- upgrade to new upstream version

- drop pam_stack module as it is obsolete
- some changes to silence rpmlint

.cvsignore

@@ -1,3 +1,5 @@
-Linux-PAM-0.99.6.2.tar.bz2
-pam-redhat-0.99.6-2.tar.bz2
 db-4.5.20.tar.gz
+*.src.rpm
+*.tar.bz2
+Linux-PAM-0.99.7.0.tar.bz2
+pam-redhat-0.99.7-1.tar.bz2

pam-0.99.7.0-dbpam.patch

@@ -0,0 +1,11 @@
+--- Linux-PAM-0.99.7.0/configure.in.dbpam	2007-01-19 07:39:09.000000000 -0500
++++ Linux-PAM-0.99.7.0/configure.in	2007-01-19 07:40:07.000000000 -0500
+@@ -348,7 +348,7 @@
+         WITH_DB=$enableval, WITH_DB=yes)
+ if test x"$WITH_DB" != xno ; then
+         if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then
+-              AC_CHECK_LIB([db], [db_create], LIBDB="-ldb", LIBDB="")
++              AC_CHECK_LIB([db], [db_create_pam], LIBDB="-ldb", LIBDB="")
+               if test -z "$LIBDB" ; then
+                   AC_CHECK_LIB([db], [dbm_store], LIBDB="-ldb", LIBDB="")
+               fi

pam-0.99.7.0-namespace-level.patch

@@ -0,0 +1,250 @@
+--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c.level	2007-01-19 08:33:11.000000000 -0500
++++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c	2007-01-19 08:33:11.000000000 -0500
+@@ -244,23 +244,29 @@
+     }
+     strcpy(poly.dir, dir);
+     strcpy(poly.instance_prefix, instance_prefix);
+-    if (strcmp(method, "user") == 0)
+-        poly.method = USER;
++
++    poly.method = NONE;
++    if (strcmp(method, "user") == 0) 
++	    poly.method = USER;
++
+ #ifdef WITH_SELINUX
+-    else if (strcmp(method, "context") == 0) {
++    if (strcmp(method, "level") == 0) {
+         if (idata->flags & PAMNS_CTXT_BASED_INST)
+-            poly.method = CONTEXT;
++            poly.method = LEVEL;
+ 	else
+             poly.method = USER;
+-    } else if (strcmp(method, "both") == 0) {
++    }
++
++    if (strcmp(method, "context") == 0) {
+         if (idata->flags & PAMNS_CTXT_BASED_INST)
+-            poly.method = BOTH;
++            poly.method = CONTEXT;
+ 	else
+             poly.method = USER;
+     }
+ 
+ #endif
+-    else {
++
++    if ( poly.method == NONE) {
+         pam_syslog(idata->pamh, LOG_NOTICE, "Illegal method");
+         goto skipping;
+     }
+@@ -448,19 +454,23 @@
+ 		return PAM_SESSION_ERR;
+ 	}
+ 
++	if (polyptr->method == USER) return PAM_SUCCESS;
++
++	rc = getexeccon(&scon);
++	if (rc < 0 || scon == NULL) {
++		pam_syslog(idata->pamh, LOG_ERR, 
++			   "Error getting exec context, %m");
++		return PAM_SESSION_ERR;
++	}
++
+ 	/*
+ 	 * If polyinstantiating based on security context, get current
+ 	 * process security context, get security class for directories,
+ 	 * and ask the policy to provide security context of the
+ 	 * polyinstantiated instance directory.
+ 	 */
+-	if ((polyptr->method == CONTEXT) || (polyptr->method == BOTH)) {
+-		rc = getexeccon(&scon);
+-		if (rc < 0 || scon == NULL) {
+-			pam_syslog(idata->pamh, LOG_ERR,
+-					"Error getting exec context, %m");
+-			return PAM_SESSION_ERR;
+-		}
++
++	if (polyptr->method == CONTEXT) {
+ 		tclass = string_to_security_class("dir");
+ 
+ 		if (security_compute_member(scon, *origcon, tclass,
+@@ -473,7 +483,48 @@
+ 			pam_syslog(idata->pamh, LOG_DEBUG,
+ 					"member context returned by policy %s", *i_context);
+ 		freecon(scon);
++		return PAM_SUCCESS;
+ 	}
++
++	/*
++	 * If polyinstantiating based on security level, get current
++	 * process security context, get security class for directories,
++	 * and change the directories MLS Level to match process.
++	 */
++
++	if (polyptr->method == LEVEL) {
++		context_t scontext = NULL;
++		context_t fcontext = NULL;
++		rc = PAM_SESSION_ERR;
++
++		scontext = context_new(scon);
++		if (! scontext) {
++			pam_syslog(idata->pamh, LOG_ERR, "out of memory");
++			goto fail;
++		}
++		fcontext = context_new(*origcon);
++		if (! fcontext) {
++			pam_syslog(idata->pamh, LOG_ERR, "out of memory");
++			goto fail;
++		}
++		if (context_range_set(fcontext, context_range_get(scontext)) != 0) {
++			pam_syslog(idata->pamh, LOG_ERR, "Unable to set MLS Componant of context");
++			goto fail;
++		}
++		*i_context=strdup(context_str(fcontext));
++		if (! *i_context) {
++			pam_syslog(idata->pamh, LOG_ERR, "out of memory");
++			goto fail;
++		}
++
++		rc = PAM_SUCCESS;
++ fail:
++		context_free(scontext);
++		context_free(fcontext);
++		freecon(scon);
++		return rc;
++	}
++	/* Should never get here */
+ 	return PAM_SUCCESS;
+ }
+ #endif
+@@ -514,19 +565,14 @@
+     	    break;
+ 
+ #ifdef WITH_SELINUX
++    	case LEVEL:
+         case CONTEXT:
+-	    if (asprintf(i_name, "%s", *i_context) < 0) {
+-		*i_name = NULL;
+-		rc = PAM_SESSION_ERR;
+-	    }
+-    	    break;
+-
+-    	case BOTH:
+ 	    if (asprintf(i_name, "%s_%s", *i_context, idata->user) < 0) {
+ 		*i_name = NULL;
+ 		rc = PAM_SESSION_ERR;
+ 	    }
+     	    break;
++
+ #endif /* WITH_SELINUX */
+ 
+     	default:
+@@ -1158,7 +1204,7 @@
+ #ifdef WITH_SELINUX
+     if (is_selinux_enabled())
+         idata.flags |= PAMNS_SELINUX_ENABLED;
+-    if (ctxt_based_inst_needed())
++    if (ctxt_based_inst_needed()) 
+         idata.flags |= PAMNS_CTXT_BASED_INST;
+ #endif
+ 
+--- Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.level	2006-06-27 09:07:43.000000000 -0400
++++ Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf	2007-01-19 08:33:11.000000000 -0500
+@@ -4,12 +4,10 @@
+ #
+ # Uncommenting the following three lines will polyinstantiate
+ # /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will
+-# be polyinstantiated based on both security context as well as user
+-# name, whereas home directory will be polyinstantiated based on
+-# security context only. Polyinstantion will not be performed for
+-# user root and adm for directories /tmp and /var/tmp, whereas home
+-# directories will be polyinstantiated for all users. The user name
+-# and/or context is appended to the instance prefix.
++# be polyinstantiated based on the MLS level part of the security context as well as user
++# name, Polyinstantion will not be performed for user root and adm for directories 
++# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users. 
++# The user name and context is appended to the instance prefix.
+ #
+ # Note that instance directories do not have to reside inside the
+ # polyinstantiated directory. In the examples below, instances of /tmp
+@@ -25,6 +23,6 @@
+ # caution, as it will reduce security and isolation achieved by
+ # polyinstantiation.
+ #
+-#/tmp     /tmp-inst/       	both      root,adm
+-#/var/tmp /var/tmp/tmp-inst/   	both      root,adm
+-#$HOME    $HOME/$USER.inst/inst- context
++#/tmp     /tmp-inst/       	level      root,adm
++#/var/tmp /var/tmp/tmp-inst/   	level      root,adm
++#$HOME    $HOME/$USER.inst/     level
+--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h.level	2007-01-19 08:33:11.000000000 -0500
++++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h	2007-01-19 08:33:11.000000000 -0500
+@@ -63,6 +63,7 @@
+ 
+ #ifdef WITH_SELINUX
+ #include <selinux/selinux.h>
++#include <selinux/context.h>
+ #endif
+ 
+ #ifndef CLONE_NEWNS
+@@ -93,9 +94,10 @@
+  * or both
+  */
+ enum polymethod {
++    NONE,
+     USER,
+     CONTEXT,
+-    BOTH,
++    LEVEL,
+ };
+ 
+ /*
+--- Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.5.xml.level	2006-06-27 09:07:43.000000000 -0400
++++ Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.5.xml	2007-01-19 08:33:11.000000000 -0500
+@@ -22,7 +22,7 @@
+     <para>
+       This module allows setup of private namespaces with polyinstantiated
+       directories. Directories can be polyinstantiated based on user name
+-      or, in the case of SELinux, user name, security context or both.  If an
++      or, in the case of SELinux, user name, sensitivity level or complete security context.  If an
+       executable script <filename>/etc/security/namespace.init</filename>
+       exists, it is used to initialize the namespace every time a new instance
+       directory is setup. The script receives the polyinstantiated
+@@ -72,10 +72,10 @@
+     <para>
+       The third field, <replaceable>method</replaceable>, is the method
+       used for polyinstantiation. It can take 3 different values; "user"
+-      for polyinstantiation based on user name, "context" for
+-      polyinstantiation based on process security context, and "both"
+-      for polyinstantiation based on both user name and security context.
+-      Methods "context" and "both" are only available with SELinux. This
++      for polyinstantiation based on user name, "level" for 
++      polyinstantiation based on process MLS level and user name, and "context" for
++      polyinstantiation based on process security context and user name
++      Methods "context" and "level" are only available with SELinux. This
+       field cannot be blank.
+     </para>
+ 
+@@ -98,9 +98,9 @@
+     <literallayout>
+       # The following three lines will polyinstantiate /tmp,
+       # /var/tmp and user's home directories. /tmp and /var/tmp
+-      # will be polyinstantiated based on both security context
++      # will be polyinstantiated based on the security level
+       # as well as user name, whereas home directory will be
+-      # polyinstantiated based on security context only.
++      # polyinstantiated based on the full security context and user name.
+       # Polyinstantiation will not be performed for user root
+       # and adm for directories /tmp and /var/tmp, whereas home
+       # directories will be polyinstantiated for all users.
+@@ -112,8 +112,8 @@
+       # will reside within the directories that are being
+       # polyinstantiated.
+       #
+-      /tmp     /tmp-inst/       	both      root,adm
+-      /var/tmp /var/tmp/tmp-inst/   	both      root,adm
++      /tmp     /tmp-inst/               level      root,adm
++      /var/tmp /var/tmp/tmp-inst/   	level      root,adm
+       $HOME    $HOME/$USER.inst/inst- context
+     </literallayout>
+ 

pam-0.99.7.0-namespace-no-unmount.patch

@@ -0,0 +1,95 @@
+--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c.no-unmount	2006-10-24 07:45:36.000000000 -0400
++++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c	2007-01-19 08:08:58.000000000 -0500
+@@ -1266,12 +1266,30 @@
+             idata.flags |= PAMNS_DEBUG;
+         if (strcmp(argv[i], "ignore_config_error") == 0)
+             idata.flags |= PAMNS_IGN_CONFIG_ERR;
++        if (strcmp(argv[i], "no_unmount_on_close") == 0)
++            idata.flags |= PAMNS_NO_UNMOUNT_ON_CLOSE;
+     }
+ 
+     if (idata.flags & PAMNS_DEBUG)
+         pam_syslog(idata.pamh, LOG_DEBUG, "close_session - start");
+ 
+     /*
++     * For certain trusted programs such as newrole, open session
++     * is called from a child process while the parent perfoms
++     * close session and pam end functions. For these commands
++     * pam_close_session should not perform the unmount of the
++     * polyinstantiatied directory because it will result in
++     * undoing of parents polyinstantiatiaion. These commands
++     * will invoke pam_namespace with the "no_unmount_on_close"
++     * argument.
++     */
++    if (idata.flags & PAMNS_NO_UNMOUNT_ON_CLOSE) {
++	if (idata.flags & PAMNS_DEBUG)
++	    pam_syslog(idata.pamh, LOG_DEBUG, "close_session - sucessful");
++        return PAM_SUCCESS;
++    }
++
++    /* 
+      * Lookup user and fill struct items
+      */
+     retval = pam_get_item(idata.pamh, PAM_USER, (void*) &user_name );
+--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.8.xml.no-unmount	2006-06-27 09:07:44.000000000 -0400
++++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.8.xml	2007-01-19 07:45:02.000000000 -0500
+@@ -43,6 +43,9 @@
+       <arg choice="opt">
+         ignore_instance_parent_mode
+       </arg>
++      <arg choice="opt">
++        no_unmount_on_close
++      </arg>
+     </cmdsynopsis>
+   </refsynopsisdiv>
+ 
+@@ -179,6 +182,22 @@
+         </listitem>
+       </varlistentry>
+ 
++      <varlistentry>
++        <term>
++          <option>no_unmount_on_close</option>
++        </term>
++        <listitem>
++          <para>
++           For certain trusted programs such as newrole, open session
++           is called from a child process while the parent perfoms
++           close session and pam end functions. For these commands
++           use this option to instruct pam_close_session to not
++           unmount the bind mounted polyinstantiated directory in the
++            parent.
++          </para>
++        </listitem>
++      </varlistentry>
++
+     </variablelist>
+   </refsect1>
+ 
+--- Linux-PAM-0.99.7.0/modules/pam_namespace/README.xml.no-unmount	2006-06-28 03:22:43.000000000 -0400
++++ Linux-PAM-0.99.7.0/modules/pam_namespace/README.xml	2007-01-19 07:45:02.000000000 -0500
+@@ -121,6 +121,14 @@
+ 	the restrictive mode of 000. Using this option, an administrator
+ 	can choose to ignore the mode of the instance parent.
+ 
++    no_unmount_on_close
++       For certain trusted programs such as newrole, open session
++       is called from a child process while the parent perfoms
++       close session and pam end functions. For these commands
++       use this option to instruct pam_close_session to not
++       unmount the bind mounted polyinstantiated directory in the
++       parent.
++
+ MODULE SERVICES PROVIDED:
+ 	session            open_session and close_session
+ 
+--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h.no-unmount	2006-07-28 07:59:28.000000000 -0400
++++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h	2007-01-19 07:45:02.000000000 -0500
+@@ -86,6 +86,7 @@
+ #define PAMNS_GEN_HASH        0x00002000 /* Generate md5 hash for inst names */
+ #define PAMNS_IGN_CONFIG_ERR  0x00004000 /* Ignore format error in conf file */
+ #define PAMNS_IGN_INST_PARENT_MODE  0x00008000 /* Ignore instance parent mode */
++#define PAMNS_NO_UNMOUNT_ON_CLOSE  0x00010000 /* no unmount at session close */
+ 
+ /*
+  * Polyinstantiation method options, based on user, security context

pam-0.99.7.0-redhat-modules.patch

@@ -0,0 +1,24 @@
+--- Linux-PAM-0.99.5.0/configure.in.redhat-modules	2006-06-28 09:25:02.000000000 +0200
++++ Linux-PAM-0.99.5.0/configure.in	2006-06-30 10:24:35.000000000 +0200
+@@ -492,6 +492,10 @@
+ 	libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
+ 	po/Makefile.in \
+ 	modules/Makefile \
++	modules/pam_chroot/Makefile modules/pam_console/Makefile \
++	modules/pam_postgresok/Makefile \
++	modules/pam_rps/Makefile \
++	modules/pam_timestamp/Makefile modules/pam_tally2/Makefile \
+ 	modules/pam_access/Makefile modules/pam_cracklib/Makefile \
+         modules/pam_debug/Makefile modules/pam_deny/Makefile \
+ 	modules/pam_echo/Makefile modules/pam_env/Makefile \
+--- Linux-PAM-0.99.5.0/modules/Makefile.am.redhat-modules	2006-06-27 16:21:08.000000000 +0200
++++ Linux-PAM-0.99.5.0/modules/Makefile.am	2006-06-30 10:27:02.000000000 +0200
+@@ -3,6 +3,8 @@
+ #
+ 
+ SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
++	pam_chroot pam_console pam_postgresok pam_rps \
++	pam_timestamp pam_tally2 \
+ 	pam_env pam_filter pam_ftp pam_group pam_issue pam_keyinit \
+ 	pam_lastlog pam_limits pam_listfile pam_localuser pam_mail \
+ 	pam_mkhomedir pam_motd pam_nologin pam_permit pam_rhosts pam_rootok \

pam.spec

@@ -6,12 +6,12 @@
 %define pwdb_version 0.62
 %define db_version 4.5.20
 %define db_conflicting_version 4.6.0
-%define pam_redhat_version 0.99.6-2
+%define pam_redhat_version 0.99.7-1
 
 Summary: A security tool which provides authentication for applications
 Name: pam
-Version: 0.99.6.2
+Version: 0.99.7.0
-Release: 8%{?dist}
+Release: 1%{?dist}
 License: GPL or BSD
 Group: System Environment/Base
 Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
@@ -24,32 +24,27 @@ Source7: config-util.pamd
 Source8: dlopen.sh
 Source9: system-auth.5
 Source10: config-util.5
-Patch1: pam-0.99.5.0-redhat-modules.patch
+Patch1:  pam-0.99.7.0-redhat-modules.patch
+Patch2:  pam-0.99.7.0-selinux-build.patch
 Patch21: pam-0.78-unix-hpux-aging.patch
-Patch34: pam-0.99.4.0-dbpam.patch
+Patch34: pam-0.99.7.0-dbpam.patch
 Patch70: pam-0.99.2.1-selinux-nofail.patch
 Patch80: pam-0.99.6.2-selinux-drop-multiple.patch
 Patch81: pam-0.99.3.0-cracklib-try-first-pass.patch
 Patch82: pam-0.99.3.0-tally-fail-close.patch
 Patch84: pam-0.99.6.2-selinux-keycreate.patch
-Patch85: pam-0.99.6.0-succif-session.patch
+Patch86: pam-0.99.7.0-namespace-no-unmount.patch
-Patch86: pam-0.99.6.2-namespace-no-unmount.patch
 Patch87: pam-0.99.6.2-namespace-preserve-uid.patch
-Patch88: pam-0.99.6.2-doc-add-ids.patch
-Patch89: pam-0.99.6.2-namespace-overflow.patch
-Patch90: pam-0.99.6.2-keyinit-setgid.patch
-Patch91: pam-0.99.6.2-unix-username.patch
 Patch92: pam-0.99.6.2-selinux-select-context.patch
-Patch93: pam-0.99.6.2-namespace-level.patch
+Patch93: pam-0.99.7.0-namespace-level.patch
-Patch94: pam-0.99.6.2-ja-no-shortcut.patch
 Patch95: pam-0.99.6.2-selinux-use-current-range.patch
-Patch100: pam-0.99.6.2-reconf.patch
 
-BuildRoot: %{_tmppath}/%{name}-root
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: cracklib, cracklib-dicts >= 2.8
-Obsoletes: pamconfig
+Requires(pre): grep, coreutils
-Prereq: grep, mktemp, sed, coreutils, /sbin/ldconfig
+Requires(post): mktemp, sed, coreutils, /sbin/ldconfig
-BuildRequires: autoconf, automake, libtool
+BuildRequires: autoconf >= 2.60
+BuildRequires: automake, libtool
 BuildRequires: bison, flex, sed
 BuildRequires: cracklib-devel, cracklib-dicts >= 2.8
 BuildRequires: perl, pkgconfig, gettext
@@ -96,6 +91,7 @@ cp %{SOURCE6} .
 cp %{SOURCE7} .
 
 %patch1 -p1 -b .redhat-modules
+%patch2 -p1 -b .build
 %patch21 -p1 -b .unix-hpux-aging
 %patch34 -p1 -b .dbpam
 %patch70 -p1 -b .nofail
@@ -103,19 +99,12 @@ cp %{SOURCE7} .
 %patch81 -p1 -b .try-first-pass
 %patch82 -p1 -b .fail-close
 %patch84 -p1 -b .keycreate
-%patch85 -p0 -b .session
 %patch86 -p1 -b .no-unmount
 %patch87 -p1 -b .preserve-uid
-%patch88 -p0 -b .add-ids
-%patch89 -p1 -b .overflow
-%patch90 -p1 -b .setgid
-%patch91 -p1 -b .username
 %patch92 -p1 -b .select-context
-%patch93 -p1 -b .selinux-namespace
+%patch93 -p1 -b .level
-%patch94 -p1 -b .no-shortcut
 %patch95 -p1 -b .range
-%patch100 -p1 -b .reconf
+autoreconf
-#autoreconf
 
 %build
 CFLAGS="-fPIC $RPM_OPT_FLAGS" ; export CFLAGS
@@ -170,6 +159,11 @@ done
 # Install the binaries, libraries, and modules.
 make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=:
 
+# RPM uses docs from source tree
+rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
+# Included in setup package
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment
+
 # Install default configuration files.
 install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
 install -m 644 other.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/other
@@ -327,6 +321,7 @@ fi
 /%{_lib}/security/pam_echo.so
 /%{_lib}/security/pam_env.so
 /%{_lib}/security/pam_exec.so
+/%{_lib}/security/pam_faildelay.so
 /%{_lib}/security/pam_filter.so
 /%{_lib}/security/pam_ftp.so
 /%{_lib}/security/pam_group.so
@@ -351,7 +346,6 @@ fi
 /%{_lib}/security/pam_selinux.so
 /%{_lib}/security/pam_securetty.so
 /%{_lib}/security/pam_shells.so
-/%{_lib}/security/pam_stack.so
 /%{_lib}/security/pam_stress.so
 /%{_lib}/security/pam_succeed_if.so
 /%{_lib}/security/pam_tally.so
@@ -401,6 +395,11 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Fri Jan 19 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.0-1
+- upgrade to new upstream version
+- drop pam_stack module as it is obsolete
+- some changes to silence rpmlint
+
 * Tue Jan 16 2007 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-8
 - properly include /var/log/faillog and tallylog as ghosts
   and create them in post script (#209646)
@@ -432,7 +431,7 @@ fi
 - don't overflow a buffer in pam_namespace (#211989)
 
 * Mon Oct 16 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-3.2
-- /var/log/faillog and tallylog must be %config(noreplace)
+- /var/log/faillog and tallylog must be config(noreplace)
 
 * Fri Oct 13 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-3.1
 - preserve effective uid in namespace.init script (LSPP for newrole)
@@ -733,7 +732,7 @@ support)
 - #134941 pam_console should check X11 socket only on login
 
 * Tue Oct 19 2004 Tomas Mraz <tmraz@redhat.com> 0.77-63
-- Fix checking of group %group syntax in pam_limits
+- Fix checking of group %%group syntax in pam_limits
 - Drop fencepost patch as it was already fixed 
   by upstream change from 0.75 to 0.77
 - Fix brokenshadow patch
@@ -1349,7 +1348,7 @@ support)
 - add 'sed' to the buildprereq list (#24666)
 
 * Sun Jan 21 2001 Matt Wilson <msw@redhat.com>
-- added "exit 0" to the end of the %pre script
+- added "exit 0" to the end of the pre script
 
 * Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
 - self-hosting fix from Guy Streeter
@@ -1493,7 +1492,7 @@ support)
 - try to make pam_console a little more discriminating
 
 * Mon Jun 19 2000 Nalin Dahyabhai <nalin@redhat.com>
-- symlink libpam.so to libpam.so.%{version}, and likewise for libpam_misc
+- symlink libpam.so to libpam.so.%%{version}, and likewise for libpam_misc
 - reverse order of checks in _unix_getpwnam for pam_unix
 
 * Wed Jun 14 2000 Preston Brown <pbrown@redhat.com>

sources

@@ -1,3 +1,3 @@
-52844c64efa6f8b6a9ed702eec341a4c  Linux-PAM-0.99.6.2.tar.bz2
-03b4148754928c045b28650f14f427af  pam-redhat-0.99.6-2.tar.bz2
 b0f1c777708cb8e9d37fb47e7ed3312d  db-4.5.20.tar.gz
+e4c9e503ac6af0efdd6031a46bdf506f  Linux-PAM-0.99.7.0.tar.bz2
+66845048120c71205bd3363264f2bfe7  pam-redhat-0.99.7-1.tar.bz2