diff --git a/pam-0.99.3.0-tally-fail-close.patch b/pam-0.99.3.0-tally-fail-close.patch new file mode 100644 index 0000000..e78c2ee --- /dev/null +++ b/pam-0.99.3.0-tally-fail-close.patch @@ -0,0 +1,52 @@ +--- Linux-PAM-0.99.3.0/modules/pam_tally2/pam_tally.c.fail-close 2006-05-04 13:33:30.000000000 +0200 ++++ Linux-PAM-0.99.3.0/modules/pam_tally2/pam_tally.c 2006-05-04 13:34:11.000000000 +0200 +@@ -342,6 +342,7 @@ + } + lstat_ret = fstat(fileno(*tfile),&fileinfo); + fclose(*tfile); ++ *tfile = NULL; + } + + if ( lstat_ret ) { +@@ -372,6 +373,7 @@ + if (fseek(*tfile, uid*sizeof(*tally), SEEK_SET)) { + pam_syslog(pamh, LOG_ALERT, "fseek failed for %s: %m", filename); + fclose(*tfile); ++ *tfile = NULL; + return PAM_AUTH_ERR; + } + +@@ -407,6 +409,7 @@ + } + + if (fclose(*tfile)) { ++ *tfile = NULL; + pam_syslog(pamh, LOG_ALERT, "update (fclose) failed for %s: %m", filename); + return PAM_AUTH_ERR; + } +--- Linux-PAM-0.99.3.0/modules/pam_tally/pam_tally.c.fail-close 2005-09-21 15:35:29.000000000 +0200 ++++ Linux-PAM-0.99.3.0/modules/pam_tally/pam_tally.c 2006-05-04 13:31:59.000000000 +0200 +@@ -318,6 +318,7 @@ + } + lstat_ret = fstat(fileno(*TALLY),&fileinfo); + fclose(*TALLY); ++ *TALLY = NULL; + } + + if ( lstat_ret ) { +@@ -348,6 +349,7 @@ + if ( fseek( *TALLY, uid * sizeof(struct faillog), SEEK_SET ) ) { + pam_syslog(pamh, LOG_ALERT, "fseek failed for %s", filename); + fclose(*TALLY); ++ *TALLY = NULL; + return PAM_AUTH_ERR; + } + +@@ -394,6 +396,7 @@ + } + + if ( fclose(*TALLY) ) { ++ *TALLY = NULL; + pam_syslog(pamh, LOG_ALERT, "update (fclose) failed for %s", filename); + return PAM_AUTH_ERR; + } diff --git a/pam.spec b/pam.spec index 86e0eb6..d49b8bd 100644 --- a/pam.spec +++ b/pam.spec @@ -11,7 +11,7 @@ Summary: A security tool which provides authentication for applications. Name: pam Version: 0.99.3.0 -Release: 4 +Release: 5 License: GPL or BSD Group: System Environment/Base Source0: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2 @@ -31,7 +31,8 @@ Patch34: pam-0.99.2.1-dbpam.patch Patch70: pam-0.99.2.1-selinux-nofail.patch Patch80: pam-0.99.2.1-selinux-drop-multiple.patch Patch81: pam-0.99.3.0-cracklib-try-first-pass.patch -Patch90: pam_namespace-7.patch +Patch82: pam-0.99.3.0-tally-fail-close.patch +Patch90: pam_namespace-8.patch Patch91: pam_namespace-no-mans.patch Patch92: pam_namespace-have-unshare.patch @@ -91,6 +92,7 @@ cp $RPM_SOURCE_DIR/config-util.pamd . %patch70 -p1 -b .nofail %patch80 -p1 -b .drop-multiple %patch81 -p1 -b .try-first-pass +%patch82 -p1 -b .fail-close %patch90 -p1 -b .namespace %patch91 -p1 -b .no-mans %patch92 -p1 -b .have-unshare @@ -361,6 +363,11 @@ fi %{_libdir}/libpam_misc.so %changelog +* Thu May 4 2006 Tomas Mraz 0.99.3.0-5 +- the namespace instance init script is now in /etc/security (#190148) +- pam_namespace: added missing braces (#190026) +- pam_tally(2): never call fclose twice on the same FILE (from upstream) + * Wed Apr 26 2006 Tomas Mraz 0.99.3.0-4 - fixed console device class for irda (#189966) - make pam_console_apply fail gracefully when a class is missing