pam: Update to 1.1.6.

* Update to the latest version of pam.
* Add patches to fix build with glibc 2.16 and newer versions.

diff --git a/pam/pam.nm b/pam/pam.nm
index be4f7a242816dbc5e07cab93056b867e4d2d088e..54be8d075c85d881721a924ed5d0dd202a318afc 100644 (file)
--- a/pam/pam.nm
+++ b/pam/pam.nm
@@ -4,8 +4,8 @@
 ###############################################################################
 
 name       = pam
-version    = 1.1.5
-release    = 3
+version    = 1.1.6
+release    = 1
 thisapp    = Linux-PAM-%{version}
 
 groups     = System/Base
@@ -60,10 +60,6 @@ end
 
 packages
        package %{name}
-               requires
-                       pam_ldap
-               end
-
                configfiles
                        /etc/pam.d
                end

diff --git a/pam/patches/pam-1.1.5-unix-build.patch b/pam/patches/pam-1.1.5-unix-build.patch
new file mode 100644 (file)
index 0000000..d1f30d0
--- /dev/null
+++ b/pam/patches/pam-1.1.5-unix-build.patch
@@ -0,0 +1,34 @@
+diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c.build Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c
+--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c.build     2012-07-23 18:46:27.709804094 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c   2012-07-23 18:46:27.764805293 +0200
+@@ -47,6 +47,8 @@
+ #include <time.h>             /* for time() */
+ #include <errno.h>
+ #include <sys/wait.h>
++#include <sys/time.h>
++#include <sys/resource.h>
+ 
+ #include <security/_pam_macros.h>
+ 
+diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c.build Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c
+--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c.build   2012-07-23 18:55:16.433314731 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c 2012-07-23 18:54:48.064697131 +0200
+@@ -53,6 +53,7 @@
+ #include <fcntl.h>
+ #include <ctype.h>
+ #include <sys/time.h>
++#include <sys/resource.h>
+ #include <sys/stat.h>
+ 
+ #include <signal.h>
+diff -up Linux-PAM-1.1.5/modules/pam_unix/support.c.build Linux-PAM-1.1.5/modules/pam_unix/support.c
+--- Linux-PAM-1.1.5/modules/pam_unix/support.c.build   2012-07-23 18:46:27.000000000 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/support.c 2012-07-23 18:54:23.645165507 +0200
+@@ -18,6 +18,7 @@
+ #include <signal.h>
+ #include <ctype.h>
+ #include <syslog.h>
++#include <sys/time.h>
+ #include <sys/resource.h>
+ #ifdef HAVE_RPCSVC_YPCLNT_H
+ #include <rpcsvc/ypclnt.h>

diff --git a/pam/patches/pam-1.1.5-unix-no-fallback.patch b/pam/patches/pam-1.1.5-unix-no-fallback.patch
new file mode 100644 (file)
index 0000000..7857196
--- /dev/null
+++ b/pam/patches/pam-1.1.5-unix-no-fallback.patch
@@ -0,0 +1,69 @@
+diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml
+--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback        2011-06-21 11:04:56.000000000 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml    2012-05-09 11:54:34.442036404 +0200
+@@ -265,11 +265,10 @@
+         <listitem>
+           <para>
+             When a user changes their password next,
+-            encrypt it with the SHA256 algorithm. If the
+-            SHA256 algorithm is not known to the <citerefentry>
++            encrypt it with the SHA256 algorithm. The
++            SHA256 algorithm must be supported by the <citerefentry>
+           <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+-            </citerefentry> function,
+-            fall back to MD5.
++            </citerefentry> function.
+           </para>
+         </listitem>
+       </varlistentry>
+@@ -280,11 +279,10 @@
+         <listitem>
+           <para>
+             When a user changes their password next,
+-            encrypt it with the SHA512 algorithm. If the
+-            SHA512 algorithm is not known to the <citerefentry>
++            encrypt it with the SHA512 algorithm. The
++            SHA512 algorithm must be supported by the <citerefentry>
+           <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+-            </citerefentry> function,
+-            fall back to MD5.
++            </citerefentry> function.
+           </para>
+         </listitem>
+       </varlistentry>
+@@ -295,11 +293,10 @@
+         <listitem>
+           <para>
+             When a user changes their password next,
+-            encrypt it with the blowfish algorithm. If the
+-            blowfish algorithm is not known to the <citerefentry>
++            encrypt it with the blowfish algorithm. The
++            blowfish algorithm must be supported by the <citerefentry>
+           <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+-            </citerefentry> function,
+-            fall back to MD5.
++            </citerefentry> function.
+           </para>
+         </listitem>
+       </varlistentry>
+diff -up Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback Linux-PAM-1.1.5/modules/pam_unix/passverify.c
+--- Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback  2012-05-09 11:48:12.409632377 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/passverify.c      2012-05-09 11:48:36.953172291 +0200
+@@ -427,15 +427,14 @@ PAMH_ARG_DECL(char * create_password_has
+       if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
+               /* libxcrypt/libc doesn't know the algorithm, use MD5 */
+               pam_syslog(pamh, LOG_ERR,
+-                         "Algo %s not supported by the crypto backend, "
+-                         "falling back to MD5\n",
++                         "Algo %s not supported by the crypto backend.\n",
+                          on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
+                          on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
+                          on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
+               if(sp) {
+                  memset(sp, '\0', strlen(sp));
+               }
+-              return crypt_md5_wrapper(password);
++              return NULL;
+       }
+ 
+       return x_strdup(sp);