- upgrade to new upstream release (bugfix only)

.cvsignore

@@ -1,5 +1,5 @@
 *.src.rpm
 *.tar.bz2
-Linux-PAM-0.99.10.0.tar.bz2
 pam-redhat-0.99.9-1.tar.bz2
 db-4.6.21.tar.gz
+Linux-PAM-1.0.0.tar.bz2

Linux-PAM-1.0.0.tar.bz2.sign

@@ -2,7 +2,7 @@
 Version: GnuPG v1.4.7 (GNU/Linux)
 Comment: See http://www.kernel.org/signature.html for info
 
-iD8DBQBHtBCvyGugalF9Dw4RAkscAKCAir9EhJ5VxjIog6Vs+N6Sr27n6ACcD0Iy
+iD8DBQBH9gcryGugalF9Dw4RAunFAJ48k4LRkrFNc7z4GKMkxVEsCVueYQCcDuqb
-ycgdOs9Ea8z8pqgPZMmocyY=
+CZwKcsMD/+6B0LeaP0HeivM=
-=djTw
+=HQw/
 -----END PGP SIGNATURE-----

pam-0.99.10.0-namespace-level.patch

@@ -1,17 +0,0 @@
-diff -up Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c.umount Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c
---- Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c.umount	2008-02-13 14:52:13.000000000 +0100
-+++ Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c	2008-03-20 15:29:11.000000000 +0100
-@@ -822,10 +822,11 @@ static int poly_name(const struct polydi
-      */
- 
-     pm = polyptr->method;
--    if (pm == LEVEL || pm == USER) {
-+    if (pm == LEVEL || pm == CONTEXT)
- #ifdef WITH_SELINUX
--        if (!(idata->flags & PAMNS_CTXT_BASED_INST))
-+        if (!(idata->flags & PAMNS_CTXT_BASED_INST)) {
- #else
-+    {
- 	pam_syslog(idata->pamh, LOG_NOTICE,
- 		"Context and level methods not available, using user method");
- #endif

pam-0.99.10.0-namespace-umount.patch

@@ -1,16 +0,0 @@
-diff -up Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c.umount Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c
---- Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c.umount	2008-02-13 14:52:13.000000000 +0100
-+++ Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c	2008-03-17 11:40:02.000000000 +0100
-@@ -1528,8 +1528,11 @@ static int setup_namespace(struct instan
-      */
-     for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) {
- 	enum unmnt_op dir_unmnt = unmnt;
-+	if (ns_override(pptr, idata, idata->ruid)) {
-+	    dir_unmnt = NO_UNMNT;
-+	}
-         if (ns_override(pptr, idata, idata->uid)) {
--    	    if (unmnt == NO_UNMNT || ns_override(pptr, idata, idata->ruid)) {
-+    	    if (dir_unmnt == NO_UNMNT) {
-     		continue;
- 	    } else {
- 		dir_unmnt = UNMNT_ONLY;

pam-0.99.10.0-selinux-prev-context.patch

@@ -1,43 +0,0 @@
-diff -up Linux-PAM-0.99.10.0/modules/pam_selinux/pam_selinux.c.prev-context Linux-PAM-0.99.10.0/modules/pam_selinux/pam_selinux.c
---- Linux-PAM-0.99.10.0/modules/pam_selinux/pam_selinux.c.prev-context	2007-06-18 12:46:48.000000000 +0200
-+++ Linux-PAM-0.99.10.0/modules/pam_selinux/pam_selinux.c	2008-03-20 17:38:41.000000000 +0100
-@@ -672,7 +672,7 @@ PAM_EXTERN int
- pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
- 		     int argc, const char **argv)
- {
--  int i, debug = 0,status=0, open_session=0;
-+  int i, debug = 0, status = PAM_SUCCESS, open_session = 0;
-   if (! (selinux_enabled ))
-       return PAM_SUCCESS;
- 
-@@ -702,19 +702,21 @@ pam_sm_close_session(pam_handle_t *pamh,
-     free(ttyn);
-     ttyn=NULL;
-   }
--  status=setexeccon(prev_user_context);
--  freecon(prev_user_context);
--  if (status) {
--    pam_syslog(pamh, LOG_ERR, "Error!  Unable to set executable context %s.",
-+  if (prev_user_context) {
-+    if (setexeccon(prev_user_context)) {
-+      pam_syslog(pamh, LOG_ERR, "Unable to restore executable context %s.",
- 	       prev_user_context);
--    if (security_getenforce() == 1)
--       return PAM_AUTH_ERR;
--    else
--       return PAM_SUCCESS;
-+      if (security_getenforce() == 1)
-+         status = PAM_AUTH_ERR;
-+      else
-+         status = PAM_SUCCESS;
-+    }
-+    freecon(prev_user_context);
-+    prev_user_context = NULL;
-   }
- 
-   if (debug)
-     pam_syslog(pamh, LOG_NOTICE, "setcontext back to orginal");
- 
--  return PAM_SUCCESS;
-+  return status;
- }

pam-0.99.10.0-unix-any-user.patch

@@ -1,15 +0,0 @@
-diff -up Linux-PAM-0.99.10.0/modules/pam_unix/unix_chkpwd.c.any-user Linux-PAM-0.99.10.0/modules/pam_unix/unix_chkpwd.c
---- Linux-PAM-0.99.10.0/modules/pam_unix/unix_chkpwd.c.any-user	2008-01-28 13:21:48.000000000 +0100
-+++ Linux-PAM-0.99.10.0/modules/pam_unix/unix_chkpwd.c	2008-02-21 14:06:56.000000000 +0100
-@@ -101,7 +101,10 @@ int main(int argc, char *argv[])
- 	  /* if the caller specifies the username, verify that user
- 	     matches it */
- 	  if (strcmp(user, argv[1])) {
--	    return PAM_AUTH_ERR;
-+	    user = argv[1];
-+	    /* no match -> permanently change to the real user and proceed */
-+	    if (setuid(getuid()) != 0)
-+		return PAM_AUTH_ERR;
- 	  }
- 	}
- 

pam-0.99.8.1-audit-no-log.patch

@@ -1,31 +0,0 @@
-diff -up Linux-PAM-0.99.8.1/libpam/pam_audit.c.no-log Linux-PAM-0.99.8.1/libpam/pam_audit.c
---- Linux-PAM-0.99.8.1/libpam/pam_audit.c.no-log	2007-07-18 10:53:35.000000000 +0200
-+++ Linux-PAM-0.99.8.1/libpam/pam_audit.c	2007-08-13 10:59:40.000000000 +0200
-@@ -42,18 +42,17 @@ _pam_audit_writelog(pam_handle_t *pamh, 
-      best to fix it. */
-   errno = -rc;
- 
--  if (rc < 0 && errno != old_errno)
--    {
--      old_errno = errno;
--      pam_syslog (pamh, LOG_CRIT, "audit_log_acct_message() failed: %m");
--    }
--
-   pamh->audit_state |= PAMAUDIT_LOGGED;
- 
--  if (rc == -EPERM && getuid () != 0)
--    return 0;
--  else
--    return rc;
-+  if (rc < 0) {
-+      if (rc == -EPERM && getuid() != 0)
-+          return 0;
-+      if (errno != old_errno) {
-+          old_errno = errno;
-+          pam_syslog (pamh, LOG_CRIT, "audit_log_acct_message() failed: %m");
-+      }
-+  }
-+  return rc;
- }
- 
- int

pam.spec

@@ -4,8 +4,8 @@
 
 Summary: A security tool which provides authentication for applications
 Name: pam
-Version: 0.99.10.0
+Version: 1.0.0
-Release: 4%{?dist}
+Release: 1%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 # pam_rhosts_auth module is BSD with advertising
@@ -25,14 +25,9 @@ Source11: 90-nproc.conf
 Patch1:  pam-0.99.7.0-redhat-modules.patch
 Patch2:  db-4.6.18-glibc.patch
 Patch4:  pam-0.99.8.1-dbpam.patch
-Patch5:  pam-0.99.8.1-audit-no-log.patch
-Patch20: pam-0.99.10.0-unix-any-user.patch
 Patch21: pam-0.99.10.0-unix-audit-failed.patch
 Patch31: pam-0.99.3.0-cracklib-try-first-pass.patch
 Patch32: pam-0.99.3.0-tally-fail-close.patch
-Patch33: pam-0.99.10.0-namespace-umount.patch
-Patch34: pam-0.99.10.0-namespace-level.patch
-Patch35: pam-0.99.10.0-selinux-prev-context.patch
 
 %define _sbindir /sbin
 %define _moduledir /%{_lib}/security
@@ -105,14 +100,9 @@ pushd db-%{db_version}
 %patch2 -p1 -b .db4-glibc
 popd
 %patch4 -p1 -b .dbpam
-%patch5 -p1 -b .no-log
-%patch20 -p1 -b .any-user
 %patch21 -p1 -b .audit-failed
 %patch31 -p1 -b .try-first-pass
 %patch32 -p1 -b .fail-close
-%patch33 -p1 -b .umount
-%patch34 -p1 -b .level
-%patch35 -p1 -b .prev-context
 
 autoreconf
 
@@ -382,6 +372,9 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Fri Apr  4 2008 Tomas Mraz <tmraz@redhat.com> 1.0.0-1
+- upgrade to new upstream release (bugfix only)
+
 * Thu Mar 20 2008 Tomas Mraz <tmraz@redhat.com> 0.99.10.0-4
 - pam_namespace: fix problem with level polyinst (#438264)
 - pam_namespace: improve override checking for umount

sources

@@ -1,3 +1,3 @@
-be4dd1d34ac5933408e13e48f3eb710a  Linux-PAM-0.99.10.0.tar.bz2
 26152d9c691715756b514dbf9cab9cd8  pam-redhat-0.99.9-1.tar.bz2
 718082e7e35fc48478a2334b0bc4cd11  db-4.6.21.tar.gz
+0f5d63c81cad2f420083a7994fcaa3b3  Linux-PAM-1.0.0.tar.bz2