- upgrade to new upstream release (one bugfix only)

- fix pam_sepermit use in screensavers

.cvsignore

@@ -2,4 +2,4 @@
 *.tar.bz2
 pam-redhat-0.99.9-1.tar.bz2
 db-4.6.21.tar.gz
-Linux-PAM-1.0.0.tar.bz2
+Linux-PAM-1.0.1.tar.bz2

pam-1.0.0-sepermit-screensaver.patch

@@ -0,0 +1,16 @@
+Index: pam_sepermit.c
+===================================================================
+RCS file: /cvsroot/pam/Linux-PAM/modules/pam_sepermit/pam_sepermit.c,v
+retrieving revision 1.3
+diff -u -p -r1.3 pam_sepermit.c
+--- Linux-PAM/modules/pam_sepermit/pam_sepermit.c.orig	31 Mar 2008 10:31:50 -0000	1.3
++++ Linux-PAM/modules/pam_sepermit/pam_sepermit.c	15 Apr 2008 16:30:38 -0000
+@@ -305,7 +305,7 @@ sepermit_match(pam_handle_t *pamh, const
+ 	free(line);
+ 	fclose(f);
+ 	if (matched) 
+-		return exclusive ? sepermit_lock(pamh, user, debug) : 0;
++		return (geteuid() == 0 && exclusive) ? sepermit_lock(pamh, user, debug) : 0;
+ 	else
+ 		return -1;
+ }

pam-1.0.0-set-item.patch

@@ -1,65 +0,0 @@
-Index: pam_item.c
-===================================================================
-RCS file: /cvsroot/pam/Linux-PAM/libpam/pam_item.c,v
-retrieving revision 1.16
-diff -u -p -r1.16 pam_item.c
---- libpam/pam_item.c	3 Mar 2008 13:23:45 -0000	1.16
-+++ libpam/pam_item.c	7 Apr 2008 09:04:50 -0000
-@@ -11,13 +11,15 @@
- #include <string.h>
- #include <syslog.h>
- 
--#define TRY_SET(X, Y)                  \
--{                                      \
--    char *_TMP_ = _pam_strdup(Y);      \
--    if (_TMP_ == NULL && (Y) != NULL)  \
--	 return PAM_BUF_ERR;           \
--    free(X);                           \
--    (X) = _TMP_;                       \
-+#define TRY_SET(X, Y)                      \
-+{                                          \
-+    if ((X) != (Y)) {		           \
-+	char *_TMP_ = _pam_strdup(Y);      \
-+	if (_TMP_ == NULL && (Y) != NULL)  \
-+	    return PAM_BUF_ERR;            \
-+	free(X);                           \
-+	(X) = _TMP_;                       \
-+    }					   \
- }
- 
- /* functions */
-@@ -76,8 +78,10 @@ int pam_set_item (pam_handle_t *pamh, in
- 	 * modules.
- 	 */
- 	if (__PAM_FROM_MODULE(pamh)) {
--	    _pam_overwrite(pamh->authtok);
--	    TRY_SET(pamh->authtok, item);
-+	    if (pamh->authtok != item) {
-+		_pam_overwrite(pamh->authtok);
-+		TRY_SET(pamh->authtok, item);
-+	    }
- 	} else {
- 	    retval = PAM_BAD_ITEM;
- 	}
-@@ -90,8 +94,10 @@ int pam_set_item (pam_handle_t *pamh, in
- 	 * modules.
- 	 */
- 	if (__PAM_FROM_MODULE(pamh)) {
--	    _pam_overwrite(pamh->oldauthtok);
--	    TRY_SET(pamh->oldauthtok, item);
-+	    if (pamh->oldauthtok != item) {
-+		_pam_overwrite(pamh->oldauthtok);
-+		TRY_SET(pamh->oldauthtok, item);
-+	    }
- 	} else {
- 	    retval = PAM_BAD_ITEM;
- 	}
-@@ -130,6 +136,8 @@ int pam_set_item (pam_handle_t *pamh, in
- 	break;
- 
-     case PAM_XAUTHDATA:
-+	if (&pamh->xauth == item)
-+	    break;
- 	if (pamh->xauth.namelen) {
- 	    _pam_overwrite(pamh->xauth.name);
- 	    free(pamh->xauth.name);

pam.spec

@@ -4,8 +4,8 @@
 
 Summary: A security tool which provides authentication for applications
 Name: pam
-Version: 1.0.0
+Version: 1.0.1
-Release: 2%{?dist}
+Release: 1%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 # pam_rhosts_auth module is BSD with advertising
@@ -25,7 +25,7 @@ Source11: 90-nproc.conf
 Patch1:  pam-0.99.7.0-redhat-modules.patch
 Patch2:  db-4.6.18-glibc.patch
 Patch4:  pam-0.99.8.1-dbpam.patch
-Patch10: pam-1.0.0-set-item.patch
+Patch10: pam-1.0.0-sepermit-screensaver.patch
 Patch21: pam-0.99.10.0-unix-audit-failed.patch
 Patch31: pam-0.99.3.0-cracklib-try-first-pass.patch
 Patch32: pam-0.99.3.0-tally-fail-close.patch
@@ -101,7 +101,7 @@ pushd db-%{db_version}
 %patch2 -p1 -b .db4-glibc
 popd
 %patch4 -p1 -b .dbpam
-%patch10 -p0 -b .setitem
+%patch10 -p1 -b .screensaver
 %patch21 -p1 -b .audit-failed
 %patch31 -p1 -b .try-first-pass
 %patch32 -p1 -b .fail-close
@@ -374,6 +374,10 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Fri Apr 18 2008 Tomas Mraz <tmraz@redhat.com> 1.0.1-1
+- upgrade to new upstream release (one bugfix only)
+- fix pam_sepermit use in screensavers
+
 * Mon Apr  7 2008 Tomas Mraz <tmraz@redhat.com> 1.0.0-2
 - fix regression in pam_set_item
 

sources

@@ -1,3 +1,3 @@
 26152d9c691715756b514dbf9cab9cd8  pam-redhat-0.99.9-1.tar.bz2
 718082e7e35fc48478a2334b0bc4cd11  db-4.6.21.tar.gz
-0f5d63c81cad2f420083a7994fcaa3b3  Linux-PAM-1.0.0.tar.bz2
+1c75f81bd44c5da93014992820917847  Linux-PAM-1.0.1.tar.bz2