rpms/pam/devel Linux-PAM-1.0.2.tar.bz2.sign, NONE, 1.1 pam-1.0.1-cracklib-try-first-pass.patch, NONE, 1.1 pam-1.0.1-tally-fail-close.patch, NONE, 1.1 .cvsignore, 1.50, 1.51 pam.spec, 1.182, 1.183 sources, 1.52, 1.53 Linux-PAM-1.0.1.tar.bz2.sign, 1.1, NONE pam-0.99.3.0-cracklib-try-first-pass.patch, 1.1, NONE pam-0.99.3.0-tally-fail-close.patch, 1.2, NONE pam-0.99.8.1-dbpam.patch, 1.1, NONE pam-1.0.1-selinux-restore-execcon.patch, 1.1, NONE
Tomáš Mráz
tmraz at fedoraproject.org
Mon Sep 8 11:02:14 UTC 2008
- Previous message (by thread): rpms/openoffice.org/devel openoffice.org.spec,1.1642,1.1643
- Next message (by thread): rpms/gtkhtml3/devel .cvsignore, 1.80, 1.81 gtkhtml3.spec, 1.131, 1.132 sources, 1.80, 1.81 gtkhtml-3.23.91-compiler-warnings.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/pkgs/rpms/pam/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16300
Modified Files:
.cvsignore pam.spec sources
Added Files:
Linux-PAM-1.0.2.tar.bz2.sign
pam-1.0.1-cracklib-try-first-pass.patch
pam-1.0.1-tally-fail-close.patch
Removed Files:
Linux-PAM-1.0.1.tar.bz2.sign
pam-0.99.3.0-cracklib-try-first-pass.patch
pam-0.99.3.0-tally-fail-close.patch pam-0.99.8.1-dbpam.patch
pam-1.0.1-selinux-restore-execcon.patch
Log Message:
* Mon Sep 8 2008 Tomas Mraz <tmraz at redhat.com> 1.0.2-1
- pam_loginuid: uids are unsigned (#460241)
- new minor upstream release
- use external db4
- drop tests for not pulling in libpthread (as NPTL should
be safe)
--- NEW FILE Linux-PAM-1.0.2.tar.bz2.sign ---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: See http://www.kernel.org/signature.html for info
iD8DBQBIt8Q3yGugalF9Dw4RAnJQAJ9hxQ8qCSTFxs0hKZnT1iuPIld0VwCfV4pa
mxTaEK08wwAQ2bYjsDhh01s=
=rPNX
-----END PGP SIGNATURE-----
pam-1.0.1-cracklib-try-first-pass.patch:
--- NEW FILE pam-1.0.1-cracklib-try-first-pass.patch ---
diff -up Linux-PAM-1.0.1/modules/pam_cracklib/pam_cracklib.c.try-first-pass Linux-PAM-1.0.1/modules/pam_cracklib/pam_cracklib.c
--- Linux-PAM-1.0.1/modules/pam_cracklib/pam_cracklib.c.try-first-pass 2008-03-05 21:21:38.000000000 +0100
+++ Linux-PAM-1.0.1/modules/pam_cracklib/pam_cracklib.c 2008-09-05 21:35:18.000000000 +0200
@@ -98,6 +98,7 @@ struct cracklib_options {
int oth_credit;
int min_class;
int use_authtok;
+ int try_first_pass;
char prompt_type[BUFSIZ];
const char *cracklib_dictpath;
};
@@ -169,6 +170,10 @@ _pam_parse (pam_handle_t *pamh, struct c
opt->min_class = 4 ;
} else if (!strncmp(*argv,"use_authtok",11)) {
opt->use_authtok = 1;
+ } else if (!strncmp(*argv,"use_first_pass",14)) {
+ opt->use_authtok = 1;
+ } else if (!strncmp(*argv,"try_first_pass",14)) {
+ opt->try_first_pass = 1;
} else if (!strncmp(*argv,"dictpath=",9)) {
opt->cracklib_dictpath = *argv+9;
if (!*(opt->cracklib_dictpath)) {
@@ -619,7 +624,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
* set PAM_AUTHTOK and return
*/
- if (options.use_authtok == 1) {
+ if (options.use_authtok == 1 || options.try_first_pass == 1) {
const void *item = NULL;
retval = pam_get_item(pamh, PAM_AUTHTOK, &item);
@@ -630,11 +635,13 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
} else if (item != NULL) { /* we have a password! */
token1 = x_strdup(item);
item = NULL;
+ options.use_authtok = 1; /* don't ask for the password again */
} else {
retval = PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */
}
-
- } else {
+ }
+
+ if (options.use_authtok != 1) {
/* Prepare to ask the user for the first time */
resp = NULL;
retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp,
pam-1.0.1-tally-fail-close.patch:
--- NEW FILE pam-1.0.1-tally-fail-close.patch ---
diff -up Linux-PAM-1.0.1/modules/pam_tally/pam_tally.c.fail-close Linux-PAM-1.0.1/modules/pam_tally/pam_tally.c
--- Linux-PAM-1.0.1/modules/pam_tally/pam_tally.c.fail-close 2007-11-20 11:58:11.000000000 +0100
+++ Linux-PAM-1.0.1/modules/pam_tally/pam_tally.c 2008-09-05 21:54:31.000000000 +0200
@@ -325,6 +325,7 @@ get_tally(pam_handle_t *pamh, tally_t *t
}
lstat_ret = fstat(fileno(*TALLY),&fileinfo);
fclose(*TALLY);
+ *TALLY = NULL;
}
if ( lstat_ret ) {
@@ -355,6 +356,7 @@ get_tally(pam_handle_t *pamh, tally_t *t
if ( fseeko( *TALLY, (off_t) uid * sizeof(struct faillog), SEEK_SET ) ) {
pam_syslog(pamh, LOG_ALERT, "fseek failed for %s", filename);
fclose(*TALLY);
+ *TALLY = NULL;
return PAM_AUTH_ERR;
}
@@ -403,6 +405,7 @@ set_tally(pam_handle_t *pamh, tally_t ta
}
if ( fclose(*TALLY) ) {
+ *TALLY = NULL;
pam_syslog(pamh, LOG_ALERT, "update (fclose) failed for %s", filename);
return PAM_AUTH_ERR;
}
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/pam/devel/.cvsignore,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- .cvsignore 9 Jul 2008 12:27:35 -0000 1.50
+++ .cvsignore 8 Sep 2008 11:01:43 -0000 1.51
@@ -1,5 +1,4 @@
*.src.rpm
*.tar.bz2
pam-redhat-0.99.9-1.tar.bz2
-Linux-PAM-1.0.1.tar.bz2
-db-4.7.25.tar.gz
+Linux-PAM-1.0.2.tar.bz2
Index: pam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam/devel/pam.spec,v
retrieving revision 1.182
retrieving revision 1.183
diff -u -r1.182 -r1.183
--- pam.spec 9 Jul 2008 12:27:35 -0000 1.182
+++ pam.spec 8 Sep 2008 11:01:44 -0000 1.183
@@ -1,11 +1,9 @@
-%define db_version 4.7.25
-%define db_conflicting_version 4.8.0
%define pam_redhat_version 0.99.9-1
Summary: A security tool which provides authentication for applications
Name: pam
-Version: 1.0.1
-Release: 5%{?dist}
+Version: 1.0.2
+Release: 1%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
# pam_rhosts_auth module is BSD with advertising
@@ -14,7 +12,6 @@
Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2
Source1: http://ftp.us.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2.sign
Source2: https://fedorahosted.org/releases/p/a/pam-redhat/pam-redhat-%{pam_redhat_version}.tar.bz2
-Source4: http://download.oracle.com/berkeley-db/db-%{db_version}.tar.gz
Source5: other.pamd
Source6: system-auth.pamd
Source7: config-util.pamd
@@ -23,15 +20,13 @@
Source10: config-util.5
Source11: 90-nproc.conf
Patch1: pam-0.99.7.0-redhat-modules.patch
-Patch4: pam-0.99.8.1-dbpam.patch
Patch5: pam-1.0.1-autoreconf.patch
Patch10: pam-1.0.0-sepermit-screensaver.patch
-Patch11: pam-1.0.1-selinux-restore-execcon.patch
Patch12: pam-1.0.0-selinux-env-params.patch
Patch21: pam-0.99.10.0-unix-audit-failed.patch
Patch22: pam-1.0.1-unix-prompts.patch
-Patch31: pam-0.99.3.0-cracklib-try-first-pass.patch
-Patch32: pam-0.99.3.0-tally-fail-close.patch
+Patch31: pam-1.0.1-cracklib-try-first-pass.patch
+Patch32: pam-1.0.1-tally-fail-close.patch
Patch41: pam-1.0.1-namespace-create.patch
%define _sbindir /sbin
@@ -64,19 +59,13 @@
%endif
BuildRequires: glibc >= 2.3.90-37
Requires: glibc >= 2.3.90-37
+BuildRequires: db4-devel
# Following deps are necessary only to build the pam library documentation.
BuildRequires: linuxdoc-tools, w3m, libxslt
BuildRequires: docbook-style-xsl, docbook-dtds
URL: http://www.us.kernel.org/pub/linux/libs/pam/index.html
-# We internalize libdb to get a non-threaded copy, but we should at least try
-# to coexist with the system's copy of libdb, which will be used to make the
-# files for use by pam_userdb (either by db_load or Perl's DB_File module).
-# The non-threaded db4 is necessary so we do not break single threaded
-# services when they call pam_userdb.so module.
-Conflicts: db4 >= %{db_conflicting_version}
-
%description
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policy without
@@ -95,16 +84,14 @@
PAM-aware applications and modules for use with PAM.
%prep
-%setup -q -n Linux-PAM-%{version} -a 2 -a 4
+%setup -q -n Linux-PAM-%{version} -a 2
# Add custom modules.
mv pam-redhat-%{pam_redhat_version}/* modules
%patch1 -p1 -b .redhat-modules
-%patch4 -p1 -b .dbpam
%patch5 -p1 -b .autoreconf
%patch10 -p1 -b .screensaver
-%patch11 -p1 -b .restore-execcon
%patch12 -p0 -b .env-params
%patch21 -p1 -b .audit-failed
%patch22 -p1 -b .prompts
@@ -115,48 +102,16 @@
autoreconf
%build
-CFLAGS="-fPIC $RPM_OPT_FLAGS" ; export CFLAGS
-
-topdir=`pwd`/pam-instroot
-test -d ${topdir} || mkdir ${topdir}
-test -d ${topdir}/include || mkdir ${topdir}/include
-test -d ${topdir}/%{_lib} || mkdir ${topdir}/%{_lib}
-
-pushd db-%{db_version}/build_unix
-echo db_cv_mutex=UNIX/fcntl > config.cache
-../dist/configure -C \
- --disable-compat185 \
- --disable-cxx \
- --disable-diagnostic \
- --disable-dump185 \
- --disable-java \
- --disable-rpc \
- --disable-tcl \
- --disable-shared \
- --with-pic \
- --with-uniquename=_pam \
- --with-mutex="UNIX/fcntl" \
- --prefix=${topdir} \
- --includedir=${topdir}/include \
- --libdir=${topdir}/%{_lib}
-make
-make install
-popd
-
-CPPFLAGS=-I${topdir}/include ; export CPPFLAGS
-export LIBNAME="%{_lib}"
-LDFLAGS=-L${topdir}/%{_lib} ; export LDFLAGS
%configure \
--libdir=/%{_lib} \
--includedir=%{_includedir}/security \
- --enable-isadir=../..%{_moduledir} \
%if ! %{WITH_SELINUX}
--disable-selinux \
%endif
%if ! %{WITH_AUDIT}
--disable-audit \
%endif
- --with-db-uniquename=_pam
+ --enable-isadir=../..%{_moduledir}
make
# we do not use _smp_mflags because the build of sources in yacc/flex fails
@@ -242,14 +197,6 @@
echo ERROR module: ${module} cannot be loaded.
exit 1
fi
-# And for good measure, make sure that none of the modules pull in threading
-# libraries, which if loaded in a non-threaded application, can cause Very
-# Bad Things to happen.
- if env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
- LD_PRELOAD=$RPM_BUILD_ROOT%{_libdir}/libpam.so ldd -r ${module} | fgrep -q libpthread ; then
- echo ERROR module: ${module} pulls threading libraries.
- exit 1
- fi
done
%clean
@@ -380,6 +327,13 @@
%doc doc/adg/*.txt doc/adg/html
%changelog
+* Mon Sep 8 2008 Tomas Mraz <tmraz at redhat.com> 1.0.2-1
+- pam_loginuid: uids are unsigned (#460241)
+- new minor upstream release
+- use external db4
+- drop tests for not pulling in libpthread (as NPTL should
+ be safe)
+
* Wed Jul 9 2008 Tomas Mraz <tmraz at redhat.com> 1.0.1-5
- update internal db4
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/pam/devel/sources,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- sources 9 Jul 2008 12:27:35 -0000 1.52
+++ sources 8 Sep 2008 11:01:44 -0000 1.53
@@ -1,3 +1,2 @@
26152d9c691715756b514dbf9cab9cd8 pam-redhat-0.99.9-1.tar.bz2
-1c75f81bd44c5da93014992820917847 Linux-PAM-1.0.1.tar.bz2
-ec2b87e833779681a0c3a814aa71359e db-4.7.25.tar.gz
+fc5e35645b75befae28c88b711b28ffb Linux-PAM-1.0.2.tar.bz2
--- Linux-PAM-1.0.1.tar.bz2.sign DELETED ---
--- pam-0.99.3.0-cracklib-try-first-pass.patch DELETED ---
--- pam-0.99.3.0-tally-fail-close.patch DELETED ---
--- pam-0.99.8.1-dbpam.patch DELETED ---
--- pam-1.0.1-selinux-restore-execcon.patch DELETED ---
- Previous message (by thread): rpms/openoffice.org/devel openoffice.org.spec,1.1642,1.1643
- Next message (by thread): rpms/gtkhtml3/devel .cvsignore, 1.80, 1.81 gtkhtml3.spec, 1.131, 1.132 sources, 1.80, 1.81 gtkhtml-3.23.91-compiler-warnings.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list