rpms/pam/F-9 pam-1.0.4-unix-safeguards.patch, 1.1, 1.2 pam.spec, 1.181, 1.182

Tue Mar 17 14:18:21 UTC 2009

Author: tmraz

Update of /cvs/pkgs/rpms/pam/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3799

Modified Files:
	pam-1.0.4-unix-safeguards.patch pam.spec 
Log Message:
* Tue Mar 17 2009 Tomas Mraz <tmraz at redhat.com> 1.0.4-2
- update to new upstream minor release (bugfixes and
  minor security fixes)
- drop tests for not pulling in libpthread (as NPTL should
  be safe)


pam-1.0.4-unix-safeguards.patch:

Index: pam-1.0.4-unix-safeguards.patch
===================================================================
RCS file: /cvs/pkgs/rpms/pam/F-9/pam-1.0.4-unix-safeguards.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2

--- pam-1.0.4-unix-safeguards.patch	17 Mar 2009 12:14:00 -0000	1.1
+++ pam-1.0.4-unix-safeguards.patch	17 Mar 2009 14:17:51 -0000	1.2
@@ -1,6 +1,6 @@
 diff -up Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c
---- Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c.safeguards	2009-03-17 11:20:22.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c	2009-03-17 11:20:22.000000000 +0100
+--- Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c.safeguards	2009-03-17 11:25:11.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/pam_unix_passwd.c	2009-03-17 11:25:11.000000000 +0100
 @@ -139,7 +139,7 @@ static int _unix_run_update_binary(pam_h
      const char *fromwhat, const char *towhat, int remember)
  {
@@ -60,8 +60,8 @@
  
      return retval;
 diff -up Linux-PAM-1.0.4/modules/pam_unix/support.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/support.c
---- Linux-PAM-1.0.4/modules/pam_unix/support.c.safeguards	2009-03-17 11:20:22.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/support.c	2009-03-17 11:20:22.000000000 +0100
+--- Linux-PAM-1.0.4/modules/pam_unix/support.c.safeguards	2009-03-17 11:25:11.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/support.c	2009-03-17 11:25:11.000000000 +0100
 @@ -396,7 +396,7 @@ static int _unix_run_helper_binary(pam_h
  				   unsigned int ctrl, const char *user)
  {
@@ -115,7 +115,7 @@
      D(("returning %d", retval));
 diff -up Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c
 --- Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c.safeguards	2009-03-03 10:00:31.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c	2009-03-17 11:20:22.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/pam_unix_acct.c	2009-03-17 15:14:09.000000000 +0100
 @@ -65,7 +65,7 @@ int _unix_run_verify_binary(pam_handle_t
  	const char *user, int *daysleft)
  {
@@ -125,7 +125,7 @@
    D(("running verify_binary"));
  
    /* create a pipe for the messages */
-@@ -85,29 +85,29 @@ int _unix_run_verify_binary(pam_handle_t
+@@ -85,29 +85,32 @@ int _unix_run_verify_binary(pam_handle_t
       * The "noreap" module argument is provided so that the admin can
       * override this behavior.
       */
@@ -149,6 +149,9 @@
 -    close(fds[0]);
 +    /* reopen stdout as pipe */
      dup2(fds[1], STDOUT_FILENO);
++    /* and replace also the stdin so we do not exec the helper with
++       tty as stdin, it will not read anything from there anyway */
++    dup2(fds[0], STDIN_FILENO);
  
      /* XXX - should really tidy up PAM here too */
  
@@ -164,7 +167,7 @@
        }
      }
  
-@@ -126,7 +126,6 @@ int _unix_run_verify_binary(pam_handle_t
+@@ -126,7 +129,6 @@ int _unix_run_verify_binary(pam_handle_t
  
      pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m");
      /* should not get here: exit with error */
@@ -172,7 +175,7 @@
      D(("helper binary is not available"));
      printf("-1\n");
      exit(PAM_AUTHINFO_UNAVAIL);
-@@ -162,9 +161,11 @@ int _unix_run_verify_binary(pam_handle_t
+@@ -162,9 +164,11 @@ int _unix_run_verify_binary(pam_handle_t
      }
      close(fds[0]);
    }
@@ -188,7 +191,7 @@
  }
 diff -up Linux-PAM-1.0.4/modules/pam_unix/passverify.c.safeguards Linux-PAM-1.0.4/modules/pam_unix/passverify.c
 --- Linux-PAM-1.0.4/modules/pam_unix/passverify.c.safeguards	2009-03-02 16:02:22.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/passverify.c	2009-03-17 11:20:22.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/passverify.c	2009-03-17 11:25:11.000000000 +0100
 @@ -117,7 +117,7 @@ verify_pwd_hash(const char *p, char *has
  		p = NULL;		/* no longer needed here */
  
@@ -260,7 +263,7 @@
                  _exit(sig);
 diff -up Linux-PAM-1.0.4/modules/pam_unix/support.h.safeguards Linux-PAM-1.0.4/modules/pam_unix/support.h
 --- Linux-PAM-1.0.4/modules/pam_unix/support.h.safeguards	2008-01-23 16:35:13.000000000 +0100
-+++ Linux-PAM-1.0.4/modules/pam_unix/support.h	2009-03-17 11:24:55.000000000 +0100
++++ Linux-PAM-1.0.4/modules/pam_unix/support.h	2009-03-17 11:25:11.000000000 +0100
 @@ -127,6 +127,7 @@ static const UNIX_Ctrls unix_args[UNIX_C
  
  #define UNIX_DEFAULTS  (unix_args[UNIX__NONULL].flag)


Index: pam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam/F-9/pam.spec,v
retrieving revision 1.181
retrieving revision 1.182
diff -u -r1.181 -r1.182
--- pam.spec	17 Mar 2009 13:06:43 -0000	1.181
+++ pam.spec	17 Mar 2009 14:17:51 -0000	1.182
@@ -5,7 +5,7 @@
 Summary: A security tool which provides authentication for applications
 Name: pam
 Version: 1.0.4
-Release: 1%{?dist}
+Release: 2%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 # pam_rhosts_auth module is BSD with advertising
@@ -384,7 +384,7 @@
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
-* Tue Mar 17 2009 Tomas Mraz <tmraz at redhat.com> 1.0.4-1
+* Tue Mar 17 2009 Tomas Mraz <tmraz at redhat.com> 1.0.4-2
 - update to new upstream minor release (bugfixes and
   minor security fixes)
 - drop tests for not pulling in libpthread (as NPTL should


