From 16c056d4c09e4158661c6476849ec1286f902437 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Sat, 30 Jan 2010 15:37:25 -0800 Subject: Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, and pam_securetty_tty_check_before_user_check, which are included upstream. --- debian/changelog | 7 +++- debian/patches-applied/namespace_with_awk_not_gawk | 23 ------------- debian/patches-applied/pam.d-manpage-section | 35 ------------------- .../pam_securetty_tty_check_before_user_check | 40 ---------------------- debian/patches-applied/series | 3 -- 5 files changed, 6 insertions(+), 102 deletions(-) delete mode 100644 debian/patches-applied/namespace_with_awk_not_gawk delete mode 100644 debian/patches-applied/pam.d-manpage-section delete mode 100644 debian/patches-applied/pam_securetty_tty_check_before_user_check (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 52e5773e..fb8fc32e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,10 @@ -pam (1.1.0-5) UNRELEASED; urgency=low +pam (1.1.1-1) UNRELEASED; urgency=low + * New upstream version. + - restore proper netgroup handling in pam_access. + Closes: #567385, LP: #513955. + * Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, and + pam_securetty_tty_check_before_user_check, which are included upstream. * Updated debconf translations: - French, thanks to Jean-Baka Domelevo Entfellner (closes: #547039) diff --git a/debian/patches-applied/namespace_with_awk_not_gawk b/debian/patches-applied/namespace_with_awk_not_gawk deleted file mode 100644 index 976c9373..00000000 --- a/debian/patches-applied/namespace_with_awk_not_gawk +++ /dev/null @@ -1,23 +0,0 @@ -Patch for Debian bug #518908 - -The default namespace.init depends on GNU awk extensions. Make this portable -to POSIX awk. - -Authors: Steve Langasek - -Upstream status: committed to CVS - -Index: pam.deb/modules/pam_namespace/namespace.init -=================================================================== ---- pam.deb.orig/modules/pam_namespace/namespace.init -+++ pam.deb/modules/pam_namespace/namespace.init -@@ -15,7 +15,8 @@ - gid=$(echo "$passwd" | cut -f4 -d":") - cp -rT /etc/skel "$homedir" - chown -R "$user":"$gid" "$homedir" -- mode=$(awk '/^UMASK/{gsub("#.*$", "", $2); printf "%o", and(0777,compl(strtonum("0" $2))); exit}' /etc/login.defs) -+ mask=$(awk '/^UMASK/{gsub("#.*$", "", $2); print $2; exit}' /etc/login.defs) -+ mode=$(printf "%o" $((0777 & ~$mask))) - chmod ${mode:-700} "$homedir" - [ -x /sbin/restorecon ] && /sbin/restorecon -R "$homedir" - fi diff --git a/debian/patches-applied/pam.d-manpage-section b/debian/patches-applied/pam.d-manpage-section deleted file mode 100644 index 1708e6aa..00000000 --- a/debian/patches-applied/pam.d-manpage-section +++ /dev/null @@ -1,35 +0,0 @@ -Patch for Debian bug #470137 - -pam.d is a directory, so it's in section 5, not in section 8. Update -the manpage references. - -Authors: Steve Langasek - -Upstream status: committed to CVS - -Index: pam.deb/modules/pam_sepermit/pam_sepermit.8 -=================================================================== ---- pam.deb.orig/modules/pam_sepermit/pam_sepermit.8 -+++ pam.deb/modules/pam_sepermit/pam_sepermit.8 -@@ -103,7 +103,7 @@ - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(7) - .SH "AUTHOR" - .PP -Index: pam.deb/modules/pam_sepermit/pam_sepermit.8.xml -=================================================================== ---- pam.deb.orig/modules/pam_sepermit/pam_sepermit.8.xml -+++ pam.deb/modules/pam_sepermit/pam_sepermit.8.xml -@@ -171,7 +171,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam7 diff --git a/debian/patches-applied/pam_securetty_tty_check_before_user_check b/debian/patches-applied/pam_securetty_tty_check_before_user_check deleted file mode 100644 index 5f976ab5..00000000 --- a/debian/patches-applied/pam_securetty_tty_check_before_user_check +++ /dev/null @@ -1,40 +0,0 @@ -Patch for Debian bug #537848 - -pam_securetty should not return PAM_USER_UNKNOWN when the tty is secure. -regardless of what was entered as a username. - -Authors: Nicolas François - -Upstream status: committed to CVS - -Index: sid/modules/pam_securetty/pam_securetty.c -=================================================================== ---- sid.orig/modules/pam_securetty/pam_securetty.c 2009-07-23 17:39:36.904158303 +0200 -+++ sid/modules/pam_securetty/pam_securetty.c 2009-07-23 17:48:55.596157670 +0200 -@@ -82,13 +82,11 @@ - } - - user_pwd = pam_modutil_getpwnam(pamh, username); -- if (user_pwd == NULL) { -- return PAM_USER_UNKNOWN; -- } else if (user_pwd->pw_uid != 0) { /* If the user is not root, -- securetty's does not apply -- to them */ -+ if (user_pwd != NULL && user_pwd->pw_uid != 0) { -+ /* If the user is not root, securetty's does not apply to them */ - return PAM_SUCCESS; - } -+ /* The user is now either root or an invalid / mistyped username */ - - retval = pam_get_item(pamh, PAM_TTY, &void_uttyname); - uttyname = void_uttyname; -@@ -102,6 +100,9 @@ - pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'", - username, uttyname); - } else if (retval != PAM_SUCCESS) { -+ if (user_pwd == NULL) { -+ retval = PAM_USER_UNKNOWN; -+ } - pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !", - uttyname); - } diff --git a/debian/patches-applied/series b/debian/patches-applied/series index bf13a538..1d1a6034 100644 --- a/debian/patches-applied/series +++ b/debian/patches-applied/series @@ -16,10 +16,7 @@ hurd_no_setfsuid 054_pam_security_abstract_securetty_handling 055_pam_unix_nullok_secure PAM-manpage-section -pam.d-manpage-section autoconf.patch update-motd fix-man-crud -namespace_with_awk_not_gawk -pam_securetty_tty_check_before_user_check sys-types-include.patch -- cgit v1.2.3