[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
rpms/pam/devel pam-0.80-pie.patch, NONE, 1.1 pam-0.80-selinux-nofail.patch, 1.1, 1.2 pam.spec, 1.81, 1.82
- From: fedora-cvs-commits redhat com
- To: fedora-cvs-commits redhat com
- Subject: rpms/pam/devel pam-0.80-pie.patch, NONE, 1.1 pam-0.80-selinux-nofail.patch, 1.1, 1.2 pam.spec, 1.81, 1.82
- Date: Fri, 22 Jul 2005 10:17:37 -0400
Author: tmraz
Update of /cvs/dist/rpms/pam/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv27757
Modified Files:
pam-0.80-selinux-nofail.patch pam.spec
Added Files:
pam-0.80-pie.patch
Log Message:
* Fri Jul 22 2005 Tomas Mraz <tmraz redhat com> 0.80-3
- more pam_selinux permissive fixes (Dan Walsh)
- make binaries PIE (#158938)
pam-0.80-pie.patch:
pam_console/Makefile | 2 +-
pam_filter/upperLOWER/Makefile | 2 +-
pam_pwdb/Makefile | 2 +-
pam_timestamp/Makefile | 2 +-
pam_unix/Makefile | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
--- NEW FILE pam-0.80-pie.patch ---
--- Linux-PAM-0.80/modules/pam_console/Makefile.pie 2005-07-18 17:44:24.000000000 +0200
+++ Linux-PAM-0.80/modules/pam_console/Makefile 2005-07-22 15:25:58.000000000 +0200
@@ -76,7 +76,7 @@
endif
$(BINARY): $(BINOBJ)
- $(LD) $(LDFLAGS) -o $@ $(BINOBJ) -Wl,-Bstatic $(GLIB_LIBS) -Wl,-Bdynamic ../../libpam/libpam.so -lc
+ $(LD) $(LDFLAGS) -o $@ $(BINOBJ) -pie -Wl,-Bstatic $(GLIB_LIBS) -Wl,-Bdynamic ../../libpam/libpam.so -lc
$(BINOBJ): $(BINSRC)
--- Linux-PAM-0.80/modules/pam_filter/upperLOWER/Makefile.pie 2005-07-18 17:50:00.000000000 +0200
+++ Linux-PAM-0.80/modules/pam_filter/upperLOWER/Makefile 2005-07-22 15:31:40.000000000 +0200
@@ -24,7 +24,7 @@
all: $(TITLE)
$(TITLE): $(OBJS)
- $(CC) $(CFLAGS) -o $(TITLE) $(OBJS) $(LDFLAGS)
+ $(CC) $(CFLAGS) -o $(TITLE) $(OBJS) -pie $(LDFLAGS)
$(STRIP) $(TITLE)
install:
--- Linux-PAM-0.80/modules/pam_pwdb/Makefile.pie 2005-07-18 17:44:24.000000000 +0200
+++ Linux-PAM-0.80/modules/pam_pwdb/Makefile 2005-07-22 15:28:22.000000000 +0200
@@ -60,7 +60,7 @@
$(CHKPWD): pwdb_chkpwd.o md5_good.o md5_broken.o \
md5_crypt_good.o md5_crypt_broken.o
- $(CC) $(CFLAGS) -o $(CHKPWD) $^ $(LDFLAGS) -lpwdb $(EXTRALS)
+ $(CC) $(CFLAGS) -o $(CHKPWD) $^ -pie $(LDFLAGS) -lpwdb $(EXTRALS)
pwdb_chkpwd.o: pwdb_chkpwd.c pam_unix_md.-c bigcrypt.-c
--- Linux-PAM-0.80/modules/pam_unix/Makefile.pie 2005-07-22 15:27:57.000000000 +0200
+++ Linux-PAM-0.80/modules/pam_unix/Makefile 2005-07-22 15:27:04.000000000 +0200
@@ -146,7 +146,7 @@
$(CHKPWD): unix_chkpwd.o md5_good.o md5_broken.o \
md5_crypt_good.o md5_crypt_broken.o \
bigcrypt.o
- $(CC) $(CFLAGS) -o $(CHKPWD) $^ $(LDLIBS) $(LIBCRYPT)
+ $(CC) $(CFLAGS) -o $(CHKPWD) $^ -pie $(LDLIBS) $(LIBCRYPT)
$(BIGCRYPT): bigcrypt_main.o bigcrypt.o
$(CC) -o $(BIGCRYPT) $^ $(LDLIBS) $(LIBCRYPT)
--- Linux-PAM-0.80/modules/pam_timestamp/Makefile.pie 2005-07-18 17:44:24.000000000 +0200
+++ Linux-PAM-0.80/modules/pam_timestamp/Makefile 2005-07-22 15:30:39.000000000 +0200
@@ -15,7 +15,7 @@
include ../Simple.Rules
$(APPLICATION): $(APPLICATION).c
- $(CC) $(CFLAGS) $(INCLUDE_PAMMODUTILS) -o $@ $^ $(LINK_PAMMODUTILS)
+ $(CC) $(CFLAGS) $(INCLUDE_PAMMODUTILS) -o $@ $^ -pie $(LINK_PAMMODUTILS)
hmacfile: hmacfile.c hmacsha1.c sha1.c
$(CC) $(CFLAGS) -DHMAC_ALLOW_SHORT_KEYS -o $@ $^
pam-0.80-selinux-nofail.patch:
pam_selinux.c | 21 ++++++++++++++++-----
1 files changed, 16 insertions(+), 5 deletions(-)
Index: pam-0.80-selinux-nofail.patch
===================================================================
RCS file: /cvs/dist/rpms/pam/devel/pam-0.80-selinux-nofail.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- pam-0.80-selinux-nofail.patch 14 Jul 2005 14:21:56 -0000 1.1
+++ pam-0.80-selinux-nofail.patch 22 Jul 2005 14:17:33 -0000 1.2
@@ -1,5 +1,5 @@
--- Linux-PAM-0.80/modules/pam_selinux/pam_selinux.c.nofail 2005-06-09 11:45:44.000000000 +0200
-+++ Linux-PAM-0.80/modules/pam_selinux/pam_selinux.c 2005-07-14 15:47:35.000000000 +0200
++++ Linux-PAM-0.80/modules/pam_selinux/pam_selinux.c 2005-07-22 15:36:02.000000000 +0200
@@ -438,13 +438,19 @@
if (user_context == NULL) {
syslog (LOG_ERR, _("Unable to get valid context for %s"),
@@ -35,3 +35,15 @@
} else {
if (debug)
syslog(LOG_NOTICE, _("%s: set %s security context to %s"),MODULE,
+@@ -530,7 +538,10 @@
+ if (status) {
+ syslog(LOG_ERR, _("Error! Unable to set executable context %s."),
+ prev_user_context);
+- return PAM_AUTH_ERR;
++ if (security_getenforce() == 1)
++ return PAM_AUTH_ERR;
++ else
++ return PAM_SUCCESS;
+ }
+
+ if (debug)
Index: pam.spec
===================================================================
RCS file: /cvs/dist/rpms/pam/devel/pam.spec,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- pam.spec 18 Jul 2005 16:00:41 -0000 1.81
+++ pam.spec 22 Jul 2005 14:17:33 -0000 1.82
@@ -12,7 +12,7 @@
Summary: A security tool which provides authentication for applications.
Name: pam
Version: 0.80
-Release: 2
+Release: 3
License: GPL or BSD
Group: System Environment/Base
Source0: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
@@ -31,6 +31,7 @@
Patch65: pam-0.77-audit.patch
Patch70: pam-0.80-selinux-nofail.patch
Patch71: pam-0.80-install-perms.patch
+Patch72: pam-0.80-pie.patch
BuildRoot: %{_tmppath}/%{name}-root
Requires: cracklib, cracklib-dicts >= 2.8, glib2, initscripts >= 3.94
@@ -40,8 +41,8 @@
BuildPrereq: cracklib-dicts >= 2.8
BuildPrereq: perl, pkgconfig
%if %{WITH_AUDIT}
-BuildPrereq: audit-libs-devel >= 0.9.10
-Requires: audit-libs >= 0.9.10
+BuildPrereq: audit-libs-devel >= 0.9.19
+Requires: audit-libs >= 0.9.19
%endif
%if %{WITH_SELINUX}
BuildPrereq: libselinux-devel >= 1.17.1
@@ -92,6 +93,7 @@
%endif
%patch70 -p1 -b .nofail
%patch71 -p1 -b .install-perms
+%patch72 -p1 -b .pie
for readme in modules/pam_*/README ; do
cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
@@ -364,6 +366,10 @@
%{_libdir}/libpam_misc.so
%changelog
+* Fri Jul 22 2005 Tomas Mraz <tmraz redhat com> 0.80-3
+- more pam_selinux permissive fixes (Dan Walsh)
+- make binaries PIE (#158938)
+
* Mon Jul 18 2005 Tomas Mraz <tmraz redhat com> 0.80-2
- fixed module tests so the pam doesn't require itself to build (#163502)
- added buildprereq for building the documentation (#163503)
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]