From 0b9c1bae67ad2d38b07bcdd8a8e0dc37f35816a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Fri, 19 Jan 2007 17:42:21 +0000 Subject: [PATCH] - upgrade to new upstream version - drop pam_stack module as it is obsolete - some changes to silence rpmlint --- .cvsignore | 6 +- pam-0.99.7.0-dbpam.patch | 11 ++ pam-0.99.7.0-namespace-level.patch | 250 ++++++++++++++++++++++++ pam-0.99.7.0-namespace-no-unmount.patch | 95 +++++++++ pam-0.99.7.0-redhat-modules.patch | 24 +++ pam.spec | 63 +++--- sources | 4 +- 7 files changed, 417 insertions(+), 36 deletions(-) create mode 100644 pam-0.99.7.0-dbpam.patch create mode 100644 pam-0.99.7.0-namespace-level.patch create mode 100644 pam-0.99.7.0-namespace-no-unmount.patch create mode 100644 pam-0.99.7.0-redhat-modules.patch diff --git a/.cvsignore b/.cvsignore index 1924600..23e5905 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,3 +1,5 @@ -Linux-PAM-0.99.6.2.tar.bz2 -pam-redhat-0.99.6-2.tar.bz2 db-4.5.20.tar.gz +*.src.rpm +*.tar.bz2 +Linux-PAM-0.99.7.0.tar.bz2 +pam-redhat-0.99.7-1.tar.bz2 diff --git a/pam-0.99.7.0-dbpam.patch b/pam-0.99.7.0-dbpam.patch new file mode 100644 index 0000000..2e3387e --- /dev/null +++ b/pam-0.99.7.0-dbpam.patch @@ -0,0 +1,11 @@ +--- Linux-PAM-0.99.7.0/configure.in.dbpam 2007-01-19 07:39:09.000000000 -0500 ++++ Linux-PAM-0.99.7.0/configure.in 2007-01-19 07:40:07.000000000 -0500 +@@ -348,7 +348,7 @@ + WITH_DB=$enableval, WITH_DB=yes) + if test x"$WITH_DB" != xno ; then + if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then +- AC_CHECK_LIB([db], [db_create], LIBDB="-ldb", LIBDB="") ++ AC_CHECK_LIB([db], [db_create_pam], LIBDB="-ldb", LIBDB="") + if test -z "$LIBDB" ; then + AC_CHECK_LIB([db], [dbm_store], LIBDB="-ldb", LIBDB="") + fi diff --git a/pam-0.99.7.0-namespace-level.patch b/pam-0.99.7.0-namespace-level.patch new file mode 100644 index 0000000..2c18a90 --- /dev/null +++ b/pam-0.99.7.0-namespace-level.patch @@ -0,0 +1,250 @@ +--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c.level 2007-01-19 08:33:11.000000000 -0500 ++++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c 2007-01-19 08:33:11.000000000 -0500 +@@ -244,23 +244,29 @@ + } + strcpy(poly.dir, dir); + strcpy(poly.instance_prefix, instance_prefix); +- if (strcmp(method, "user") == 0) +- poly.method = USER; ++ ++ poly.method = NONE; ++ if (strcmp(method, "user") == 0) ++ poly.method = USER; ++ + #ifdef WITH_SELINUX +- else if (strcmp(method, "context") == 0) { ++ if (strcmp(method, "level") == 0) { + if (idata->flags & PAMNS_CTXT_BASED_INST) +- poly.method = CONTEXT; ++ poly.method = LEVEL; + else + poly.method = USER; +- } else if (strcmp(method, "both") == 0) { ++ } ++ ++ if (strcmp(method, "context") == 0) { + if (idata->flags & PAMNS_CTXT_BASED_INST) +- poly.method = BOTH; ++ poly.method = CONTEXT; + else + poly.method = USER; + } + + #endif +- else { ++ ++ if ( poly.method == NONE) { + pam_syslog(idata->pamh, LOG_NOTICE, "Illegal method"); + goto skipping; + } +@@ -448,19 +454,23 @@ + return PAM_SESSION_ERR; + } + ++ if (polyptr->method == USER) return PAM_SUCCESS; ++ ++ rc = getexeccon(&scon); ++ if (rc < 0 || scon == NULL) { ++ pam_syslog(idata->pamh, LOG_ERR, ++ "Error getting exec context, %m"); ++ return PAM_SESSION_ERR; ++ } ++ + /* + * If polyinstantiating based on security context, get current + * process security context, get security class for directories, + * and ask the policy to provide security context of the + * polyinstantiated instance directory. + */ +- if ((polyptr->method == CONTEXT) || (polyptr->method == BOTH)) { +- rc = getexeccon(&scon); +- if (rc < 0 || scon == NULL) { +- pam_syslog(idata->pamh, LOG_ERR, +- "Error getting exec context, %m"); +- return PAM_SESSION_ERR; +- } ++ ++ if (polyptr->method == CONTEXT) { + tclass = string_to_security_class("dir"); + + if (security_compute_member(scon, *origcon, tclass, +@@ -473,7 +483,48 @@ + pam_syslog(idata->pamh, LOG_DEBUG, + "member context returned by policy %s", *i_context); + freecon(scon); ++ return PAM_SUCCESS; + } ++ ++ /* ++ * If polyinstantiating based on security level, get current ++ * process security context, get security class for directories, ++ * and change the directories MLS Level to match process. ++ */ ++ ++ if (polyptr->method == LEVEL) { ++ context_t scontext = NULL; ++ context_t fcontext = NULL; ++ rc = PAM_SESSION_ERR; ++ ++ scontext = context_new(scon); ++ if (! scontext) { ++ pam_syslog(idata->pamh, LOG_ERR, "out of memory"); ++ goto fail; ++ } ++ fcontext = context_new(*origcon); ++ if (! fcontext) { ++ pam_syslog(idata->pamh, LOG_ERR, "out of memory"); ++ goto fail; ++ } ++ if (context_range_set(fcontext, context_range_get(scontext)) != 0) { ++ pam_syslog(idata->pamh, LOG_ERR, "Unable to set MLS Componant of context"); ++ goto fail; ++ } ++ *i_context=strdup(context_str(fcontext)); ++ if (! *i_context) { ++ pam_syslog(idata->pamh, LOG_ERR, "out of memory"); ++ goto fail; ++ } ++ ++ rc = PAM_SUCCESS; ++ fail: ++ context_free(scontext); ++ context_free(fcontext); ++ freecon(scon); ++ return rc; ++ } ++ /* Should never get here */ + return PAM_SUCCESS; + } + #endif +@@ -514,19 +565,14 @@ + break; + + #ifdef WITH_SELINUX ++ case LEVEL: + case CONTEXT: +- if (asprintf(i_name, "%s", *i_context) < 0) { +- *i_name = NULL; +- rc = PAM_SESSION_ERR; +- } +- break; +- +- case BOTH: + if (asprintf(i_name, "%s_%s", *i_context, idata->user) < 0) { + *i_name = NULL; + rc = PAM_SESSION_ERR; + } + break; ++ + #endif /* WITH_SELINUX */ + + default: +@@ -1158,7 +1204,7 @@ + #ifdef WITH_SELINUX + if (is_selinux_enabled()) + idata.flags |= PAMNS_SELINUX_ENABLED; +- if (ctxt_based_inst_needed()) ++ if (ctxt_based_inst_needed()) + idata.flags |= PAMNS_CTXT_BASED_INST; + #endif + +--- Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.level 2006-06-27 09:07:43.000000000 -0400 ++++ Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf 2007-01-19 08:33:11.000000000 -0500 +@@ -4,12 +4,10 @@ + # + # Uncommenting the following three lines will polyinstantiate + # /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will +-# be polyinstantiated based on both security context as well as user +-# name, whereas home directory will be polyinstantiated based on +-# security context only. Polyinstantion will not be performed for +-# user root and adm for directories /tmp and /var/tmp, whereas home +-# directories will be polyinstantiated for all users. The user name +-# and/or context is appended to the instance prefix. ++# be polyinstantiated based on the MLS level part of the security context as well as user ++# name, Polyinstantion will not be performed for user root and adm for directories ++# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users. ++# The user name and context is appended to the instance prefix. + # + # Note that instance directories do not have to reside inside the + # polyinstantiated directory. In the examples below, instances of /tmp +@@ -25,6 +23,6 @@ + # caution, as it will reduce security and isolation achieved by + # polyinstantiation. + # +-#/tmp /tmp-inst/ both root,adm +-#/var/tmp /var/tmp/tmp-inst/ both root,adm +-#$HOME $HOME/$USER.inst/inst- context ++#/tmp /tmp-inst/ level root,adm ++#/var/tmp /var/tmp/tmp-inst/ level root,adm ++#$HOME $HOME/$USER.inst/ level +--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h.level 2007-01-19 08:33:11.000000000 -0500 ++++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h 2007-01-19 08:33:11.000000000 -0500 +@@ -63,6 +63,7 @@ + + #ifdef WITH_SELINUX + #include ++#include + #endif + + #ifndef CLONE_NEWNS +@@ -93,9 +94,10 @@ + * or both + */ + enum polymethod { ++ NONE, + USER, + CONTEXT, +- BOTH, ++ LEVEL, + }; + + /* +--- Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.5.xml.level 2006-06-27 09:07:43.000000000 -0400 ++++ Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.5.xml 2007-01-19 08:33:11.000000000 -0500 +@@ -22,7 +22,7 @@ + + This module allows setup of private namespaces with polyinstantiated + directories. Directories can be polyinstantiated based on user name +- or, in the case of SELinux, user name, security context or both. If an ++ or, in the case of SELinux, user name, sensitivity level or complete security context. If an + executable script /etc/security/namespace.init + exists, it is used to initialize the namespace every time a new instance + directory is setup. The script receives the polyinstantiated +@@ -72,10 +72,10 @@ + + The third field, method, is the method + used for polyinstantiation. It can take 3 different values; "user" +- for polyinstantiation based on user name, "context" for +- polyinstantiation based on process security context, and "both" +- for polyinstantiation based on both user name and security context. +- Methods "context" and "both" are only available with SELinux. This ++ for polyinstantiation based on user name, "level" for ++ polyinstantiation based on process MLS level and user name, and "context" for ++ polyinstantiation based on process security context and user name ++ Methods "context" and "level" are only available with SELinux. This + field cannot be blank. + + +@@ -98,9 +98,9 @@ + + # The following three lines will polyinstantiate /tmp, + # /var/tmp and user's home directories. /tmp and /var/tmp +- # will be polyinstantiated based on both security context ++ # will be polyinstantiated based on the security level + # as well as user name, whereas home directory will be +- # polyinstantiated based on security context only. ++ # polyinstantiated based on the full security context and user name. + # Polyinstantiation will not be performed for user root + # and adm for directories /tmp and /var/tmp, whereas home + # directories will be polyinstantiated for all users. +@@ -112,8 +112,8 @@ + # will reside within the directories that are being + # polyinstantiated. + # +- /tmp /tmp-inst/ both root,adm +- /var/tmp /var/tmp/tmp-inst/ both root,adm ++ /tmp /tmp-inst/ level root,adm ++ /var/tmp /var/tmp/tmp-inst/ level root,adm + $HOME $HOME/$USER.inst/inst- context + + diff --git a/pam-0.99.7.0-namespace-no-unmount.patch b/pam-0.99.7.0-namespace-no-unmount.patch new file mode 100644 index 0000000..c5a02b7 --- /dev/null +++ b/pam-0.99.7.0-namespace-no-unmount.patch @@ -0,0 +1,95 @@ +--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c.no-unmount 2006-10-24 07:45:36.000000000 -0400 ++++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c 2007-01-19 08:08:58.000000000 -0500 +@@ -1266,12 +1266,30 @@ + idata.flags |= PAMNS_DEBUG; + if (strcmp(argv[i], "ignore_config_error") == 0) + idata.flags |= PAMNS_IGN_CONFIG_ERR; ++ if (strcmp(argv[i], "no_unmount_on_close") == 0) ++ idata.flags |= PAMNS_NO_UNMOUNT_ON_CLOSE; + } + + if (idata.flags & PAMNS_DEBUG) + pam_syslog(idata.pamh, LOG_DEBUG, "close_session - start"); + + /* ++ * For certain trusted programs such as newrole, open session ++ * is called from a child process while the parent perfoms ++ * close session and pam end functions. For these commands ++ * pam_close_session should not perform the unmount of the ++ * polyinstantiatied directory because it will result in ++ * undoing of parents polyinstantiatiaion. These commands ++ * will invoke pam_namespace with the "no_unmount_on_close" ++ * argument. ++ */ ++ if (idata.flags & PAMNS_NO_UNMOUNT_ON_CLOSE) { ++ if (idata.flags & PAMNS_DEBUG) ++ pam_syslog(idata.pamh, LOG_DEBUG, "close_session - sucessful"); ++ return PAM_SUCCESS; ++ } ++ ++ /* + * Lookup user and fill struct items + */ + retval = pam_get_item(idata.pamh, PAM_USER, (void*) &user_name ); +--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.8.xml.no-unmount 2006-06-27 09:07:44.000000000 -0400 ++++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.8.xml 2007-01-19 07:45:02.000000000 -0500 +@@ -43,6 +43,9 @@ + + ignore_instance_parent_mode + ++ ++ no_unmount_on_close ++ + + + +@@ -179,6 +182,22 @@ + + + ++ ++ ++ ++ ++ ++ ++ For certain trusted programs such as newrole, open session ++ is called from a child process while the parent perfoms ++ close session and pam end functions. For these commands ++ use this option to instruct pam_close_session to not ++ unmount the bind mounted polyinstantiated directory in the ++ parent. ++ ++ ++ ++ + + + +--- Linux-PAM-0.99.7.0/modules/pam_namespace/README.xml.no-unmount 2006-06-28 03:22:43.000000000 -0400 ++++ Linux-PAM-0.99.7.0/modules/pam_namespace/README.xml 2007-01-19 07:45:02.000000000 -0500 +@@ -121,6 +121,14 @@ + the restrictive mode of 000. Using this option, an administrator + can choose to ignore the mode of the instance parent. + ++ no_unmount_on_close ++ For certain trusted programs such as newrole, open session ++ is called from a child process while the parent perfoms ++ close session and pam end functions. For these commands ++ use this option to instruct pam_close_session to not ++ unmount the bind mounted polyinstantiated directory in the ++ parent. ++ + MODULE SERVICES PROVIDED: + session open_session and close_session + +--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h.no-unmount 2006-07-28 07:59:28.000000000 -0400 ++++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h 2007-01-19 07:45:02.000000000 -0500 +@@ -86,6 +86,7 @@ + #define PAMNS_GEN_HASH 0x00002000 /* Generate md5 hash for inst names */ + #define PAMNS_IGN_CONFIG_ERR 0x00004000 /* Ignore format error in conf file */ + #define PAMNS_IGN_INST_PARENT_MODE 0x00008000 /* Ignore instance parent mode */ ++#define PAMNS_NO_UNMOUNT_ON_CLOSE 0x00010000 /* no unmount at session close */ + + /* + * Polyinstantiation method options, based on user, security context diff --git a/pam-0.99.7.0-redhat-modules.patch b/pam-0.99.7.0-redhat-modules.patch new file mode 100644 index 0000000..7601ac6 --- /dev/null +++ b/pam-0.99.7.0-redhat-modules.patch @@ -0,0 +1,24 @@ +--- Linux-PAM-0.99.5.0/configure.in.redhat-modules 2006-06-28 09:25:02.000000000 +0200 ++++ Linux-PAM-0.99.5.0/configure.in 2006-06-30 10:24:35.000000000 +0200 +@@ -492,6 +492,10 @@ + libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \ + po/Makefile.in \ + modules/Makefile \ ++ modules/pam_chroot/Makefile modules/pam_console/Makefile \ ++ modules/pam_postgresok/Makefile \ ++ modules/pam_rps/Makefile \ ++ modules/pam_timestamp/Makefile modules/pam_tally2/Makefile \ + modules/pam_access/Makefile modules/pam_cracklib/Makefile \ + modules/pam_debug/Makefile modules/pam_deny/Makefile \ + modules/pam_echo/Makefile modules/pam_env/Makefile \ +--- Linux-PAM-0.99.5.0/modules/Makefile.am.redhat-modules 2006-06-27 16:21:08.000000000 +0200 ++++ Linux-PAM-0.99.5.0/modules/Makefile.am 2006-06-30 10:27:02.000000000 +0200 +@@ -3,6 +3,8 @@ + # + + SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \ ++ pam_chroot pam_console pam_postgresok pam_rps \ ++ pam_timestamp pam_tally2 \ + pam_env pam_filter pam_ftp pam_group pam_issue pam_keyinit \ + pam_lastlog pam_limits pam_listfile pam_localuser pam_mail \ + pam_mkhomedir pam_motd pam_nologin pam_permit pam_rhosts pam_rootok \ diff --git a/pam.spec b/pam.spec index b54c4ad..d53db98 100644 --- a/pam.spec +++ b/pam.spec @@ -6,12 +6,12 @@ %define pwdb_version 0.62 %define db_version 4.5.20 %define db_conflicting_version 4.6.0 -%define pam_redhat_version 0.99.6-2 +%define pam_redhat_version 0.99.7-1 Summary: A security tool which provides authentication for applications Name: pam -Version: 0.99.6.2 -Release: 8%{?dist} +Version: 0.99.7.0 +Release: 1%{?dist} License: GPL or BSD Group: System Environment/Base Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2 @@ -24,32 +24,27 @@ Source7: config-util.pamd Source8: dlopen.sh Source9: system-auth.5 Source10: config-util.5 -Patch1: pam-0.99.5.0-redhat-modules.patch +Patch1: pam-0.99.7.0-redhat-modules.patch +Patch2: pam-0.99.7.0-selinux-build.patch Patch21: pam-0.78-unix-hpux-aging.patch -Patch34: pam-0.99.4.0-dbpam.patch +Patch34: pam-0.99.7.0-dbpam.patch Patch70: pam-0.99.2.1-selinux-nofail.patch Patch80: pam-0.99.6.2-selinux-drop-multiple.patch Patch81: pam-0.99.3.0-cracklib-try-first-pass.patch Patch82: pam-0.99.3.0-tally-fail-close.patch Patch84: pam-0.99.6.2-selinux-keycreate.patch -Patch85: pam-0.99.6.0-succif-session.patch -Patch86: pam-0.99.6.2-namespace-no-unmount.patch +Patch86: pam-0.99.7.0-namespace-no-unmount.patch Patch87: pam-0.99.6.2-namespace-preserve-uid.patch -Patch88: pam-0.99.6.2-doc-add-ids.patch -Patch89: pam-0.99.6.2-namespace-overflow.patch -Patch90: pam-0.99.6.2-keyinit-setgid.patch -Patch91: pam-0.99.6.2-unix-username.patch Patch92: pam-0.99.6.2-selinux-select-context.patch -Patch93: pam-0.99.6.2-namespace-level.patch -Patch94: pam-0.99.6.2-ja-no-shortcut.patch +Patch93: pam-0.99.7.0-namespace-level.patch Patch95: pam-0.99.6.2-selinux-use-current-range.patch -Patch100: pam-0.99.6.2-reconf.patch -BuildRoot: %{_tmppath}/%{name}-root +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: cracklib, cracklib-dicts >= 2.8 -Obsoletes: pamconfig -Prereq: grep, mktemp, sed, coreutils, /sbin/ldconfig -BuildRequires: autoconf, automake, libtool +Requires(pre): grep, coreutils +Requires(post): mktemp, sed, coreutils, /sbin/ldconfig +BuildRequires: autoconf >= 2.60 +BuildRequires: automake, libtool BuildRequires: bison, flex, sed BuildRequires: cracklib-devel, cracklib-dicts >= 2.8 BuildRequires: perl, pkgconfig, gettext @@ -96,6 +91,7 @@ cp %{SOURCE6} . cp %{SOURCE7} . %patch1 -p1 -b .redhat-modules +%patch2 -p1 -b .build %patch21 -p1 -b .unix-hpux-aging %patch34 -p1 -b .dbpam %patch70 -p1 -b .nofail @@ -103,19 +99,12 @@ cp %{SOURCE7} . %patch81 -p1 -b .try-first-pass %patch82 -p1 -b .fail-close %patch84 -p1 -b .keycreate -%patch85 -p0 -b .session %patch86 -p1 -b .no-unmount %patch87 -p1 -b .preserve-uid -%patch88 -p0 -b .add-ids -%patch89 -p1 -b .overflow -%patch90 -p1 -b .setgid -%patch91 -p1 -b .username %patch92 -p1 -b .select-context -%patch93 -p1 -b .selinux-namespace -%patch94 -p1 -b .no-shortcut +%patch93 -p1 -b .level %patch95 -p1 -b .range -%patch100 -p1 -b .reconf -#autoreconf +autoreconf %build CFLAGS="-fPIC $RPM_OPT_FLAGS" ; export CFLAGS @@ -170,6 +159,11 @@ done # Install the binaries, libraries, and modules. make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=: +# RPM uses docs from source tree +rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM +# Included in setup package +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment + # Install default configuration files. install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d install -m 644 other.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/other @@ -327,6 +321,7 @@ fi /%{_lib}/security/pam_echo.so /%{_lib}/security/pam_env.so /%{_lib}/security/pam_exec.so +/%{_lib}/security/pam_faildelay.so /%{_lib}/security/pam_filter.so /%{_lib}/security/pam_ftp.so /%{_lib}/security/pam_group.so @@ -351,7 +346,6 @@ fi /%{_lib}/security/pam_selinux.so /%{_lib}/security/pam_securetty.so /%{_lib}/security/pam_shells.so -/%{_lib}/security/pam_stack.so /%{_lib}/security/pam_stress.so /%{_lib}/security/pam_succeed_if.so /%{_lib}/security/pam_tally.so @@ -401,6 +395,11 @@ fi %doc doc/adg/*.txt doc/adg/html %changelog +* Fri Jan 19 2007 Tomas Mraz 0.99.7.0-1 +- upgrade to new upstream version +- drop pam_stack module as it is obsolete +- some changes to silence rpmlint + * Tue Jan 16 2007 Tomas Mraz 0.99.6.2-8 - properly include /var/log/faillog and tallylog as ghosts and create them in post script (#209646) @@ -432,7 +431,7 @@ fi - don't overflow a buffer in pam_namespace (#211989) * Mon Oct 16 2006 Tomas Mraz 0.99.6.2-3.2 -- /var/log/faillog and tallylog must be %config(noreplace) +- /var/log/faillog and tallylog must be config(noreplace) * Fri Oct 13 2006 Tomas Mraz 0.99.6.2-3.1 - preserve effective uid in namespace.init script (LSPP for newrole) @@ -733,7 +732,7 @@ support) - #134941 pam_console should check X11 socket only on login * Tue Oct 19 2004 Tomas Mraz 0.77-63 -- Fix checking of group %group syntax in pam_limits +- Fix checking of group %%group syntax in pam_limits - Drop fencepost patch as it was already fixed by upstream change from 0.75 to 0.77 - Fix brokenshadow patch @@ -1349,7 +1348,7 @@ support) - add 'sed' to the buildprereq list (#24666) * Sun Jan 21 2001 Matt Wilson -- added "exit 0" to the end of the %pre script +- added "exit 0" to the end of the pre script * Fri Jan 19 2001 Nalin Dahyabhai - self-hosting fix from Guy Streeter @@ -1493,7 +1492,7 @@ support) - try to make pam_console a little more discriminating * Mon Jun 19 2000 Nalin Dahyabhai -- symlink libpam.so to libpam.so.%{version}, and likewise for libpam_misc +- symlink libpam.so to libpam.so.%%{version}, and likewise for libpam_misc - reverse order of checks in _unix_getpwnam for pam_unix * Wed Jun 14 2000 Preston Brown diff --git a/sources b/sources index ea060b5..50e84b8 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -52844c64efa6f8b6a9ed702eec341a4c Linux-PAM-0.99.6.2.tar.bz2 -03b4148754928c045b28650f14f427af pam-redhat-0.99.6-2.tar.bz2 b0f1c777708cb8e9d37fb47e7ed3312d db-4.5.20.tar.gz +e4c9e503ac6af0efdd6031a46bdf506f Linux-PAM-0.99.7.0.tar.bz2 +66845048120c71205bd3363264f2bfe7 pam-redhat-0.99.7-1.tar.bz2