Linux-PAM-0.99.8.1/modules/pam_xauth/pam_xauth.c.no-free Linux-PAM-0.99.8.1/modules/pam_xauth/pam_xauth.c
--- Linux-PAM-0.99.8.1/modules/pam_xauth/pam_xauth.c.no-free 2007-09-21 16:02:06.000000000 +0200
+++ Linux-PAM-0.99.8.1/modules/pam_xauth/pam_xauth.c 2007-09-21 16:02:47.000000000 +0200
@@ -573,6 +573,7 @@ pam_sm_open_session (pam_handle_t *pamh,
"can't set environment variable '%s'",
xauthority);
putenv (xauthority); /* The environment owns this string now. */
+ xauthority = NULL;
/* set $DISPLAY in pam handle to make su - work */
{
pam-0.99.7.1-namespace-homedir.patch:
Index: pam-0.99.7.1-namespace-homedir.patch
===================================================================
RCS file: /cvs/pkgs/rpms/pam/devel/pam-0.99.7.1-namespace-homedir.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- pam-0.99.7.1-namespace-homedir.patch 24 Aug 2007 13:35:26 -0000 1.2
+++ pam-0.99.7.1-namespace-homedir.patch 21 Sep 2007 14:08:14 -0000 1.3
@@ -1,29 +1,47 @@
diff -up Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init.homedir Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init
---- Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init.homedir 2007-08-24 10:40:46.000000000 +0200
-+++ Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init 2007-08-24 15:33:52.000000000 +0200
-@@ -1,9 +1,24 @@
+--- Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init.homedir 2007-09-19 19:37:26.000000000 +0200
++++ Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init 2007-09-21 14:13:52.000000000 +0200
+@@ -1,26 +1,24 @@
#!/bin/sh -p
-# This is only a boilerplate for the instance initialization script.
# It receives polydir path as $1, the instance path as $2,
# a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3,
# and user name in $4.
#
+-# If you intend to polyinstantiate /tmp and you also want to use the X windows
+-# environment, you will have to use this script to bind mount the socket that
+-# is used by the X server to communicate with its clients. X server places
+-# this socket in /tmp/.X11-unix directory, which will get obscured by
+-# polyinstantiation. Uncommenting the following lines will bind mount
+-# the relevant directory at an alternative location (/.tmp/.X11-unix) such
+-# that the X server, window manager and X clients, can still find the
+-# socket X0 at the polyinstanted /tmp/.X11-unix.
+-#
+-#if [ $1 = /tmp ]; then
+-# if [ ! -f /.tmp/.X11-unix ]; then
+-# mkdir -p /.tmp/.X11-unix
+-# fi
+-# mount --bind /tmp/.X11-unix /.tmp/.X11-unix
+-# cp -fp -- /tmp/.X0-lock "$2/.X0-lock"
+-# mkdir -- "$2/.X11-unix"
+-# ln -fs -- /.tmp/.X11-unix/X0 "$2/.X11-unix/X0"
+-#fi
+# The following section will copy the contents of /etc/skel if this is a
+# newly created home directory.
+if [ "$3" = 1 ]; then
++ # This line will fix the labeling on all newly created directories
++ [ -x /sbin/restorecon ] && /sbin/restorecon "$1"
+ user="$4"
+ passwd=$(getent passwd "$user")
+ homedir=$(echo "$passwd" | cut -f6 -d":")
+ if [ "$1" = "$homedir" ]; then
+ gid=$(echo "$passwd" | cut -f4 -d":")
-+ cp -aT /etc/skel "$homedir"
-+ [ -x /sbin/restorecon ] && /sbin/restorecon -R "$homedir"
++ cp -rT /etc/skel "$homedir"
+ chown -R "$user":"$gid" "$homedir"
+ mode=$(awk '/^UMASK/{gsub("#.*$", "", $2); printf "%o", and(0777,compl(strtonum("0" $2))); exit}' /etc/login.defs)
+ chmod ${mode:-700} "$homedir"
++ [ -x /sbin/restorecon ] && /sbin/restorecon -R "$homedir"
+ fi
+fi
-+#
- # If you intend to polyinstantiate /tmp and you also want to use the X windows
- # environment, you will have to use this script to bind mount the socket that
- # is used by the X server to communicate with its clients. X server places
+
+ exit 0
Index: pam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam/devel/pam.spec,v
retrieving revision 1.158
retrieving revision 1.159
diff -u -r1.158 -r1.159
--- pam.spec 19 Sep 2007 18:11:42 -0000 1.158
+++ pam.spec 21 Sep 2007 14:08:14 -0000 1.159
@@ -11,7 +11,7 @@
Summary: A security tool which provides authentication for applications
Name: pam
Version: 0.99.8.1
-Release: 8%{?dist}
+Release: 9%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
# pam_rhosts_auth module is BSD with advertising
@@ -43,6 +43,7 @@
Patch44: pam-0.99.7.1-namespace-homedir.patch
Patch45: pam-0.99.8.1-selinux-permit.patch
Patch46: pam-0.99.8.1-succif-in-operator.patch
+Patch47: pam-0.99.8.1-xauth-no-free.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: cracklib, cracklib-dicts >= 2.8
@@ -111,6 +112,7 @@
%patch44 -p1 -b .homedir
%patch45 -p1 -b .permit
%patch46 -p1 -b .in-operator
+%patch47 -p1 -b .no-free
autoreconf
@@ -403,6 +405,11 @@
%doc doc/adg/*.txt doc/adg/html
%changelog
+* Fri Sep 21 2007 Tomas Mraz <tmraz at redhat.com> 0.99.8.1-9
+- do not preserve contexts when copying skel and other namespace.init
+ fixes (#298941)
+- do not free memory sent to putenv (#231698)
+
* Wed Sep 19 2007 Tomas Mraz <tmraz at redhat.com> 0.99.8.1-8
- add pam_selinux_permit module
- pam_succeed_if: fix in operator (#295151)
More information about the fedora-extras-commits
mailing list