Mon Jul 23 18:47:03 UTC 2007

Author: tmraz

Update of /cvs/pkgs/rpms/pam/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17926

Modified Files:
	.cvsignore pam.spec sources 
Added Files:
	pam-0.99.8.1-dbpam.patch pam-0.99.8.1-unix-update-helper.patch 
Removed Files:
	pam-0.99.2.1-selinux-nofail.patch 
	pam-0.99.6.2-namespace-dirnames.patch 
	pam-0.99.6.2-namespace-docfix.patch 
	pam-0.99.6.2-namespace-preserve-uid.patch 
	pam-0.99.6.2-selinux-audit-context.patch 
	pam-0.99.6.2-selinux-drop-multiple.patch 
	pam-0.99.6.2-selinux-keycreate.patch 
	pam-0.99.6.2-selinux-select-context.patch 
	pam-0.99.6.2-selinux-use-current-range.patch 
	pam-0.99.7.0-dbpam.patch pam-0.99.7.0-namespace-level.patch 
	pam-0.99.7.0-namespace-no-unmount.patch 
	pam-0.99.7.0-namespace-unmnt-override.patch 
	pam-0.99.7.1-namespace-unknown-user.patch 
	pam-0.99.7.1-unix-allow-pwmodify.patch 
	pam-0.99.7.1-unix-bigcrypt.patch 
	pam-0.99.7.1-unix-update-helper.patch 
Log Message:
* Mon Jul 23 2007 Tomas Mraz <tmraz at redhat.com> 0.99.8.1-1
- upgrade to latest upstream version
- add some firewire devices to default console perms (#240770)


pam-0.99.8.1-dbpam.patch:

--- NEW FILE pam-0.99.8.1-dbpam.patch ---
--- Linux-PAM-0.99.8.1/configure.in.dbpam	2007-07-23 13:59:20.000000000 +0200
+++ Linux-PAM-0.99.8.1/configure.in	2007-07-23 14:06:54.000000000 +0200
@@ -355,7 +355,7 @@
 	AC_HELP_STRING([--with-db-uniquename=extension],[Unique name for db libraries and functions.]))
 if test x"$WITH_DB" != xno ; then
         if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then
-              AC_CHECK_LIB([db$with_db_uniquename], [db_create$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="")
+              AC_CHECK_LIB([db], [db_create$with_db_uniquename], LIBDB="-ldb", LIBDB="")
               if test -z "$LIBDB" ; then
                   AC_CHECK_LIB([db$with_db_uniquename], [dbm_store$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="")
               fi

pam-0.99.8.1-unix-update-helper.patch:

--- NEW FILE pam-0.99.8.1-unix-update-helper.patch ---
--- /dev/null	2007-07-08 21:11:04.052436262 +0200
+++ Linux-PAM-0.99.8.1/modules/pam_unix/passupdate.c	2007-07-23 13:40:56.000000000 +0200
@@ -0,0 +1,560 @@
+/*
+ * Main coding by Elliot Lee <sopwith at redhat.com>, Red Hat Software.
+ * Copyright (C) 1996.
+ * Copyright (c) Jan Rêkorajski, 1999.
+ * Copyright (c) Red Hat, Inc., 2007
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* this will be included from module and update helper */
+
+#if defined(USE_LCKPWDF) && !defined(HAVE_LCKPWDF)
+# include "./lckpwdf.-c"
+#endif
+
+/* passwd/salt conversion macros */
+
+#define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.')
+#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
+
+#define PW_TMPFILE		"/etc/npasswd"
+#define SH_TMPFILE		"/etc/nshadow"
+#define OPW_TMPFILE		"/etc/security/nopasswd"
+#define OLD_PASSWORDS_FILE	"/etc/security/opasswd"
+
+/*
+ * i64c - convert an integer to a radix 64 character
+ */
+static int i64c(int i)
+{
+	if (i < 0)
+		return ('.');
+	else if (i > 63)
+		return ('z');
+	if (i == 0)
+		return ('.');
+	if (i == 1)
+		return ('/');
+	if (i >= 2 && i <= 11)
+		return ('0' - 2 + i);
+	if (i >= 12 && i <= 37)
+		return ('A' - 12 + i);
+	if (i >= 38 && i <= 63)
+		return ('a' - 38 + i);
+	return ('\0');
+}
+
+static char *crypt_md5_wrapper(const char *pass_new)
+{
+	/*
+	 * Code lifted from Marek Michalkiewicz's shadow suite. (CG)
+	 * removed use of static variables (AGM)
+	 */
+
+	struct timeval tv;
+	MD5_CTX ctx;
+	unsigned char result[16];
+	char *cp = (char *) result;
+	unsigned char tmp[16];
+	int i;
+	char *x = NULL;
+
+	GoodMD5Init(&ctx);
+	gettimeofday(&tv, (struct timezone *) 0);
+	GoodMD5Update(&ctx, (void *) &tv, sizeof tv);
+	i = getpid();
+	GoodMD5Update(&ctx, (void *) &i, sizeof i);
+	i = clock();
+	GoodMD5Update(&ctx, (void *) &i, sizeof i);
+	GoodMD5Update(&ctx, result, sizeof result);
+	GoodMD5Final(tmp, &ctx);
+	strcpy(cp, "$1$");	/* magic for the MD5 */
+	cp += strlen(cp);
+	for (i = 0; i < 8; i++)
+		*cp++ = i64c(tmp[i] & 077);
+	*cp = '\0';
+
+	/* no longer need cleartext */
+	x = Goodcrypt_md5(pass_new, (const char *) result);
+
+	return x;
+}
+
+#ifdef USE_LCKPWDF
+static int lock_pwdf(void)
+{
+	int i;
+	int retval;
+
+#ifndef HELPER_COMPILE
+	if (selinux_confined()) {
+		return PAM_SUCCESS;
+	}
+#endif
+	/* These values for the number of attempts and the sleep time
+	   are, of course, completely arbitrary.
+	   My reading of the PAM docs is that, once pam_chauthtok() has been
+	   called with PAM_UPDATE_AUTHTOK, we are obliged to take any
+	   reasonable steps to make sure the token is updated; so retrying
+	   for 1/10 sec. isn't overdoing it. */
+	i=0;
+	while((retval = lckpwdf()) != 0 && i < 100) {
+		usleep(1000);
+		i++;
+	}
+	if(retval != 0) {
+		return PAM_AUTHTOK_LOCK_BUSY;
+	}
+	return PAM_SUCCESS;
+}
+
+static void unlock_pwdf(void)
+{
+#ifndef HELPER_COMPILE
+	if (selinux_confined()) {
+		return;
+	}
+#endif
+	ulckpwdf();
+}
+#endif
+
+static int
+save_old_password(const char *forwho, const char *oldpass,
+		  int howmany)
+{
+    static char buf[16384];
+    static char nbuf[16384];
+    char *s_luser, *s_uid, *s_npas, *s_pas, *pass;
+    int npas;
+    FILE *pwfile, *opwfile;
+    int err = 0;
+    int oldmask;
+    int found = 0;
+    struct passwd *pwd = NULL;
+    struct stat st;
+
+    if (howmany < 0) {
+	return PAM_SUCCESS;
+    }
+
+    if (oldpass == NULL) {
+	return PAM_SUCCESS;
+    }
+
+    oldmask = umask(077);
+
+#ifdef WITH_SELINUX
+    if (SELINUX_ENABLED) {
+      security_context_t passwd_context=NULL;
+      if (getfilecon("/etc/passwd",&passwd_context)<0) {
+        return PAM_AUTHTOK_ERR;
+      };
+      if (getfscreatecon(&prev_context)<0) {
+        freecon(passwd_context);
+        return PAM_AUTHTOK_ERR;
+      }
+      if (setfscreatecon(passwd_context)) {
+        freecon(passwd_context);
+        freecon(prev_context);
+        return PAM_AUTHTOK_ERR;
+      }
+      freecon(passwd_context);
+    }
+#endif
+    pwfile = fopen(OPW_TMPFILE, "w");
+    umask(oldmask);
[...2150 lines suppressed...]
+{
+	struct passwd *pwd = NULL;
+	struct spwd *spwdent = NULL;
+	char *salt = NULL;
+	char *pp = NULL;
+	int retval = PAM_AUTH_ERR;
+	size_t salt_len;
+
+	/* UNIX passwords area */
+	setpwent();
+	pwd = getpwnam(name);	/* Get password file entry... */
+	endpwent();
+	if (pwd != NULL) {
+		if (_unix_shadowed(pwd)) {
+			/*
+			 * ...and shadow password file entry for this user,
+			 * if shadowing is enabled
+			 */
+			setspent();
+			spwdent = getspnam(name);
+			endspent();
+			if (spwdent != NULL)
+				salt = x_strdup(spwdent->sp_pwdp);
+			else
+				pwd = NULL;
+		} else {
+			if (strcmp(pwd->pw_passwd, "*NP*") == 0) {	/* NIS+ */
+				uid_t save_uid;
+
+				save_uid = geteuid();
+				seteuid(pwd->pw_uid);
+				spwdent = getspnam(name);
+				seteuid(save_uid);
+
+				salt = x_strdup(spwdent->sp_pwdp);
+			} else {
+				salt = x_strdup(pwd->pw_passwd);
+			}
+		}
+	}
+	if (pwd == NULL || salt == NULL) {
+		_log_err(LOG_ALERT, "check pass; user unknown");
+		p = NULL;
+		return PAM_USER_UNKNOWN;
+	}
+
+	salt_len = strlen(salt);
+	if (salt_len == 0) {
+		return (nullok == 0) ? PAM_AUTH_ERR : PAM_SUCCESS;
+	}
+	if (p == NULL || strlen(p) == 0) {
+		_pam_overwrite(salt);
+		_pam_drop(salt);
+		return PAM_AUTHTOK_ERR;
+	}
+
+	/* the moment of truth -- do we agree with the password? */
+	retval = PAM_AUTH_ERR;
+	if (!strncmp(salt, "$1$", 3)) {
+		pp = Goodcrypt_md5(p, salt);
+		if (pp && strcmp(pp, salt) == 0) {
+			retval = PAM_SUCCESS;
+		} else {
+			_pam_overwrite(pp);
+			_pam_drop(pp);
+			pp = Brokencrypt_md5(p, salt);
+			if (pp && strcmp(pp, salt) == 0)
+				retval = PAM_SUCCESS;
+		}
+	} else if (*salt == '$') {
+	        /*
+		 * Ok, we don't know the crypt algorithm, but maybe
+		 * libcrypt nows about it? We should try it.
+		 */
+	        pp = x_strdup (crypt(p, salt));
+		if (pp && strcmp(pp, salt) == 0) {
+			retval = PAM_SUCCESS;
+		}
+	} else if (*salt == '*' || *salt == '!' || salt_len < 13) {
+	    retval = PAM_AUTH_ERR;
+	} else {
+		pp = bigcrypt(p, salt);
+		/*
+		 * Note, we are comparing the bigcrypt of the password with
+		 * the contents of the password field. If the latter was
+		 * encrypted with regular crypt (and not bigcrypt) it will
+		 * have been truncated for storage relative to the output
+		 * of bigcrypt here. As such we need to compare only the
+		 * stored string with the subset of bigcrypt's result.
+		 * Bug 521314.
+		 */
+		if (pp && salt_len == 13 && strlen(pp) > salt_len) {
+		    _pam_overwrite(pp+salt_len);
+		}
+		
+		if (pp && strcmp(pp, salt) == 0) {
+			retval = PAM_SUCCESS;
+		}
+	}
+	p = NULL;		/* no longer needed here */
+
+	/* clean up */
+	_pam_overwrite(pp);
+	_pam_drop(pp);
+
+	return retval;
+}
+
+char *
+getuidname(uid_t uid)
+{
+	struct passwd *pw;
+	static char username[256];
+
+	pw = getpwuid(uid);
+	if (pw == NULL)
+		return NULL;
+
+	strncpy(username, pw->pw_name, sizeof(username));
+	username[sizeof(username) - 1] = '\0';
+
+	return username;
+}
+/*
+ * Copyright (c) Andrew G. Morgan, 1996. All rights reserved
+ * Copyright (c) Red Hat, Inc. 2007. All rights reserved
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
--- Linux-PAM-0.99.8.1/modules/pam_unix/Makefile.am.update-helper	2006-12-18 19:50:50.000000000 +0100
+++ Linux-PAM-0.99.8.1/modules/pam_unix/Makefile.am	2007-07-23 13:40:56.000000000 +0200
@@ -16,7 +16,8 @@
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\"
+	-DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \
+	-DUPDATE_HELPER=\"$(sbindir)/unix_update\"
 
 if HAVE_LIBSELINUX
   AM_CFLAGS += -D"WITH_SELINUX"
@@ -34,9 +35,9 @@
 
 securelib_LTLIBRARIES = pam_unix.la
 
-noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h
+noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h
 
-sbin_PROGRAMS = unix_chkpwd
+sbin_PROGRAMS = unix_chkpwd unix_update
 
 noinst_PROGRAMS = bigcrypt
 
@@ -48,11 +49,16 @@
 bigcrypt_CFLAGS = $(AM_CFLAGS)
 bigcrypt_LDFLAGS = @LIBCRYPT@
 
-unix_chkpwd_SOURCES = unix_chkpwd.c md5_good.c md5_broken.c bigcrypt.c
+unix_chkpwd_SOURCES = unix_chkpwd.c passverify.c md5_good.c md5_broken.c bigcrypt.c
 unix_chkpwd_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
 unix_chkpwd_LDFLAGS = @PIE_LDFLAGS@ -L$(top_builddir)/libpam -lpam \
 	@LIBCRYPT@ @LIBSELINUX@
 
+unix_update_SOURCES = unix_update.c passverify.c md5_good.c md5_broken.c bigcrypt.c
+unix_update_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
+unix_update_LDFLAGS = @PIE_LDFLAGS@ -L$(top_builddir)/libpam -lpam \
+	@LIBCRYPT@ @LIBSELINUX@
+
 if ENABLE_REGENERATE_MAN
 noinst_DATA = README
 README: pam_unix.8.xml


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/pam/devel/.cvsignore,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- .cvsignore	24 Jan 2007 12:14:29 -0000	1.42
+++ .cvsignore	23 Jul 2007 18:46:31 -0000	1.43
@@ -1,5 +1,5 @@
 db-4.5.20.tar.gz
 *.src.rpm
 *.tar.bz2
-pam-redhat-0.99.7-1.tar.bz2
-Linux-PAM-0.99.7.1.tar.bz2
+pam-redhat-0.99.8-1.tar.bz2
+Linux-PAM-0.99.8.1.tar.bz2


Index: pam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam/devel/pam.spec,v
retrieving revision 1.147
retrieving revision 1.148
diff -u -r1.147 -r1.148
--- pam.spec	4 Jun 2007 14:22:15 -0000	1.147
+++ pam.spec	23 Jul 2007 18:46:31 -0000	1.148
@@ -6,12 +6,12 @@
 %define pwdb_version 0.62
 %define db_version 4.5.20
 %define db_conflicting_version 4.6.0
-%define pam_redhat_version 0.99.7-1
+%define pam_redhat_version 0.99.8-1
 
 Summary: A security tool which provides authentication for applications
 Name: pam
-Version: 0.99.7.1
-Release: 6%{?dist}
+Version: 0.99.8.1
+Release: 1%{?dist}
 License: GPL or BSD
 Group: System Environment/Base
 Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
@@ -27,27 +27,12 @@
 Patch1:  pam-0.99.7.0-redhat-modules.patch
 Patch2:  pam-0.99.7.1-console-more-displays.patch
 Patch3:  pam-0.99.7.1-console-decrement.patch
-Patch22: pam-0.99.7.1-unix-allow-pwmodify.patch
-Patch23: pam-0.99.7.1-unix-bigcrypt.patch
-Patch24: pam-0.99.7.1-unix-update-helper.patch
+Patch4:  pam-0.99.8.1-dbpam.patch
+Patch24: pam-0.99.8.1-unix-update-helper.patch
 Patch25: pam-0.99.7.1-unix-hpux-aging.patch
-Patch34: pam-0.99.7.0-dbpam.patch
-Patch70: pam-0.99.2.1-selinux-nofail.patch
-Patch80: pam-0.99.6.2-selinux-drop-multiple.patch
-Patch81: pam-0.99.3.0-cracklib-try-first-pass.patch
-Patch82: pam-0.99.3.0-tally-fail-close.patch
-Patch84: pam-0.99.6.2-selinux-keycreate.patch
-Patch86: pam-0.99.7.0-namespace-no-unmount.patch
-Patch87: pam-0.99.6.2-namespace-preserve-uid.patch
-Patch92: pam-0.99.6.2-selinux-select-context.patch
-Patch93: pam-0.99.7.0-namespace-level.patch
-Patch94: pam-0.99.7.0-namespace-unmnt-override.patch
-Patch95: pam-0.99.6.2-selinux-use-current-range.patch
-Patch96: pam-0.99.6.2-namespace-dirnames.patch
-Patch97: pam-0.99.7.1-namespace-unknown-user.patch
-Patch98: pam-0.99.6.2-selinux-audit-context.patch
-Patch99: pam-0.99.6.2-namespace-docfix.patch
-Patch100: pam-0.99.7.1-namespace-temp-logon.patch
+Patch31: pam-0.99.3.0-cracklib-try-first-pass.patch
+Patch32: pam-0.99.3.0-tally-fail-close.patch
+Patch40: pam-0.99.7.1-namespace-temp-logon.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: cracklib, cracklib-dicts >= 2.8
@@ -103,27 +88,12 @@
 %patch1 -p1 -b .redhat-modules
 %patch2 -p1 -b .displays
 %patch3 -p1 -b .decrement
-%patch22 -p1 -b .pwmodify
-%patch23 -p1 -b .bigcrypt
+%patch4 -p1 -b .dbpam
 %patch24 -p1 -b .update-helper
 %patch25 -p1 -b .unix-hpux-aging
-%patch34 -p1 -b .dbpam
-%patch70 -p1 -b .nofail
-%patch80 -p1 -b .drop-multiple
-%patch81 -p1 -b .try-first-pass
-%patch82 -p1 -b .fail-close
-%patch84 -p1 -b .keycreate
-%patch86 -p1 -b .no-unmount
-%patch87 -p1 -b .preserve-uid
-%patch92 -p1 -b .select-context
-%patch93 -p1 -b .level
-%patch94 -p1 -b .unmnt-override
-%patch95 -p1 -b .range
-%patch96 -p1 -b .dirnames
-%patch97 -p1 -b .unknown-user
-%patch98 -p1 -b .audit-context
-%patch99 -p1 -b .docfix
-%patch100 -p1 -b .temp-logon
+%patch31 -p1 -b .try-first-pass
+%patch32 -p1 -b .fail-close
+%patch40 -p1 -b .temp-logon
 
 autoreconf
 
@@ -162,7 +132,8 @@
 %configure \
 	--libdir=/%{_lib} \
 	--includedir=%{_includedir}/security \
-	--enable-isadir=../../%{_lib}/security
+	--enable-isadir=../../%{_lib}/security \
+	--with-db-uniquename=_pam
 make
 
 %install
@@ -413,6 +384,10 @@
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Mon Jul 23 2007 Tomas Mraz <tmraz at redhat.com> 0.99.8.1-1
+- upgrade to latest upstream version
+- add some firewire devices to default console perms (#240770)
+
 * Thu Apr 26 2007 Tomas Mraz <tmraz at redhat.com> 0.99.7.1-6
 - pam_namespace: better document behavior on failure (#237249)
 - pam_unix: split out passwd change to a new helper binary (#236316)


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/pam/devel/sources,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- sources	24 Jan 2007 12:14:29 -0000	1.44
+++ sources	23 Jul 2007 18:46:31 -0000	1.45
@@ -1,3 +1,3 @@
 b0f1c777708cb8e9d37fb47e7ed3312d  db-4.5.20.tar.gz
-66845048120c71205bd3363264f2bfe7  pam-redhat-0.99.7-1.tar.bz2
-385458dfb4633071594e255a6ebec9da  Linux-PAM-0.99.7.1.tar.bz2
+2a23dc703b550223206021ff03b1e434  pam-redhat-0.99.8-1.tar.bz2
+a6472db4afe13850cb401922211bba4e  Linux-PAM-0.99.8.1.tar.bz2


--- pam-0.99.2.1-selinux-nofail.patch DELETED ---


--- pam-0.99.6.2-namespace-dirnames.patch DELETED ---


--- pam-0.99.6.2-namespace-docfix.patch DELETED ---


--- pam-0.99.6.2-namespace-preserve-uid.patch DELETED ---


--- pam-0.99.6.2-selinux-audit-context.patch DELETED ---


--- pam-0.99.6.2-selinux-drop-multiple.patch DELETED ---


--- pam-0.99.6.2-selinux-keycreate.patch DELETED ---


--- pam-0.99.6.2-selinux-select-context.patch DELETED ---


--- pam-0.99.6.2-selinux-use-current-range.patch DELETED ---


--- pam-0.99.7.0-dbpam.patch DELETED ---


--- pam-0.99.7.0-namespace-level.patch DELETED ---


--- pam-0.99.7.0-namespace-no-unmount.patch DELETED ---


--- pam-0.99.7.0-namespace-unmnt-override.patch DELETED ---


--- pam-0.99.7.1-namespace-unknown-user.patch DELETED ---


--- pam-0.99.7.1-unix-allow-pwmodify.patch DELETED ---


--- pam-0.99.7.1-unix-bigcrypt.patch DELETED ---


--- pam-0.99.7.1-unix-update-helper.patch DELETED ---


