[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/pam/devel pam-0.80-pie.patch, NONE, 1.1 pam-0.80-selinux-nofail.patch, 1.1, 1.2 pam.spec, 1.81, 1.82



Author: tmraz

Update of /cvs/dist/rpms/pam/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv27757

Modified Files:
	pam-0.80-selinux-nofail.patch pam.spec 
Added Files:
	pam-0.80-pie.patch 
Log Message:
* Fri Jul 22 2005 Tomas Mraz <tmraz redhat com> 0.80-3
- more pam_selinux permissive fixes (Dan Walsh)
- make binaries PIE (#158938)


pam-0.80-pie.patch:
 pam_console/Makefile           |    2 +-
 pam_filter/upperLOWER/Makefile |    2 +-
 pam_pwdb/Makefile              |    2 +-
 pam_timestamp/Makefile         |    2 +-
 pam_unix/Makefile              |    2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

--- NEW FILE pam-0.80-pie.patch ---
--- Linux-PAM-0.80/modules/pam_console/Makefile.pie	2005-07-18 17:44:24.000000000 +0200
+++ Linux-PAM-0.80/modules/pam_console/Makefile	2005-07-22 15:25:58.000000000 +0200
@@ -76,7 +76,7 @@
 endif
 
 $(BINARY): $(BINOBJ)
-	$(LD) $(LDFLAGS) -o $@ $(BINOBJ) -Wl,-Bstatic $(GLIB_LIBS) -Wl,-Bdynamic ../../libpam/libpam.so -lc
+	$(LD) $(LDFLAGS) -o $@ $(BINOBJ) -pie -Wl,-Bstatic $(GLIB_LIBS) -Wl,-Bdynamic ../../libpam/libpam.so -lc
 
 $(BINOBJ): $(BINSRC)
 
--- Linux-PAM-0.80/modules/pam_filter/upperLOWER/Makefile.pie	2005-07-18 17:50:00.000000000 +0200
+++ Linux-PAM-0.80/modules/pam_filter/upperLOWER/Makefile	2005-07-22 15:31:40.000000000 +0200
@@ -24,7 +24,7 @@
 all: $(TITLE)
 
 $(TITLE): $(OBJS)
-	$(CC) $(CFLAGS) -o $(TITLE) $(OBJS) $(LDFLAGS)
+	$(CC) $(CFLAGS) -o $(TITLE) $(OBJS) -pie $(LDFLAGS)
 	$(STRIP) $(TITLE)
 
 install:
--- Linux-PAM-0.80/modules/pam_pwdb/Makefile.pie	2005-07-18 17:44:24.000000000 +0200
+++ Linux-PAM-0.80/modules/pam_pwdb/Makefile	2005-07-22 15:28:22.000000000 +0200
@@ -60,7 +60,7 @@
 
 $(CHKPWD): pwdb_chkpwd.o md5_good.o md5_broken.o \
            md5_crypt_good.o md5_crypt_broken.o
-	$(CC) $(CFLAGS) -o $(CHKPWD) $^ $(LDFLAGS) -lpwdb $(EXTRALS)
+	$(CC) $(CFLAGS) -o $(CHKPWD) $^ -pie $(LDFLAGS) -lpwdb $(EXTRALS)
 
 pwdb_chkpwd.o: pwdb_chkpwd.c pam_unix_md.-c bigcrypt.-c
 
--- Linux-PAM-0.80/modules/pam_unix/Makefile.pie	2005-07-22 15:27:57.000000000 +0200
+++ Linux-PAM-0.80/modules/pam_unix/Makefile	2005-07-22 15:27:04.000000000 +0200
@@ -146,7 +146,7 @@
 $(CHKPWD): unix_chkpwd.o md5_good.o md5_broken.o \
 		md5_crypt_good.o md5_crypt_broken.o \
 		bigcrypt.o
-	$(CC) $(CFLAGS) -o $(CHKPWD) $^ $(LDLIBS) $(LIBCRYPT)
+	$(CC) $(CFLAGS) -o $(CHKPWD) $^ -pie $(LDLIBS) $(LIBCRYPT)
 
 $(BIGCRYPT): bigcrypt_main.o bigcrypt.o
 	$(CC) -o $(BIGCRYPT) $^ $(LDLIBS) $(LIBCRYPT)
--- Linux-PAM-0.80/modules/pam_timestamp/Makefile.pie	2005-07-18 17:44:24.000000000 +0200
+++ Linux-PAM-0.80/modules/pam_timestamp/Makefile	2005-07-22 15:30:39.000000000 +0200
@@ -15,7 +15,7 @@
 include ../Simple.Rules
 
 $(APPLICATION): $(APPLICATION).c
-	$(CC) $(CFLAGS) $(INCLUDE_PAMMODUTILS) -o $@ $^ $(LINK_PAMMODUTILS)
+	$(CC) $(CFLAGS) $(INCLUDE_PAMMODUTILS) -o $@ $^ -pie $(LINK_PAMMODUTILS)
 
 hmacfile: hmacfile.c hmacsha1.c sha1.c
 	$(CC) $(CFLAGS) -DHMAC_ALLOW_SHORT_KEYS -o $@ $^

pam-0.80-selinux-nofail.patch:
 pam_selinux.c |   21 ++++++++++++++++-----
 1 files changed, 16 insertions(+), 5 deletions(-)

Index: pam-0.80-selinux-nofail.patch
===================================================================
RCS file: /cvs/dist/rpms/pam/devel/pam-0.80-selinux-nofail.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- pam-0.80-selinux-nofail.patch	14 Jul 2005 14:21:56 -0000	1.1
+++ pam-0.80-selinux-nofail.patch	22 Jul 2005 14:17:33 -0000	1.2
@@ -1,5 +1,5 @@
 --- Linux-PAM-0.80/modules/pam_selinux/pam_selinux.c.nofail	2005-06-09 11:45:44.000000000 +0200
-+++ Linux-PAM-0.80/modules/pam_selinux/pam_selinux.c	2005-07-14 15:47:35.000000000 +0200
++++ Linux-PAM-0.80/modules/pam_selinux/pam_selinux.c	2005-07-22 15:36:02.000000000 +0200
 @@ -438,13 +438,19 @@
        if (user_context == NULL) {
  	syslog (LOG_ERR, _("Unable to get valid context for %s"),
@@ -35,3 +35,15 @@
    } else {
      if (debug)
        syslog(LOG_NOTICE, _("%s: set %s security context to %s"),MODULE,
+@@ -530,7 +538,10 @@
+   if (status) {
+     syslog(LOG_ERR, _("Error!  Unable to set executable context %s."),
+            prev_user_context);
+-    return PAM_AUTH_ERR;
++    if (security_getenforce() == 1)
++      return PAM_AUTH_ERR;
++    else
++      return PAM_SUCCESS;
+   }
+ 
+   if (debug)


Index: pam.spec
===================================================================
RCS file: /cvs/dist/rpms/pam/devel/pam.spec,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- pam.spec	18 Jul 2005 16:00:41 -0000	1.81
+++ pam.spec	22 Jul 2005 14:17:33 -0000	1.82
@@ -12,7 +12,7 @@
 Summary: A security tool which provides authentication for applications.
 Name: pam
 Version: 0.80
-Release: 2
+Release: 3
 License: GPL or BSD
 Group: System Environment/Base
 Source0: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
@@ -31,6 +31,7 @@
 Patch65: pam-0.77-audit.patch
 Patch70: pam-0.80-selinux-nofail.patch
 Patch71: pam-0.80-install-perms.patch
+Patch72: pam-0.80-pie.patch
 
 BuildRoot: %{_tmppath}/%{name}-root
 Requires: cracklib, cracklib-dicts >= 2.8, glib2, initscripts >= 3.94
@@ -40,8 +41,8 @@
 BuildPrereq: cracklib-dicts >= 2.8
 BuildPrereq: perl, pkgconfig
 %if %{WITH_AUDIT}
-BuildPrereq: audit-libs-devel >= 0.9.10
-Requires: audit-libs >= 0.9.10
+BuildPrereq: audit-libs-devel >= 0.9.19
+Requires: audit-libs >= 0.9.19
 %endif
 %if %{WITH_SELINUX}
 BuildPrereq: libselinux-devel >= 1.17.1
@@ -92,6 +93,7 @@
 %endif
 %patch70 -p1 -b .nofail
 %patch71 -p1 -b .install-perms
+%patch72 -p1 -b .pie
 
 for readme in modules/pam_*/README ; do
 	cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
@@ -364,6 +366,10 @@
 %{_libdir}/libpam_misc.so
 
 %changelog
+* Fri Jul 22 2005 Tomas Mraz <tmraz redhat com> 0.80-3
+- more pam_selinux permissive fixes (Dan Walsh)
+- make binaries PIE (#158938)
+
 * Mon Jul 18 2005 Tomas Mraz <tmraz redhat com> 0.80-2
 - fixed module tests so the pam doesn't require itself to build (#163502)
 - added buildprereq for building the documentation (#163503)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]