Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2013-09-16 16:24:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam" Changes: -------- --- /work/SRC/openSUSE:Factory/pam/pam.changes 2013-09-14 12:54:15.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2013-09-16 16:24:02.000000000 +0200 @@ -1,0 +2,9 @@ +Mon Sep 16 11:54:15 CEST 2013 - [email protected] + +- Replace fix-compiler-warnings.diff with current git snapshot + (git-20130916.diff) for pam_unix.so: + - fix glibc warnings + - fix syntax error in SELinux code + - fix crash at login + +------------------------------------------------------------------- Old: ---- fix-compiler-warnings.diff New: ---- git-20130916.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam.spec ++++++ --- /var/tmp/diff_new_pack.CXJQ06/_old 2013-09-16 16:24:04.000000000 +0200 +++ /var/tmp/diff_new_pack.CXJQ06/_new 2013-09-16 16:24:04.000000000 +0200 @@ -53,7 +53,7 @@ Source8: etc.environment Source9: baselibs.conf Patch0: pam_tally-deprecated.diff -Patch1: fix-compiler-warnings.diff +Patch1: git-20130916.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -98,7 +98,7 @@ %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p0 -%patch1 -p0 +%patch1 -p1 %build export CFLAGS="%optflags -DNDEBUG" ++++++ git-20130916.diff ++++++ diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 865dc29..8ec4449 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -121,7 +121,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, if (geteuid() == 0) { /* must set the real uid to 0 so the helper will not error out if pam is called from setuid binary (su, sudo...) */ - setuid(0); + if (setuid(0) == -1) { + pam_syslog(pamh, LOG_ERR, "setuid failed: %m"); + printf("-1\n"); + fflush(stdout); + _exit(PAM_AUTHINFO_UNAVAIL); + } } /* exec binary helper */ diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 9bc1cd9..9aae3b0 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -255,7 +255,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const close(fds[0]); /* close here to avoid possible SIGPIPE above */ close(fds[1]); /* wait for helper to complete: */ - while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR); + while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); if (rc<0) { pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m"); retval = PAM_AUTHTOK_ERR; diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index d8f4a6f..19d72e6 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -176,7 +176,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, free (val); /* read number of rounds for crypt algo */ - if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { + if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); if (val) { @@ -586,7 +586,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, if (geteuid() == 0) { /* must set the real uid to 0 so the helper will not error out if pam is called from setuid binary (su, sudo...) */ - setuid(0); + if (setuid(0) == -1) { + D(("setuid failed")); + _exit(PAM_AUTHINFO_UNAVAIL); + } } /* exec binary helper */ -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
