diff options
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 3 | ||||
| -rw-r--r-- | debian/patches-applied/series | 1 | ||||
| -rw-r--r-- | debian/patches-applied/setreuid_juggling.patch | 22 |
3 files changed, 26 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index fb1b702f..4957bf72 100644 --- a/debian/changelog +++ b/debian/changelog @@ -23,6 +23,9 @@ pam (0.99.10.0-1) UNRELEASED; urgency=low hpux-style expiry information off of password fields is now supported. * New patch thread-safe_save_old_password.patch, to make sure all our getpwnam() use in pam_unix is thread-safe (fixes an upstream regression) + * New patch setreuid_juggling.patch: restore the 0.99.9.0 behavior wrt uid + changes for NIS+, since I know the old behavior was right and don't + believe anyone has tested the new code. * The password-changing helper functionality for SELinux systems has been split out into a separate unix_update binary, so at long last we can change unix_chkpwd to be sgid shadow instead of suid root. diff --git a/debian/patches-applied/series b/debian/patches-applied/series index 5e2cb2fc..3b410ab1 100644 --- a/debian/patches-applied/series +++ b/debian/patches-applied/series @@ -1,4 +1,5 @@ thread-safe_save_old_password.patch +setreuid_juggling.patch 007_modules_pam_unix 008_modules_pam_limits_chroot 021_nis_cleanup diff --git a/debian/patches-applied/setreuid_juggling.patch b/debian/patches-applied/setreuid_juggling.patch new file mode 100644 index 00000000..d8e36a90 --- /dev/null +++ b/debian/patches-applied/setreuid_juggling.patch @@ -0,0 +1,22 @@ +This particular setreuid() is only needed if we don't have any root +privs at all, so make it conditional like it was pre-1.0. + +Authors: Steve Langasek <steve.langasek@canonical.com> + +Upstream status: to be submitted + +Index: pam.deb/modules/pam_unix/passverify.c +=================================================================== +--- pam.deb.orig/modules/pam_unix/passverify.c ++++ pam.deb/modules/pam_unix/passverify.c +@@ -187,8 +187,8 @@ + if (save_uid == (*pwd)->pw_uid) + setreuid(save_uid, save_euid); + else { +- setreuid(-1, 0); +- setreuid(save_uid, -1); ++ if (setreuid(-1, 0) == -1) ++ setreuid(save_uid, -1); + setreuid(-1, save_euid); + } + |