- fix regression in pam_set_item

pam-1.0.0-set-item.patch

@@ -0,0 +1,65 @@
+Index: pam_item.c
+===================================================================
+RCS file: /cvsroot/pam/Linux-PAM/libpam/pam_item.c,v
+retrieving revision 1.16
+diff -u -p -r1.16 pam_item.c
+--- libpam/pam_item.c	3 Mar 2008 13:23:45 -0000	1.16
++++ libpam/pam_item.c	7 Apr 2008 09:04:50 -0000
+@@ -11,13 +11,15 @@
+ #include <string.h>
+ #include <syslog.h>
+ 
+-#define TRY_SET(X, Y)                  \
+-{                                      \
+-    char *_TMP_ = _pam_strdup(Y);      \
+-    if (_TMP_ == NULL && (Y) != NULL)  \
+-	 return PAM_BUF_ERR;           \
+-    free(X);                           \
+-    (X) = _TMP_;                       \
++#define TRY_SET(X, Y)                      \
++{                                          \
++    if ((X) != (Y)) {		           \
++	char *_TMP_ = _pam_strdup(Y);      \
++	if (_TMP_ == NULL && (Y) != NULL)  \
++	    return PAM_BUF_ERR;            \
++	free(X);                           \
++	(X) = _TMP_;                       \
++    }					   \
+ }
+ 
+ /* functions */
+@@ -76,8 +78,10 @@ int pam_set_item (pam_handle_t *pamh, in
+ 	 * modules.
+ 	 */
+ 	if (__PAM_FROM_MODULE(pamh)) {
+-	    _pam_overwrite(pamh->authtok);
+-	    TRY_SET(pamh->authtok, item);
++	    if (pamh->authtok != item) {
++		_pam_overwrite(pamh->authtok);
++		TRY_SET(pamh->authtok, item);
++	    }
+ 	} else {
+ 	    retval = PAM_BAD_ITEM;
+ 	}
+@@ -90,8 +94,10 @@ int pam_set_item (pam_handle_t *pamh, in
+ 	 * modules.
+ 	 */
+ 	if (__PAM_FROM_MODULE(pamh)) {
+-	    _pam_overwrite(pamh->oldauthtok);
+-	    TRY_SET(pamh->oldauthtok, item);
++	    if (pamh->oldauthtok != item) {
++		_pam_overwrite(pamh->oldauthtok);
++		TRY_SET(pamh->oldauthtok, item);
++	    }
+ 	} else {
+ 	    retval = PAM_BAD_ITEM;
+ 	}
+@@ -130,6 +136,8 @@ int pam_set_item (pam_handle_t *pamh, in
+ 	break;
+ 
+     case PAM_XAUTHDATA:
++	if (&pamh->xauth == item)
++	    break;
+ 	if (pamh->xauth.namelen) {
+ 	    _pam_overwrite(pamh->xauth.name);
+ 	    free(pamh->xauth.name);

pam.spec

@@ -5,7 +5,7 @@
 Summary: A security tool which provides authentication for applications
 Name: pam
 Version: 1.0.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 # pam_rhosts_auth module is BSD with advertising
@@ -25,6 +25,7 @@ Source11: 90-nproc.conf
 Patch1:  pam-0.99.7.0-redhat-modules.patch
 Patch2:  db-4.6.18-glibc.patch
 Patch4:  pam-0.99.8.1-dbpam.patch
+Patch10: pam-1.0.0-set-item.patch
 Patch21: pam-0.99.10.0-unix-audit-failed.patch
 Patch31: pam-0.99.3.0-cracklib-try-first-pass.patch
 Patch32: pam-0.99.3.0-tally-fail-close.patch
@@ -100,6 +101,7 @@ pushd db-%{db_version}
 %patch2 -p1 -b .db4-glibc
 popd
 %patch4 -p1 -b .dbpam
+%patch10 -p0 -b .setitem
 %patch21 -p1 -b .audit-failed
 %patch31 -p1 -b .try-first-pass
 %patch32 -p1 -b .fail-close
@@ -372,6 +374,9 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Mon Apr  7 2008 Tomas Mraz <tmraz@redhat.com> 1.0.0-2
+- fix regression in pam_set_item
+
 * Fri Apr  4 2008 Tomas Mraz <tmraz@redhat.com> 1.0.0-1
 - upgrade to new upstream release (bugfix only)