Hello community, here is the log from the commit of package pam_ssh for openSUSE:11.4 checked in at Fri Jan 27 00:33:35 CET 2012.
-------- --- old-versions/11.4/UPDATES/all/pam_ssh/pam_ssh.changes 2011-04-18 15:56:20.000000000 +0200 +++ 11.4/pam_ssh/pam_ssh.changes 2012-01-26 13:03:40.000000000 +0100 @@ -1,0 +2,11 @@ +Thu Jan 12 15:57:39 UTC 2012 - [email protected] + +- added patch that prevents segfault when empty passphrase is + supplied (bnc#741541) + +------------------------------------------------------------------- +Wed Jun 1 10:33:52 UTC 2011 - [email protected] + +- call setgroups + setgid before executing ssh-agent (bnc#665061) + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 New: ---- pam_ssh-1.97-empty_passphrase_segfault.patch pam_ssh-1.97-setgid.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_ssh.spec ++++++ --- /var/tmp/diff_new_pack.hK9AJ0/_old 2012-01-27 00:32:08.000000000 +0100 +++ /var/tmp/diff_new_pack.hK9AJ0/_new 2012-01-27 00:32:08.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package pam_ssh # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,21 +15,25 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: pam_ssh -BuildRequires: openssh openssl-devel pam-devel -License: BSD3c(or similar) -Group: Productivity/Networking/SSH -AutoReqProv: on +BuildRequires: openssh +BuildRequires: openssl-devel +BuildRequires: pam-devel Version: 1.97 -Release: 11.<RELEASE12> +Release: 11.<RELEASE14> Summary: PAM Module for SSH Authentication +License: BSD-3-Clause +Group: Productivity/Networking/SSH Url: http://sourceforge.net/projects/pam-ssh/ Source: %{name}-%{version}.tar.bz2 Source2: baselibs.conf +# PATCH-FIX-UPSTREAM pam_ssh-1.97-double-free.patch bnc#688120 Patch0: pam_ssh-double-free.patch +# PATCH-FIX-UPSTREAM pam_ssh-1.97-setgid.patch bnc#665061 +Patch1: pam_ssh-1.97-setgid.patch +Patch3: pam_ssh-1.97-empty_passphrase_segfault.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -48,6 +52,8 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 +%patch3 -p1 %build %{suse_update_config -f} ++++++ pam_ssh-1.97-empty_passphrase_segfault.patch ++++++ --- pam_ssh-1.92.orig/pam_get_pass.c 2004-02-19 19:59:05.000000000 +0100 +++ pam_ssh-1.92/pam_get_pass.c 2009-04-18 13:51:10.000000000 +0200 @@ -63,6 +63,8 @@ retval = conv->conv(1, msgs, &resp, conv->appdata_ptr); if (retval != PAM_SUCCESS) return retval; + if (resp[0].resp == NULL) + return PAM_AUTHTOK_RECOVERY_ERR; retval = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp); if (retval != PAM_SUCCESS) return retval; ++++++ pam_ssh-1.97-setgid.patch ++++++ Index: pam_ssh-1.97/pam_ssh.c =================================================================== --- pam_ssh-1.97.orig/pam_ssh.c +++ pam_ssh-1.97/pam_ssh.c @@ -684,7 +684,8 @@ pam_sm_open_session(pam_handle_t *pamh, _exit(EX_OSERR); /* NOTREACHED */ case PAM_SUCCESS: - if (setuid(pwent->pw_uid) == -1) { + if (initgroups(pwent->pw_name, pwent->pw_gid) == -1 || + setgid(pwent->pw_gid) == -1 || setuid(pwent->pw_uid) == -1) { pam_ssh_log(LOG_ERR, "can't drop privileges: %m", pwent->pw_uid); continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
