diff options
author | Niels Thykier <niels@thykier.net> | 2018-08-11 15:31:24 +0000 |
---|---|---|
committer | Niels Thykier <niels@thykier.net> | 2018-08-11 15:31:24 +0000 |
commit | 8d540fb940a9b4213f19c523c490642356d03edb (patch) | |
tree | e0565860842e57ceb47ab30e36c0b4325f1ff346 /debian/patches-applied/lib_security_multiarch_compat | |
parent | 60fe4501b4194949d3117a937abdfa90d3f138e9 (diff) |
pam (1.1.8-3.8) unstable; urgency=medium
* Non-maintainer upload.
* Set Rules-Requires-Root to binary-targets as pam relies on
chgrp in debian/rules.
* Update pam-auth-update to detect write errors and properly
fail when that happens. (Closes: #880501)
* Remove Roger Leigh from uploaders as he has restired from
Debian. (Closes: #869348)
* Reduce priority of libpam0g to optional.
* Rebuild with a recent version of dpkg-source, which ensures
that the Build-Depends are correct in the .dsc file.
(Closes: #890602)
* Apply patch from Felix Lechner to make pam-auth-update ignore
editor backup files. (Closes: #519361)
* Apply update to Brazilian Portuguese translations of the
debconf templates. Thanks to Adriano Rafael Gomes.
(Closes: #799417)
[dgit import package pam 1.1.8-3.8]
Diffstat (limited to 'debian/patches-applied/lib_security_multiarch_compat')
-rw-r--r-- | debian/patches-applied/lib_security_multiarch_compat | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/debian/patches-applied/lib_security_multiarch_compat b/debian/patches-applied/lib_security_multiarch_compat new file mode 100644 index 00000000..9d6d40a9 --- /dev/null +++ b/debian/patches-applied/lib_security_multiarch_compat @@ -0,0 +1,71 @@ +Unqualified module paths should always be looked up in *both* the default +module dir, *and* the ISA dir. That's what paths are for. + +This lets us have a soft transition to multiarch for modules without having +to rewrite /etc/pam.d/ files or add ugly symlinks. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: not ready to be committed - this needs tweaked, we're +currently abusing the existing variables and inverting their meaning in +order to get everything installed where we want it and get absolute paths +the way we want them. + +Index: multiarch/libpam/pam_handlers.c +=================================================================== +--- multiarch.orig/libpam/pam_handlers.c ++++ multiarch/libpam/pam_handlers.c +@@ -705,7 +705,26 @@ + } + #else + D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); +- mod->dl_handle = _pam_dlopen(mod_path); ++ if (mod_path[0] == '/') { ++ mod->dl_handle = _pam_dlopen(mod_path); ++ } else { ++ if (asprintf(&mod_full_isa_path, "%s%s", ++ DEFAULT_MODULE_PATH, mod_path) >= 0) { ++ mod->dl_handle = _pam_dlopen(mod_full_isa_path); ++ _pam_drop(mod_full_isa_path); ++ } else { ++ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); ++ } ++ if (!mod->dl_handle) { ++ if (asprintf(&mod_full_isa_path, "%s/%s", ++ _PAM_ISA, mod_path) >= 0) { ++ mod->dl_handle = _pam_dlopen(mod_full_isa_path); ++ _pam_drop(mod_full_isa_path); ++ } else { ++ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); ++ } ++ } ++ } + D(("_pam_load_module: _pam_dlopen'ed")); + D(("_pam_load_module: dlopen'ed")); + if (mod->dl_handle == NULL) { +@@ -775,7 +794,6 @@ + struct handler **handler_p2; + struct handlers *the_handlers; + const char *sym, *sym2; +- char *mod_full_path; + servicefn func, func2; + int mod_type = PAM_MT_FAULTY_MOD; + +@@ -787,16 +805,7 @@ + + if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) && + mod_path != NULL) { +- if (mod_path[0] == '/') { +- mod = _pam_load_module(pamh, mod_path, handler_type); +- } else if (asprintf(&mod_full_path, "%s%s", +- DEFAULT_MODULE_PATH, mod_path) >= 0) { +- mod = _pam_load_module(pamh, mod_full_path, handler_type); +- _pam_drop(mod_full_path); +- } else { +- pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); +- return PAM_ABORT; +- } ++ mod = _pam_load_module(pamh, mod_path, handler_type); + + if (mod == NULL) { + /* if we get here with NULL it means allocation error */ |