rpms/pam/F-10 pam-1.0.4-unix-safeguards.patch, 1.1, 1.2 pam.spec, 1.185, 1.186
Tomáš Mráz
tmraz at fedoraproject.org
Tue Mar 17 14:15:11 UTC 2009
Author: tmraz
Update of /cvs/pkgs/rpms/pam/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2604
Modified Files:
pam-1.0.4-unix-safeguards.patch pam.spec
Log Message:
* Tue Mar 17 2009 Tomas Mraz <tmraz at redhat.com> 1.0.4-2
- update to new upstream minor release (bugfixes and
minor security fixes)
pam-1.0.4-unix-safeguards.patch:
Index: pam-1.0.4-unix-safeguards.patch
===================================================================
RCS file: /cvs/pkgs/rpms/pam/F-10/pam-1.0.4-unix-safeguards.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- pam-1.0.4-unix-safeguards.patch 17 Mar 2009 11:00:51 -0000 1.1
+++ pam-1.0.4-unix-safeguards.patch 17 Mar 2009 14:15:10 -0000 1.2
@@ -1,6 +1,6 @@
diff -up Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c
---- Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c.safeguards 2009-03-17 11:20:22.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c 2009-03-17 11:20:22.000000000 +0100
+--- Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c.safeguards 2009-03-17 11:25:11.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c 2009-03-17 11:25:11.000000000 +0100
@@ -139,7 +139,7 @@ static int _unix_run_update_binary(pam_h
const char *fromwhat, const char *towhat, int remember)
{
@@ -60,8 +60,8 @@
return retval;
diff -up Linux-PAM-1.0.4/modules/pam_unix/support.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/support.c
---- Linux-PAM-1.0.4/modules/pam_unix/support.c.safeguards 2009-03-17 11:20:22.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/support.c 2009-03-17 11:20:22.000000000 +0100
+--- Linux-PAM-1.0.4/modules/pam_unix/support.c.safeguards 2009-03-17 11:25:11.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/support.c 2009-03-17 11:25:11.000000000 +0100
@@ -396,7 +396,7 @@ static int _unix_run_helper_binary(pam_h
unsigned int ctrl, const char *user)
{
@@ -115,7 +115,7 @@
D(("returning %d", retval));
diff -up Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c
--- Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c.safeguards 2009-03-03 10:00:31.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c 2009-03-17 11:20:22.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c 2009-03-17 15:14:09.000000000 +0100
@@ -65,7 +65,7 @@ int _unix_run_verify_binary(pam_handle_t
const char *user, int *daysleft)
{
@@ -125,7 +125,7 @@
D(("running verify_binary"));
/* create a pipe for the messages */
-@@ -85,29 +85,29 @@ int _unix_run_verify_binary(pam_handle_t
+@@ -85,29 +85,32 @@ int _unix_run_verify_binary(pam_handle_t
* The "noreap" module argument is provided so that the admin can
* override this behavior.
*/
@@ -149,6 +149,9 @@
- close(fds[0]);
+ /* reopen stdout as pipe */
dup2(fds[1], STDOUT_FILENO);
++ /* and replace also the stdin so we do not exec the helper with
++ tty as stdin, it will not read anything from there anyway */
++ dup2(fds[0], STDIN_FILENO);
/* XXX - should really tidy up PAM here too */
@@ -164,7 +167,7 @@
}
}
-@@ -126,7 +126,6 @@ int _unix_run_verify_binary(pam_handle_t
+@@ -126,7 +129,6 @@ int _unix_run_verify_binary(pam_handle_t
pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m");
/* should not get here: exit with error */
@@ -172,7 +175,7 @@
D(("helper binary is not available"));
printf("-1\n");
exit(PAM_AUTHINFO_UNAVAIL);
-@@ -162,9 +161,11 @@ int _unix_run_verify_binary(pam_handle_t
+@@ -162,9 +164,11 @@ int _unix_run_verify_binary(pam_handle_t
}
close(fds[0]);
}
@@ -188,7 +191,7 @@
}
diff -up Linux-PAM-1.0.4/modules/pam_unix/passverify.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/passverify.c
--- Linux-PAM-1.0.4/modules/pam_unix/passverify.c.safeguards 2009-03-02 16:02:22.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/passverify.c 2009-03-17 11:20:22.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/passverify.c 2009-03-17 11:25:11.000000000 +0100
@@ -117,7 +117,7 @@ verify_pwd_hash(const char *p, char *has
p = NULL; /* no longer needed here */
@@ -260,7 +263,7 @@
_exit(sig);
diff -up Linux-PAM-1.0.4/modules/pam_unix/support.h.safeguards Linux-PAM-1.0.4/modules/pam_unix/support.h
--- Linux-PAM-1.0.4/modules/pam_unix/support.h.safeguards 2008-01-23 16:35:13.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/support.h 2009-03-17 11:24:55.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/support.h 2009-03-17 11:25:11.000000000 +0100
@@ -127,6 +127,7 @@ static const UNIX_Ctrls unix_args[UNIX_C
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
Index: pam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam/F-10/pam.spec,v
retrieving revision 1.185
retrieving revision 1.186
diff -u -r1.185 -r1.186
--- pam.spec 17 Mar 2009 11:00:51 -0000 1.185
+++ pam.spec 17 Mar 2009 14:15:10 -0000 1.186
@@ -3,7 +3,7 @@
Summary: A security tool which provides authentication for applications
Name: pam
Version: 1.0.4
-Release: 1%{?dist}
+Release: 2%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
# pam_rhosts_auth module is BSD with advertising
@@ -336,7 +336,7 @@
%doc doc/adg/*.txt doc/adg/html
%changelog
-* Tue Mar 17 2009 Tomas Mraz <tmraz at redhat.com> 1.0.4-1
+* Tue Mar 17 2009 Tomas Mraz <tmraz at redhat.com> 1.0.4-2
- update to new upstream minor release (bugfixes and
minor security fixes)
More information about the fedora-extras-commits
mailing list