diff --git a/pam-1.0.0-set-item.patch b/pam-1.0.0-set-item.patch new file mode 100644 index 0000000..190ead1 --- /dev/null +++ b/pam-1.0.0-set-item.patch @@ -0,0 +1,65 @@ +Index: pam_item.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/libpam/pam_item.c,v +retrieving revision 1.16 +diff -u -p -r1.16 pam_item.c +--- libpam/pam_item.c 3 Mar 2008 13:23:45 -0000 1.16 ++++ libpam/pam_item.c 7 Apr 2008 09:04:50 -0000 +@@ -11,13 +11,15 @@ + #include + #include + +-#define TRY_SET(X, Y) \ +-{ \ +- char *_TMP_ = _pam_strdup(Y); \ +- if (_TMP_ == NULL && (Y) != NULL) \ +- return PAM_BUF_ERR; \ +- free(X); \ +- (X) = _TMP_; \ ++#define TRY_SET(X, Y) \ ++{ \ ++ if ((X) != (Y)) { \ ++ char *_TMP_ = _pam_strdup(Y); \ ++ if (_TMP_ == NULL && (Y) != NULL) \ ++ return PAM_BUF_ERR; \ ++ free(X); \ ++ (X) = _TMP_; \ ++ } \ + } + + /* functions */ +@@ -76,8 +78,10 @@ int pam_set_item (pam_handle_t *pamh, in + * modules. + */ + if (__PAM_FROM_MODULE(pamh)) { +- _pam_overwrite(pamh->authtok); +- TRY_SET(pamh->authtok, item); ++ if (pamh->authtok != item) { ++ _pam_overwrite(pamh->authtok); ++ TRY_SET(pamh->authtok, item); ++ } + } else { + retval = PAM_BAD_ITEM; + } +@@ -90,8 +94,10 @@ int pam_set_item (pam_handle_t *pamh, in + * modules. + */ + if (__PAM_FROM_MODULE(pamh)) { +- _pam_overwrite(pamh->oldauthtok); +- TRY_SET(pamh->oldauthtok, item); ++ if (pamh->oldauthtok != item) { ++ _pam_overwrite(pamh->oldauthtok); ++ TRY_SET(pamh->oldauthtok, item); ++ } + } else { + retval = PAM_BAD_ITEM; + } +@@ -130,6 +136,8 @@ int pam_set_item (pam_handle_t *pamh, in + break; + + case PAM_XAUTHDATA: ++ if (&pamh->xauth == item) ++ break; + if (pamh->xauth.namelen) { + _pam_overwrite(pamh->xauth.name); + free(pamh->xauth.name); diff --git a/pam.spec b/pam.spec index 9d943df..d5f0897 100644 --- a/pam.spec +++ b/pam.spec @@ -5,7 +5,7 @@ Summary: A security tool which provides authentication for applications Name: pam Version: 1.0.0 -Release: 1%{?dist} +Release: 2%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, # pam_rhosts_auth module is BSD with advertising @@ -25,6 +25,7 @@ Source11: 90-nproc.conf Patch1: pam-0.99.7.0-redhat-modules.patch Patch2: db-4.6.18-glibc.patch Patch4: pam-0.99.8.1-dbpam.patch +Patch10: pam-1.0.0-set-item.patch Patch21: pam-0.99.10.0-unix-audit-failed.patch Patch31: pam-0.99.3.0-cracklib-try-first-pass.patch Patch32: pam-0.99.3.0-tally-fail-close.patch @@ -100,6 +101,7 @@ pushd db-%{db_version} %patch2 -p1 -b .db4-glibc popd %patch4 -p1 -b .dbpam +%patch10 -p0 -b .setitem %patch21 -p1 -b .audit-failed %patch31 -p1 -b .try-first-pass %patch32 -p1 -b .fail-close @@ -372,6 +374,9 @@ fi %doc doc/adg/*.txt doc/adg/html %changelog +* Mon Apr 7 2008 Tomas Mraz 1.0.0-2 +- fix regression in pam_set_item + * Fri Apr 4 2008 Tomas Mraz 1.0.0-1 - upgrade to new upstream release (bugfix only)