Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-10-04  Dmitry V. Levin  <ldv@altlinux.org>

	* libpam/pam_modutil_priv.c: New file.
	* libpam/Makefile.am (libpam_la_SOURCES): Add it.
	* libpam/include/security/pam_modutil.h (struct pam_modutil_privs,
	PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv,
	pam_modutil_regain_priv): New declarations.
	* libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface.
	* modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface.
	* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
	* modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session,
	pam_sm_close_session): Likewise.
	(pam_sm_open_session): Remove redundant fchown call.
	Fixes CVE-2010-3430, CVE-2010-3431.

1 files changed, 15 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 7473934b..1b8e5999 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,18 @@
+2010-10-04  Dmitry V. Levin  <ldv@altlinux.org>
+
+	* libpam/pam_modutil_priv.c: New file.
+	* libpam/Makefile.am (libpam_la_SOURCES): Add it.
+	* libpam/include/security/pam_modutil.h (struct pam_modutil_privs,
+	PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv,
+	pam_modutil_regain_priv): New declarations.
+	* libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface.
+	* modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface.
+	* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
+	* modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session,
+	pam_sm_close_session): Likewise.
+	(pam_sm_open_session): Remove redundant fchown call.
+	Fixes CVE-2010-3430, CVE-2010-3431.
+
 2010-10-01  Thorsten Kukuk  <kukuk@thkukuk.de>
 
 	* configure.in: Extend cross compiling check.