From 1802942b8d5a5bf211817431f03e95e7c09ad8ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= <tmraz@fedoraproject.org>
Date: Thu, 17 Dec 2009 14:29:39 +0000
Subject: [PATCH] - new upstream version with minor changes

---
 .cvsignore                                    |  2 +-
 ...r.bz2.sign => Linux-PAM-1.1.1.tar.bz2.sign |  6 +-
 pam-1.1.0-cracklib-authtok.patch              | 42 ---------
 pam-1.1.0-xauth-context.patch                 | 92 -------------------
 pam.spec                                      | 13 ++-
 sources                                       |  2 +-
 6 files changed, 11 insertions(+), 146 deletions(-)
 rename Linux-PAM-1.1.0.tar.bz2.sign => Linux-PAM-1.1.1.tar.bz2.sign (61%)
 delete mode 100644 pam-1.1.0-cracklib-authtok.patch
 delete mode 100644 pam-1.1.0-xauth-context.patch

diff --git a/.cvsignore b/.cvsignore
index 6f0cc08..3c6b5b2 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,4 +1,4 @@
 *.src.rpm
 *.tar.bz2
 pam-redhat-0.99.10-1.tar.bz2
-Linux-PAM-1.1.0.tar.bz2
+Linux-PAM-1.1.1.tar.bz2
diff --git a/Linux-PAM-1.1.0.tar.bz2.sign b/Linux-PAM-1.1.1.tar.bz2.sign
similarity index 61%
rename from Linux-PAM-1.1.0.tar.bz2.sign
rename to Linux-PAM-1.1.1.tar.bz2.sign
index b0f1840..fad7920 100644
--- a/Linux-PAM-1.1.0.tar.bz2.sign
+++ b/Linux-PAM-1.1.1.tar.bz2.sign
@@ -2,7 +2,7 @@
 Version: GnuPG v1.4.9 (GNU/Linux)
 Comment: See http://www.kernel.org/signature.html for info
 
-iD8DBQBKO6X0yGugalF9Dw4RAmz7AKCV6q08/CrmPtHX6geM3zrUpeFIIwCfSO12
-WRW5yU2bG4x+Bb0Ie6ppBbk=
-=D3mX
+iD8DBQBLKOWYyGugalF9Dw4RAqYlAJ9st1NRPyZjWFD+Pl+7ifeiDcDTAwCfeyt7
+l6BKIgA/0NQzw+md5nFXVy4=
+=Kxq6
 -----END PGP SIGNATURE-----
diff --git a/pam-1.1.0-cracklib-authtok.patch b/pam-1.1.0-cracklib-authtok.patch
deleted file mode 100644
index 52c842d..0000000
--- a/pam-1.1.0-cracklib-authtok.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Index: modules/pam_cracklib/pam_cracklib.c
-===================================================================
-RCS file: /cvsroot/pam/Linux-PAM/modules/pam_cracklib/pam_cracklib.c,v
-retrieving revision 1.33
-retrieving revision 1.34
-diff -u -p -r1.33 -r1.34
---- Linux-PAM/modules/pam_cracklib/pam_cracklib.c	11 Dec 2008 19:41:49 -0000	1.33
-+++ Linux-PAM/modules/pam_cracklib/pam_cracklib.c	21 Jul 2009 13:59:24 -0000	1.34
-@@ -545,7 +545,7 @@ static int _pam_unix_approve_pass(pam_ha
-                                   const char *pass_new)
- {
-     const char *msg = NULL;
--    const void *user;
-+    const char *user;
-     int retval;
- 
-     if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) {
-@@ -556,7 +556,7 @@ static int _pam_unix_approve_pass(pam_ha
-         return PAM_AUTHTOK_ERR;
-     }
- 
--    retval = pam_get_item(pamh, PAM_USER, &user);
-+    retval = pam_get_user(pamh, &user, NULL);
-     if (retval != PAM_SUCCESS || user == NULL) {
- 	if (ctrl & PAM_DEBUG_ARG)
- 		pam_syslog(pamh,LOG_ERR,"Can not get username");
-@@ -658,6 +658,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
- 	    pam_error (pamh, _("BAD PASSWORD: %s"), crack_msg);
- 	    if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
- 	      {
-+		pam_set_item (pamh, PAM_AUTHTOK, NULL);
- 		retval = PAM_AUTHTOK_ERR;
- 		continue;
- 	      }
-@@ -670,6 +671,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
- 	  if (retval != PAM_SUCCESS) {
- 	    if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
- 	      {
-+		pam_set_item(pamh, PAM_AUTHTOK, NULL);
- 		retval = PAM_AUTHTOK_ERR;
- 		continue;
- 	      }
diff --git a/pam-1.1.0-xauth-context.patch b/pam-1.1.0-xauth-context.patch
deleted file mode 100644
index 91c08ba..0000000
--- a/pam-1.1.0-xauth-context.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-diff -up Linux-PAM-1.1.0/modules/pam_xauth/Makefile.am.xauth-context Linux-PAM-1.1.0/modules/pam_xauth/Makefile.am
---- Linux-PAM-1.1.0/modules/pam_xauth/Makefile.am.xauth-context	2006-06-09 18:44:08.000000000 +0200
-+++ Linux-PAM-1.1.0/modules/pam_xauth/Makefile.am	2009-10-29 14:34:18.000000000 +0100
-@@ -16,7 +16,7 @@ secureconfdir = $(SCONFIGDIR)
- 
- AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
- AM_LDFLAGS = -no-undefined -avoid-version -module \
--	-L$(top_builddir)/libpam -lpam
-+	-L$(top_builddir)/libpam -lpam @LIBSELINUX@
- if HAVE_VERSIONING
-   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
- endif
-diff -up Linux-PAM-1.1.0/modules/pam_xauth/pam_xauth.c.xauth-context Linux-PAM-1.1.0/modules/pam_xauth/pam_xauth.c
---- Linux-PAM-1.1.0/modules/pam_xauth/pam_xauth.c.xauth-context	2009-04-09 10:07:29.000000000 +0200
-+++ Linux-PAM-1.1.0/modules/pam_xauth/pam_xauth.c	2009-10-29 16:13:21.000000000 +0100
-@@ -57,6 +57,12 @@
- #include <security/pam_modutil.h>
- #include <security/pam_ext.h>
- 
-+#ifdef WITH_SELINUX
-+#include <selinux/selinux.h>
-+#include <selinux/label.h>
-+#include <sys/stat.h>
-+#endif
-+
- #define DATANAME "pam_xauth_cookie_file"
- #define XAUTHENV "XAUTHORITY"
- #define HOMEENV  "HOME"
-@@ -461,6 +467,10 @@ pam_sm_open_session (pam_handle_t *pamh,
- 			  getuid(), getgid(),
- 			  xauth, "-f", cookiefile, "nlist", display,
- 			  NULL) == 0) {
-+		int save_errno;
-+#ifdef WITH_SELINUX
-+		security_context_t context = NULL;
-+#endif
- 		/* Check that we got a cookie.  If not, we get creative. */
- 		if (((cookie == NULL) || (strlen(cookie) == 0)) &&
- 		    ((strncmp(display, "localhost:", 10) == 0) ||
-@@ -545,12 +555,41 @@ pam_sm_open_session (pam_handle_t *pamh,
- 		/* Generate a new file to hold the data. */
- 		euid = geteuid();
- 		setfsuid(tpwd->pw_uid);
--		fd = mkstemp(xauthority + strlen(XAUTHENV) + 1);
-+		
-+#ifdef WITH_SELINUX
-+		if (is_selinux_enabled() > 0) {
-+			struct selabel_handle *ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0);
-+			if (ctx != NULL) {
-+				if (selabel_lookup(ctx, &context,
-+						   xauthority + sizeof(XAUTHENV), S_IFREG) != 0) {
-+					pam_syslog(pamh, LOG_WARNING,
-+						   "could not get SELinux label for '%s'",
-+						   xauthority + sizeof(XAUTHENV));
-+				}
-+				selabel_close(ctx);
-+				if (setfscreatecon(context)) {
-+					pam_syslog(pamh, LOG_WARNING,
-+						   "setfscreatecon(%s) failed: %m", context);
-+				}
-+			}
-+		}
-+		fd = mkstemp(xauthority + sizeof(XAUTHENV));
-+		save_errno = errno;
-+		if (context != NULL) {
-+			free(context);
-+			setfscreatecon(NULL);
-+		}
-+#else
-+		fd = mkstemp(xauthority + sizeof(XAUTHENV));
-+		save_errno = errno;
-+#endif
-+
- 		setfsuid(euid);
- 		if (fd == -1) {
-+			errno = save_errno;
- 			pam_syslog(pamh, LOG_ERR,
- 				   "error creating temporary file `%s': %m",
--				   xauthority + strlen(XAUTHENV) + 1);
-+				   xauthority + sizeof(XAUTHENV));
- 			retval = PAM_SESSION_ERR;
- 			goto cleanup;
- 		}
-@@ -563,7 +602,7 @@ pam_sm_open_session (pam_handle_t *pamh,
- 		/* Get a copy of the filename to save as a data item for
- 		 * removal at session-close time. */
- 		free(cookiefile);
--		cookiefile = strdup(xauthority + strlen(XAUTHENV) + 1);
-+		cookiefile = strdup(xauthority + sizeof(XAUTHENV));
- 
- 		/* Save the filename. */
- 		if (pam_set_data(pamh, DATANAME, cookiefile, cleanup) != PAM_SUCCESS) {
diff --git a/pam.spec b/pam.spec
index 2f53461..cbc7f0e 100644
--- a/pam.spec
+++ b/pam.spec
@@ -2,8 +2,8 @@
 
 Summary: An extensible library which provides authentication for applications
 Name: pam
-Version: 1.1.0
-Release: 7%{?dist}
+Version: 1.1.1
+Release: 1%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 License: BSD and GPLv2+
@@ -23,10 +23,8 @@ Source13: config-util.5
 Source14: 90-nproc.conf
 Patch1:  pam-1.0.90-redhat-modules.patch
 Patch2:  pam-1.0.91-std-noclose.patch
-Patch3:  pam-1.1.0-cracklib-authtok.patch
 Patch4:  pam-1.1.0-console-nochmod.patch
 Patch5:  pam-1.1.0-notally.patch
-Patch6:  pam-1.1.0-xauth-context.patch
 Patch7:  pam-1.1.0-console-fixes.patch
 
 %define _sbindir /sbin
@@ -90,10 +88,8 @@ mv pam-redhat-%{pam_redhat_version}/* modules
 
 %patch1 -p1 -b .redhat-modules
 %patch2 -p1 -b .std-noclose
-%patch3 -p1 -b .authtok
 %patch4 -p1 -b .nochmod
 %patch5 -p1 -b .notally
-%patch6 -p1 -b .xauth-context
 %patch7 -p1 -b .console-fixes
 
 libtoolize -f
@@ -180,7 +176,7 @@ install -m755 -d $RPM_BUILD_ROOT/lib/security
 for dir in modules/pam_* ; do
 if [ -d ${dir} ] ; then
 %if ! %{WITH_SELINUX}
-        [ ${dir} = "modules/pam_selinux" ] && continue
+	[ ${dir} = "modules/pam_selinux" ] && continue
 %endif
 	[ ${dir} = "modules/pam_tally" ] && continue
 	if ! ls -1 $RPM_BUILD_ROOT%{_moduledir}/`basename ${dir}`*.so ; then
@@ -327,6 +323,9 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Thu Dec 17 2009 Tomas Mraz <tmraz@redhat.com> 1.1.1-1
+- new upstream version with minor changes
+
 * Mon Nov  2 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-7
 - pam_console: fix memory corruption when executing handlers (patch by
   Stas Sergeev) and a few more fixes in the handler execution code (#532302)
diff --git a/sources b/sources
index 1b3568e..8210a75 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 c115640346a987356f6b76ec1d425185  pam-redhat-0.99.10-1.tar.bz2
-9cda791c827dfcd9f2888caf0a64cc4a  Linux-PAM-1.1.0.tar.bz2
+9b3d952b173d5b9836cbc7e8de108bee  Linux-PAM-1.1.1.tar.bz2