openSUSE Commits
Threads by month
- ----- 2025 -----
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
June 2009
- 1 participants
- 769 discussions
Hello community,
here is the log from the commit of package pwdutils for openSUSE:Factory
checked in at Mon Jun 29 14:52:46 CEST 2009.
--------
--- pwdutils/pwdutils.changes 2009-04-23 10:39:39.000000000 +0200
+++ pwdutils/pwdutils.changes 2009-06-24 19:24:29.000000000 +0200
@@ -1,0 +2,5 @@
+Wed Jun 24 19:24:03 CEST 2009 - sbrabec(a)suse.cz
+
+- Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164).
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
baselibs.conf
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pwdutils.spec ++++++
--- /var/tmp/diff_new_pack.k26234/_old 2009-06-29 14:52:10.000000000 +0200
+++ /var/tmp/diff_new_pack.k26234/_new 2009-06-29 14:52:10.000000000 +0200
@@ -29,7 +29,7 @@
Group: System/Base
AutoReqProv: on
Version: 3.2.3
-Release: 2
+Release: 3
Summary: Utilities to Manage User and Group Accounts
Requires: pam-modules
Source: pwdutils-%{version}.tar.bz2
++++++ baselibs.conf ++++++
pwdutils-rpasswd
supplements "packageand(pwdutils-rpasswd:pam-<targettype>)"
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package opie for openSUSE:Factory
checked in at Mon Jun 29 14:51:44 CEST 2009.
--------
--- opie/opie.changes 2009-06-02 10:38:16.000000000 +0200
+++ opie/opie.changes 2009-06-24 19:22:12.000000000 +0200
@@ -1,0 +2,5 @@
+Wed Jun 24 19:21:25 CEST 2009 - sbrabec(a)suse.cz
+
+- Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164).
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ opie.spec ++++++
--- /var/tmp/diff_new_pack.d24121/_old 2009-06-29 14:50:40.000000000 +0200
+++ /var/tmp/diff_new_pack.d24121/_new 2009-06-29 14:50:40.000000000 +0200
@@ -22,7 +22,7 @@
BuildRequires: bison pam-devel
Url: http://www.inner.net/opie
Version: 2.4
-Release: 697
+Release: 698
License: GPL v2 or later
Group: Productivity/Security
Provides: pam_opie
@@ -127,83 +127,3 @@
%doc %{_mandir}/man*/*
%changelog
-* Tue Jun 02 2009 meissner(a)suse.de
-- rename getline() to telnetgetline() to fix glibc 2.10 build failure.
-* Thu Apr 10 2008 ro(a)suse.de
-- added baselibs.conf file to build xxbit packages
- for multilib support
-* Thu Mar 29 2007 meissner(a)suse.de
-- buildrequirs bison
-* Thu Mar 15 2007 pgajdos(a)suse.cz
-- fixed: 'warning: array subscript is above array bounds' (#252562)
-- opie-2.4_array-subscript.patch
-- pam_opie-0.21_array-subscript.patch
-* Fri Feb 09 2007 meissner(a)suse.de
-- build as nonroot.
-* Wed Jan 17 2007 aj(a)suse.de
-- Fix undefined operation.
-* Fri Mar 17 2006 okir(a)suse.de
-- Make opie.h C++ safe (#158305)
-* Fri Feb 17 2006 okir(a)suse.de
-- Fixed a one byte buffer overflow (#151736)
-* Wed Jan 25 2006 mls(a)suse.de
-- converted neededforbuild to BuildRequires
-* Thu Jul 07 2005 mmj(a)suse.de
-- add missing declarations
-* Thu Feb 24 2005 okir(a)suse.de
-- removed permissions file; it's in /etc/permissions anyway (#66318)
-- Fixed a single NUL byte overflow
-* Mon Jan 24 2005 meissner(a)suse.de
-- 0 -> NULL in execl call.
-* Sat Jan 15 2005 schwab(a)suse.de
-- Use <owner>:<group> in permissions file.
-* Wed May 19 2004 ro(a)suse.de
-- added -fno-strict-aliasing
-- added return value to non-void function (main)
-* Mon Dec 02 2002 stark(a)suse.de
-- use RPM_OPT_FLAGS
-- link pam_opie against libopie from opie instead of own (older)
- version
-* Sat Nov 30 2002 stark(a)suse.de
-- include errno.h for new glibc
-* Wed Nov 13 2002 ro(a)suse.de
-- try fix for current bison
-* Tue Jul 02 2002 choeger(a)suse.de
-- build with -fPIC on all platforms
-- define UINT4 with uint32_t to correctly work on all platforms
- (not just alpha)
-* Fri Jun 21 2002 uli(a)suse.de
-- build with -fPIC on x86-64 to be able to link it to shared libs
-* Tue Jun 18 2002 choeger(a)suse.de
-- also install libopie.a to use opie with cyrus-sasl2
-* Mon Apr 08 2002 stark(a)suse.de
-- moved binaries to /usr/bin
-- fixed 'make install' for lib64
-* Wed Feb 13 2002 stark(a)suse.de
-- fixed bug in filelist :-(
-* Wed Feb 13 2002 stark(a)suse.de
-- minor spec cleanup
-* Sun Oct 28 2001 bjacke(a)suse.de
-- make opiekeys (noreplace)
-- add file in permissions.d
-- use buildroot and do other RPM cleanups
-- add missing manpages
-* Wed Aug 01 2001 sm(a)suse.de
-- fixed opiepasswd: seed was broken after changing passhprases
-* Mon Apr 09 2001 schwab(a)suse.de
-- Fix missing -fPIC.
-* Mon Apr 09 2001 ro(a)suse.de
-- don't use macro for version
-* Thu Apr 05 2001 us(a)suse.de
-- added patch from krahmer(a)suse.de
-- added opie.h to /usr/include
-- added missing binary opiegen
-* Wed Mar 28 2001 ro(a)suse.de
-- fixed group entry to: Utilities/Security
-* Wed Mar 28 2001 us(a)suse.de
-- changed file permissions of /etc/opiekeys to 600
-- changed file permissions of /bin/opiepasswd to 4755
-- in specfile: added configure flag --enable-insecure-override
-* Tue Mar 27 2001 us(a)suse.de
-- new version of opie 2.4
-- added pam-module pam_opie 0.21
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.d24121/_old 2009-06-29 14:50:40.000000000 +0200
+++ /var/tmp/diff_new_pack.d24121/_new 2009-06-29 14:50:40.000000000 +0200
@@ -1 +1,2 @@
opie
+ supplements "packageand(opie:pam-<targettype>)"
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package pam for openSUSE:Factory
checked in at Mon Jun 29 14:50:09 CEST 2009.
--------
--- pam/pam.changes 2009-05-05 18:06:32.000000000 +0200
+++ pam/pam.changes 2009-06-24 09:53:08.000000000 +0200
@@ -1,0 +2,5 @@
+Wed Jun 24 09:52:29 CEST 2009 - kukuk(a)suse.de
+
+- Update to final version 1.1.0 (spelling fixes)
+
+-------------------------------------------------------------------
@@ -4 +9 @@
-- Update to versin 1.0.92:
+- Update to version 1.0.92:
calling whatdependson for head-i586
Old:
----
Linux-PAM-1.0.92-docs.tar.bz2
Linux-PAM-1.0.92.tar.bz2
New:
----
Linux-PAM-1.1.0-docs.tar.bz2
Linux-PAM-1.1.0.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam.spec ++++++
--- /var/tmp/diff_new_pack.o27732/_old 2009-06-29 14:31:51.000000000 +0200
+++ /var/tmp/diff_new_pack.o27732/_new 2009-06-29 14:31:51.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package pam (Version 1.0.92)
+# spec file for package pam (Version 1.1.0)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -35,7 +35,7 @@
%define libpam_so_version 0.82.1
%define libpam_misc_so_version 0.82.0
%define libpamc_so_version 0.82.1
-License: BSD 3-Clause; GPL v2 or later
+License: BSD 3-clause (or similar) ; GPL v2 or later
Group: System/Libraries
AutoReqProv: on
# bug437293
@@ -43,7 +43,7 @@
Obsoletes: pam-64bit
%endif
#
-Version: 1.0.92
+Version: 1.1.0
Release: 1
Summary: A Security Tool that Provides Authentication for Applications
Source: Linux-PAM-%{version}.tar.bz2
@@ -66,7 +66,7 @@
%package doc
-License: Beerware, Cardware, Shareware (not restricted); BSD 3-Clause; GPL v2 or later
+License: Beerware, Cardware, Shareware (not restricted) ; BSD 3-clause (or similar) ; GPL v2 or later
Summary: Documentation for Pluggable Authentication Modules
Group: Documentation/HTML
@@ -80,7 +80,7 @@
%package devel
-License: Beerware, Cardware, Shareware (not restricted); BSD 3-Clause; GPL v2 or later
+License: Beerware, Cardware, Shareware (not restricted) ; BSD 3-clause (or similar) ; GPL v2 or later
Summary: Include Files and Libraries for PAM-Development
Group: Development/Libraries/C and C++
Requires: pam = %{version} glibc-devel
@@ -307,518 +307,3 @@
%{_libdir}/libpam_misc.so
%changelog
-* Tue May 05 2009 kukuk(a)suse.de
-- Update to versin 1.0.92:
- * Update translations
- * pam_succeed_if: Use provided username
- * pam_mkhomedir: Fix handling of options
-* Fri Apr 03 2009 rguenther(a)suse.de
-- Remove cracklib-dict-full and pwdutils BuildRequires again.
-* Fri Mar 27 2009 kukuk(a)suse.de
-- Update to version 1.0.91 aka 1.1 Beta2:
- * Changes in the behavior of the password stack. Results of
- PRELIM_CHECK are not used for the final run.
- * Redefine LOCAL keyword of pam_access configuration file
- * Add support for try_first_pass and use_first_pass to
- pam_cracklib
- * New password quality tests in pam_cracklib
- * Add support for passing PAM_AUTHTOK to stdin of helpers from
- pam_exec
- * New options for pam_lastlog to show last failed login attempt and
- to disable lastlog update
- * New pam_pwhistory module to store last used passwords
- * New pam_tally2 module similar to pam_tally with wordsize independent
- tally data format, obsoletes pam_tally
- * Make libpam not log missing module if its type is prepended with '-'
- * New pam_timestamp module for authentication based on recent successful
- login.
- * Add blowfish support to pam_unix.
- * Add support for user specific environment file to pam_env.
- * Add pam_get_authtok to libpam as Linux-PAM extension.
-* Wed Feb 11 2009 ro(a)suse.de
-- use sr@latin instead of sr@Latn
-* Thu Feb 05 2009 kukuk(a)suse.de
-- Log failures of setrlimit in pam_limits [bnc#448314]
-- Fix using of requisite in password stack [bnc#470337]
-* Tue Jan 20 2009 kukuk(a)suse.de
-- Regenerate documentation [bnc#448314]
-* Wed Dec 10 2008 olh(a)suse.de
-- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
- (bnc#437293)
-* Thu Dec 04 2008 olh(a)suse.de
-- obsolete old -XXbit packages (bnc#437293)
-* Thu Nov 27 2008 mc(a)suse.de
-- enhance the man page for limits.conf (bnc#448314)
-* Mon Nov 24 2008 kukuk(a)suse.de
-- pam_time: fix parsing if '|' is used [bdo#326407]
-* Wed Nov 19 2008 kukuk(a)suse.de
-- pam_xauth: update last patch
-- pam_pwhistory: add missing type option
-* Tue Nov 04 2008 mc(a)suse.de
-- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment
- (bnc#441314)
-* Fri Oct 17 2008 kukuk(a)suse.de
-- Add pam_tally2
-- Regenerate Documentation
-* Sat Oct 11 2008 kukuk(a)suse.de
-- Enhance pam_lastlog with status output
-- Add pam_pwhistory as tech preview
-* Fri Sep 26 2008 kukuk(a)suse.de
-- pam_tally: fix fd leak
-- pam_mail: fix "quiet" option
-* Fri Aug 29 2008 kukuk(a)suse.de
-- Update to version 1.0.2 (fix SELinux regression)
-- enhance pam_tally [FATE#303753]
-- Backport fixes from CVS
-* Wed Aug 20 2008 prusnak(a)suse.cz
-- enabled SELinux support [Fate#303662]
-* Wed Apr 16 2008 kukuk(a)suse.de
-- Update to version 1.0.1:
- - Fixes regression in pam_set_item().
-* Thu Apr 10 2008 ro(a)suse.de
-- added baselibs.conf file to build xxbit packages
- for multilib support
-* Fri Apr 04 2008 kukuk(a)suse.de
-- Remove devfs lines from securetty [bnc#372241]
-* Thu Apr 03 2008 kukuk(a)suse.de
-- Update to version 1.0.0:
- - Official first "stable" release
- - bug fixes
- - translation updates
-* Fri Feb 15 2008 kukuk(a)suse.de
-- Update to version 0.99.10.0:
- - New substack directive in config file syntax
- - New module pam_tty_audit.so for enabling and disabling tty
- auditing
- - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA
- - Improved functionality of pam_namespace.so module (method flags,
- namespace.d configuration directory, new options).
- - Finaly removed deprecated pam_rhosts_auth module.
-* Wed Oct 10 2007 kukuk(a)suse.de
-- Update to version 0.99.9.0:
- - misc_conv no longer blocks SIGINT; applications that don't want
- user-interruptable prompts should block SIGINT themselves
- - Merge fixes from Debian
- - Fix parser for pam_group and pam_time
-* Wed Jul 18 2007 kukuk(a)suse.de
-- Update to version 0.99.8.1:
- - Fix regression in pam_audit
-* Fri Jul 06 2007 kukuk(a)suse.de
-- Update to version 0.99.8.0:
- - Add translations for ar, ca, da, ru, sv and zu.
- - Update hungarian translation.
- - Add support for limits.d directory to pam_limits.
- - Add minclass option to pam_cracklib
- - Add new group syntax to pam_access
-* Thu Apr 19 2007 mc(a)suse.de
-- move the documentation into a seperate package (pam-doc)
- [partly fixes Bug #265733]
-* Mon Mar 26 2007 rguenther(a)suse.de
-- add flex and bison BuildRequires
-* Wed Jan 24 2007 mc(a)suse.de
-- add %%verify_permissions for /sbin/unix_chkpwd
- [#237625]
-* Tue Jan 23 2007 kukuk(a)suse.de
-- Update to Version 0.99.7.1 (security fix)
-* Wed Jan 17 2007 kukuk(a)suse.de
-- Update to Version 0.99.7.0
- * Add manual page for pam_unix.so.
- * Add pam_faildelay module to set pam_fail_delay() value.
- * Fix possible seg.fault in libpam/pam_set_data().
- * Cleanup of configure options.
- * Update hungarian translation, fix german translation.
-* Wed Jan 17 2007 lnussel(a)suse.de
-- install unix_chkpwd setuid root instead of setgid shadow (#216816)
-* Tue Oct 24 2006 kukuk(a)suse.de
-- pam_unix.so/unix_chkpwd: teach about blowfish [#213929]
-- pam_namespace.so: Fix two possible buffer overflow
-- link against libxcrypt
-* Sat Oct 07 2006 kukuk(a)suse.de
-- Update hungarian translation [#210091]
-* Tue Sep 19 2006 kukuk(a)suse.de
-- Don't remove pam_unix.so
-- Use cracklib again (goes lost with one of the last cleanups)
-* Thu Sep 14 2006 kukuk(a)suse.de
-- Add pam_umask.so to common-session [Fate#3621]
-* Wed Sep 06 2006 kukuk(a)suse.de
-- Update to Linux-PAM 0.99.6.3 (merges all patches)
-* Wed Aug 30 2006 kukuk(a)suse.de
-- Update to Linux-PAM 0.99.6.2 (incorporate last change)
-- Add pam_loginuid and fixes from CVS [Fate#300486]
-* Wed Aug 23 2006 kukuk(a)suse.de
-- Fix seg.fault in pam_cracklib if retyped password is empty
-* Tue Aug 22 2006 kukuk(a)suse.de
-- Remove use_first_pass from pam_unix2.so in password section
-* Fri Aug 11 2006 kukuk(a)suse.de
-- Update to Linux-PAM 0.99.6.1 (big documentation update)
-* Fri Jul 28 2006 kukuk(a)suse.de
-- Add missing namespace.init script
-* Thu Jul 27 2006 kukuk(a)suse.de
-- Reenable audit subsystem [Fate#300486]
-* Wed Jun 28 2006 kukuk(a)suse.de
-- Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM
- modules: pam_keyinit, pam_namespace, pam_rhosts)
-* Mon Jun 12 2006 kukuk(a)suse.de
-- Update to current CVS (lot of new manual pages and docu)
-* Tue May 30 2006 kukuk(a)suse.de
-- Update to Linux-PAM 0.99.4.0 (merge all patches and translations)
-* Wed May 24 2006 kukuk(a)suse.de
-- Fix problems found by Coverity
-* Wed May 17 2006 schwab(a)suse.de
-- Don't strip binaries.
-* Fri May 05 2006 kukuk(a)suse.de
-- Fix pam_tally LFS support [#172492]
-* Fri Apr 21 2006 kukuk(a)suse.de
-- Update fr.po and pl.po
-* Tue Apr 11 2006 kukuk(a)suse.de
-- Update km.po
-* Tue Apr 04 2006 kukuk(a)suse.de
-- Remove obsolete pam-laus from the system
-* Mon Mar 27 2006 kukuk(a)suse.de
-- Update translations for pt, pl, fr, fi and cs
-- Add translation for uk
-* Tue Mar 21 2006 kukuk(a)suse.de
-- Update hu.po
-* Tue Mar 21 2006 kukuk(a)suse.de
-- Add translation for tr
-* Mon Mar 13 2006 kukuk(a)suse.de
-- Fix order of NULL checks in pam_get_user
-- Fix comment in pam_lastlog for translators to be visible in
- pot file
-- Docu update, remove pam_selinux docu
-* Thu Mar 02 2006 kukuk(a)suse.de
-- Update km translation
-* Thu Feb 23 2006 kukuk(a)suse.de
-- pam_lastlog:
- - Initialize correct struct member [SF#1427401]
- - Mark strftime fmt string for translation [SF#1428269]
-* Sun Feb 19 2006 kukuk(a)suse.de
-- Update more manual pages
-* Sat Feb 18 2006 ro(a)suse.de
-- really disable audit if header file not present
-* Tue Feb 14 2006 kukuk(a)suse.de
-- Update fi.po
-- Add km.po
-- Update pl.po
-* Mon Feb 13 2006 kukuk(a)suse.de
-- Update with better manual pages
-* Thu Feb 09 2006 kukuk(a)suse.de
-- Add translation for nl, update pt translation
-* Fri Jan 27 2006 kukuk(a)suse.de
-- Move devel manual pages to -devel package
-- Mark PAM config files as noreplace
-- Mark /etc/securetty as noreplace
-- Run ldconfig
-- Fix libdb/ndbm compat detection with gdbm
-- Adjust german translation
-- Add all services to pam_listfile
-* Wed Jan 25 2006 mls(a)suse.de
-- converted neededforbuild to BuildRequires
-* Fri Jan 13 2006 kukuk(a)suse.de
-- Update to Linux-PAM 0.99.3.0 release candiate tar balls
- (new translations)
-* Mon Jan 09 2006 kukuk(a)suse.de
-- Fix NULL handling for LSB-pam test suite [#141240]
-* Sun Jan 08 2006 kukuk(a)suse.de
-- Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR
-* Fri Jan 06 2006 kukuk(a)suse.de
-- NULL is allowed as thirs argument for pam_get_item [#141240]
-* Wed Dec 21 2005 kukuk(a)suse.de
-- Add fixes from CVS
-* Thu Dec 15 2005 kukuk(a)suse.de
-- Fix pam_lastlog: don't report error on first login
-* Tue Dec 13 2005 kukuk(a)suse.de
-- Update to 0.99.2.1
-* Fri Dec 09 2005 kukuk(a)suse.de
-- Add /etc/environment to avoid warnings in syslog
-* Mon Dec 05 2005 kukuk(a)suse.de
-- disable SELinux
-* Wed Nov 23 2005 kukuk(a)suse.de
-- Update getlogin() fix to final one
-* Mon Nov 21 2005 kukuk(a)suse.de
-- Fix PAM getlogin() implementation
-* Mon Nov 21 2005 kukuk(a)suse.de
-- Update to official 0.99.2.0 release
-* Tue Nov 08 2005 kukuk(a)suse.de
-- Update to new snapshot
-* Mon Oct 10 2005 kukuk(a)suse.de
-- Enable original pam_wheel module
-* Tue Sep 27 2005 kukuk(a)suse.de
-- Update to current CVS
-- Compile libpam_misc with -fno-strict-aliasing
-* Mon Sep 19 2005 kukuk(a)suse.de
-- Update to current CVS
-- Fix compiling of pammodutil with -fPIC
-* Sun Sep 18 2005 kukuk(a)suse.de
-- Update to current CVS
-* Tue Aug 23 2005 kukuk(a)suse.de
-- Update to new snapshot (Major version is back to 0)
-* Fri Aug 19 2005 kukuk(a)suse.de
-- Update to Linux-PAM 0.99.0.3 snapshot
-* Mon Jul 11 2005 kukuk(a)suse.de
-- Add pam_umask
-* Mon Jul 04 2005 kukuk(a)suse.de
-- Update to current CVS snapshot
-* Thu Jun 23 2005 kukuk(a)suse.de
-- Update to current CVS snapshot
-- Add pam_loginuid
-* Thu Jun 09 2005 kukuk(a)suse.de
-- Update to current CVS snapshot
-* Mon Jun 06 2005 kukuk(a)suse.de
-- Don't reset priority [#81690]
-- Fix creating of symlinks
-* Fri May 20 2005 kukuk(a)suse.de
-- Update to current CVS snapshot
-- Real fix for [#82687] (don't include kernel header files)
-* Thu May 12 2005 schubi(a)suse.de
-- Bug 82687 - pam_client.h redefines __u8 and __u32
-* Fri Apr 29 2005 kukuk(a)suse.de
-- Apply lot of fixes from CVS (including SELinux support)
-* Fri Apr 01 2005 kukuk(a)suse.de
-- Update to final 0.79 release
-* Mon Mar 14 2005 kukuk(a)suse.de
-- Apply patch for pam_xauth to preserve DISPLAY variable [#66885]
-* Mon Jan 24 2005 kukuk(a)suse.de
-- Compile with large file support
-* Mon Jan 24 2005 schubi(a)suse.de
-- Made patch of latest CVS tree
-- Removed patch pam_handler.diff ( included in CVS now )
-- moved Linux-PAM-0.78.dif to pam_group_time.diff
-* Wed Jan 05 2005 kukuk(a)suse.de
-- Fix seg.fault, if a PAM config line is incomplete
-* Thu Nov 18 2004 kukuk(a)suse.de
-- Update to final 0.78
-* Mon Nov 08 2004 kukuk(a)suse.de
-- Add pam_env.so to common-auth
-- Add pam_limit.so to common-session
-* Wed Oct 13 2004 kukuk(a)suse.de
-- Update to 0.78-Beta1
-* Wed Sep 22 2004 kukuk(a)suse.de
-- Create pam.d/common-{auth,account,password,session} and include
- them in pam.d/other
-- Update to current CVS version of upcoming 0.78 release
-* Mon Aug 23 2004 kukuk(a)suse.de
-- Update "code cleanup" patch
-- Disable reading of /etc/environment in pam_env.so per default
-* Thu Aug 19 2004 kukuk(a)suse.de
-- Reenable a "fixed" version of "code cleanup" patch
-- Use pam_wheel from pam-modules package
-* Wed Aug 18 2004 kukuk(a)suse.de
-- Disable "code cleanup" patch (no more comments about security
- fixes)
-* Fri Aug 13 2004 kukuk(a)suse.de
-- Apply big "code cleanup" patch [Bug #39673]
-* Fri Mar 12 2004 kukuk(a)suse.de
-- pam_wheel: Use original getlogin again, PAM internal does not
- work without application help [Bug #35682]
-* Sun Jan 18 2004 meissner(a)suse.de
-- We no longer have pam in the buildsystem, so we
- need some buildroot magic flags for the dlopen tests.
-* Fri Jan 16 2004 kukuk(a)suse.de
-- Cleanup neededforbuild
-* Fri Dec 05 2003 kukuk(a)suse.de
-- Add manual pages from SLES8
-* Fri Nov 28 2003 kukuk(a)suse.de
-- Fix installing manual pages of modules
-- Remove pthread check (db is now linked against pthread)
-* Thu Nov 27 2003 kukuk(a)suse.de
-- Merge with current CVS
-- Apply bug fixes from bugtracking system
-- Build as normal user
-* Fri Nov 21 2003 kukuk(a)suse.de
-- Compile with noexecstack
-* Thu Nov 06 2003 kukuk(a)suse.de
-- Fix pam_securetty CVS patch
-* Wed Oct 29 2003 kukuk(a)suse.de
-- Sync with current CVS version
-* Thu Oct 02 2003 kukuk(a)suse.de
-- Add patch to implement "include" statement in pamd files
-* Wed Sep 10 2003 uli(a)suse.de
-- added ttyS1 (VT220) to securetty on s390* (bug #29239)
-* Mon Jul 28 2003 kukuk(a)suse.de
-- Apply lot of fixes for various problems
-* Tue Jun 10 2003 kukuk(a)suse.de
-- Fix getlogin handling in pam_wheel.so
-* Tue May 27 2003 ro(a)suse.de
-- added cracklib-devel to neededforbuild
-* Thu Feb 13 2003 kukuk(a)suse.de
-- Update pam_localuser and pam_xauth.
-* Wed Nov 13 2002 kukuk(a)suse.de
-- Update to Linux-PAM 0.77 (minor bug fixes and enhancemants)
-* Mon Nov 11 2002 ro(a)suse.de
-- changed neededforbuild <sp> to <opensp>
-* Sat Sep 14 2002 ro(a)suse.de
-- changed securetty / use extra file
-* Fri Sep 13 2002 bk(a)suse.de
-- 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty
-* Tue Aug 27 2002 kukuk(a)suse.de
-- Call password checking helper from pam_unix.so whenever the
- passwd field is invalid.
-* Sat Aug 24 2002 kukuk(a)suse.de
-- Don't build ps and pdf documentation
-* Fri Aug 09 2002 kukuk(a)suse.de
-- pam-devel requires pam [Bug #17543]
-* Wed Jul 17 2002 kukuk(a)suse.de
-- Remove explicit requires
-* Wed Jul 10 2002 kukuk(a)suse.de
-- Update to Linux-PAM 0.76
-- Remove reentrant patch for original PAM modules (needs to be
- rewritten for new PAM version)
-- Add docu in PDF format
-* Thu Jul 04 2002 kukuk(a)suse.de
-- Fix build on different partitions
-* Tue Apr 16 2002 mmj(a)suse.de
-- Fix to not own /usr/shar/man/man3
-* Wed Mar 13 2002 kukuk(a)suse.de
-- Add /usr/include/security to pam-devel filelist
-* Mon Feb 11 2002 ro(a)suse.de
-- tar option for bz2 is "j"
-* Fri Jan 25 2002 kukuk(a)suse.de
-- Fix last pam_securetty patch
-* Thu Jan 24 2002 kukuk(a)suse.de
-- Use reentrant getpwnam functions for most modules
-- Fix unresolved symbols in pam_access and pam_userdb
-* Sun Jan 20 2002 kukuk(a)suse.de
-- libpam_misc: Don't handle Ctrl-D as error.
-* Wed Jan 16 2002 kukuk(a)suse.de
-- Remove SuSEconfig.pam
-- Update pam_localuser and pam_xauth
-- Add new READMEs about blowfish and cracklib
-* Mon Nov 12 2001 kukuk(a)suse.de
-- Remove pam_unix.so (is part of pam-modules)
-* Fri Nov 09 2001 kukuk(a)suse.de
-- Move extra PAM modules to separate package
-- Require pam-modules package
-* Fri Aug 24 2001 kukuk(a)suse.de
-- Move susehelp config file to susehelp package
-* Mon Aug 13 2001 ro(a)suse.de
-- changed neededforbuild <sp_libs> to <sp-devel>
-* Tue Aug 07 2001 kukuk(a)suse.de
-- Fixes wrong symlink handling of pam_homecheck [Bug #3905]
-* Wed Jul 11 2001 kukuk(a)suse.de
-- Sync pam_homecheck and pam_unix2 fixes from 7.2
-- Always ask for the old password if it is expired
-* Sat May 05 2001 kukuk(a)suse.de
-- Cleanup Patches, make tar archive from extra pam modules
-* Fri May 04 2001 kukuk(a)suse.de
-- Use LOG_NOTICE for trace option [Bug #7673]
-* Thu Apr 12 2001 kukuk(a)suse.de
-- Linux-PAM: link pam_access against libnsl
-- Add pam.conf for susehelp/pam html docu
-* Tue Apr 10 2001 kukuk(a)suse.de
-- Linux-PAM: Update to version 0.75
-* Tue Apr 03 2001 kukuk(a)suse.de
-- Linux-PAM: link libpam_misc against libpam [Bug #6890]
-* Thu Mar 08 2001 kukuk(a)suse.de
-- Linux-PAM: Fix manual pages (.so reference)
-- pam_pwcheck: fix Makefile
-* Tue Mar 06 2001 kukuk(a)suse.de
-- Update for Linux-PAM 0.74
-- Drop pwdb subpackage
-* Tue Feb 13 2001 kukuk(a)suse.de
-- pam_unix2: Create temp files with permission 0600
-* Tue Feb 06 2001 ro(a)suse.de
-- pam_issue.c: include time.h to make it compile
-* Fri Jan 05 2001 kukuk(a)suse.de
-- Don't print error message about failed initialization from
- pam_limits with kernel 2.2 [Bug #5198]
-* Thu Jan 04 2001 kukuk(a)suse.de
-- Adjust docu for pam_limits
-* Sun Dec 17 2000 kukuk(a)suse.de
-- Adjust docu for pam_pwcheck
-* Thu Dec 07 2000 kukuk(a)suse.de
-- Add fix for pam_limits from 0.73
-* Thu Oct 26 2000 kukuk(a)suse.de
-- Add db-devel to need for build
-* Fri Oct 20 2000 kukuk(a)suse.de
-- Don't link PAM modules against old libpam library
-* Wed Oct 18 2000 kukuk(a)suse.de
-- Create new "devel" subpackage
-* Thu Oct 12 2000 kukuk(a)suse.de
-- Add SuSEconfig.pam
-* Tue Oct 03 2000 kukuk(a)suse.de
-- Fix problems with new gcc and glibc 2.2 header files
-* Wed Sep 13 2000 kukuk(a)suse.de
-- Fix problem with passwords longer then PASS_MAX_LEN
-* Wed Sep 06 2000 kukuk(a)suse.de
-- Add missing PAM modules to filelist
-- Fix seg.fault in pam_pwcheck [BUG #3894]
-- Clean spec file
-* Fri Jun 23 2000 kukuk(a)suse.de
-- Lot of bug fixes in pam_unix2 and pam_pwcheck
-- compress postscript docu
-* Mon May 15 2000 kukuk(a)suse.de
-- Move docu to /usr/share/doc/pam
-- Fix some bugs in pam_unix2 and pam_pwcheck
-* Tue Apr 25 2000 kukuk(a)suse.de
-- Add pam_homecheck Module
-* Tue Apr 25 2000 kukuk(a)suse.de
-- Add devfs devices to /etc/securetty
-* Wed Mar 01 2000 kukuk(a)suse.de
-- Fix handling of changing passwords to empty one
-* Tue Feb 22 2000 kukuk(a)suse.de
-- Set correct attr for unix_chkpwd and pwdb_chkpwd
-* Tue Feb 15 2000 kukuk(a)suse.de
-- Update pam_pwcheck
-- Update pam_unix2
-* Mon Feb 07 2000 kukuk(a)suse.de
-- pwdb: Update to 0.61
-* Thu Jan 27 2000 kukuk(a)suse.de
-- Add config files and README for md5 passwords
-- Update pam_pwcheck
-- Update pam_unix2
-* Thu Jan 13 2000 kukuk(a)suse.de
-- Update pam_unix2
-- New: pam_pwcheck
-- Update to Linux-PAM 0.72
-* Wed Oct 13 1999 kukuk(a)suse.de
-- pam_pwdb: Add security fixes from RedHat
-* Mon Oct 11 1999 kukuk(a)suse.de
-- Update to Linux-PAM 0.70
-- Update to pwdb-0.60
-- Fix more pam_unix2 shadow bugs
-* Fri Oct 08 1999 kukuk(a)suse.de
-- Add more PAM fixes
-- Implement Password changing request (sp_lstchg == 0)
-* Mon Sep 13 1999 bs(a)suse.de
-- ran old prepare_spec on spec file to switch to new prepare_spec.
-* Sat Sep 11 1999 kukuk(a)suse.de
-- Add pam_wheel to file list
-- pam_wheel: Minor fixes
-- pam_unix2: root is allowed to change passwords with wrong
- password aging information
-* Mon Aug 30 1999 kukuk(a)suse.de
-- pam_unix2: Fix typo
-* Thu Aug 19 1999 kukuk(a)suse.de
-- Linux-PAM: Update to version 0.69
-* Fri Jul 16 1999 kukuk(a)suse.de
-- pam_unix2: Root is allowed to use the old password again.
-* Tue Jul 13 1999 kukuk(a)suse.de
-- pam_unix2: Allow root to set an empty password.
-* Sat Jul 10 1999 kukuk(a)suse.de
-- Add HP-UX password aging to pam_unix2.
-* Wed Jul 07 1999 kukuk(a)suse.de
-- Don't install .cvsignore files
-- Make sure, /etc/shadow has the correct rights
-* Tue Jul 06 1999 kukuk(a)suse.de
-- Update to Linux-PAM 0.68
-* Wed Jun 30 1999 kukuk(a)suse.de
-- pam_unix2: more bug fixes
-* Tue Jun 29 1999 kukuk(a)suse.de
-- pam_unix2: Fix "inactive" password
-* Mon Jun 28 1999 kukuk(a)suse.de
-- pam_warn: Add missing functions
-- other.pamd: Update
-- Add more doku
-* Thu Jun 24 1999 kukuk(a)suse.de
-- Add securetty config file
-- Fix Debian pam_env patch
-* Mon Jun 21 1999 kukuk(a)suse.de
-- Update to Linux-PAM 0.67
-- Add Debian pam_env patch
-* Thu Jun 17 1999 kukuk(a)suse.de
-- pam_ftp malloc (core dump) fix
-* Tue Jun 15 1999 kukuk(a)suse.de
-- pam_unix2 fixes
-* Mon Jun 07 1999 kukuk(a)suse.de
-- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2
++++++ Linux-PAM-1.0.92-docs.tar.bz2 -> Linux-PAM-1.1.0-docs.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/adg-glossary.html new/Linux-PAM-1.1.0/doc/adg/html/adg-glossary.html
--- old/Linux-PAM-1.0.92/doc/adg/html/adg-glossary.html 2009-03-24 19:04:34.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/adg-glossary.html 2009-06-16 10:48:20.000000000 +0200
@@ -5,7 +5,7 @@
him/herself in a variety of ways. Updating the user's
authentication token thus corresponds to
<span class="emphasis"><em>refreshing</em></span> the object they use to
- authenticate themself with the system. The word password is
+ authenticate them self with the system. The word password is
avoided to keep open the possibility that the authentication
involves a retinal scan or other non-textual mode of
challenge/response.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/adg-libpam_misc.html new/Linux-PAM-1.1.0/doc/adg/html/adg-libpam_misc.html
--- old/Linux-PAM-1.0.92/doc/adg/html/adg-libpam_misc.html 2009-03-24 19:04:33.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/adg-libpam_misc.html 2009-06-16 10:48:20.000000000 +0200
@@ -1,7 +1,7 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�5.�A library of miscellaneous helper functions</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="prev" href="adg-security-resources.html" title="4.5.�Sufficient resources"><link rel="next" href="adg-libpam-functions.html" title="5.1.�Functions supplied"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�5.�A library of miscellaneous helper functions</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-security-resources.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="adg-libpam-functions.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="adg-libpam_misc"></a>Chapter�5.�A library of miscellaneous helper functions</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="adg-libpam-functions.html">5.1. Functions supplied</a></span></dt><dd><dl><dt><span class="section"><a href="adg-libpam-functions.html#adg-misc_conv">5.1.1. Text based conversation function</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_paste_env">5.1.2. Transcribing an environment to that of PAM</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_drop_env">5.1.3. Liberating a locally saved environment</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_setenv">5.1.4. BSD like PAM environment variable setting</a></span></dt></dl></dd></dl></div><p>
To aid the work of the application developer a library of
miscellaneous functions is provided. It is called
- <span class="command"><strong>libpam_miscy</strong></span>, and contains a text based
+ <span class="command"><strong>libpam_misc</strong></span>, and contains a text based
conversation function, and routines for enhancing the standard
PAM-environment variable support.
</p><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/adg-porting.html new/Linux-PAM-1.1.0/doc/adg/html/adg-porting.html
--- old/Linux-PAM-1.0.92/doc/adg/html/adg-porting.html 2009-03-24 19:04:33.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/adg-porting.html 2009-06-16 10:48:20.000000000 +0200
@@ -18,8 +18,9 @@
being be attached to it. The point being that the "standard"
pop-authentication protocol(s) [which will be needed to satisfy
inflexible/legacy clients] would be supported by inserting an
- appropriate pam_qpopper module(s). However, having rewritten popd
- once in this way any new protocols can be implemented in-situ.
+ appropriate pam_qpopper module(s). However, having rewritten
+ <span class="command"><strong>popd</strong></span> once in this way any new protocols can be
+ implemented in-situ.
</p><p>
One simple test of a ported application would be to insert the
<span class="command"><strong>pam_permit</strong></span> module and see if the application
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/adg-security-conv-function.html new/Linux-PAM-1.1.0/doc/adg/html/adg-security-conv-function.html
--- old/Linux-PAM-1.0.92/doc/adg/html/adg-security-conv-function.html 2009-03-24 19:04:33.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/adg-security-conv-function.html 2009-06-16 10:48:19.000000000 +0200
@@ -1,8 +1,8 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.3.�The conversation function</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="adg-security.html" title="Chapter�4.� Security issues of Linux-PAM"><link rel="prev" href="adg-security-service-name.html" title="4.2.�Choice of a service name"><link rel="next" href="adg-security-usre-identity.html" title="4.4.�The identity of the user"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.3.�The conversation function</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-security-service-name.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.3.�The conversation function</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="adg-security.html" title="Chapter�4.� Security issues of Linux-PAM"><link rel="prev" href="adg-security-service-name.html" title="4.2.�Choice of a service name"><link rel="next" href="adg-security-user-identity.html" title="4.4.�The identity of the user"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.3.�The conversation function</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-security-service-name.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�
Security issues of Linux-PAM
- </th><td width="20%" align="right">�<a accesskey="n" href="adg-security-usre-identity.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="adg-security-conv-function"></a>4.3.�The conversation function</h2></div></div></div><p>
+ </th><td width="20%" align="right">�<a accesskey="n" href="adg-security-user-identity.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="adg-security-conv-function"></a>4.3.�The conversation function</h2></div></div></div><p>
Care should be taken to ensure that the <code class="function">conv()</code>
function is robust. Such a function is provided in the library
<span class="command"><strong>libpam_misc</strong></span> (see
<a class="link" href="adg-libpam-functions.html" title="5.1.�Functions supplied">below</a>).
- </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="adg-security-service-name.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="adg-security.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="adg-security-usre-identity.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.2.�Choice of a service name�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_ADG.html">Home</a></td><td width="40%" align="right" valign="top">�4.4.�The identity of the user</td></tr></table></div></body></html>
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="adg-security-service-name.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="adg-security.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="adg-security-user-identity.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.2.�Choice of a service name�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_ADG.html">Home</a></td><td width="40%" align="right" valign="top">�4.4.�The identity of the user</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/adg-security.html new/Linux-PAM-1.1.0/doc/adg/html/adg-security.html
--- old/Linux-PAM-1.0.92/doc/adg/html/adg-security.html 2009-03-24 19:04:33.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/adg-security.html 2009-06-16 10:48:19.000000000 +0200
@@ -2,7 +2,7 @@
Security issues of Linux-PAM
</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-interface-programming-notes.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="adg-security-library-calls.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="adg-security"></a>Chapter�4.�
Security issues of <span class="emphasis"><em>Linux-PAM</em></span>
- </h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="adg-security-library-calls.html">4.1. Care about standard library calls</a></span></dt><dt><span class="section"><a href="adg-security-service-name.html">4.2. Choice of a service name</a></span></dt><dt><span class="section"><a href="adg-security-conv-function.html">4.3. The conversation function</a></span></dt><dt><span class="section"><a href="adg-security-usre-identity.html">4.4. The identity of the user</a></span></dt><dt><span class="section"><a href="adg-security-resources.html">4.5. Sufficient resources</a></span></dt></dl></div><p>
+ </h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="adg-security-library-calls.html">4.1. Care about standard library calls</a></span></dt><dt><span class="section"><a href="adg-security-service-name.html">4.2. Choice of a service name</a></span></dt><dt><span class="section"><a href="adg-security-conv-function.html">4.3. The conversation function</a></span></dt><dt><span class="section"><a href="adg-security-user-identity.html">4.4. The identity of the user</a></span></dt><dt><span class="section"><a href="adg-security-resources.html">4.5. Sufficient resources</a></span></dt></dl></div><p>
PAM, from the perspective of an application, is a convenient API for
authenticating users. PAM modules generally have no increased
privilege over that possessed by the application that is making use of
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/adg-security-resources.html new/Linux-PAM-1.1.0/doc/adg/html/adg-security-resources.html
--- old/Linux-PAM-1.0.92/doc/adg/html/adg-security-resources.html 2009-03-24 19:04:33.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/adg-security-resources.html 2009-06-16 10:48:19.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.5.�Sufficient resources</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="adg-security.html" title="Chapter�4.� Security issues of Linux-PAM"><link rel="prev" href="adg-security-usre-identity.html" title="4.4.�The identity of the user"><link rel="next" href="adg-libpam_misc.html" title="Chapter�5.�A library of miscellaneous helper functions"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.5.�Sufficient resources</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-security-usre-identity.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.5.�Sufficient resources</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="adg-security.html" title="Chapter�4.� Security issues of Linux-PAM"><link rel="prev" href="adg-security-user-identity.html" title="4.4.�The identity of the user"><link rel="next" href="adg-libpam_misc.html" title="Chapter�5.�A library of miscellaneous helper functions"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.5.�Sufficient resources</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-security-user-identity.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�
Security issues of Linux-PAM
</th><td width="20%" align="right">�<a accesskey="n" href="adg-libpam_misc.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="adg-security-resources"></a>4.5.�Sufficient resources</h2></div></div></div><p>
Care should be taken to ensure that the proper execution of an
@@ -10,6 +10,6 @@
This is also true of conversation prompts. The application should not
accept prompts of arbitrary length with out checking for resource
allocation failure and dealing with such extreme conditions gracefully
- and in a mannor that preserves the PAM API. Such tolerance may be
+ and in a manner that preserves the PAM API. Such tolerance may be
especially important when attempting to track a malicious adversary.
- </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="adg-security-usre-identity.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="adg-security.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="adg-libpam_misc.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.4.�The identity of the user�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_ADG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�5.�A library of miscellaneous helper functions</td></tr></table></div></body></html>
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="adg-security-user-identity.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="adg-security.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="adg-libpam_misc.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.4.�The identity of the user�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_ADG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�5.�A library of miscellaneous helper functions</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/adg-security-user-identity.html new/Linux-PAM-1.1.0/doc/adg/html/adg-security-user-identity.html
--- old/Linux-PAM-1.0.92/doc/adg/html/adg-security-user-identity.html 1970-01-01 01:00:00.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/adg-security-user-identity.html 2009-06-16 10:48:19.000000000 +0200
@@ -0,0 +1,52 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.4.�The identity of the user</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="adg-security.html" title="Chapter�4.� Security issues of Linux-PAM"><link rel="prev" href="adg-security-conv-function.html" title="4.3.�The conversation function"><link rel="next" href="adg-security-resources.html" title="4.5.�Sufficient resources"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.4.�The identity of the user</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-security-conv-function.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�
+ Security issues of Linux-PAM
+ </th><td width="20%" align="right">�<a accesskey="n" href="adg-security-resources.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="adg-security-user-identity"></a>4.4.�The identity of the user</h2></div></div></div><p>
+ The <span class="emphasis"><em>Linux-PAM</em></span> modules will need
+ to determine the identity of the user who requests a service,
+ and the identity of the user who grants the service. These two
+ users will seldom be the same. Indeed there is generally a third
+ user identity to be considered, the new (assumed) identity of
+ the user once the service is granted.
+ </p><p>
+ The need for keeping tabs on these identities is clearly an
+ issue of security. One convention that is actively used by
+ some modules is that the identity of the user requesting a
+ service should be the current <span class="emphasis"><em>UID</em></span>
+ (user ID) of the running process; the identity of the
+ privilege granting user is the <span class="emphasis"><em>EUID</em></span>
+ (effective user ID) of the running process; the identity of
+ the user, under whose name the service will be executed, is
+ given by the contents of the <span class="emphasis"><em>PAM_USER</em></span>
+ <span class="citerefentry"><span class="refentrytitle">pam_get_item</span>(3)</span>. Note, modules can change the values of
+ <span class="emphasis"><em>PAM_USER</em></span> and <span class="emphasis"><em>PAM_RUSER</em></span>
+ during any of the <code class="function">pam_*()</code> library calls.
+ For this reason, the application should take care to use the
+ <code class="function">pam_get_item()</code> every time it wishes to
+ establish who the authenticated user is (or will currently be).
+ </p><p>
+ For network-serving databases and other applications that provide
+ their own security model (independent of the OS kernel) the above
+ scheme is insufficient to identify the requesting user.
+ </p><p>
+ A more portable solution to storing the identity of the requesting
+ user is to use the <span class="emphasis"><em>PAM_RUSER</em></span> <span class="citerefentry"><span class="refentrytitle">pam_get_item</span>(3)</span>. The application should supply this value before
+ attempting to authenticate the user with
+ <code class="function">pam_authenticate()</code>. How well this name can be
+ trusted will ultimately be at the discretion of the local
+ administrator (who configures PAM for your application) and a
+ selected module may attempt to override the value where it can
+ obtain more reliable data. If an application is unable to determine
+ the identity of the requesting entity/user, it should not call
+ <span class="citerefentry"><span class="refentrytitle">pam_set_item</span>(3)</span> to set <span class="emphasis"><em>PAM_RUSER</em></span>.
+ </p><p>
+ In addition to the <span class="emphasis"><em>PAM_RUSER</em></span> item, the
+ application should supply the <span class="emphasis"><em>PAM_RHOST</em></span>
+ (<span class="emphasis"><em>requesting host</em></span>) item. As a general rule,
+ the following convention for its value can be assumed:
+ NULL = unknown; localhost = invoked directly from the local system;
+ <span class="emphasis"><em>other.place.xyz</em></span> = some component of the
+ user's connection originates from this remote/requesting host. At
+ present, PAM has no established convention for indicating whether
+ the application supports a trusted path to communication from
+ this host.
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="adg-security-conv-function.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="adg-security.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="adg-security-resources.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.3.�The conversation function�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_ADG.html">Home</a></td><td width="40%" align="right" valign="top">�4.5.�Sufficient resources</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/Linux-PAM_ADG.html new/Linux-PAM-1.1.0/doc/adg/html/Linux-PAM_ADG.html
--- old/Linux-PAM-1.0.92/doc/adg/html/Linux-PAM_ADG.html 2009-03-24 19:04:34.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/Linux-PAM_ADG.html 2009-06-16 10:48:20.000000000 +0200
@@ -1,9 +1,9 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>The Linux-PAM Application Developers' Guide</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><meta name="description" content="This manual documents what an application developer needs to know about the Linux-PAM library. It describes how an application might use the Linux-PAM library to authenticate users. In addition it contains a description of the funtions to be found in libpam_misc library, that can be used in general applications. Finally, it contains some comments on PAM related security issues for the application developer."><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="next" href="adg-introduction.html" title="Chapter�1.�Introduction"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">The Linux-PAM Application Developers' Guide</th></tr><tr><td width="20%" align="left">�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="adg-introduction.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="adg"></a>The Linux-PAM Application Developers' Guide</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Andrew G.</span> <span class="surname">Morgan</span></h3><code class="email"><<a class="email" href="mailto:morgan@kernel.org">morgan(a)kernel.org</a>></code></div><div class="author"><h3 class="author"><span class="firstname">Thorsten</span> <span class="surname">Kukuk</span></h3><code class="email"><<a class="email" href="mailto:kukuk@thkukuk.de">kukuk(a)thkukuk.de</a>></code></div></div></div><div><p class="releaseinfo">Version 1.0, 3. April 2008</p></div><div><div class="abstract"><p class="title"><b>Abstract</b></p><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>The Linux-PAM Application Developers' Guide</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><meta name="description" content="This manual documents what an application developer needs to know about the Linux-PAM library. It describes how an application might use the Linux-PAM library to authenticate users. In addition it contains a description of the functions to be found in libpam_misc library, that can be used in general applications. Finally, it contains some comments on PAM related security issues for the application developer."><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="next" href="adg-introduction.html" title="Chapter�1.�Introduction"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">The Linux-PAM Application Developers' Guide</th></tr><tr><td width="20%" align="left">�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="adg-introduction.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="adg"></a>The Linux-PAM Application Developers' Guide</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Andrew G.</span> <span class="surname">Morgan</span></h3><code class="email"><<a class="email" href="mailto:morgan@kernel.org">morgan(a)kernel.org</a>></code></div><div class="author"><h3 class="author"><span class="firstname">Thorsten</span> <span class="surname">Kukuk</span></h3><code class="email"><<a class="email" href="mailto:kukuk@thkukuk.de">kukuk(a)thkukuk.de</a>></code></div></div></div><div><p class="releaseinfo">Version 1.1, 16. June 2009</p></div><div><div class="abstract"><p class="title"><b>Abstract</b></p><p>
This manual documents what an application developer needs to know
about the <span class="emphasis"><em>Linux-PAM</em></span> library. It
describes how an application might use the
<span class="emphasis"><em>Linux-PAM</em></span> library to authenticate
- users. In addition it contains a description of the funtions
+ users. In addition it contains a description of the functions
to be found in <code class="filename">libpam_misc</code> library, that can
be used in general applications. Finally, it contains some comments
on PAM related security issues for the application developer.
@@ -11,4 +11,4 @@
The public interface to Linux-PAM
</a></span></dt><dd><dl><dt><span class="section"><a href="adg-interface-by-app-expected.html">3.1. What can be expected by the application</a></span></dt><dd><dl><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_start">3.1.1. Initialization of PAM transaction</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_end">3.1.2. Termination of PAM transaction</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_set_item">3.1.3. Setting PAM items</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_get_item">3.1.4. Getting PAM items</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_strerror">3.1.5. Strings describing PAM error codes</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_fail_delay">3.1.6. Request a delay on failure</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_authenticate">3.1.7. Authenticating the user</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_setcred">3.1.8. Setting user credentials</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_acct_mgmt">3.1.9. Account validation management</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_chauthtok">3.1.10. Updating authentication tokens</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_open_session">3.1.11. Start PAM session management</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_close_session">3.1.12. terminating PAM session management</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_putenv">3.1.13. Set or change PAM environment variable</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_getenv">3.1.14. Get a PAM environment variable</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_getenvlist">3.1.15. Getting the PAM environment</a></span></dt></dl></dd><dt><span class="section"><a href="adg-interface-of-app-expected.html">3.2. What is expected of an application</a></span></dt><dd><dl><dt><span class="section"><a href="adg-interface-of-app-expected.html#adg-pam_conv">3.2.1. The conversation function</a></span></dt></dl></dd><dt><span class="section"><a href="adg-interface-programming-notes.html">3.3. Programming notes</a></span></dt></dl></dd><dt><span class="chapter"><a href="adg-security.html">4.
Security issues of Linux-PAM
- </a></span></dt><dd><dl><dt><span class="section"><a href="adg-security-library-calls.html">4.1. Care about standard library calls</a></span></dt><dt><span class="section"><a href="adg-security-service-name.html">4.2. Choice of a service name</a></span></dt><dt><span class="section"><a href="adg-security-conv-function.html">4.3. The conversation function</a></span></dt><dt><span class="section"><a href="adg-security-usre-identity.html">4.4. The identity of the user</a></span></dt><dt><span class="section"><a href="adg-security-resources.html">4.5. Sufficient resources</a></span></dt></dl></dd><dt><span class="chapter"><a href="adg-libpam_misc.html">5. A library of miscellaneous helper functions</a></span></dt><dd><dl><dt><span class="section"><a href="adg-libpam-functions.html">5.1. Functions supplied</a></span></dt><dd><dl><dt><span class="section"><a href="adg-libpam-functions.html#adg-misc_conv">5.1.1. Text based conversation function</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_paste_env">5.1.2. Transcribing an environment to that of PAM</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_drop_env">5.1.3. Liberating a locally saved environment</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_setenv">5.1.4. BSD like PAM environment variable setting</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="adg-porting.html">6. Porting legacy applications</a></span></dt><dt><span class="chapter"><a href="adg-glossary.html">7. Glossary of PAM related terms</a></span></dt><dt><span class="chapter"><a href="adg-example.html">8. An example application</a></span></dt><dt><span class="chapter"><a href="adg-files.html">9. Files</a></span></dt><dt><span class="chapter"><a href="adg-see-also.html">10. See also</a></span></dt><dt><span class="chapter"><a href="adg-author.html">11. Author/acknowledgments</a></span></dt><dt><span class="chapter"><a href="adg-copyright.html">12. Copyright information for this document</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left">�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="adg-introduction.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">�</td><td width="20%" align="center">�</td><td width="40%" align="right" valign="top">�Chapter�1.�Introduction</td></tr></table></div></body></html>
+ </a></span></dt><dd><dl><dt><span class="section"><a href="adg-security-library-calls.html">4.1. Care about standard library calls</a></span></dt><dt><span class="section"><a href="adg-security-service-name.html">4.2. Choice of a service name</a></span></dt><dt><span class="section"><a href="adg-security-conv-function.html">4.3. The conversation function</a></span></dt><dt><span class="section"><a href="adg-security-user-identity.html">4.4. The identity of the user</a></span></dt><dt><span class="section"><a href="adg-security-resources.html">4.5. Sufficient resources</a></span></dt></dl></dd><dt><span class="chapter"><a href="adg-libpam_misc.html">5. A library of miscellaneous helper functions</a></span></dt><dd><dl><dt><span class="section"><a href="adg-libpam-functions.html">5.1. Functions supplied</a></span></dt><dd><dl><dt><span class="section"><a href="adg-libpam-functions.html#adg-misc_conv">5.1.1. Text based conversation function</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_paste_env">5.1.2. Transcribing an environment to that of PAM</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_drop_env">5.1.3. Liberating a locally saved environment</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_setenv">5.1.4. BSD like PAM environment variable setting</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="adg-porting.html">6. Porting legacy applications</a></span></dt><dt><span class="chapter"><a href="adg-glossary.html">7. Glossary of PAM related terms</a></span></dt><dt><span class="chapter"><a href="adg-example.html">8. An example application</a></span></dt><dt><span class="chapter"><a href="adg-files.html">9. Files</a></span></dt><dt><span class="chapter"><a href="adg-see-also.html">10. See also</a></span></dt><dt><span class="chapter"><a href="adg-author.html">11. Author/acknowledgments</a></span></dt><dt><span class="chapter"><a href="adg-copyright.html">12. Copyright information for this document</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left">�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="adg-introduction.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">�</td><td width="20%" align="center">�</td><td width="40%" align="right" valign="top">�Chapter�1.�Introduction</td></tr></table></div></body></html>
Files old/Linux-PAM-1.0.92/doc/adg/Linux-PAM_ADG.pdf and new/Linux-PAM-1.1.0/doc/adg/Linux-PAM_ADG.pdf differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/Linux-PAM_ADG.txt new/Linux-PAM-1.1.0/doc/adg/Linux-PAM_ADG.txt
--- old/Linux-PAM-1.0.92/doc/adg/Linux-PAM_ADG.txt 2009-03-24 19:04:25.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/Linux-PAM_ADG.txt 2009-06-16 10:48:11.000000000 +0200
@@ -8,14 +8,14 @@
<kukuk(a)thkukuk.de>
-Version 1.0, 3. April 2008
+Version 1.1, 16. June 2009
Abstract
This manual documents what an application developer needs to know about the
Linux-PAM library. It describes how an application might use the Linux-PAM
library to authenticate users. In addition it contains a description of the
-funtions to be found in libpam_misc library, that can be used in general
+functions to be found in libpam_misc library, that can be used in general
applications. Finally, it contains some comments on PAM related security issues
for the application developer.
@@ -1359,14 +1359,14 @@
The need for keeping tabs on these identities is clearly an issue of security.
One convention that is actively used by some modules is that the identity of
-the user requesting a service should be the current UID (userid) of the running
-process; the identity of the privilege granting user is the EUID (effective
-userid) of the running process; the identity of the user, under whose name the
-service will be executed, is given by the contents of the PAM_USER pam_get_item
-(3). Note, modules can change the values of PAM_USER and PAM_RUSER during any
-of the pam_*() library calls. For this reason, the application should take care
-to use the pam_get_item() every time it wishes to establish who the
-authenticated user is (or will currently be).
+the user requesting a service should be the current UID (user ID) of the
+running process; the identity of the privilege granting user is the EUID
+(effective user ID) of the running process; the identity of the user, under
+whose name the service will be executed, is given by the contents of the
+PAM_USER pam_get_item(3). Note, modules can change the values of PAM_USER and
+PAM_RUSER during any of the pam_*() library calls. For this reason, the
+application should take care to use the pam_get_item() every time it wishes to
+establish who the authenticated user is (or will currently be).
For network-serving databases and other applications that provide their own
security model (independent of the OS kernel) the above scheme is insufficient
@@ -1399,14 +1399,14 @@
This is also true of conversation prompts. The application should not accept
prompts of arbitrary length with out checking for resource allocation failure
-and dealing with such extreme conditions gracefully and in a mannor that
+and dealing with such extreme conditions gracefully and in a manner that
preserves the PAM API. Such tolerance may be especially important when
attempting to track a malicious adversary.
Chapter 5. A library of miscellaneous helper functions
To aid the work of the application developer a library of miscellaneous
-functions is provided. It is called libpam_miscy, and contains a text based
+functions is provided. It is called libpam_misc, and contains a text based
conversation function, and routines for enhancing the standard PAM-environment
variable support.
@@ -1593,10 +1593,10 @@
Generally, this is a password. However, a user can authenticate him/herself
in a variety of ways. Updating the user's authentication token thus
- corresponds to refreshing the object they use to authenticate themself with
- the system. The word password is avoided to keep open the possibility that
- the authentication involves a retinal scan or other non-textual mode of
- challenge/response.
+ corresponds to refreshing the object they use to authenticate them self
+ with the system. The word password is avoided to keep open the possibility
+ that the authentication involves a retinal scan or other non-textual mode
+ of challenge/response.
Credentials
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/html/Linux-PAM_MWG.html new/Linux-PAM-1.1.0/doc/mwg/html/Linux-PAM_MWG.html
--- old/Linux-PAM-1.0.92/doc/mwg/html/Linux-PAM_MWG.html 2009-03-24 19:05:03.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/html/Linux-PAM_MWG.html 2009-06-16 10:48:52.000000000 +0200
@@ -1,10 +1,10 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>The Linux-PAM Module Writers' Guide</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><meta name="description" content="This manual documents what a programmer needs to know in order to write a module that conforms to the Linux-PAM standard.It also discusses some security issues from the point of view of the module programmer."><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="next" href="mwg-introduction.html" title="Chapter�1.�Introduction"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">The Linux-PAM Module Writers' Guide</th></tr><tr><td width="20%" align="left">�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="mwg-introduction.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="mwg"></a>The Linux-PAM Module Writers' Guide</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Andrew G.</span> <span class="surname">Morgan</span></h3><code class="email"><<a class="email" href="mailto:morgan@kernel.org">morgan(a)kernel.org</a>></code></div><div class="author"><h3 class="author"><span class="firstname">Thorsten</span> <span class="surname">Kukuk</span></h3><code class="email"><<a class="email" href="mailto:kukuk@thkukuk.de">kukuk(a)thkukuk.de</a>></code></div></div></div><div><p class="releaseinfo">Version 1.0, 3. April 2008</p></div><div><div class="abstract"><p class="title"><b>Abstract</b></p><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>The Linux-PAM Module Writers' Guide</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><meta name="description" content="This manual documents what a programmer needs to know in order to write a module that conforms to the Linux-PAM standard.It also discusses some security issues from the point of view of the module programmer."><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="next" href="mwg-introduction.html" title="Chapter�1.�Introduction"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">The Linux-PAM Module Writers' Guide</th></tr><tr><td width="20%" align="left">�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="mwg-introduction.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="mwg"></a>The Linux-PAM Module Writers' Guide</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Andrew G.</span> <span class="surname">Morgan</span></h3><code class="email"><<a class="email" href="mailto:morgan@kernel.org">morgan(a)kernel.org</a>></code></div><div class="author"><h3 class="author"><span class="firstname">Thorsten</span> <span class="surname">Kukuk</span></h3><code class="email"><<a class="email" href="mailto:kukuk@thkukuk.de">kukuk(a)thkukuk.de</a>></code></div></div></div><div><p class="releaseinfo">Version 1.1, 16. June 2009</p></div><div><div class="abstract"><p class="title"><b>Abstract</b></p><p>
This manual documents what a programmer needs to know in order
to write a module that conforms to the
<span class="emphasis"><em>Linux-PAM</em></span> standard.It also
discusses some security issues from the point of view of the
module programmer.
- </p></div></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="mwg-introduction.html">1. Introduction</a></span></dt><dd><dl><dt><span class="section"><a href="mwg-introduction-description.html">1.1. Description</a></span></dt><dt><span class="section"><a href="mwg-introducton-synopsis.html">1.2. Synopsis</a></span></dt></dl></dd><dt><span class="chapter"><a href="mwg-expected-by-module.html">2. What can be expected by the module</a></span></dt><dd><dl><dt><span class="section"><a href="mwg-expected-by-module-item.html">2.1.
+ </p></div></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="mwg-introduction.html">1. Introduction</a></span></dt><dd><dl><dt><span class="section"><a href="mwg-introduction-description.html">1.1. Description</a></span></dt><dt><span class="section"><a href="mwg-introduction-synopsis.html">1.2. Synopsis</a></span></dt></dl></dd><dt><span class="chapter"><a href="mwg-expected-by-module.html">2. What can be expected by the module</a></span></dt><dd><dl><dt><span class="section"><a href="mwg-expected-by-module-item.html">2.1.
Getting and setting PAM_ITEMs and
data
</a></span></dt><dd><dl><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_set_data">2.1.1. Set module internal data</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_get_data">2.1.2. Get module internal data</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_set_item">2.1.3. Setting PAM items</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_get_item">2.1.4. Getting PAM items</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_get_user">2.1.5. Get user name</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_conv">2.1.6. The conversation function</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#adg-pam_putenv">2.1.7. Set or change PAM environment variable</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#adg-pam_getenv">2.1.8. Get a PAM environment variable</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#adg-pam_getenvlist">2.1.9. Getting the PAM environment</a></span></dt></dl></dd><dt><span class="section"><a href="mwg-expected-by-module-other.html">2.2.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/html/mwg-expected-by-module.html new/Linux-PAM-1.1.0/doc/mwg/html/mwg-expected-by-module.html
--- old/Linux-PAM-1.0.92/doc/mwg/html/mwg-expected-by-module.html 2009-03-24 19:05:02.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/html/mwg-expected-by-module.html 2009-06-16 10:48:51.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�2.�What can be expected by the module</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="prev" href="mwg-introducton-synopsis.html" title="1.2.�Synopsis"><link rel="next" href="mwg-expected-by-module-item.html" title="2.1.� Getting and setting PAM_ITEMs and data"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�2.�What can be expected by the module</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="mwg-introducton-synopsis.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="mwg-expected-by-module-item.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="mwg-expected-by-module"></a>Chapter�2.�What can be expected by the module</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="mwg-expected-by-module-item.html">2.1.
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�2.�What can be expected by the module</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="prev" href="mwg-introduction-synopsis.html" title="1.2.�Synopsis"><link rel="next" href="mwg-expected-by-module-item.html" title="2.1.� Getting and setting PAM_ITEMs and data"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�2.�What can be expected by the module</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="mwg-introduction-synopsis.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="mwg-expected-by-module-item.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="mwg-expected-by-module"></a>Chapter�2.�What can be expected by the module</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="mwg-expected-by-module-item.html">2.1.
Getting and setting PAM_ITEMs and
data
</a></span></dt><dd><dl><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_set_data">2.1.1. Set module internal data</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_get_data">2.1.2. Get module internal data</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_set_item">2.1.3. Setting PAM items</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_get_item">2.1.4. Getting PAM items</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_get_user">2.1.5. Get user name</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_conv">2.1.6. The conversation function</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#adg-pam_putenv">2.1.7. Set or change PAM environment variable</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#adg-pam_getenv">2.1.8. Get a PAM environment variable</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#adg-pam_getenvlist">2.1.9. Getting the PAM environment</a></span></dt></dl></dd><dt><span class="section"><a href="mwg-expected-by-module-other.html">2.2.
@@ -6,7 +6,7 @@
</a></span></dt><dd><dl><dt><span class="section"><a href="mwg-expected-by-module-other.html#adg-pam_strerror">2.2.1. Strings describing PAM error codes</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-other.html#adg-pam_fail_delay">2.2.2. Request a delay on failure</a></span></dt></dl></dd></dl></div><p>
Here we list the interface that the conventions that all
<span class="emphasis"><em>Linux-PAM</em></span> modules must adhere to.
- </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="mwg-introducton-synopsis.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="mwg-expected-by-module-item.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">1.2.�Synopsis�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top">�2.1.�
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="mwg-introduction-synopsis.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="mwg-expected-by-module-item.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">1.2.�Synopsis�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top">�2.1.�
Getting and setting PAM_ITEMs and
data
</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/html/mwg-expected-by-module-item.html new/Linux-PAM-1.1.0/doc/mwg/html/mwg-expected-by-module-item.html
--- old/Linux-PAM-1.0.92/doc/mwg/html/mwg-expected-by-module-item.html 2009-03-24 19:05:02.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/html/mwg-expected-by-module-item.html 2009-06-16 10:48:51.000000000 +0200
@@ -8,7 +8,7 @@
First, we cover what the module should expect from the
<span class="emphasis"><em>Linux-PAM</em></span> library and a
<span class="emphasis"><em>Linux-PAM</em></span> aware application.
- Essesntially this is the <code class="filename">libpam.*</code> library.
+ Essentially this is the <code class="filename">libpam.*</code> library.
</p><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="mwg-pam_set_data"></a>2.1.1.�Set module internal data</h3></div></div></div><div class="funcsynopsis"><pre class="funcsynopsisinfo">#include <security/pam_modules.h></pre><table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" class="funcprototype-table"><tr><td><code class="funcdef">int <b class="fsfunc">pam_set_data</b>(</code></td><td><var class="pdparam">pamh</var>, </td><td>�</td></tr><tr><td>�</td><td><var class="pdparam">module_data_name</var>, </td><td>�</td></tr><tr><td>�</td><td><var class="pdparam">data</var>, </td><td>�</td></tr><tr><td>�</td><td><var class="pdparam">(*cleanup)(pam_handle_t *pamh, void *data, int error_status)</var><code>)</code>;</td><td>�</td></tr></table><div class="paramdef-list"><code>pam_handle_t *<var class="pdparam">pamh</var></code>;<br><code>const char *<var class="pdparam">module_data_name</var></code>;<br><code>void *<var class="pdparam">data</var></code>;<br><code>void <var class="pdparam">(*cleanup)(pam_handle_t *pamh, void *data, int error_status)</var></code>;</div><div class="funcprototype-spacer">�</div></div><div class="section" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="mwg-pam_set_data-description"></a>2.1.1.1.�DESCRIPTION</h4></div></div></div><p>
The <code class="function">pam_set_data</code> function associates a pointer
to an object with the (hopefully) unique string
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/html/mwg-expected-of-module-overview.html new/Linux-PAM-1.1.0/doc/mwg/html/mwg-expected-of-module-overview.html
--- old/Linux-PAM-1.0.92/doc/mwg/html/mwg-expected-of-module-overview.html 2009-03-24 19:05:02.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/html/mwg-expected-of-module-overview.html 2009-06-16 10:48:51.000000000 +0200
@@ -23,7 +23,7 @@
token of some lesser user. In other cases it may not be
appropriate: when <span class="command"><strong>joe</strong></span> maliciously wants
to reset <span class="command"><strong>alice</strong></span>'s password; or when anyone
- other than the user themself wishes to reset their
+ other than the user them self wishes to reset their
<span class="emphasis"><em>KERBEROS</em></span> authentication token. A policy
for this action should be defined by any reasonable
authentication scheme, the module writer should consider
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/html/mwg-introduction-description.html new/Linux-PAM-1.1.0/doc/mwg/html/mwg-introduction-description.html
--- old/Linux-PAM-1.0.92/doc/mwg/html/mwg-introduction-description.html 2009-03-24 19:05:02.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/html/mwg-introduction-description.html 2009-06-16 10:48:50.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>1.1.�Description</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="mwg-introduction.html" title="Chapter�1.�Introduction"><link rel="prev" href="mwg-introduction.html" title="Chapter�1.�Introduction"><link rel="next" href="mwg-introducton-synopsis.html" title="1.2.�Synopsis"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">1.1.�Description</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="mwg-introduction.html">Prev</a>�</td><th width="60%" align="center">Chapter�1.�Introduction</th><td width="20%" align="right">�<a accesskey="n" href="mwg-introducton-synopsis.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="mwg-introduction-description"></a>1.1.�Description</h2></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>1.1.�Description</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="mwg-introduction.html" title="Chapter�1.�Introduction"><link rel="prev" href="mwg-introduction.html" title="Chapter�1.�Introduction"><link rel="next" href="mwg-introduction-synopsis.html" title="1.2.�Synopsis"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">1.1.�Description</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="mwg-introduction.html">Prev</a>�</td><th width="60%" align="center">Chapter�1.�Introduction</th><td width="20%" align="right">�<a accesskey="n" href="mwg-introduction-synopsis.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="mwg-introduction-description"></a>1.1.�Description</h2></div></div></div><p>
<span class="emphasis"><em>Linux-PAM</em></span> (Pluggable Authentication
Modules for Linux) is a library that enables the local system
administrator to choose how individual applications authenticate
@@ -30,4 +30,4 @@
(entering a password etc..) the module should never call the
application directly. This exception requires a "conversation
mechanism" which is documented below.
- </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="mwg-introduction.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="mwg-introduction.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="mwg-introducton-synopsis.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�1.�Introduction�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top">�1.2.�Synopsis</td></tr></table></div></body></html>
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="mwg-introduction.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="mwg-introduction.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="mwg-introduction-synopsis.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�1.�Introduction�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top">�1.2.�Synopsis</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/html/mwg-introduction.html new/Linux-PAM-1.1.0/doc/mwg/html/mwg-introduction.html
--- old/Linux-PAM-1.0.92/doc/mwg/html/mwg-introduction.html 2009-03-24 19:05:02.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/html/mwg-introduction.html 2009-06-16 10:48:50.000000000 +0200
@@ -1 +1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�1.�Introduction</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="prev" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="next" href="mwg-introduction-description.html" title="1.1.�Description"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�1.�Introduction</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Linux-PAM_MWG.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="mwg-introduction-description.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="mwg-introduction"></a>Chapter�1.�Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="mwg-introduction-description.html">1.1. Description</a></span></dt><dt><span class="section"><a href="mwg-introducton-synopsis.html">1.2. Synopsis</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Linux-PAM_MWG.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="mwg-introduction-description.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">The Linux-PAM Module Writers' Guide�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top">�1.1.�Description</td></tr></table></div></body></html>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�1.�Introduction</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="prev" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="next" href="mwg-introduction-description.html" title="1.1.�Description"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�1.�Introduction</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Linux-PAM_MWG.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="mwg-introduction-description.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="mwg-introduction"></a>Chapter�1.�Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="mwg-introduction-description.html">1.1. Description</a></span></dt><dt><span class="section"><a href="mwg-introduction-synopsis.html">1.2. Synopsis</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Linux-PAM_MWG.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="mwg-introduction-description.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">The Linux-PAM Module Writers' Guide�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top">�1.1.�Description</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/html/mwg-introduction-synopsis.html new/Linux-PAM-1.1.0/doc/mwg/html/mwg-introduction-synopsis.html
--- old/Linux-PAM-1.0.92/doc/mwg/html/mwg-introduction-synopsis.html 1970-01-01 01:00:00.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/html/mwg-introduction-synopsis.html 2009-06-16 10:48:50.000000000 +0200
@@ -0,0 +1,6 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>1.2.�Synopsis</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="mwg-introduction.html" title="Chapter�1.�Introduction"><link rel="prev" href="mwg-introduction-description.html" title="1.1.�Description"><link rel="next" href="mwg-expected-by-module.html" title="Chapter�2.�What can be expected by the module"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">1.2.�Synopsis</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="mwg-introduction-description.html">Prev</a>�</td><th width="60%" align="center">Chapter�1.�Introduction</th><td width="20%" align="right">�<a accesskey="n" href="mwg-expected-by-module.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="mwg-introduction-synopsis"></a>1.2.�Synopsis</h2></div></div></div><pre class="programlisting">
+#include <security/pam_modules.h>
+
+gcc -fPIC -c pam_module.c
+gcc -shared -o pam_module.so pam_module.o -lpam
+ </pre></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="mwg-introduction-description.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="mwg-introduction.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="mwg-expected-by-module.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">1.1.�Description�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�2.�What can be expected by the module</td></tr></table></div></body></html>
Files old/Linux-PAM-1.0.92/doc/mwg/Linux-PAM_MWG.pdf and new/Linux-PAM-1.1.0/doc/mwg/Linux-PAM_MWG.pdf differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/Linux-PAM_MWG.txt new/Linux-PAM-1.1.0/doc/mwg/Linux-PAM_MWG.txt
--- old/Linux-PAM-1.0.92/doc/mwg/Linux-PAM_MWG.txt 2009-03-24 19:04:55.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/Linux-PAM_MWG.txt 2009-06-16 10:48:45.000000000 +0200
@@ -8,7 +8,7 @@
<kukuk(a)thkukuk.de>
-Version 1.0, 3. April 2008
+Version 1.1, 16. June 2009
Abstract
@@ -128,7 +128,7 @@
2.1. Getting and setting PAM_ITEMs and data
First, we cover what the module should expect from the Linux-PAM library and a
-Linux-PAM aware application. Essesntially this is the libpam.* library.
+Linux-PAM aware application. Essentially this is the libpam.* library.
2.1.1. Set module internal data
@@ -902,7 +902,7 @@
Linux-PAM authenticate the user. In some cases this may be deemed appropriate:
when root wants to change the authentication token of some lesser user. In
other cases it may not be appropriate: when joe maliciously wants to reset
-alice's password; or when anyone other than the user themself wishes to reset
+alice's password; or when anyone other than the user them self wishes to reset
their KERBEROS authentication token. A policy for this action should be defined
by any reasonable authentication scheme, the module writer should consider this
when implementing a given module.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/Linux-PAM_SAG.html new/Linux-PAM-1.1.0/doc/sag/html/Linux-PAM_SAG.html
--- old/Linux-PAM-1.0.92/doc/sag/html/Linux-PAM_SAG.html 2009-05-05 16:04:28.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/Linux-PAM_SAG.html 2009-06-16 10:47:26.000000000 +0200
@@ -1,6 +1,6 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>The Linux-PAM System Administrators' Guide</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><meta name="description" content="This manual documents what a system-administrator needs to know about the Linux-PAM library. It covers the correct syntax of the PAM configuration file and discusses strategies for maintaining a secure system."><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="next" href="sag-introductoin.html" title="Chapter�1.�Introduction"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">The Linux-PAM System Administrators' Guide</th></tr><tr><td width="20%" align="left">�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-introductoin.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="sag"></a>The Linux-PAM System Administrators' Guide</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Andrew G.</span> <span class="surname">Morgan</span></h3><code class="email"><<a class="email" href="mailto:morgan@kernel.org">morgan(a)kernel.org</a>></code></div><div class="author"><h3 class="author"><span class="firstname">Thorsten</span> <span class="surname">Kukuk</span></h3><code class="email"><<a class="email" href="mailto:kukuk@thkukuk.de">kukuk(a)thkukuk.de</a>></code></div></div></div><div><p class="releaseinfo">Version 1.0, 3. April 2008</p></div><div><div class="abstract"><p class="title"><b>Abstract</b></p><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>The Linux-PAM System Administrators' Guide</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><meta name="description" content="This manual documents what a system-administrator needs to know about the Linux-PAM library. It covers the correct syntax of the PAM configuration file and discusses strategies for maintaining a secure system."><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="next" href="sag-introduction.html" title="Chapter�1.�Introduction"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">The Linux-PAM System Administrators' Guide</th></tr><tr><td width="20%" align="left">�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-introduction.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="sag"></a>The Linux-PAM System Administrators' Guide</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Andrew G.</span> <span class="surname">Morgan</span></h3><code class="email"><<a class="email" href="mailto:morgan@kernel.org">morgan(a)kernel.org</a>></code></div><div class="author"><h3 class="author"><span class="firstname">Thorsten</span> <span class="surname">Kukuk</span></h3><code class="email"><<a class="email" href="mailto:kukuk@thkukuk.de">kukuk(a)thkukuk.de</a>></code></div></div></div><div><p class="releaseinfo">Version 1.1, 16. June 2009</p></div><div><div class="abstract"><p class="title"><b>Abstract</b></p><p>
This manual documents what a system-administrator needs to know about
the <span class="emphasis"><em>Linux-PAM</em></span> library. It covers the
correct syntax of the PAM configuration file and discusses strategies
for maintaining a secure system.
- </p></div></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="sag-introductoin.html">1. Introduction</a></span></dt><dt><span class="chapter"><a href="sag-text-conventions.html">2. Some comments on the text</a></span></dt><dt><span class="chapter"><a href="sag-overview.html">3. Overview</a></span></dt><dt><span class="chapter"><a href="sag-configuration.html">4. The Linux-PAM configuration file</a></span></dt><dd><dl><dt><span class="section"><a href="sag-configuration-file.html">4.1. Configuration file syntax</a></span></dt><dt><span class="section"><a href="sag-configuratin-dirctory.html">4.2. Directory based configuration</a></span></dt><dt><span class="section"><a href="sag-configuration-example.html">4.3. Example configuration file entries</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-security-issues.html">5. Security issues</a></span></dt><dd><dl><dt><span class="section"><a href="sag-scurity-issues-wrong.html">5.1. If something goes wrong</a></span></dt><dt><span class="section"><a href="sag-security-issues-other.html">5.2. Avoid having a weak `other' configuration</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-module-reference.html">6. A reference guide for available modules</a></span></dt><dd><dl><dt><span class="section"><a href="sag-pam_access.html">6.1. pam_access - logdaemon style login access control</a></span></dt><dt><span class="section"><a href="sag-pam_cracklib.html">6.2. pam_cracklib - checks the password against dictionary words</a></span></dt><dt><span class="section"><a href="sag-pam_debug.html">6.3. pam_debug - debug the PAM stack</a></span></dt><dt><span class="section"><a href="sag-pam_deny.html">6.4. pam_deny - locking-out PAM module</a></span></dt><dt><span class="section"><a href="sag-pam_echo.html">6.5. pam_echo - print text messages</a></span></dt><dt><span class="section"><a href="sag-pam_env.html">6.6. pam_env - set/unset environment variables</a></span></dt><dt><span class="section"><a href="sag-pam_exec.html">6.7. pam_exec - call an external command</a></span></dt><dt><span class="section"><a href="sag-pam_faildelay.html">6.8. pam_faildelay - change the delay on failure per-application</a></span></dt><dt><span class="section"><a href="sag-pam_filter.html">6.9. pam_filter - filter module</a></span></dt><dt><span class="section"><a href="sag-pam_ftp.html">6.10. pam_ftp - module for anonymous access</a></span></dt><dt><span class="section"><a href="sag-pam_group.html">6.11. pam_group - module to modify group access</a></span></dt><dt><span class="section"><a href="sag-pam_issue.html">6.12. pam_issue - add issue file to user prompt</a></span></dt><dt><span class="section"><a href="sag-pam_keyinit.html">6.13. pam_keyinit - display the keyinit file</a></span></dt><dt><span class="section"><a href="sag-pam_lastlog.html">6.14. pam_lastlog - display date of last login</a></span></dt><dt><span class="section"><a href="sag-pam_limits.html">6.15. pam_limits - limit resources</a></span></dt><dt><span class="section"><a href="sag-pam_listfile.html">6.16. pam_listfile - deny or allow services based on an arbitrary file</a></span></dt><dt><span class="section"><a href="sag-pam_localuser.html">6.17. pam_localuser - require users to be listed in /etc/passwd</a></span></dt><dt><span class="section"><a href="sag-pam_loginuid.html">6.18. pam_loginuid - record user's login uid to the process attribute</a></span></dt><dt><span class="section"><a href="sag-pam_mail.html">6.19. pam_mail - inform about available mail</a></span></dt><dt><span class="section"><a href="sag-pam_mkhomedir.html">6.20. pam_mkhomedir - create users home directory</a></span></dt><dt><span class="section"><a href="sag-pam_motd.html">6.21. pam_motd - display the motd file</a></span></dt><dt><span class="section"><a href="sag-pam_namespace.html">6.22. pam_namespace - setup a private namespace</a></span></dt><dt><span class="section"><a href="sag-pam_nologin.html">6.23. pam_nologin - prevent non-root users from login</a></span></dt><dt><span class="section"><a href="sag-pam_permit.html">6.24. pam_permit - the promiscuous module</a></span></dt><dt><span class="section"><a href="sag-pam_pwhistory.html">6.25. pam_pwhistory - grant access using .pwhistory file</a></span></dt><dt><span class="section"><a href="sag-pam_rhosts.html">6.26. pam_rhosts - grant access using .rhosts file</a></span></dt><dt><span class="section"><a href="sag-pam_rootok.html">6.27. pam_rootok - gain only root access</a></span></dt><dt><span class="section"><a href="sag-pam_securetty.html">6.28. pam_securetty - limit root login to special devices</a></span></dt><dt><span class="section"><a href="sag-pam_selinux.html">6.29. pam_selinux - set the default security context</a></span></dt><dt><span class="section"><a href="sag-pam_shells.html">6.30. pam_shells - check for valid login shell</a></span></dt><dt><span class="section"><a href="sag-pam_succeed_if.html">6.31. pam_succeed_if - test account characteristics</a></span></dt><dt><span class="section"><a href="sag-pam_tally.html">6.32. pam_tally - login counter (tallying) module</a></span></dt><dt><span class="section"><a href="sag-pam_tally2.html">6.33. pam_tally2 - login counter (tallying) module</a></span></dt><dt><span class="section"><a href="sag-pam_time.html">6.34. pam_time - time controled access</a></span></dt><dt><span class="section"><a href="sag-pam_timestamp.html">6.35. pam_timestamp - authenticate using cached successful authentication attempts</a></span></dt><dt><span class="section"><a href="sag-pam_umask.html">6.36. pam_umask - set the file mode creation mask</a></span></dt><dt><span class="section"><a href="sag-pam_unix.html">6.37. pam_unix - traditional password authentication</a></span></dt><dt><span class="section"><a href="sag-pam_userdb.html">6.38. pam_userdb - authenticate against a db database</a></span></dt><dt><span class="section"><a href="sag-pam_warn.html">6.39. pam_warn - logs all PAM items</a></span></dt><dt><span class="section"><a href="sag-pam_wheel.html">6.40. pam_wheel - only permit root access to members of group wheel</a></span></dt><dt><span class="section"><a href="sag-pam_xauth.html">6.41. pam_xauth - forward xauth keys between users</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-see-also.html">7. See also</a></span></dt><dt><span class="chapter"><a href="sag-author.html">8. Author/acknowledgments</a></span></dt><dt><span class="chapter"><a href="sag-copyright.html">9. Copyright information for this document</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left">�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-introductoin.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">�</td><td width="20%" align="center">�</td><td width="40%" align="right" valign="top">�Chapter�1.�Introduction</td></tr></table></div></body></html>
+ </p></div></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="sag-introduction.html">1. Introduction</a></span></dt><dt><span class="chapter"><a href="sag-text-conventions.html">2. Some comments on the text</a></span></dt><dt><span class="chapter"><a href="sag-overview.html">3. Overview</a></span></dt><dt><span class="chapter"><a href="sag-configuration.html">4. The Linux-PAM configuration file</a></span></dt><dd><dl><dt><span class="section"><a href="sag-configuration-file.html">4.1. Configuration file syntax</a></span></dt><dt><span class="section"><a href="sag-configuration-directory.html">4.2. Directory based configuration</a></span></dt><dt><span class="section"><a href="sag-configuration-example.html">4.3. Example configuration file entries</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-security-issues.html">5. Security issues</a></span></dt><dd><dl><dt><span class="section"><a href="sag-security-issues-wrong.html">5.1. If something goes wrong</a></span></dt><dt><span class="section"><a href="sag-security-issues-other.html">5.2. Avoid having a weak `other' configuration</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-module-reference.html">6. A reference guide for available modules</a></span></dt><dd><dl><dt><span class="section"><a href="sag-pam_access.html">6.1. pam_access - logdaemon style login access control</a></span></dt><dt><span class="section"><a href="sag-pam_cracklib.html">6.2. pam_cracklib - checks the password against dictionary words</a></span></dt><dt><span class="section"><a href="sag-pam_debug.html">6.3. pam_debug - debug the PAM stack</a></span></dt><dt><span class="section"><a href="sag-pam_deny.html">6.4. pam_deny - locking-out PAM module</a></span></dt><dt><span class="section"><a href="sag-pam_echo.html">6.5. pam_echo - print text messages</a></span></dt><dt><span class="section"><a href="sag-pam_env.html">6.6. pam_env - set/unset environment variables</a></span></dt><dt><span class="section"><a href="sag-pam_exec.html">6.7. pam_exec - call an external command</a></span></dt><dt><span class="section"><a href="sag-pam_faildelay.html">6.8. pam_faildelay - change the delay on failure per-application</a></span></dt><dt><span class="section"><a href="sag-pam_filter.html">6.9. pam_filter - filter module</a></span></dt><dt><span class="section"><a href="sag-pam_ftp.html">6.10. pam_ftp - module for anonymous access</a></span></dt><dt><span class="section"><a href="sag-pam_group.html">6.11. pam_group - module to modify group access</a></span></dt><dt><span class="section"><a href="sag-pam_issue.html">6.12. pam_issue - add issue file to user prompt</a></span></dt><dt><span class="section"><a href="sag-pam_keyinit.html">6.13. pam_keyinit - display the keyinit file</a></span></dt><dt><span class="section"><a href="sag-pam_lastlog.html">6.14. pam_lastlog - display date of last login</a></span></dt><dt><span class="section"><a href="sag-pam_limits.html">6.15. pam_limits - limit resources</a></span></dt><dt><span class="section"><a href="sag-pam_listfile.html">6.16. pam_listfile - deny or allow services based on an arbitrary file</a></span></dt><dt><span class="section"><a href="sag-pam_localuser.html">6.17. pam_localuser - require users to be listed in /etc/passwd</a></span></dt><dt><span class="section"><a href="sag-pam_loginuid.html">6.18. pam_loginuid - record user's login uid to the process attribute</a></span></dt><dt><span class="section"><a href="sag-pam_mail.html">6.19. pam_mail - inform about available mail</a></span></dt><dt><span class="section"><a href="sag-pam_mkhomedir.html">6.20. pam_mkhomedir - create users home directory</a></span></dt><dt><span class="section"><a href="sag-pam_motd.html">6.21. pam_motd - display the motd file</a></span></dt><dt><span class="section"><a href="sag-pam_namespace.html">6.22. pam_namespace - setup a private namespace</a></span></dt><dt><span class="section"><a href="sag-pam_nologin.html">6.23. pam_nologin - prevent non-root users from login</a></span></dt><dt><span class="section"><a href="sag-pam_permit.html">6.24. pam_permit - the promiscuous module</a></span></dt><dt><span class="section"><a href="sag-pam_pwhistory.html">6.25. pam_pwhistory - grant access using .pwhistory file</a></span></dt><dt><span class="section"><a href="sag-pam_rhosts.html">6.26. pam_rhosts - grant access using .rhosts file</a></span></dt><dt><span class="section"><a href="sag-pam_rootok.html">6.27. pam_rootok - gain only root access</a></span></dt><dt><span class="section"><a href="sag-pam_securetty.html">6.28. pam_securetty - limit root login to special devices</a></span></dt><dt><span class="section"><a href="sag-pam_selinux.html">6.29. pam_selinux - set the default security context</a></span></dt><dt><span class="section"><a href="sag-pam_shells.html">6.30. pam_shells - check for valid login shell</a></span></dt><dt><span class="section"><a href="sag-pam_succeed_if.html">6.31. pam_succeed_if - test account characteristics</a></span></dt><dt><span class="section"><a href="sag-pam_tally.html">6.32. pam_tally - login counter (tallying) module</a></span></dt><dt><span class="section"><a href="sag-pam_tally2.html">6.33. pam_tally2 - login counter (tallying) module</a></span></dt><dt><span class="section"><a href="sag-pam_time.html">6.34. pam_time - time controled access</a></span></dt><dt><span class="section"><a href="sag-pam_timestamp.html">6.35. pam_timestamp - authenticate using cached successful authentication attempts</a></span></dt><dt><span class="section"><a href="sag-pam_umask.html">6.36. pam_umask - set the file mode creation mask</a></span></dt><dt><span class="section"><a href="sag-pam_unix.html">6.37. pam_unix - traditional password authentication</a></span></dt><dt><span class="section"><a href="sag-pam_userdb.html">6.38. pam_userdb - authenticate against a db database</a></span></dt><dt><span class="section"><a href="sag-pam_warn.html">6.39. pam_warn - logs all PAM items</a></span></dt><dt><span class="section"><a href="sag-pam_wheel.html">6.40. pam_wheel - only permit root access to members of group wheel</a></span></dt><dt><span class="section"><a href="sag-pam_xauth.html">6.41. pam_xauth - forward xauth keys between users</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-see-also.html">7. See also</a></span></dt><dt><span class="chapter"><a href="sag-author.html">8. Author/acknowledgments</a></span></dt><dt><span class="chapter"><a href="sag-copyright.html">9. Copyright information for this document</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left">�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-introduction.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">�</td><td width="20%" align="center">�</td><td width="40%" align="right" valign="top">�Chapter�1.�Introduction</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration-directory.html new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration-directory.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration-directory.html 1970-01-01 01:00:00.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration-directory.html 2009-06-16 10:47:20.000000000 +0200
@@ -0,0 +1,19 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.2.�Directory based configuration</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-configuration.html" title="Chapter�4.�The Linux-PAM configuration file"><link rel="prev" href="sag-configuration-file.html" title="4.1.�Configuration file syntax"><link rel="next" href="sag-configuration-example.html" title="4.3.�Example configuration file entries"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.2.�Directory based configuration</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuration-file.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�The Linux-PAM configuration file</th><td width="20%" align="right">�<a accesskey="n" href="sag-configuration-example.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-configuration-directory"></a>4.2.�Directory based configuration</h2></div></div></div><p>
+ More flexible than the single configuration file is it to
+ configure libpam via the contents of the
+ <code class="filename">/etc/pam.d/</code> directory. In this case the
+ directory is filled with files each of which has a filename
+ equal to a service-name (in lower-case): it is the personal
+ configuration file for the named service.
+ </p><p>
+ The syntax of each file in /etc/pam.d/ is similar to that of the
+ <code class="filename">/etc/pam.conf</code> file and is made up of lines
+ of the following form:
+ </p><pre class="programlisting">
+type control module-path module-arguments
+ </pre><p>
+ The only difference being that the service-name is not present. The
+ service-name is of course the name of the given configuration file.
+ For example, <code class="filename">/etc/pam.d/login</code> contains the
+ configuration for the <span class="emphasis"><em>login</em></span> service.
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuration-file.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-configuration.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-configuration-example.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.1.�Configuration file syntax�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�4.3.�Example configuration file entries</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration-example.html new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration-example.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration-example.html 2009-05-05 16:04:22.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration-example.html 2009-06-16 10:47:20.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.3.�Example configuration file entries</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-configuration.html" title="Chapter�4.�The Linux-PAM configuration file"><link rel="prev" href="sag-configuratin-dirctory.html" title="4.2.�Directory based configuration"><link rel="next" href="sag-security-issues.html" title="Chapter�5.�Security issues"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.3.�Example configuration file entries</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuratin-dirctory.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�The Linux-PAM configuration file</th><td width="20%" align="right">�<a accesskey="n" href="sag-security-issues.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-configuration-example"></a>4.3.�Example configuration file entries</h2></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.3.�Example configuration file entries</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-configuration.html" title="Chapter�4.�The Linux-PAM configuration file"><link rel="prev" href="sag-configuration-directory.html" title="4.2.�Directory based configuration"><link rel="next" href="sag-security-issues.html" title="Chapter�5.�Security issues"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.3.�Example configuration file entries</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuration-directory.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�The Linux-PAM configuration file</th><td width="20%" align="right">�<a accesskey="n" href="sag-security-issues.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-configuration-example"></a>4.3.�Example configuration file entries</h2></div></div></div><p>
In this section, we give some examples of entries that can
be present in the <span class="emphasis"><em>Linux-PAM</em></span>
configuration file. As a first attempt at configuring your
@@ -77,4 +77,4 @@
session required pam_unix.so
</pre><p>
In general this will provide a starting place for most applications.
- </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuratin-dirctory.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-configuration.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-security-issues.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.2.�Directory based configuration�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�5.�Security issues</td></tr></table></div></body></html>
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuration-directory.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-configuration.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-security-issues.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.2.�Directory based configuration�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�5.�Security issues</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration-file.html new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration-file.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration-file.html 2009-05-05 16:04:22.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration-file.html 2009-06-16 10:47:20.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.1.�Configuration file syntax</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-configuration.html" title="Chapter�4.�The Linux-PAM configuration file"><link rel="prev" href="sag-configuration.html" title="Chapter�4.�The Linux-PAM configuration file"><link rel="next" href="sag-configuratin-dirctory.html" title="4.2.�Directory based configuration"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.1.�Configuration file syntax</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuration.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�The Linux-PAM configuration file</th><td width="20%" align="right">�<a accesskey="n" href="sag-configuratin-dirctory.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-configuration-file"></a>4.1.�Configuration file syntax</h2></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.1.�Configuration file syntax</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-configuration.html" title="Chapter�4.�The Linux-PAM configuration file"><link rel="prev" href="sag-configuration.html" title="Chapter�4.�The Linux-PAM configuration file"><link rel="next" href="sag-configuration-directory.html" title="4.2.�Directory based configuration"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.1.�Configuration file syntax</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuration.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�The Linux-PAM configuration file</th><td width="20%" align="right">�<a accesskey="n" href="sag-configuration-directory.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-configuration-file"></a>4.1.�Configuration file syntax</h2></div></div></div><p>
The syntax of the <code class="filename">/etc/pam.conf</code>
configuration file is as follows. The file is made up of a list
of rules, each rule is typically placed on a single line,
@@ -227,4 +227,4 @@
the authentication process fail. A corresponding error is written to
the system log files with a call to
<span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span>.
- </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuration.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-configuration.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-configuratin-dirctory.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�4.�The Linux-PAM configuration file�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�4.2.�Directory based configuration</td></tr></table></div></body></html>
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuration.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-configuration.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-configuration-directory.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�4.�The Linux-PAM configuration file�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�4.2.�Directory based configuration</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration.html new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration.html 2009-05-05 16:04:22.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration.html 2009-06-16 10:47:20.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�4.�The Linux-PAM configuration file</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="prev" href="sag-overview.html" title="Chapter�3.�Overview"><link rel="next" href="sag-configuration-file.html" title="4.1.�Configuration file syntax"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�4.�The Linux-PAM configuration file</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-overview.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-configuration-file.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="sag-configuration"></a>Chapter�4.�The Linux-PAM configuration file</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="sag-configuration-file.html">4.1. Configuration file syntax</a></span></dt><dt><span class="section"><a href="sag-configuratin-dirctory.html">4.2. Directory based configuration</a></span></dt><dt><span class="section"><a href="sag-configuration-example.html">4.3. Example configuration file entries</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�4.�The Linux-PAM configuration file</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="prev" href="sag-overview.html" title="Chapter�3.�Overview"><link rel="next" href="sag-configuration-file.html" title="4.1.�Configuration file syntax"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�4.�The Linux-PAM configuration file</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-overview.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-configuration-file.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="sag-configuration"></a>Chapter�4.�The Linux-PAM configuration file</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="sag-configuration-file.html">4.1. Configuration file syntax</a></span></dt><dt><span class="section"><a href="sag-configuration-directory.html">4.2. Directory based configuration</a></span></dt><dt><span class="section"><a href="sag-configuration-example.html">4.3. Example configuration file entries</a></span></dt></dl></div><p>
When a <span class="emphasis"><em>PAM</em></span> aware privilege granting application
is started, it activates its attachment to the PAM-API. This
activation performs a number of tasks, the most important being the
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-introduction.html new/Linux-PAM-1.1.0/doc/sag/html/sag-introduction.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-introduction.html 1970-01-01 01:00:00.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-introduction.html 2009-06-16 10:47:20.000000000 +0200
@@ -0,0 +1,40 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�1.�Introduction</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="prev" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="next" href="sag-text-conventions.html" title="Chapter�2.�Some comments on the text"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�1.�Introduction</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Linux-PAM_SAG.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-text-conventions.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="sag-introduction"></a>Chapter�1.�Introduction</h2></div></div></div><p>
+ <span class="emphasis"><em>Linux-PAM</em></span> (Pluggable Authentication
+ Modules for Linux) is a suite of shared libraries that enable the
+ local system administrator to choose how applications authenticate users.
+ </p><p>
+ In other words, without (rewriting and) recompiling a PAM-aware
+ application, it is possible to switch between the authentication
+ mechanism(s) it uses. Indeed, one may entirely upgrade the local
+ authentication system without touching the applications themselves.
+ </p><p>
+ Historically an application that has required a given user to be
+ authenticated, has had to be compiled to use a specific authentication
+ mechanism. For example, in the case of traditional UN*X systems, the
+ identity of the user is verified by the user entering a correct
+ password. This password, after being prefixed by a two character
+ ``salt'', is encrypted (with crypt(3)). The user is then authenticated
+ if this encrypted password is identical to the second field of the
+ user's entry in the system password database (the
+ <code class="filename">/etc/passwd</code> file). On such systems, most if
+ not all forms of privileges are granted based on this single
+ authentication scheme. Privilege comes in the form of a personal
+ user-identifier (UID) and membership of various groups. Services and
+ applications are available based on the personal and group identity
+ of the user. Traditionally, group membership has been assigned based
+ on entries in the <code class="filename">/etc/group</code> file.
+ </p><p>
+ It is the purpose of the <span class="emphasis"><em>Linux-PAM</em></span>
+ project to separate the development of privilege granting software
+ from the development of secure and appropriate authentication schemes.
+ This is accomplished by providing a library of functions that an
+ application may use to request that a user be authenticated. This
+ PAM library is configured locally with a system file,
+ <code class="filename">/etc/pam.conf</code> (or a series of configuration
+ files located in <code class="filename">/etc/pam.d/</code>) to authenticate a
+ user request via the locally available authentication modules. The
+ modules themselves will usually be located in the directory
+ <code class="filename">/lib/security</code> or
+ <code class="filename">/lib64/security</code> and take the form of dynamically
+ loadable object files (see <span class="citerefentry"><span class="refentrytitle">dlopen</span>(3)</span>).
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Linux-PAM_SAG.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-text-conventions.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">The Linux-PAM System Administrators' Guide�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�2.�Some comments on the text</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-overview.html new/Linux-PAM-1.1.0/doc/sag/html/sag-overview.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-overview.html 2009-05-05 16:04:22.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-overview.html 2009-06-16 10:47:20.000000000 +0200
@@ -96,7 +96,7 @@
If a program is going to use PAM, then it has to have PAM
functions explicitly coded into the program. If you have
access to the source code you can add the appropriate PAM
- functions. If you do not have accessto the source code, and
+ functions. If you do not have access to the source code, and
the binary does not have the PAM functions included, then
it is not possible to use PAM.
</p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-text-conventions.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-configuration.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�2.�Some comments on the text�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�4.�The Linux-PAM configuration file</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_access.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_access.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_access.html 2009-05-05 16:04:23.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_access.html 2009-06-16 10:47:21.000000000 +0200
@@ -87,7 +87,7 @@
</p></dd><dt><span class="term">
<code class="option">debug</code>
</span></dt><dd><p>
- A lot of debug informations are printed with
+ A lot of debug information is printed with
<span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span>.
</p></dd><dt><span class="term">
<code class="option">noaudit</code>
@@ -102,7 +102,7 @@
<span class="emphasis"><em>fieldsep=|</em></span> will cause the
default `:' character to be treated as part of a field value
and `|' becomes the field separator. Doing this may be
- useful in conjuction with a system that wants to use
+ useful in conjunction with a system that wants to use
pam_access with X based applications, since the
<span class="emphasis"><em>PAM_TTY</em></span> item is likely to be
of the form "hostname:0" which includes a `:' character in
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_cracklib.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_cracklib.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_cracklib.html 2009-05-05 16:04:23.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_cracklib.html 2009-06-16 10:47:21.000000000 +0200
@@ -221,7 +221,7 @@
The first error can happen if <code class="option">use_authtok</code>
is specified.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
- A internal error occured.
+ A internal error occurred.
</p></dd></dl></div><p>
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_cracklib-examples"></a>6.2.5.�EXAMPLES</h3></div></div></div><p>
For an example of the use of this module, we show how it may be
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_echo.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_echo.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_echo.html 2009-05-05 16:04:23.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_echo.html 2009-06-16 10:47:22.000000000 +0200
@@ -27,7 +27,7 @@
exist, no message printed.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_echo-examples"></a>6.5.5.�EXAMPLES</h3></div></div></div><p>
For an example of the use of this module, we show how it may be
- used to print informations about good passwords:
+ used to print information about good passwords:
</p><pre class="programlisting">
password optional pam_echo.so file=/usr/share/doc/good-password.txt
password required pam_unix.so
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_env.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_env.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_env.html 2009-05-05 16:04:24.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_env.html 2009-06-16 10:47:22.000000000 +0200
@@ -66,7 +66,7 @@
</p></dd><dt><span class="term">
<code class="option">debug</code>
</span></dt><dd><p>
- A lot of debug informations are printed with
+ A lot of debug information is printed with
<span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span>.
</p></dd><dt><span class="term">
<code class="option">envfile=<em class="replaceable"><code>/path/to/environment</code></em></code>
@@ -84,7 +84,7 @@
</span></dt><dd><p>
Indicate an alternative <code class="filename">.pam_environment</code>
file to override the default. This can be useful when different
- services need different environments. The filename is relativ to
+ services need different environments. The filename is relative to
the user home directory.
</p></dd><dt><span class="term">
<code class="option">user_readenv=<em class="replaceable"><code>0|1</code></em></code>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_exec.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_exec.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_exec.html 2009-05-05 16:04:24.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_exec.html 2009-06-16 10:47:22.000000000 +0200
@@ -62,11 +62,11 @@
<code class="option">password</code> and <code class="option">session</code>) are provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_exec-return_values"></a>6.7.4.�RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- The external command runs successfull.
+ The external command was run successfully.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
No argument or a wrong number of arguments were given.
</p></dd><dt><span class="term">PAM_SYSTEM_ERR</span></dt><dd><p>
- A system error occured or the command to execute failed.
+ A system error occurred or the command to execute failed.
</p></dd><dt><span class="term">PAM_IGNORE</span></dt><dd><p>
<code class="function">pam_setcred</code> was called, which
does not execute the command.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_filter.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_filter.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_filter.html 2009-05-05 16:04:24.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_filter.html 2009-06-16 10:47:22.000000000 +0200
@@ -96,7 +96,7 @@
<code class="option">password</code> and <code class="option">session</code>) are provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_filter-return_values"></a>6.9.4.�RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- The new filter was set successfull.
+ The new filter was set successfully.
</p></dd><dt><span class="term">PAM_ABORT</span></dt><dd><p>
Critical error, immediate abort.
</p></dd></dl></div><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_ftp.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_ftp.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_ftp.html 2009-05-05 16:04:24.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_ftp.html 2009-06-16 10:47:22.000000000 +0200
@@ -45,7 +45,7 @@
Only the <code class="option">auth</code> module type is provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_ftp-return_values"></a>6.10.4.�RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- The authentication was successfull.
+ The authentication was successful.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
User not known.
</p></dd></dl></div><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_group.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_group.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_group.html 2009-05-05 16:04:24.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_group.html 2009-06-16 10:47:22.000000000 +0200
@@ -19,7 +19,7 @@
provide any level of security, all file-systems that the user has write
access to should be mounted <span class="emphasis"><em>nosuid</em></span>.
</p><p>
- The pam_group module fuctions in parallel with the
+ The pam_group module functions in parallel with the
<code class="filename">/etc/group</code> file. If the user is granted any groups
based on the behavior of this module, they are granted
<span class="emphasis"><em>in addition</em></span> to those entries
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_issue.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_issue.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_issue.html 2009-05-05 16:04:24.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_issue.html 2009-06-16 10:47:22.000000000 +0200
@@ -30,9 +30,9 @@
</p></dd><dt><span class="term">PAM_IGNORE</span></dt><dd><p>
The prompt was already changed.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
- A service module error occured.
+ A service module error occurred.
</p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- The new prompt was set successfull.
+ The new prompt was set successfully.
</p></dd></dl></div><p>
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_issue-examples"></a>6.12.5.�EXAMPLES</h3></div></div></div><p>
Add the following line to <code class="filename">/etc/pam.d/login</code> to
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_lastlog.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_lastlog.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_lastlog.html 2009-05-05 16:04:24.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_lastlog.html 2009-06-16 10:47:22.000000000 +0200
@@ -31,7 +31,7 @@
<code class="option">silent</code>
</span></dt><dd><p>
Don't inform the user about any previous login,
- just upate the <code class="filename">/var/log/lastlog</code> file.
+ just update the <code class="filename">/var/log/lastlog</code> file.
</p></dd><dt><span class="term">
<code class="option">never</code>
</span></dt><dd><p>
@@ -71,7 +71,7 @@
Only the <code class="option">session</code> module type is provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_lastlog-return_values"></a>6.14.4.�RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- Everything was successfull.
+ Everything was successful.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
Internal service module error.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_limits.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_limits.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_limits.html 2009-05-05 16:04:25.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_limits.html 2009-06-16 10:47:23.000000000 +0200
@@ -14,11 +14,11 @@
by this limits, too.
</p><p>
By default limits are taken from the <code class="filename">/etc/security/limits.conf</code>
- config file. Then individual files from the <code class="filename">/etc/security/limits.d/</code>
+ config file. Then individual *.conf files from the <code class="filename">/etc/security/limits.d/</code>
directory are read. The files are parsed one after another in the order of "C" locale.
The effect of the individual files is the same as if all the files were
concatenated together in the order of parsing.
- If a config file is explicitely specified with a module option then the
+ If a config file is explicitly specified with a module option then the
files in the above directory are not parsed.
</p><p>
The module must not be called by a multithreaded application.
@@ -135,7 +135,7 @@
New limits could not be set.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
Cannot read config file.
- </p></dd><dt><span class="term">PAM_SESSEION_ERR</span></dt><dd><p>
+ </p></dd><dt><span class="term">PAM_SESSION_ERR</span></dt><dd><p>
Error recovering account name.
</p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
Limits were changed.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_listfile.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_listfile.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_listfile.html 2009-05-05 16:04:25.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_listfile.html 2009-06-16 10:47:23.000000000 +0200
@@ -66,7 +66,7 @@
<code class="option">file=<em class="replaceable"><code>/path/filename</code></em></code>
</span></dt><dd><p>
File containing one item per line. The file needs to be a plain
- file and not world writeable.
+ file and not world writable.
</p></dd><dt><span class="term">
<code class="option">onerr=[succeed|fail]</code>
</span></dt><dd><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_localuser.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_localuser.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_localuser.html 2009-05-05 16:04:25.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_localuser.html 2009-06-16 10:47:23.000000000 +0200
@@ -29,7 +29,7 @@
<code class="option">password</code> and <code class="option">session</code>) are provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_localuser-return_values"></a>6.17.4.�RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- The new localuser was set successfull.
+ The new localuser was set successfully.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
No username was given.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_loginuid.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_loginuid.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_loginuid.html 2009-05-05 16:04:25.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_loginuid.html 2009-06-16 10:47:23.000000000 +0200
@@ -18,7 +18,7 @@
Only the <code class="option">session</code> module type is provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_loginuid-return_values"></a>6.18.4.�RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SESSION_ERR</span></dt><dd><p>
- An error occured during session management.
+ An error occurred during session management.
</p></dd></dl></div><p>
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_loginuid-examples"></a>6.18.5.�EXAMPLES</h3></div></div></div><pre class="programlisting">
#%PAM-1.0
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_mkhomedir.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_mkhomedir.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_mkhomedir.html 2009-05-05 16:04:25.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_mkhomedir.html 2009-06-16 10:47:23.000000000 +0200
@@ -11,7 +11,7 @@
without using a distributed file system or pre-creating a large
number of directories. The skeleton directory (usually
<code class="filename">/etc/skel/</code>) is used to copy default files
- and also set's a umask for the creation.
+ and also sets a umask for the creation.
</p><p>
The new users home directory will not be removed after logout
of the user.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_motd.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_motd.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_motd.html 2009-05-05 16:04:25.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_motd.html 2009-06-16 10:47:23.000000000 +0200
@@ -2,7 +2,7 @@
motd=<em class="replaceable"><code>/path/filename</code></em>
]</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_motd-description"></a>6.21.1.�DESCRIPTION</h3></div></div></div><p>
pam_motd is a PAM module that can be used to display
- arbitrary motd (message of the day) files after a succesful
+ arbitrary motd (message of the day) files after a successful
login. By default the <code class="filename">/etc/motd</code> file is
shown. The message size is limited to 64KB.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_motd-options"></a>6.21.2.�OPTIONS</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_namespace.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_namespace.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_namespace.html 2009-05-05 16:04:25.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_namespace.html 2009-06-16 10:47:23.000000000 +0200
@@ -25,7 +25,7 @@
using SELinux, user name, security context or both. If an executable
script <code class="filename">/etc/security/namespace.init</code> exists, it
is used to initialize the instance directory after it is set up
- and mounted on the polyinstantiated direcory. The script receives the
+ and mounted on the polyinstantiated directory. The script receives the
polyinstantiated directory path, the instance directory path, flag
whether the instance directory was newly created (0 for no, 1 for yes),
and the user name as its arguments.
@@ -188,7 +188,7 @@
<code class="option">no_unmount_on_close</code>
</span></dt><dd><p>
For certain trusted programs such as newrole, open session
- is called from a child process while the parent perfoms
+ is called from a child process while the parent performs
close session and pam end functions. For these commands
use this option to instruct pam_close_session to not
unmount the bind mounted polyinstantiated directory in the
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_pwhistory.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_pwhistory.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_pwhistory.html 2009-05-05 16:04:26.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_pwhistory.html 2009-06-16 10:47:24.000000000 +0200
@@ -15,8 +15,8 @@
to force password change history and keep the user from
alternating between the same password too frequently.
</p><p>
- This module does not work togehter with kerberos. In general,
- it does not make much sense to use this module in conjuction
+ This module does not work together with kerberos. In general,
+ it does not make much sense to use this module in conjunction
with NIS or LDAP, since the old passwords are stored on the
local machine and are not available on another machine for
password history checking.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_selinux.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_selinux.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_selinux.html 2009-05-05 16:04:26.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_selinux.html 2009-06-16 10:47:24.000000000 +0200
@@ -74,14 +74,14 @@
<code class="option">use_current_range</code>
</span></dt><dd><p>
Use the sensitivity level of the current process for the user context
- instead of the default level. Also supresses asking of the
+ instead of the default level. Also suppresses asking of the
sensitivity level from the user or obtaining it from PAM environment.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_selinux-types"></a>6.29.3.�MODULE TYPES PROVIDED</h3></div></div></div><p>
Only the <code class="option">session</code> module type is provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_selinux-return_values"></a>6.29.4.�RETURN VALUES</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p>
Unable to get or set a valid context.
</p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- The security context was set successfull.
+ The security context was set successfully.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
The user is not known to the system.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_selinux-examples"></a>6.29.5.�EXAMPLES</h3></div></div></div><pre class="programlisting">
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_succeed_if.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_succeed_if.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_succeed_if.html 2009-05-05 16:04:27.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_succeed_if.html 2009-06-16 10:47:24.000000000 +0200
@@ -46,7 +46,7 @@
</p></dd><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p>
The condition was false.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
- A service error occured or the arguments can't be
+ A service error occurred or the arguments can't be
parsed correctly.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_succeed_if-examples"></a>6.31.5.�EXAMPLES</h3></div></div></div><p>
To emulate the behaviour of <span class="emphasis"><em>pam_wheel</em></span>, except
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_tally2.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_tally2.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_tally2.html 2009-05-05 16:04:27.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_tally2.html 2009-06-16 10:47:25.000000000 +0200
@@ -59,7 +59,7 @@
<code class="option">onerr=[<em class="replaceable"><code>fail</code></em>|<em class="replaceable"><code>succeed</code></em>]</code>
</span></dt><dd><p>
If something weird happens (like unable to open the file),
- return with <span class="errorcode">PAM_SUCESS</span> if
+ return with <span class="errorcode">PAM_SUCCESS</span> if
<code class="option">onerr=<em class="replaceable"><code>succeed</code></em></code>
is given, else with the corresponding PAM error code.
</p></dd><dt><span class="term">
@@ -108,7 +108,7 @@
<code class="option">magic_root</code>
</span></dt><dd><p>
If the module is invoked by a user with uid=0 the
- counter is not incremented. The sys-admin should use this
+ counter is not incremented. The sysadmin should use this
for user launched services, like <span class="command"><strong>su</strong></span>,
otherwise this argument should be omitted.
</p></dd><dt><span class="term">
@@ -125,7 +125,7 @@
</span></dt><dd><p>
This option implies <code class="option">even_deny_root</code> option.
Allow access after <em class="replaceable"><code>n</code></em> seconds
- to root acccount after failed attempt. If this option is used
+ to root account after failed attempt. If this option is used
the root user will be locked out for the specified amount of
time after he exceeded his maximum allowed attempts.
</p></dd><dt><span class="term">
@@ -144,14 +144,14 @@
</span></dt><dd><p>
Account phase resets attempts counter if the user is
<span class="emphasis"><em>not</em></span> magic root.
- This phase can be used optionaly for services which don't call
+ This phase can be used optionally for services which don't call
<span class="citerefentry"><span class="refentrytitle">pam_setcred</span>(3)</span> correctly or if the reset should be done regardless
of the failure of the account phase of other modules.
</p><div class="variablelist"><dl><dt><span class="term">
<code class="option">magic_root</code>
</span></dt><dd><p>
If the module is invoked by a user with uid=0 the
- counter is not changed. The sys-admin should use this
+ counter is not changed. The sysadmin should use this
for user launched services, like <span class="command"><strong>su</strong></span>,
otherwise this argument should be omitted.
</p></dd></dl></div></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_tally2-types"></a>6.33.3.�MODULE TYPES PROVIDED</h3></div></div></div><p>
@@ -159,10 +159,10 @@
module types are provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_tally2-return_values"></a>6.33.4.�RETURN VALUES</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p>
A invalid option was given, the module was not able
- to retrive the user name, no valid counter file
+ to retrieve the user name, no valid counter file
was found, or too many failed logins.
</p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- Everything was successfull.
+ Everything was successful.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
User not known.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_tally2-notes"></a>6.33.5.�NOTES</h3></div></div></div><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_tally.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_tally.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_tally.html 2009-05-05 16:04:27.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_tally.html 2009-06-16 10:47:24.000000000 +0200
@@ -63,7 +63,7 @@
<code class="option">onerr=[<em class="replaceable"><code>fail</code></em>|<em class="replaceable"><code>succeed</code></em>]</code>
</span></dt><dd><p>
If something weird happens (like unable to open the file),
- return with <span class="errorcode">PAM_SUCESS</span> if
+ return with <span class="errorcode">PAM_SUCCESS</span> if
<code class="option">onerr=<em class="replaceable"><code>succeed</code></em></code>
is given, else with the corresponding PAM error code.
</p></dd><dt><span class="term">
@@ -112,7 +112,7 @@
<code class="option">magic_root</code>
</span></dt><dd><p>
If the module is invoked by a user with uid=0 the
- counter is not incremented. The sys-admin should use this
+ counter is not incremented. The sysadmin should use this
for user launched services, like <span class="command"><strong>su</strong></span>,
otherwise this argument should be omitted.
</p></dd><dt><span class="term">
@@ -145,14 +145,14 @@
</span></dt><dd><p>
Account phase resets attempts counter if the user is
<span class="emphasis"><em>not</em></span> magic root.
- This phase can be used optionaly for services which don't call
+ This phase can be used optionally for services which don't call
<span class="citerefentry"><span class="refentrytitle">pam_setcred</span>(3)</span> correctly or if the reset should be done regardless
of the failure of the account phase of other modules.
</p><div class="variablelist"><dl><dt><span class="term">
<code class="option">magic_root</code>
</span></dt><dd><p>
If the module is invoked by a user with uid=0 the
- counter is not incremented. The sys-admin should use this
+ counter is not incremented. The sysadmin should use this
for user launched services, like <span class="command"><strong>su</strong></span>,
otherwise this argument should be omitted.
</p></dd><dt><span class="term">
@@ -164,10 +164,10 @@
module types are provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_tally-return_values"></a>6.32.4.�RETURN VALUES</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p>
A invalid option was given, the module was not able
- to retrive the user name, no valid counter file
+ to retrieve the user name, no valid counter file
was found, or too many failed logins.
</p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- Everything was successfull.
+ Everything was successful.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
User not known.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_tally-examples"></a>6.32.5.�EXAMPLES</h3></div></div></div><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_time.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_time.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_time.html 2009-05-05 16:04:27.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_time.html 2009-06-16 10:47:25.000000000 +0200
@@ -78,7 +78,7 @@
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_time-options"></a>6.34.3.�OPTIONS</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">
<code class="option">debug</code>
</span></dt><dd><p>
- Some debug informations are printed with
+ Some debug information is printed with
<span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span>.
</p></dd><dt><span class="term">
<code class="option">noaudit</code>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_timestamp.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_timestamp.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_timestamp.html 2009-05-05 16:04:27.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_timestamp.html 2009-06-16 10:47:25.000000000 +0200
@@ -32,10 +32,10 @@
The <code class="option">auth</code> and <code class="option">session</code>
module types are provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_timestamp-return_values"></a>6.35.4.�RETURN VALUES</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p>
- The module was not able to retrive the user name or
+ The module was not able to retrieve the user name or
no valid timestamp file was found.
</p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- Everything was successfull.
+ Everything was successful.
</p></dd><dt><span class="term">PAM_SESSION_ERR</span></dt><dd><p>
Timestamp file could not be created or updated.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_timestamp-notes"></a>6.35.5.�NOTES</h3></div></div></div><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_umask.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_umask.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_umask.html 2009-05-05 16:04:27.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_umask.html 2009-06-16 10:47:25.000000000 +0200
@@ -54,7 +54,7 @@
Only the <code class="option">session</code> type is provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_umask-return_values"></a>6.36.4.�RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- The new umask was set successfull.
+ The new umask was set successfully.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
No username was given.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_unix.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_unix.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_unix.html 2009-05-05 16:04:28.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_unix.html 2009-06-16 10:47:25.000000000 +0200
@@ -151,7 +151,7 @@
</p></dd><dt><span class="term">
<code class="option">broken_shadow</code>
</span></dt><dd><p>
- Ignore errors reading shadow inforation for
+ Ignore errors reading shadow information for
users in the account management module.
</p></dd></dl></div><p>
Invalid arguments are logged with <span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span>.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_xauth.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_xauth.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_xauth.html 2009-05-05 16:04:28.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_xauth.html 2009-06-16 10:47:25.000000000 +0200
@@ -11,7 +11,7 @@
(sometimes referred to as "cookies") between users.
</p><p>
Without pam_xauth, when xauth is enabled and a user uses the
- <span class="citerefentry"><span class="refentrytitle">su</span>(1)</span> command to assume another user's priviledges,
+ <span class="citerefentry"><span class="refentrytitle">su</span>(1)</span> command to assume another user's privileges,
that user is no longer able to access the original user's X display
because the new user does not have the key needed to access the
display. pam_xauth solves the problem by forwarding the key from
@@ -20,7 +20,7 @@
and destroying the key when the session is torn down.
</p><p>
This means, for example, that when you run
- <span class="citerefentry"><span class="refentrytitle">su</span>(1)</span> from an xterm sesssion, you will be able to run
+ <span class="citerefentry"><span class="refentrytitle">su</span>(1)</span> from an xterm session, you will be able to run
X programs without explicitly dealing with the
<span class="citerefentry"><span class="refentrytitle">xauth</span>(1)</span> xauth command or ~/.Xauthority files.
</p><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-security-issues.html new/Linux-PAM-1.1.0/doc/sag/html/sag-security-issues.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-security-issues.html 2009-05-05 16:04:22.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-security-issues.html 2009-06-16 10:47:20.000000000 +0200
@@ -1 +1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�5.�Security issues</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="prev" href="sag-configuration-example.html" title="4.3.�Example configuration file entries"><link rel="next" href="sag-scurity-issues-wrong.html" title="5.1.�If something goes wrong"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�5.�Security issues</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuration-example.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-scurity-issues-wrong.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="sag-security-issues"></a>Chapter�5.�Security issues</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="sag-scurity-issues-wrong.html">5.1. If something goes wrong</a></span></dt><dt><span class="section"><a href="sag-security-issues-other.html">5.2. Avoid having a weak `other' configuration</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuration-example.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-scurity-issues-wrong.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.3.�Example configuration file entries�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�5.1.�If something goes wrong</td></tr></table></div></body></html>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�5.�Security issues</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="prev" href="sag-configuration-example.html" title="4.3.�Example configuration file entries"><link rel="next" href="sag-security-issues-wrong.html" title="5.1.�If something goes wrong"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�5.�Security issues</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuration-example.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-security-issues-wrong.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="sag-security-issues"></a>Chapter�5.�Security issues</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="sag-security-issues-wrong.html">5.1. If something goes wrong</a></span></dt><dt><span class="section"><a href="sag-security-issues-other.html">5.2. Avoid having a weak `other' configuration</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuration-example.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-security-issues-wrong.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.3.�Example configuration file entries�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�5.1.�If something goes wrong</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-security-issues-other.html new/Linux-PAM-1.1.0/doc/sag/html/sag-security-issues-other.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-security-issues-other.html 2009-05-05 16:04:22.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-security-issues-other.html 2009-06-16 10:47:20.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>5.2.�Avoid having a weak `other' configuration</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-security-issues.html" title="Chapter�5.�Security issues"><link rel="prev" href="sag-scurity-issues-wrong.html" title="5.1.�If something goes wrong"><link rel="next" href="sag-module-reference.html" title="Chapter�6.�A reference guide for available modules"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">5.2.�Avoid having a weak `other' configuration</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-scurity-issues-wrong.html">Prev</a>�</td><th width="60%" align="center">Chapter�5.�Security issues</th><td width="20%" align="right">�<a accesskey="n" href="sag-module-reference.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-security-issues-other"></a>5.2.�Avoid having a weak `other' configuration</h2></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>5.2.�Avoid having a weak `other' configuration</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-security-issues.html" title="Chapter�5.�Security issues"><link rel="prev" href="sag-security-issues-wrong.html" title="5.1.�If something goes wrong"><link rel="next" href="sag-module-reference.html" title="Chapter�6.�A reference guide for available modules"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">5.2.�Avoid having a weak `other' configuration</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-security-issues-wrong.html">Prev</a>�</td><th width="60%" align="center">Chapter�5.�Security issues</th><td width="20%" align="right">�<a accesskey="n" href="sag-module-reference.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-security-issues-other"></a>5.2.�Avoid having a weak `other' configuration</h2></div></div></div><p>
It is not a good thing to have a weak default
(<span class="emphasis"><em>other</em></span>) entry.
This service is the default configuration for all PAM aware
@@ -21,4 +21,4 @@
password required pam_warn.so
session required pam_deny.so
session required pam_warn.so
- </pre></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-scurity-issues-wrong.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-security-issues.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-module-reference.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">5.1.�If something goes wrong�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�6.�A reference guide for available modules</td></tr></table></div></body></html>
+ </pre></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-security-issues-wrong.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-security-issues.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-module-reference.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">5.1.�If something goes wrong�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�6.�A reference guide for available modules</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-security-issues-wrong.html new/Linux-PAM-1.1.0/doc/sag/html/sag-security-issues-wrong.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-security-issues-wrong.html 1970-01-01 01:00:00.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-security-issues-wrong.html 2009-06-16 10:47:20.000000000 +0200
@@ -0,0 +1,19 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>5.1.�If something goes wrong</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-security-issues.html" title="Chapter�5.�Security issues"><link rel="prev" href="sag-security-issues.html" title="Chapter�5.�Security issues"><link rel="next" href="sag-security-issues-other.html" title="5.2.�Avoid having a weak `other' configuration"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">5.1.�If something goes wrong</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-security-issues.html">Prev</a>�</td><th width="60%" align="center">Chapter�5.�Security issues</th><td width="20%" align="right">�<a accesskey="n" href="sag-security-issues-other.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-security-issues-wrong"></a>5.1.�If something goes wrong</h2></div></div></div><p>
+ <span class="emphasis"><em>Linux-PAM</em></span> has the potential
+ to seriously change the security of your system. You can
+ choose to have no security or absolute security (no access
+ permitted). In general, <span class="emphasis"><em>Linux-PAM</em></span>
+ errs towards the latter. Any number of configuration errors
+ can disable access to your system partially, or completely.
+ </p><p>
+ The most dramatic problem that is likely to be encountered when
+ configuring <span class="emphasis"><em>Linux-PAM</em></span> is that of
+ <span class="emphasis"><em>deleting</em></span> the configuration file(s):
+ <code class="filename">/etc/pam.d/*</code> and/or
+ <code class="filename">/etc/pam.conf</code>. This will lock you out of
+ your own system!
+ </p><p>
+ To recover, your best bet is to restore the system from a
+ backup or boot the system into a rescue system and correct
+ things from there.
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-security-issues.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-security-issues.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-security-issues-other.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�5.�Security issues�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�5.2.�Avoid having a weak `other' configuration</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-text-conventions.html new/Linux-PAM-1.1.0/doc/sag/html/sag-text-conventions.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-text-conventions.html 2009-05-05 16:04:22.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-text-conventions.html 2009-06-16 10:47:20.000000000 +0200
@@ -1,11 +1,11 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�2.�Some comments on the text</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="prev" href="sag-introductoin.html" title="Chapter�1.�Introduction"><link rel="next" href="sag-overview.html" title="Chapter�3.�Overview"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�2.�Some comments on the text</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-introductoin.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-overview.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="sag-text-conventions"></a>Chapter�2.�Some comments on the text</h2></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�2.�Some comments on the text</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="prev" href="sag-introduction.html" title="Chapter�1.�Introduction"><link rel="next" href="sag-overview.html" title="Chapter�3.�Overview"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�2.�Some comments on the text</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-introduction.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-overview.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="sag-text-conventions"></a>Chapter�2.�Some comments on the text</h2></div></div></div><p>
Before proceeding to read the rest of this document, it should be
noted that the text assumes that certain files are placed in certain
directories. Where they have been specified, the conventions we adopt
here for locating these files are those of the relevant RFC (RFC-86.0,
see <a class="link" href="sag-see-also.html" title="Chapter�7.�See also">bibliography"</a>). If you are
using a distribution of Linux (or some other operating system) that
- supports PAM but chooses to distribute these files in a diferent way
+ supports PAM but chooses to distribute these files in a different way
you should be careful when copying examples directly from the text.
</p><p>
As an example of the above, where it is explicit, the text assumes
@@ -19,4 +19,4 @@
these files can be found in <code class="filename">/usr/lib/security</code>.
Please be careful to perform the necessary transcription when using
the examples from the text.
- </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-introductoin.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-overview.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�1.�Introduction�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�3.�Overview</td></tr></table></div></body></html>
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-introduction.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-overview.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�1.�Introduction�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�3.�Overview</td></tr></table></div></body></html>
Files old/Linux-PAM-1.0.92/doc/sag/Linux-PAM_SAG.pdf and new/Linux-PAM-1.1.0/doc/sag/Linux-PAM_SAG.pdf differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/Linux-PAM_SAG.txt new/Linux-PAM-1.1.0/doc/sag/Linux-PAM_SAG.txt
--- old/Linux-PAM-1.0.92/doc/sag/Linux-PAM_SAG.txt 2009-05-05 16:04:05.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/Linux-PAM_SAG.txt 2009-06-16 10:47:04.000000000 +0200
@@ -8,7 +8,7 @@
<kukuk(a)thkukuk.de>
-Version 1.0, 3. April 2008
+Version 1.1, 16. June 2009
Abstract
@@ -124,7 +124,7 @@
they have been specified, the conventions we adopt here for locating these
files are those of the relevant RFC (RFC-86.0, see bibliography"). If you are
using a distribution of Linux (or some other operating system) that supports
-PAM but chooses to distribute these files in a diferent way you should be
+PAM but chooses to distribute these files in a different way you should be
careful when copying examples directly from the text.
As an example of the above, where it is explicit, the text assumes that PAM
@@ -215,9 +215,9 @@
If a program is going to use PAM, then it has to have PAM functions explicitly
coded into the program. If you have access to the source code you can add the
-appropriate PAM functions. If you do not have accessto the source code, and the
-binary does not have the PAM functions included, then it is not possible to use
-PAM.
+appropriate PAM functions. If you do not have access to the source code, and
+the binary does not have the PAM functions included, then it is not possible to
+use PAM.
Chapter 4. The Linux-PAM configuration file
@@ -552,7 +552,7 @@
Linux-PAM has the potential to seriously change the security of your system.
You can choose to have no security or absolute security (no access permitted).
In general, Linux-PAM errs towards the latter. Any number of configuration
-errors can dissable access to your system partially, or completely.
+errors can disable access to your system partially, or completely.
The most dramatic problem that is likely to be encountered when configuring
Linux-PAM is that of deleting the configuration file(s): /etc/pam.d/* and/or /
@@ -660,7 +660,7 @@
debug
- A lot of debug informations are printed with syslog(3).
+ A lot of debug information is printed with syslog(3).
noaudit
@@ -672,7 +672,7 @@
recognize when parsing the access configuration file. For example: fieldsep
=| will cause the default `:' character to be treated as part of a field
value and `|' becomes the field separator. Doing this may be useful in
- conjuction with a system that wants to use pam_access with X based
+ conjunction with a system that wants to use pam_access with X based
applications, since the PAM_TTY item is likely to be of the form
"hostname:0" which includes a `:' character in its value. But you should
not need this.
@@ -1003,7 +1003,7 @@
PAM_SERVICE_ERR
- A internal error occured.
+ A internal error occurred.
6.2.5. EXAMPLES
@@ -1253,7 +1253,7 @@
6.5.5. EXAMPLES
For an example of the use of this module, we show how it may be used to print
-informations about good passwords:
+information about good passwords:
password optional pam_echo.so file=/usr/share/doc/good-password.txt
password required pam_unix.so
@@ -1319,7 +1319,7 @@
debug
- A lot of debug informations are printed with syslog(3).
+ A lot of debug information is printed with syslog(3).
envfile=/path/to/environment
@@ -1335,7 +1335,7 @@
Indicate an alternative .pam_environment file to override the default. This
can be useful when different services need different environments. The
- filename is relativ to the user home directory.
+ filename is relative to the user home directory.
user_readenv=0|1
@@ -1465,7 +1465,7 @@
PAM_SUCCESS
- The external command runs successfull.
+ The external command was run successfully.
PAM_SERVICE_ERR
@@ -1473,7 +1473,7 @@
PAM_SYSTEM_ERR
- A system error occured or the command to execute failed.
+ A system error occurred or the command to execute failed.
PAM_IGNORE
@@ -1618,7 +1618,7 @@
PAM_SUCCESS
- The new filter was set successfull.
+ The new filter was set successfully.
PAM_ABORT
@@ -1677,7 +1677,7 @@
PAM_SUCCESS
- The authentication was successfull.
+ The authentication was successful.
PAM_USER_UNKNOWN
@@ -1726,9 +1726,9 @@
provide any level of security, all file-systems that the user has write access
to should be mounted nosuid.
-The pam_group module fuctions in parallel with the /etc/group file. If the user
-is granted any groups based on the behavior of this module, they are granted in
-addition to those entries /etc/group (or equivalent).
+The pam_group module functions in parallel with the /etc/group file. If the
+user is granted any groups based on the behavior of this module, they are
+granted in addition to those entries /etc/group (or equivalent).
6.11.2. DESCRIPTION
@@ -1922,11 +1922,11 @@
PAM_SERVICE_ERR
- A service module error occured.
+ A service module error occurred.
PAM_SUCCESS
- The new prompt was set successfull.
+ The new prompt was set successfully.
6.12.5. EXAMPLES
@@ -2064,7 +2064,7 @@
silent
- Don't inform the user about any previous login, just upate the /var/log/
+ Don't inform the user about any previous login, just update the /var/log/
lastlog file.
never
@@ -2106,7 +2106,7 @@
PAM_SUCCESS
- Everything was successfull.
+ Everything was successful.
PAM_SERVICE_ERR
@@ -2139,11 +2139,12 @@
obtained in a user-session. Users of uid=0 are affected by this limits, too.
By default limits are taken from the /etc/security/limits.conf config file.
-Then individual files from the /etc/security/limits.d/ directory are read. The
-files are parsed one after another in the order of "C" locale. The effect of
-the individual files is the same as if all the files were concatenated together
-in the order of parsing. If a config file is explicitely specified with a
-module option then the files in the above directory are not parsed.
+Then individual *.conf files from the /etc/security/limits.d/ directory are
+read. The files are parsed one after another in the order of "C" locale. The
+effect of the individual files is the same as if all the files were
+concatenated together in the order of parsing. If a config file is explicitly
+specified with a module option then the files in the above directory are not
+parsed.
The module must not be called by a multithreaded application.
@@ -2342,7 +2343,7 @@
Cannot read config file.
-PAM_SESSEION_ERR
+PAM_SESSION_ERR
Error recovering account name.
@@ -2427,7 +2428,7 @@
file=/path/filename
File containing one item per line. The file needs to be a plain file and
- not world writeable.
+ not world writable.
onerr=[succeed|fail]
@@ -2539,7 +2540,7 @@
PAM_SUCCESS
- The new localuser was set successfull.
+ The new localuser was set successfully.
PAM_SERVICE_ERR
@@ -2591,7 +2592,7 @@
PAM_SESSION_ERR
- An error occured during session management.
+ An error occurred during session management.
6.18.5. EXAMPLES
@@ -2713,7 +2714,7 @@
exist when the session begins. This allows users to be present in central
database (such as NIS, kerberos or LDAP) without using a distributed file
system or pre-creating a large number of directories. The skeleton directory
-(usually /etc/skel/) is used to copy default files and also set's a umask for
+(usually /etc/skel/) is used to copy default files and also sets a umask for
the creation.
The new users home directory will not be removed after logout of the user.
@@ -2788,8 +2789,8 @@
6.21.1. DESCRIPTION
pam_motd is a PAM module that can be used to display arbitrary motd (message of
-the day) files after a succesful login. By default the /etc/motd file is shown.
-The message size is limited to 64KB.
+the day) files after a successful login. By default the /etc/motd file is
+shown. The message size is limited to 64KB.
6.21.2. OPTIONS
@@ -2831,7 +2832,7 @@
instance of itself based on user name, or when using SELinux, user name,
security context or both. If an executable script /etc/security/namespace.init
exists, it is used to initialize the instance directory after it is set up and
-mounted on the polyinstantiated direcory. The script receives the
+mounted on the polyinstantiated directory. The script receives the
polyinstantiated directory path, the instance directory path, flag whether the
instance directory was newly created (0 for no, 1 for yes), and the user name
as its arguments.
@@ -2974,9 +2975,9 @@
no_unmount_on_close
For certain trusted programs such as newrole, open session is called from a
- child process while the parent perfoms close session and pam end functions.
- For these commands use this option to instruct pam_close_session to not
- unmount the bind mounted polyinstantiated directory in the parent.
+ child process while the parent performs close session and pam end
+ functions. For these commands use this option to instruct pam_close_session
+ to not unmount the bind mounted polyinstantiated directory in the parent.
use_current_context
@@ -3175,8 +3176,8 @@
change history and keep the user from alternating between the same password too
frequently.
-This module does not work togehter with kerberos. In general, it does not make
-much sense to use this module in conjuction with NIS or LDAP, since the old
+This module does not work together with kerberos. In general, it does not make
+much sense to use this module in conjunction with NIS or LDAP, since the old
passwords are stored on the local machine and are not available on another
machine for password history checking.
@@ -3507,7 +3508,7 @@
use_current_range
Use the sensitivity level of the current process for the user context
- instead of the default level. Also supresses asking of the sensitivity
+ instead of the default level. Also suppresses asking of the sensitivity
level from the user or obtaining it from PAM environment.
6.29.3. MODULE TYPES PROVIDED
@@ -3522,7 +3523,7 @@
PAM_SUCCESS
- The security context was set successfull.
+ The security context was set successfully.
PAM_USER_UNKNOWN
@@ -3703,7 +3704,7 @@
PAM_SERVICE_ERR
- A service error occured or the arguments can't be parsed correctly.
+ A service error occurred or the arguments can't be parsed correctly.
6.31.5. EXAMPLES
@@ -3760,7 +3761,7 @@
onerr=[fail|succeed]
If something weird happens (like unable to open the file), return with
- PAM_SUCESS if onerr=succeed is given, else with the corresponding PAM
+ PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM
error code.
file=/path/to/counter
@@ -3804,7 +3805,7 @@
magic_root
If the module is invoked by a user with uid=0 the counter is not
- incremented. The sys-admin should use this for user launched services,
+ incremented. The sysadmin should use this for user launched services,
like su, otherwise this argument should be omitted.
no_lock_time
@@ -3831,14 +3832,14 @@
ACCOUNT OPTIONS
Account phase resets attempts counter if the user is not magic root. This
- phase can be used optionaly for services which don't call pam_setcred(3)
+ phase can be used optionally for services which don't call pam_setcred(3)
correctly or if the reset should be done regardless of the failure of the
account phase of other modules.
magic_root
If the module is invoked by a user with uid=0 the counter is not
- incremented. The sys-admin should use this for user launched services,
+ incremented. The sysadmin should use this for user launched services,
like su, otherwise this argument should be omitted.
no_reset
@@ -3853,12 +3854,12 @@
PAM_AUTH_ERR
- A invalid option was given, the module was not able to retrive the user
+ A invalid option was given, the module was not able to retrieve the user
name, no valid counter file was found, or too many failed logins.
PAM_SUCCESS
- Everything was successfull.
+ Everything was successful.
PAM_USER_UNKNOWN
@@ -3923,7 +3924,7 @@
onerr=[fail|succeed]
If something weird happens (like unable to open the file), return with
- PAM_SUCESS if onerr=succeed is given, else with the corresponding PAM
+ PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM
error code.
file=/path/to/counter
@@ -3967,7 +3968,7 @@
magic_root
If the module is invoked by a user with uid=0 the counter is not
- incremented. The sys-admin should use this for user launched services,
+ incremented. The sysadmin should use this for user launched services,
like su, otherwise this argument should be omitted.
no_lock_time
@@ -3981,7 +3982,7 @@
root_unlock_time=n
This option implies even_deny_root option. Allow access after n seconds
- to root acccount after failed attempt. If this option is used the root
+ to root account after failed attempt. If this option is used the root
user will be locked out for the specified amount of time after he
exceeded his maximum allowed attempts.
@@ -3999,14 +4000,14 @@
ACCOUNT OPTIONS
Account phase resets attempts counter if the user is not magic root. This
- phase can be used optionaly for services which don't call pam_setcred(3)
+ phase can be used optionally for services which don't call pam_setcred(3)
correctly or if the reset should be done regardless of the failure of the
account phase of other modules.
magic_root
If the module is invoked by a user with uid=0 the counter is not
- changed. The sys-admin should use this for user launched services, like
+ changed. The sysadmin should use this for user launched services, like
su, otherwise this argument should be omitted.
6.33.3. MODULE TYPES PROVIDED
@@ -4017,12 +4018,12 @@
PAM_AUTH_ERR
- A invalid option was given, the module was not able to retrive the user
+ A invalid option was given, the module was not able to retrieve the user
name, no valid counter file was found, or too many failed logins.
PAM_SUCCESS
- Everything was successfull.
+ Everything was successful.
PAM_USER_UNKNOWN
@@ -4147,7 +4148,7 @@
debug
- Some debug informations are printed with syslog(3).
+ Some debug information is printed with syslog(3).
noaudit
@@ -4245,12 +4246,12 @@
PAM_AUTH_ERR
- The module was not able to retrive the user name or no valid timestamp file
- was found.
+ The module was not able to retrieve the user name or no valid timestamp
+ file was found.
PAM_SUCCESS
- Everything was successfull.
+ Everything was successful.
PAM_SESSION_ERR
@@ -4335,7 +4336,7 @@
PAM_SUCCESS
- The new umask was set successfull.
+ The new umask was set successfully.
PAM_SERVICE_ERR
@@ -4498,8 +4499,8 @@
broken_shadow
- Ignore errors reading shadow inforation for users in the account management
- module.
+ Ignore errors reading shadow information for users in the account
+ management module.
Invalid arguments are logged with syslog(3).
@@ -4794,14 +4795,14 @@
to as "cookies") between users.
Without pam_xauth, when xauth is enabled and a user uses the su(1) command to
-assume another user's priviledges, that user is no longer able to access the
+assume another user's privileges, that user is no longer able to access the
original user's X display because the new user does not have the key needed to
access the display. pam_xauth solves the problem by forwarding the key from the
user running su (the source user) to the user whose identity the source user is
assuming (the target user) when the session is created, and destroying the key
when the session is torn down.
-This means, for example, that when you run su(1) from an xterm sesssion, you
+This means, for example, that when you run su(1) from an xterm session, you
will be able to run X programs without explicitly dealing with the xauth(1)
xauth command or ~/.Xauthority files.
++++++ Linux-PAM-1.0.92-docs.tar.bz2 -> Linux-PAM-1.1.0.tar.bz2 ++++++
++++ 255944 lines of diff (skipped)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package audit for openSUSE:Factory
checked in at Mon Jun 29 14:31:36 CEST 2009.
--------
--- audit/audit.changes 2009-06-19 10:59:37.000000000 +0200
+++ audit/audit.changes 2009-06-20 12:46:45.000000000 +0200
@@ -1,0 +2,5 @@
+Sat Jun 20 12:33:00 CEST 2009 - cmorve69(a)yahoo.es
+
+- fixed build with --as-needed
+
+-------------------------------------------------------------------
audit-secondary.changes: same change
calling whatdependson for head-i586
New:
----
audit-as_needed.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ audit-secondary.spec ++++++
--- /var/tmp/diff_new_pack.O26790/_old 2009-06-29 14:31:01.000000000 +0200
+++ /var/tmp/diff_new_pack.O26790/_new 2009-06-29 14:31:01.000000000 +0200
@@ -26,11 +26,12 @@
License: GPL v2 or later
Group: System/Monitoring
Version: 1.7.13
-Release: 2
+Release: 3
Url: http://people.redhat.com/sgrubb/audit/
Source0: audit-%{version}.tar.bz2
Patch0: audit-no_sca.patch
Patch1: audit-plugins-path.patch
+Patch2: audit-as_needed.patch
Requires: audit = %{version}-%{release}
Requires: audit-libs = %{version}-%{release}
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -86,6 +87,7 @@
%setup -q -n audit-%{version}
%patch0 -p1
%patch1 -p1
+%patch2
%build
autoreconf -fi
@@ -147,47 +149,3 @@
%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
%changelog
-* Mon May 11 2009 tonyj(a)suse.de
-- Update from 1.7.7 to 1.7.13 (see audit.changes for upstream change
- history)
-* Fri Sep 26 2008 tonyj(a)suse.de
-- Update from 1.7.4 to 1.7.7 (see audit.changes for upstream change
- history)
-* Fri Aug 01 2008 ro(a)suse.de
-- disable debuginfo for secondary specfile
-* Wed Jun 25 2008 tonyj(a)suse.de
-- Update from 1.7.2 to 1.7.4 (see audit.changes for upstream change
- history)
-- Update from 1.6.8 to 1.7.2 (see audit.changes for upstream change
- history)
-* Tue Jun 03 2008 coolo(a)suse.de
-- avoid packaging a directory with different permissions (creating
- rpm -V output)
-* Wed Apr 16 2008 aj(a)suse.de
-- Use %%py_requires for proper requires.
-* Wed Mar 26 2008 tonyj(a)suse.de
-- Update to version 1.6.8.
-- Rename to audit-secondary and build audisp-plugins from here
- to minimise bootstrap dependancies.
-* Tue Mar 18 2008 schwab(a)suse.de
-- Use autoreconf.
-* Wed Oct 10 2007 tonyj(a)suse.de
-- Upgrade to 1.6.2
-* Wed Jul 25 2007 tonyj(a)suse.de
-- Upgrade to 1.5.5
- Drop audit-swig-attribute.patch (upstreamed)
-* Fri Jul 13 2007 tonyj(a)suse.de
-- Fix build errors on ppc
-* Thu Jul 12 2007 tonyj(a)suse.de
-- Upgrade to 1.5.4
-* Wed May 02 2007 tonyj(a)suse.de
-- Upgrade to 1.5.3.
-* Wed Nov 29 2006 tonyj(a)suse.de
-- Upgrade to 1.2.9 (drop several patches which are now upstream)
-- /usr/sbin/audispd now packaged by audit-libs-python
-* Sun Nov 05 2006 ro(a)suse.de
-- fix requires
-* Thu Aug 31 2006 tonyj(a)suse.de
-- Upgrade to 1.2.6-1
-* Wed Aug 16 2006 cthiel(a)suse.de
-- split off package
++++++ audit.spec ++++++
--- /var/tmp/diff_new_pack.O26790/_old 2009-06-29 14:31:01.000000000 +0200
+++ /var/tmp/diff_new_pack.O26790/_new 2009-06-29 14:31:01.000000000 +0200
@@ -22,7 +22,7 @@
BuildRequires: gcc-c++ tcpd-devel
Summary: User Space Tools for 2.6 Kernel Auditing
Version: 1.7.13
-Release: 2
+Release: 3
License: GPL v2 or later
Group: System/Monitoring
Url: http://people.redhat.com/sgrubb/audit/
@@ -33,6 +33,7 @@
Patch1: audit-no_python.patch
Patch2: audit-no_plugins.patch
Patch3: audit-no-gss.patch
+Patch4: audit-as_needed.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: %{name}-libs = %{version}-%{release}
PreReq: %insserv_prereq %fillup_prereq
@@ -91,11 +92,9 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4
%build
-# This package failed when testing with -Wl,-as-needed being default.
-# So we disable it here, if you want to retest, just delete this comment and the line below.
-export SUSE_ASNEEDED=0
autoreconf -fi
export CFLAGS="%{optflags} -fno-strict-aliasing"
export CXXFLAGS="$CFLAGS"
@@ -222,367 +221,3 @@
%attr(755,root,root) /usr/bin/ausyscall
%changelog
-* Fri Jun 19 2009 coolo(a)novell.com
-- disable as-needed for this package as it fails to build with it
-* Mon May 11 2009 tonyj(a)suse.de
-- Update from 1.7.7 to 1.7.13.
-- Redhat changelog for 1.7.8 - 1.7.13 follows:
- * Tue Apr 21 2009 Steve Grubb <sgrubb(a)redhat.com> 1.7.13-1
- - Disable libev asserts unless --with-debug passed to configure
- - Handle kernel 2.6.29's audit = 0 boot parameter better
- - Install audit.py file in arch specific python directory (Dan Walsh)
- - Fix problem with negative uids in audit rules on 32 bit systems
- - When file type is unknown, output octal for mode field (Miloslav Trmač)
- - Update tty keystroke interpretations (Miloslav Trmač)
- * Tue Feb 24 2009 Steve Grubb <sgrubb(a)redhat.com> 1.7.12-1
- - Add definitions for crypto events
- - Fix regression where msgtype couldn't be used as a range in audit rules
- - In libaudit, extend time spent checking reply
- - In acct events, prefer id over acct if given
- - In aulast, try id and acct in USER_LOGIN events
- - When in immutable mode, have auditctl tell user instead of sending rules
- - Add option to sysconfig to disable audit system on auditd stop
- - Add tcp_wrappers config option to auditd
- - Aulastlog can now take input from stdin
- - Update libaudit python bindings to throw exceptions on error
- - Adjust formatting of TTY data in libauparse to be like ausearch/report
- - Add more key mappings to TTY interpretations
- - Add internal queue to audisp-remote
- - Fix failure action code to allow executables in audisp-remote (Chu Li)
- - Fix memory leak when NOLOG log_format option given to auditd
- - Quieten some of the reconnect text being sent to syslog in audisp-remote
- - Apply some libev fixups to auditd
- - Cleanup shutdown sequence of auditd
- - Allow auditd log rotation via SIGUSR1 when NOLOG log format option given
- * Sat Jan 10 2009 Steve Grubb <sgrubb(a)redhat.com> 1.7.11-1
- - Don't error out in auditd when calling setsid
- - Reformat a couple auditd error messages (Oden Eriksson)
- - If log rotate fails, leave the old log writable
- - Fixed bug in setting up auditd event loop when listening
- - Warn if on biarch machine and auditctl rules show a syscall mismatch
- - Audisp-remote was not parsing some config options correctly
- - In auparse, check for single key in addition to virtual keys
- - When auditd shuts down, send AUDIT_RMW_TYPE_ENDING messages to clients
- - Created reconnect option to remote ending setting of audisp-remote
- * Sat Dec 13 2008 Steve Grubb <sgrubb(a)redhat.com> 1.7.10-1
- - Fix ausearch and aureport to handle out of order events
- - Add line-buffer option to ausearch & timeout pipe input (Tony Jones)
- - Add support in ausearch/report for tty data
- - In audisp-remote, allow the keyword "any" for local_port
- - Tighten parsing for -m and -w options in auditctl
- - Add session query hint for aulast proof
- - Fix audisp-remote to tolerate krb5 config options when not supported
- - Created new aureport option for tty keystroke report
- - audispd should detect backup config files and not use them
- - When checking for ack in netlink interface, retry on EAGAIN a few times
- - In aureport, fix mods report to show acct acted upon
- * Wed Nov 05 2008 Steve Grubb <sgrubb(a)redhat.com> 1.7.9-1
- - Fix uninitialized variable in aureport causing segfault
- - Quieten down the gssapi not supported messages
- - Fix bug interpretting i386 logs on x86_64 machines
- - If kernel is in immutable mode, auditd should not send enable command
- - Fix ausearch/report recent and now time keyword lookups
- - Created aulast program
- - prelude plugin should pull auid for login alert from 2nd uid field
- - Add system boot, shutdown, and run level change events
- - Add max_restarts to audispd.conf to limit times a plugin is restarted
- - Expand session detection in ausearch
- * Wed Oct 22 2008 Steve Grubb <sgrubb(a)redhat.com> 1.7.8-1
- - Interpret TTY audit data in auparse (Miloslav Trmač)
- - Extract terminal from USER_AVC events for ausearch/report (Peng Haitao)
- - Add USER_AVCs to aureport's avc reporting (Peng Haitao)
- - Short circuit hostname resolution in libaudit if host is empty
- - If log_group and user are not root, don't check dispatcher perms
- - Fix a bug when executing "ausearch -te today PM"
- - Add --exit search option to ausearch
- - Fix parsing config file when kerberos is disabled
-* Tue Apr 14 2009 dmueller(a)suse.de
-- refresh patches
-* Wed Dec 10 2008 olh(a)suse.de
-- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
- (bnc#437293)
-* Fri Dec 05 2008 tonyj(a)suse.de
-- Revision to previous fix for bnc#445353.
- These should go into SLES11 RC1.
- 1) Add --line-buffered option to limit when stdout is flushed (performance).
- 2) Testing found a related bug where (if input is a pipe) the last logical
- record would permanently be queued waiting for a subsequent record indicating
- end of the previous. This subsequent record may never arrive. Timer is
- now run causing this record to be flushed if no new record arrives within
- timeout. This fix is upstream also.
-* Fri Nov 21 2008 tonyj(a)suse.de
-- Force ausearch to flush stdout if pipe (bnc#445353)
-* Thu Oct 30 2008 olh(a)suse.de
-- obsolete old -XXbit packages (bnc#437293)
-* Fri Sep 26 2008 tonyj(a)suse.de
-- Update from 1.7.4 to 1.7.7. GSS support disabled for present
-- Redhat changelog for 1.7.5 - 1.7.7 follows:
- * Wed Sep 11 2008 Steve Grubb <sgrubb(a)redhat.com> 1.7.7-1
- - Bug fixes for gss code in remote logging (DJ Delorie)
- - Fix ausearch -i to keep the node field in the output
- - ausyscall now does strstr match on syscall names
- - Makefile cleanup (Philipp Hahn)
- - Add watched syscall support to audisp-prelude
- - Use the right define for tcp_wrappers in auditd
- - Expose encoding API for fields being logged from user space
- * Wed Sep 11 2008 Steve Grubb <sgrubb(a)redhat.com> 1.7.6-1
- - Update event record list and aureport classifications (Yu Zhiguo/Peng Haitao)
- - Add subject to audit daemon events (Chu Li)
- - Fix parsing of acct & exe fields in user records (Peng Haitao)
- - Make client error handling in audisp-remote robust (DJ Delorie)
- - Add tcp_wrappers support for auditd
- - Updated syscall tables for 2.6.27 kernel
- - Add heartbeat exchange to remote logging protocol (DJ Delorie)
- - Audit connect/disconnect of remote clients
- - In ausearch, collect pid from AVC records (Peng Haitao)
- - Add auparse_get_field_type function to describe field's contents
- - Add GSS/Kerberos encryption to the remote protocol (DJ Delorie)
- * Mon Aug 25 2008 Steve Grubb <sgrubb(a)redhat.com> 1.7.5-1
- - Update system-config-audit to 0.4.8
- - Whole lot of bug fixes - see ChangeLog for details
- - Reimplement auditd main loop using libev
- - Add TCP listener to auditd to receive remote events
-* Tue Aug 05 2008 tonyj(a)suse.de
-- Remove audit rules on audit stop (bnc#409093)
-* Wed Jun 25 2008 tonyj(a)suse.de
-- Update from 1.7.2 to 1.7.4
-- Redhat changelog for 1.7.3 - 1.7.4 follows:
- * Mon May 19 2008 Steve Grubb <sgrubb(a)redhat.com> 1.7.4-1
- - Fix interpreting of keys in syscall records
- - Interpret audit rule config change list fields
- - Don't error on name=(null) PATH records in ausearch/report
- - Add key report to aureport
- - Fix --end today to be now
- - Added python bindings for auparse_goto_record_num
- - Update system-config-audit to 0.4.7 (Miloslav Trmac)
- - Add support for the filetype field option in auditctl
- - In audispd boost priority after starting children
- * Fri May 09 2008 Steve Grubb <sgrubb(a)redhat.com> 1.7.3-1
- - Fix path processing in AVC records.
- - auparse_find_field_next() wasn't resetting field ptr going to next record.
- - auparse_find_field() wasn't checking current field before iterating
- - cleanup some string handling in audisp-prelude plugin
- - Update auditctl man page
- - Fix output of keys in ausearch interpretted mode
- - Fix ausearch/report --start now to not be reset to midnight
- - Added auparse_goto_record_num function
- - Prelude plugin now uses auparse_goto_record_num to avoid skipping a record
- - audispd now has a priority boost config option
- - Look for laddr in avcs reported via prelude
- - Detect page 0 mmaps and alert via prelude
-- Update from 1.6.8 to 1.7.2
-- Complete fix for BNC# 378725
-- Redhat changelog for 1.6.9-1.7.2 follows:
- * Wed Apr 09 2008 Steve Grubb <sgrubb(a)redhat.com> 1.7.2-1
- - gen_table.c now includes IPC defines to avoid glibc-headers wild goose chase
- - ausyscall program added for cross referencing syscall name and number info
- - Add login session ID search capability to ausearch
- * Tue Apr 08 2008 Steve Grubb <sgrubb(a)redhat.com> 1.7.1-1
- - Remove LSB headers info for init scripts
- - Fix buffer overflow in audit_log_user_command, again (#438840)
- - Fix memory leak in EOE code in auditd (#440075)
- - In auditctl, don't use new operators in legacy rule format
- - Made a couple corrections in alpha & x86_64 syscall tables (Miloslav Trmac)
- - Add example STIG rules file
- - Add string table lookup performance improvement patch (Miloslav Trmac)
- - auparse_find_field_next performance improvement
- * Sun Mar 30 2008 Steve Grubb <sgrubb(a)redhat.com> 1.7-1
- - Improve input error handling in audispd
- - Improve end of event detection in auparse library
- - Improve handling of abstract namespaces
- - Add test mode for prelude plugin
- - Handle user space avcs in prelude plugin
- - Audit event serial number now recorded in idmef alert
- - Add --just-one option to ausearch
- - Fix watched account login detection for some failed login attempts
- - Couple fixups in audit logging functions (Miloslav Trmac)
- - Add support in auditctl for virtual keys
- - Added new type for user space MAC policy load events
- - auparse_find_field_next was not iterating correctly, fixed it
- - Add idmef alerts for access or execution of watched file
- - Fix buffer overflow in audit_log_user_command
- - Add basic remote logging plugin - only sends & no flow control
- - Update ausearch with interpret fixes from auparse
- * Sun Mar 09 2008 Steve Grubb <sgrubb(a)redhat.com> 1.6.9-1
- - Apply hidden attribute cleanup patch (Miloslav Trmac)
- - Apply auparse expression interface patch (Miloslav Trmac)
- - Fix potential memleak in audit event dispatcher
- - Change default audispd queue depth to 80
- - Update system-config-audit to version 0.4.6 (Miloslav Trmac)
- - audisp-prelude alerts now controlled by config file
- - Updated syscall table for 2.6.25 kernel
- - Apply patch correcting acct field being misencoded (Miloslav Trmac)
- - Added watched account login detection for prelude plugin
-* Wed Apr 23 2008 tonyj(a)suse.de
-- Fix for bnc#378725 VUL-0: audit buffer overflow
-* Thu Apr 10 2008 ro(a)suse.de
-- added baselibs.conf file to build xxbit packages
- for multilib support
-* Wed Mar 26 2008 tonyj(a)suse.de
-- Update from 1.6.2 to 1.6.8.
-- Move audisp-plugins to new secondary spec (along with existing
- python libs).
-- Redhat changelog follows:
- * Thu Feb 14 2008 Steve Grubb <sgrubb(a)redhat.com> 1.6.8-1
- - Update for gcc 4.3
- - Cleanup descriptors in audispd before running plugin
- - Fix 'recent' keyword for aureport/search
- - Fix SE Linux policy for zos_remote plugin
- - Add event type for group password authentication attempts
- - Couple of updates to the translation tables
- - Add detection of failed group authentication to audisp-prelude
- * Thu Jan 31 2008 Steve Grubb <sgrubb(a)redhat.com> 1.6.7-1
- - In ausearch/report, prefer -if to stdin
- - In ausearch/report, add new command line option --input-logs (#428860)
- - Updated audisp-prelude based on feedback from prelude-devel
- - Added prelude alert for promiscuous socket being opened
- - Added prelude alert for SE Linux policy enforcement changes
- - Added prelude alerts for Forbidden Login Locations and Time
- - Applied patch to auparse fixing error handling of searching by
- interpreted value (Miloslav Trmac)
- * Sat Jan 19 2008 Steve Grubb <sgrubb(a)redhat.com> 1.6.6-1
- - Add prelude IDS plugin for IDMEF alerts
- - Add --user option to aulastlog command
- - Use desktop-file-install for system-config-audit
- * Mon Jan 07 2008 Steve Grubb <sgrubb(a)redhat.com> 1.6.5-1
- - Add more errno strings for exit codes in auditctl
- - Fix config parser to allow either 0640 or 0600 for audit logs (#427062)
- - Check for audit log being writable by owner in auditd
- - If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639)
- - Updated CAPP, LSPP, and NISPOM rules for new capabilities
- - Added aulastlog utility
- * Sat Dec 29 2007 Steve Grubb <sgrubb(a)redhat.com> 1.6.4-1
- - fchmod of log file was on wrong variable (#426934)
- - Allow use of errno strings for exit codes in audit rules
- * Thu Dec 27 2007 Steve Grubb <sgrubb(a)redhat.com> 1.6.3-1
- - Add kernel release string to DEAMON_START events
- - Fix keep_logs when num_logs option disabled (#325561)
- - Fix auparse to handle node fields for syscall records
- - Update system-config-audit to version 0.4.5 (Miloslav Trmac)
- - Add keyword week-ago to aureport & ausearch start/end times
- - Fix audit log permissions on rotate. If group is root 0400, otherwise 0440
- - Add RACF zos remote audispd plugin (Klaus Kiwi)
- - Add event queue overflow action to audispd
-* Tue Mar 18 2008 schwab(a)suse.de
-- Use autoreconf.
-* Wed Oct 31 2007 tonyj(a)suse.de
-- Incorporate 1 more Redhat fixe post 1.6.2
-- Go back to 10.2 behaviour wrt to starting in disabled state.
- This time using patch submitted upstream, fix for #Bug 333739
-* Wed Oct 10 2007 tonyj(a)suse.de
-- Upgrade to 1.6.2
- Plus two bugs discovered in Fedora, will be fixed in 1.6.3
-* Wed Jul 25 2007 tonyj(a)suse.de
-- Upgrade to 1.5.5
- Correct bug in audit_make_equivalent function (Al Viro)
- Local: add AppArmor audit ID (upstream in 1.5.6)
- don't build RedHat system-config-audit
-* Thu Jul 12 2007 tonyj(a)suse.de
-- Upgrade to 1.5.4
- Add feed interface to auparse library (John Dennis)
- Apply patch to libauparse for unresolved symbols (#241178)
- Apply patch to add line numbers for file events in libauparse (John Dennis)
- Change seresults to seresult in libauparse (John Dennis)
- Add unit32_t definition to swig (#244210)
- Add support for directory auditing
- Update acct field to be escaped
-- Fix for #280487 "%%ghost /var/log/audit/audit.log will remove the logfile"
-* Mon May 07 2007 rguenther(a)suse.de
-- Drop pkg-config BuildRequires introduced by last change.
-* Wed May 02 2007 tonyj(a)suse.de
-- Upgrade to 1.5.3. Drop AUDITD_DISABLE_CONTEXTS from audit sysconfig
-* Wed Nov 29 2006 tonyj(a)suse.de
-- Upgrade to 1.2.9 (drop several patches which are now upstream)
-- Move to using /etc/audit directory for config files
-* Thu Aug 31 2006 tonyj(a)suse.de
-- Upgrade to 1.2.6-1
-* Sat Aug 26 2006 olh(a)suse.de
-- do not define __KERNEL__ in userland apps
-- remove unused sys/syscall.h include
-* Wed Aug 16 2006 cthiel(a)suse.de
-- split audit into audit and audit-libs-python
-* Fri May 05 2006 sbeattie(a)suse.de
-- disable syscall audit context creation by default #172154
-* Mon Mar 20 2006 meissner(a)suse.de
-- Do not print a misleading errormessage when audit
- is not compiled into the kernel. #152733
-* Mon Mar 06 2006 meissner(a)suse.de
-- On kernels without auditing, which report ECONNREFUSED,
- do not output stuff to stderr on startup. #152733
-* Sat Feb 25 2006 kukuk(a)suse.de
-- Fix moving of devel libraries, don't install .la file
-* Wed Feb 22 2006 meissner(a)suse.de
-- moved libaudit.so symlink to /usr/lib and to -devel package,
- as requested by Thorsten.
-* Fri Feb 17 2006 meissner(a)suse.de
-- check sendto() return against -1 (error with errno set).
-* Wed Jan 25 2006 mls(a)suse.de
-- converted neededforbuild to BuildRequires
-* Wed Jan 25 2006 ro(a)suse.de
-- fix fillup call since filename != packagename
-* Tue Jan 24 2006 ro(a)suse.de
-- do not skip fillup in postinstall
-* Mon Jan 23 2006 dreynolds(a)suse.de
-- Modified inssrv macro args to enable on boot
-* Wed Jan 18 2006 tonyj(a)suse.de
-- Add support for AppArmor (submitted upstream for 1.1.4)
-* Fri Jan 13 2006 meissner(a)suse.de
-- Updated to 1.1.3.
-- Moved audispd to /usr/sbin since it uses /usr/lib/libstdc++
-- Updated sysconfig snippet.
-* Tue Nov 08 2005 meissner(a)suse.de
-- upgraded to 1.0.12.
-* Fri Nov 04 2005 kukuk(a)suse.de
-- Update to 1.0.9.
-* Wed Oct 12 2005 meissner(a)suse.de
-- upgraded to 1.0.6. ptrdift patch now solved upstream.
-* Wed Oct 05 2005 meissner(a)suse.de
-- Upgraded to 1.0.5
-* Wed Oct 05 2005 dmueller(a)suse.de
-- add norootforbuild
-* Mon Sep 26 2005 meissner(a)suse.de
-- Upgraded to 1.0.4.
- - Make rate & backlog 32 bit unsigned int in auditctl
- - In auditctl, if -F arch is given with -t option, don't require list
- - Update auditd man page
- - Add size check to audit_send
- - Update message for audit_open failure when kernel doesn't support audit
-* Tue Aug 23 2005 meissner(a)suse.de
-- Upgraded to 1.0.3 bugfix release:
- - adjust file perms of newly created log file in auditd
- - fix 2 memory leaks and an out of bounds access in auditd
- - fix case where auditd was closing netlink descriptor too early
- - fix watch rules not to take field arguments in auditctl
- - fix bug where inode, devmajor, devminor, exit, and success fields in auditctl
- rules were not getting the correct value stored
-* Wed Aug 17 2005 meissner(a)suse.de
-- Added /var/log/audit directory and ghost audit.log #105131
-* Wed Aug 10 2005 meissner(a)suse.de
-- Upgraded to 1.0.2
-* Thu Aug 04 2005 meissner(a)suse.de
-- Upgraded to 1.0.1.
-* Mon Jul 11 2005 meissner(a)suse.de
-- Update to version 0.9.16.
-* Tue Jun 21 2005 meissner(a)suse.de
-- Update to version 0.9.10.
-* Fri Jun 17 2005 meissner(a)suse.de
-- Update to version 0.9.7.
-* Thu Jun 16 2005 kukuk(a)suse.de
-- Update to version 0.9.5
-* Tue Jun 14 2005 ro(a)suse.de
-- make it build with current includes
-* Tue May 31 2005 meissner(a)suse.de
-- Upgraded to 0.9.
-* Fri May 13 2005 meissner(a)suse.de
-- upgraded to 0.6.8
-* Tue Apr 19 2005 meissner(a)suse.de
-- Upgraded to 0.6.11.
-* Fri Apr 15 2005 pth(a)suse.de
-- Make libaudit.h define pgoff_t by itself.
-- Fix a minor warning.
-* Wed Mar 30 2005 meissner(a)suse.de
-- Upgraded to 0.6.9.
-* Fri Mar 04 2005 meissner(a)suse.de
-- Upgraded to 0.6.5.
-* Thu Mar 03 2005 meissner(a)suse.de
-- initial package of auditd for new kernel auditing system.
++++++ audit-as_needed.patch ++++++
From: Cristian Morales Vega <cmorve69(a)yahoo.es>
Subject: Fix --as-needed build
Upsteam: never
audit_LDADD is overriding LDADD, so -lpthread is missing. Fixed with -pthread in auditd_CFLAGS.
--- src/Makefile.am
+++ src/Makefile.am
@@ -31,7 +31,7 @@
noinst_HEADERS = auditd-config.h auditd-event.h auditd-listen.h ausearch-llist.h ausearch-options.h auditctl-llist.h aureport-options.h ausearch-parse.h aureport-scan.h ausearch-lookup.h ausearch-int.h auditd-dispatch.h ausearch-string.h ausearch-nvpair.h ausearch-common.h ausearch-avc.h ausearch-time.h ausearch-lol.h
auditd_SOURCES = auditd.c auditd-event.c auditd-config.c auditd-reconfig.c auditd-sendmail.c auditd-dispatch.c auditd-listen.c
-auditd_CFLAGS = -fPIE -DPIE -g -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing
+auditd_CFLAGS = -fPIE -DPIE -g -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pthread
auditd_LDFLAGS = -pie -Wl,-z,relro
auditd_DEPENDENCIES = mt/libauditmt.a libev/libev.a
auditd_LDADD = @LIBWRAP_LIBS@ @libev_LIBS@ -Llibev -lev -lrt -lm $(gss_libs)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package ppl for openSUSE:Factory
checked in at Mon Jun 29 14:29:57 CEST 2009.
--------
--- ppl/ppl-testsuite.changes 2009-06-16 14:45:08.000000000 +0200
+++ ppl/ppl-testsuite.changes 2009-06-21 11:24:14.000000000 +0200
@@ -1,0 +2,5 @@
+Sun Jun 21 11:23:52 CEST 2009 - coolo(a)suse.de
+
+- add empty %install section to fix build
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ppl.spec ++++++
--- /var/tmp/diff_new_pack.s22951/_old 2009-06-29 14:29:39.000000000 +0200
+++ /var/tmp/diff_new_pack.s22951/_new 2009-06-29 14:29:39.000000000 +0200
@@ -19,7 +19,7 @@
Name: ppl
Version: 0.10.2
-Release: 1
+Release: 4
Summary: The Parma Polyhedra Library
Group: Development/Libraries/C and C++
License: GPL v2 or later
@@ -120,6 +120,8 @@
%check
make %{?jobs:-j%jobs} check
+
+%install
%else
%install
@@ -204,26 +206,3 @@
rm -rf $RPM_BUILD_ROOT
%changelog
-* Thu Apr 16 2009 rguenther(a)suse.de
-- Update to version 0.10.2.
- * fixes build with gmp 4.3.0
-* Tue Apr 14 2009 rguenther(a)suse.de
-- Update to bugfix release 0.10.1.
-- Make the testsuite fatal everywhere.
-- Disable memory1 test on s390x.
-* Mon Mar 16 2009 rguenther(a)suse.de
-- Wrap Recommends in suse_version check.
-* Tue Nov 04 2008 rguenther(a)suse.de
-- Update to final version 0.10.
- * many new features and bugfixes (see NEWS file for details)
-* Fri Oct 31 2008 rguenther(a)suse.de
-- Update to version 0.10pre37.
-- Rename libppl_c0 to libppl_c2 to follow new shared object name.
-* Fri Sep 05 2008 rguenther(a)suse.de
-- Re-add static libs to ppl-devel-static.
-* Wed Sep 03 2008 rguenther(a)suse.de
-- Remove all static libs.
-* Wed Sep 03 2008 rguenther(a)suse.de
-- Update to version 0.10pre24.
-* Sun Aug 03 2008 rguenther(a)suse.de
-- Package version 0.9.
++++++ ppl-testsuite.spec ++++++
--- /var/tmp/diff_new_pack.s22951/_old 2009-06-29 14:29:39.000000000 +0200
+++ /var/tmp/diff_new_pack.s22951/_new 2009-06-29 14:29:39.000000000 +0200
@@ -19,7 +19,7 @@
Name: ppl-testsuite
Version: 0.10.2
-Release: 1
+Release: 2
Summary: The Parma Polyhedra Library
Group: Development/Libraries/C and C++
License: GPL v2 or later
@@ -120,6 +120,8 @@
%check
make %{?jobs:-j%jobs} check
+
+%install
%else
%install
@@ -204,5 +206,3 @@
rm -rf $RPM_BUILD_ROOT
%changelog
-* Tue Jun 16 2009 coolo(a)novell.com
-- build test suite in a package on its own
++++++ pre_checkin.sh ++++++
--- /var/tmp/diff_new_pack.s22951/_old 2009-06-29 14:29:39.000000000 +0200
+++ /var/tmp/diff_new_pack.s22951/_new 2009-06-29 14:29:39.000000000 +0200
@@ -1,3 +1,3 @@
#!/bin/bash
# This script is called automatically during autobuild checkin.
-sed -e "s,^Name:.*ppl,Name: ppl-testsuite," ppl.spec > ppl-testsuite.spec
+sed -e "s,^\(Name:.*ppl\),\1-testsuite," ppl.spec > ppl-testsuite.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package automake for openSUSE:Factory
checked in at Mon Jun 29 14:27:06 CEST 2009.
--------
--- automake/automake.changes 2009-06-16 11:07:07.000000000 +0200
+++ automake/automake.changes 2009-06-21 11:11:55.000000000 +0200
@@ -1,0 +2,5 @@
+Sun Jun 21 11:11:31 CEST 2009 - coolo(a)novell.com
+
+- add empty %install section to testsuite to fix build
+
+-------------------------------------------------------------------
automake-testsuite.changes: same change
calling whatdependson for head-i586
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ automake.spec ++++++
--- /var/tmp/diff_new_pack.E19705/_old 2009-06-29 14:26:39.000000000 +0200
+++ /var/tmp/diff_new_pack.E19705/_new 2009-06-29 14:26:39.000000000 +0200
@@ -67,6 +67,8 @@
%ifnarch alpha
make check VERBOSE=1
%endif
+
+%install
%else
%install
@@ -103,397 +105,3 @@
%endif
%changelog
-* Tue Jun 16 2009 coolo(a)novell.com
-- split test suit into own package (new policy for bootstrap)
-* Fri May 29 2009 puzel(a)suse.cz
-- update to automake-1.11
- - noteworthy changes:
- - require autoconf-2.62
- - The autoconf version check implemented by aclocal in aclocal.m4
- (and new in Automake 1.10) is degraded to a warning. This helps
- - The automake program can run multiple threads for creating most
- Makefile.in files concurrently in the common case where the Autoconf
- versions used are compatible.
- - Libtool generic flags are now passed to the install and uninstall
- modes as well.
- - distcheck works with Libtool 2.x even when LT_OUTPUT is used, as
- config.lt is removed correctly now.
- - subdir-object mode works now with Fortran (F77, FC, preprocessed
- Fortran, and Ratfor).
- - For files with extension .f90, .f95, .f03, or .f08, the flag
- $(FCFLAGS_f[09]x) computed by AC_FC_SRCEXT is now used in compile rules.
- - Files with extension .sx are also treated as preprocessed assembler.
- - The default source file extension (.c) can be overridden with
- AM_DEFAULT_SOURCE_EXT now.
- - Python 3.0 is supported now, Python releases prior to 2.0 are no
- longer supported.
- - AM_PATH_PYTHON honors python's idea about the site directory.
- - "make dist" can now create xz-compressed tarballs,
- as well as (deprecated?) lzma-compressed tarballs.
- - `automake --add-missing' will by default install the GPLv3 file as
- COPYING if it is missing.
- - for full changelog please see /usr/share/doc/packages/automake/NEWS
-- remove automake-fix_check10.patch (fixed upstream)
-- add automake-11.1-skip-specflg10-without-g++.patch (from upstream git)
-* Thu Apr 30 2009 pth(a)suse.de
-- Add upstream post 1.10.2 patch to fix the failing check10.test.
-* Wed Apr 29 2009 pth(a)suse.de
-- Rediff to sync the patches (automake-require_file.patch was off
- by ~ 500 lines). Update the reference to bugzilla for this patch.
-* Wed Mar 11 2009 pth(a)suse.de
-- Update to 1.10.2:
- * Rebuild rules now also work for a removed `subdir/Makefile.in' in
- an otherwise up to date tree.
- * Work around AIX sh quoting issue in AC_PROG_CC_C_O, leading to
- unnecessary use of the `compile' script.
- * `config.status --file=Makefile depfiles' now also works with the
- extra quoting used internally by Autoconf 2.62 and newer
- (it used to work only without the `--file=' bit).
- * distcheck works with Libtool 2.x even when LT_OUTPUT is used, as
- config.lt is removed correctly now.
- * The manual is now distributed under the terms of the GNU FDL 1.3.
- * When `automake --add-missing' causes the COPYING file to be installed,
- it will also warn that the license file should be added to source
- control.
-- Add bison again.
-- Pass docdir on to configure.
-- Add a rpmlintrc file
-* Wed Mar 04 2009 pth(a)suse.de
-- Prefix patches with package name.
-* Mon Jan 28 2008 schwab(a)suse.de
-- Revert last change.
-* Sat Jan 26 2008 aj(a)suse.de
-- Add bison as buildrequirs for the testsuite.
-* Tue Jan 22 2008 schwab(a)suse.de
-- Update to automake 1.10.1.
- * Automake development is done in a git repository on Savannah now, see
- http://git.sv.gnu.org/gitweb/?p=automake.git
- A read-only CVS mirror is provided at
- cvs -d :pserver:anonymous@pserver.git.sv.gnu.org:/automake.git \
- checkout -d automake HEAD
- * "make dist" can now create lzma-compressed tarballs.
- * `automake --add-missing' will by default install the GPLv3 file as
- COPYING if it is missing. Note that Automake will never overwrite
- an existing COPYING file, even when the `--force-missing' option is
- used. Further note that Automake 1.10.1 is still licensed under GPLv2+.
- * Libtool generic flags are now passed to the install and uninstall
- modes as well.
- * Files with extension .sx are also treated as preprocessed assembler.
- * install-sh now has an BSD-like option `-C' to preserve modification
- times of unchanged files upon installation.
- * Fix aix dependency tracking for libtool objects.
- * The signal handling of aclocal has been improved.
- * Targets beginning with a digit are now recognized correctly.
- * All directories `.libs'/`_libs' used by libtool are cleaned now,
- not only those in which libraries are built.
- * Fix output of dummy dependency files in presence of post-processed
- Makefile.in's again, but also cope with long lines.
- * $(EXEEXT) is automatically appended to filenames of XFAIL_TESTS
- that have been declared as programs in the same Makefile.
- This is for consistency with the analogous change to TESTS in 1.10.
- * The autoconf version check implemented by aclocal in aclocal.m4
- (and new in Automake 1.10) is degraded to a warning. This helps
- in the common case where the Autoconf versions used are compatible.
- * Fix order of standard includes to again be `-I. -I$(srcdir)',
- followed by directories containing config headers.
-* Fri Nov 23 2007 schwab(a)suse.de
-- Fix last change.
-* Tue Nov 13 2007 dmueller(a)suse.de
-- require the autoconf version it was build against
-* Thu Oct 11 2007 schwab(a)suse.de
-- Add lzma support.
-* Mon Jan 29 2007 sbrabec(a)suse.cz
-- Removed references to /opt/gnome.
-* Sun Oct 15 2006 schwab(a)suse.de
-- Update to automake 1.10.
- * Version requirements:
- - Autoconf 2.60 or greater is required.
- - Perl 5.6 or greater is required.
- * Changes to aclocal:
- - aclocal now also supports -Wmumble and -Wno-mumble options.
- - `dirlist' entries (for the aclocal search path) may use shell
- wildcards such as `*', `?', or `[...]'.
- - aclocal supports an --install option that will cause system-wide
- third-party macros to be installed in the local directory
- specified with the first -I flag. This option also uses #serial
- lines in M4 files to upgrade local macros.
- The new aclocal options --dry-run and --diff help to review changes
- before they are installed.
- - aclocal now outputs an autoconf version check in aclocal.m4 in
- projects using automake.
- For a few years, automake and aclocal have been calling autoconf
- (or its underlying engine autom4te) to accurately retrieve the
- data they need from configure.ac and its siblings. Doing so can
- only work if all autotools use the same version of autoconf. For
- instance a Makefile.in generated by automake for one version of
- autoconf may stop working if configure is regenerated with another
- version of autoconf, and vice versa.
- This new version check ensures that the whole build system has
- been generated using the same autoconf version.
- * Support for new Autoconf macros:
- - The new AC_REQUIRE_AUX_FILE Autoconf macro is supported.
- - If `subdir-objects' is set, and AC_CONFIG_LIBOBJ_DIR is specified,
- $(LIBOBJS), $(LTLIBOBJS), $(ALLOCA), and $(LTALLOCA) can be used
- in different directories. However, only one instance of such a
- library objects directory is supported.
- * Change to Libtool support:
- - Libtool generic flags (those that go before the --mode=MODE option)
- can be specified using AM_LIBTOOLFLAGS and target_LIBTOOLFLAGS.
- * Yacc and Lex changes:
- - The rebuild rules for distributed Yacc and Lex output will avoid
- overwriting existing files if AM_MAINTAINER_MODE and maintainer-mode
- is not enabled.
- - ylwrap is now always used for lex and yacc source files,
- regardless of whether there is more than one source per directory.
- * Languages changes:
- - Preprocessed assembler (*.S) compilation now honors CPPFLAGS,
- AM_CPPFLAGS and per-target _CPPFLAGS, and supports dependency
- tracking, unlike non-preprocessed assembler (*.s).
- - subdir-object mode works now with Assembler. Automake assumes
- that the compiler understands `-c -o'.
- - Preprocessed assembler (*.S) compilation now also honors
- $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES).
- - Improved support for Objective C:
- - Autoconf's new AC_PROG_OBJC will enable automatic dependency tracking.
- - A new section of the manual documents the support.
- - New support for Unified Parallel C:
- - AM_PROG_UPC looks for a UPC compiler.
- - A new section of the manual documents the support.
- - Per-target flags are now correctly handled in link rules.
- For instance maude_CFLAGS correctly overrides AM_CFLAGS; likewise
- for maude_LDFLAGS and AM_LDFLAGS. Previous versions bogusly
- preferred AM_CFLAGS over maude_CFLAGS while linking, and they
- used both AM_LDFLAGS and maude_LDFLAGS on the same link command.
- The fix for compiler flags (i.e., using maude_CFLAGS instead of
- AM_CFLAGS) should not hurt any package since that is how _CFLAGS
- is expected to work (and actually works during compilation).
- However using maude_LDFLAGS "instead of" AM_LDFLAGS rather than
- "in addition to" breaks backward compatibility with older versions.
- If your package used both variables, as in
- AM_LDFLAGS = common flags
- bin_PROGRAMS = a b c
- a_LDFLAGS = more flags
- ...
- and assumed *_LDFLAGS would sum up, you should rewrite it as
- AM_LDFLAGS = common flags
- bin_PROGRAMS = a b c
- a_LDFLAGS = $(AM_LDFLAGS) more flags
- ...
- This new behavior of *_LDFLAGS is more coherent with other
- per-target variables, and the way *_LDFLAGS variables were
- considered internally.
- * New installation targets:
- - New targets mandated by GNU Coding Standards:
- install-dvi
- install-html
- install-ps
- install-pdf
- By default they will only install Texinfo manuals.
- You can customize them with *-local variants:
- install-dvi-local
- install-html-local
- install-ps-local
- install-pdf-local
- - The undocumented recursive target `uninstall-info' no longer exists.
- (`uninstall' is in charge of removing all possible documentation
- flavors, including optional formats such as dvi, ps, or info even
- when `no-installinfo' is used.)
- * Miscellaneous changes:
- - Automake no longer complains if input files for AC_CONFIG_FILES
- are specified using shell variables.
- - clean, distribution, or rebuild rules are normally disabled for
- inputs and outputs of AC_CONFIG_FILES, AC_CONFIG_HEADERS, and
- AC_CONFIG_LINK specified using shell variables. However, if these
- variables are used as ${VAR}, and AC_SUBSTed, then Automake will
- be able to output rules anyway.
- (See the Automake documentation for AC_CONFIG_FILES.)
- - $(EXEEXT) is automatically appended to filenames of TESTS
- that have been declared as programs in the same Makefile.
- This is mostly useful when some check_PROGRAMS are listed in TESTS.
- - `-Wportability' has finally been turned on by default for `gnu' and
- `gnits' strictness. This means, automake will complain about %%-rules
- or $(GNU Make functions) unless you switch to `foreign' strictness or
- use `-Wno-portability'.
- - Automake now uses AC_PROG_MKDIR_P (new in Autoconf 2.60), and uses
- $(MKDIR_P) instead of $(mkdir_p) to create directories. The
- $(mkdir_p) variable is still defined (to the same value as
- $(MKDIR_P)) but should be considered obsolete. If you are using
- $(mkdir_p) in some of your rules, please plan to update them to
- $(MKDIR_P) at some point.
- - AM_C_PROTOTYPES and ansi2knr are now documented as being obsolete.
- They still work in this release, but may be withdrawn in a future one.
- - Inline compilation rules for gcc3-style dependency tracking are
- more readable.
- - Automake installs a "Hello World!" example package in $(docdir).
- This example is used throughout the new "Autotools Introduction"
- chapter of the manual.
-* Mon Aug 21 2006 sbrabec(a)suse.cz
-- Removed dirlist.d support, use hardwired path instead.
-* Mon Jul 31 2006 schwab(a)suse.de
-- Remove obsolete patch.
-* Mon May 15 2006 schwab(a)suse.de
-- Import latest versions of config.{guess,sub}.
-* Wed Jan 25 2006 mls(a)suse.de
-- converted neededforbuild to BuildRequires
-* Mon Jul 11 2005 schwab(a)suse.de
-- Update to automake 1.9.6.
-* Sun May 08 2005 schwab(a)suse.de
-- Some architectures can't keep up the pace.
-* Sat May 07 2005 matz(a)suse.de
-- Split away an automake-check package, which does the make check.
-* Sun Feb 13 2005 schwab(a)suse.de
-- Update to automake 1.9.5.
-* Fri Jan 14 2005 schwab(a)suse.de
-- Fix require_file_internal to handle file names with directories
- (bnc#64822).
-* Wed Jan 12 2005 schwab(a)suse.de
-- Update to automake 1.9.4.
-* Thu Nov 25 2004 ro(a)suse.de
-- incremental fix for py-compile
-* Fri Nov 19 2004 schwab(a)suse.de
-- Fix py-compile to avoid putting $(DESTDIR) in the output.
-* Tue Nov 02 2004 schwab(a)suse.de
-- Update to automake 1.9.3.
-* Fri Oct 08 2004 schwab(a)suse.de
-- Update to automake 1.9.2.
-* Mon Aug 30 2004 schwab(a)suse.de
-- Fix $PATH_PATTERN.
-* Tue Aug 17 2004 schwab(a)suse.de
-- Fix handling of subdir-objects.
-* Thu Aug 12 2004 schwab(a)suse.de
-- Update to automake 1.9.1.
-* Thu Jul 29 2004 schwab(a)suse.de
-- Update to automake 1.9.
-* Mon Jul 19 2004 schwab(a)suse.de
-- Fix quoting.
-* Sat Jul 17 2004 schwab(a)suse.de
-- Update to automake 1.8d (1.9 release candidate).
-* Mon May 17 2004 schwab(a)suse.de
-- Update to automake 1.8.5.
-* Tue May 04 2004 schwab(a)suse.de
-- Update to automake 1.8.4.
-* Sun Mar 07 2004 schwab(a)suse.de
-- Update to automake 1.8.3.
-* Sat Jan 17 2004 schwab(a)suse.de
-- Fix race condition in testsuite.
-* Tue Jan 13 2004 schwab(a)suse.de
-- Update to automake 1.8.2.
-* Mon Jan 12 2004 schwab(a)suse.de
-- Update to automake 1.8.1.
-* Thu Jan 08 2004 schwab(a)suse.de
-- Fix use of undefined value.
-* Thu Dec 11 2003 schwab(a)suse.de
-- Update to automake 1.8.
-* Mon Nov 10 2003 schwab(a)suse.de
-- Update to automake 1.7.9.
-* Tue Oct 07 2003 schwab(a)suse.de
-- Update to automake 1.7.8.
-* Mon Sep 08 2003 schwab(a)suse.de
-- Update to automake 1.7.7.
-* Wed Jul 16 2003 sbrabec(a)suse.cz
-- Added support for /usr/share/aclocal/dirlist.
-* Fri Jul 11 2003 schwab(a)suse.de
-- Update to automake 1.7.6.
-* Tue Jun 10 2003 schwab(a)suse.de
-- Update to automake 1.7.5.
-* Mon May 12 2003 schwab(a)suse.de
-- Add %%defattr.
-* Fri Apr 25 2003 schwab(a)suse.de
-- Update to automake 1.7.3.
-* Thu Apr 24 2003 ro(a)suse.de
-- fix install_info --delete call and move from preun to postun
-* Mon Apr 07 2003 schwab(a)suse.de
-- Only delete info entries when removing last version.
-* Thu Feb 06 2003 schwab(a)suse.de
-- Use %%install_info.
-* Mon Jan 20 2003 schwab(a)suse.de
-- Fix python macros properly.
-* Fri Dec 06 2002 schwab(a)suse.de
-- Update to automake 1.7.2.
- * Many bug fixes.
-* Thu Nov 21 2002 schwab(a)suse.de
-- Fix ansi2knr option.
-* Mon Nov 18 2002 ro(a)suse.de
-- use /.buildenv like /etc/SuSE-release
-* Fri Sep 27 2002 schwab(a)suse.de
-- Update to automake 1.7.
-* Tue Sep 17 2002 ro(a)suse.de
-- removed bogus self-provides
-* Mon Aug 05 2002 schwab(a)suse.de
-- Update to automake 1.6.3.
- * Support for AM_INIT_GETTEXT([external])
- * Bug fixes
-* Thu Jun 20 2002 schwab(a)suse.de
-- Fix python macros for lib64.
-* Sat Jun 15 2002 schwab(a)suse.de
-- Update to automake 1.6.2.
- * Bug fix release.
-* Fri Apr 12 2002 schwab(a)suse.de
-- Update to automake 1.6.1.
-* Fri Mar 29 2002 schwab(a)suse.de
-- Fix typo check.
-- Disable libtool vs. normal check.
-- Make dependency generation work with KDE.
-* Mon Mar 11 2002 schwab(a)suse.de
-- Add versioned links to automake and aclocal.
-* Thu Mar 07 2002 schwab(a)suse.de
-- Update to automake 1.6.
-* Wed Jan 23 2002 schwab(a)suse.de
-- Fix nonportable test option in config.guess.
-* Sun Dec 16 2001 adrian(a)suse.de
-- fix config.guess to recognize SGI mips systems as big endian systems
-- bzip2 sources
-* Mon Aug 27 2001 schwab(a)suse.de
-- Update to automake 1.5.
-* Thu Aug 09 2001 ro(a)suse.de
-- fixed problem when installing lisp files
-* Thu Jul 19 2001 schwab(a)suse.de
-- Update to automake 1.4-p5.
-* Tue Jun 12 2001 olh(a)suse.de
-- recognize ppc64
-* Tue Jun 12 2001 olh(a)suse.de
-- fix typo in automake-1.4-SuSE.patch
-* Mon Jun 11 2001 schwab(a)suse.de
-- Recognize AC_PROG_LIBTOOL as well as AM_PROG_LIBTOOL.
-* Mon Jun 11 2001 schwab(a)suse.de
-- Update to automake 1.4-p4.
-* Sat May 26 2001 schwab(a)suse.de
-- Update to automake 1.4-p2.
-* Wed May 09 2001 schwab(a)suse.de
-- Update to automake 1.4-p1.
-* Fri May 04 2001 schwab(a)suse.de
-- Fix automake script for libtool 1.4.
-* Fri Mar 30 2001 schwab(a)suse.de
-- config.sub: don't try to fill missing parts by looking at the host
- system.
-* Thu Feb 15 2001 schwab(a)suse.de
-- Update config.{guess,sub} to latest version.
-* Wed Sep 13 2000 schwab(a)suse.de
-- Add bzip2 patch from kkaempf(a)suse.de.
-* Mon Aug 21 2000 werner(a)suse.de
-- Use vendor within config.sub even for s390
-* Mon May 01 2000 kukuk(a)suse.de
-- Use mandir und infodir macro
-* Thu Mar 30 2000 bk(a)suse.de
-- updated config.guess and config.sub for s390
-* Wed Mar 01 2000 werner(a)suse.de
-- Add arm/ppc patch from teTeX sources
-- Make VENDOR=suse if /etc/SuSE-release exists, remove `-gnu', and
- use $VERNDOR for all Linux architectures.
-* Tue Feb 15 2000 schwab(a)suse.de
-- Update config.{guess,sub} to latest version.
-* Thu Jan 20 2000 kukuk(a)suse.de
-- Move /usr/{info,man} -> /usr/share/{info,man}
-* Mon Sep 13 1999 bs(a)suse.de
-- ran old prepare_spec on spec file to switch to new prepare_spec.
-* Thu Aug 26 1999 kukuk(a)suse.de
-- Add automake.1, aclocal.1 and other documentation
-- Add make check to build section
-* Fri Feb 26 1999 florian(a)suse.de
-- update to 1.4
-* Fri Jun 19 1998 ro(a)suse.de
-- update to 1.3 using dif from jurix
-* Wed Jun 25 1997 florian(a)suse.de
-- update to version 1.2
-* Thu Jan 02 1997 florian(a)suse.de
- new version 1.0
automake-testsuite.spec: same change
++++++ pre_checkin.sh ++++++
--- /var/tmp/diff_new_pack.E19705/_old 2009-06-29 14:26:40.000000000 +0200
+++ /var/tmp/diff_new_pack.E19705/_new 2009-06-29 14:26:40.000000000 +0200
@@ -1,4 +1,4 @@
#!/bin/bash
# This script is called automatically during autobuild checkin.
-sed -e "s,^Name:.*automake,Name: automake-testsuite," automake.spec > automake-testsuite.spec
+sed -e "s,^\(Name:.*automake\),\1-testsuite," automake.spec > automake-testsuite.spec
cp automake.changes automake-testsuite.changes
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package libselinux for openSUSE:Factory
checked in at Mon Jun 29 14:18:48 CEST 2009.
--------
--- libselinux/libselinux-bindings.changes 2009-04-17 17:13:15.000000000 +0200
+++ libselinux/libselinux-bindings.changes 2009-05-27 14:11:26.000000000 +0200
@@ -1,0 +2,11 @@
+Wed May 27 14:06:14 CEST 2009 - prusnak(a)suse.cz
+
+- updated to 2.0.80
+ * deny_unknown wrapper function from KaiGai Kohei
+ * security_compute_av_flags API from KaiGai Kohei
+ * Netlink socket management and callbacks from KaiGai Kohei
+ * Netlink socket handoff patch from Adam Jackson
+ * AVC caching of compute_create results by Eric Paris
+ * fix incorrect conversion in discover_class code
+
+-------------------------------------------------------------------
--- libselinux/libselinux.changes 2009-04-17 17:13:15.000000000 +0200
+++ libselinux/libselinux.changes 2009-06-09 20:19:42.000000000 +0200
@@ -1,0 +2,17 @@
+Tue Jun 9 20:17:54 CEST 2009 - crrodriguez(a)suse.de
+
+- remove static libraries
+- libselinux-devel does not require libsepol-devel
+
+-------------------------------------------------------------------
+Wed May 27 14:06:14 CEST 2009 - prusnak(a)suse.cz
+
+- updated to 2.0.80
+ * deny_unknown wrapper function from KaiGai Kohei
+ * security_compute_av_flags API from KaiGai Kohei
+ * Netlink socket management and callbacks from KaiGai Kohei
+ * Netlink socket handoff patch from Adam Jackson
+ * AVC caching of compute_create results by Eric Paris
+ * fix incorrect conversion in discover_class code
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
libselinux-2.0.77-memleak.patch
libselinux-2.0.77-rhat.patch.bz2
libselinux-2.0.77.tar.bz2
New:
----
libselinux-2.0.80-rhat.patch.bz2
libselinux-2.0.80.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libselinux-bindings.spec ++++++
--- /var/tmp/diff_new_pack.QC7003/_old 2009-06-29 14:15:25.000000000 +0200
+++ /var/tmp/diff_new_pack.QC7003/_new 2009-06-29 14:15:25.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package libselinux-bindings (Version 2.0.77)
+# spec file for package libselinux-bindings (Version 2.0.80)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -22,15 +22,14 @@
BuildRequires: libsepol-devel >= %{libsepol_ver}
Name: libselinux-bindings
-Version: 2.0.77
-Release: 2
+Version: 2.0.80
+Release: 1
Url: http://www.nsa.gov/selinux/
-License: GPL v2 only; Public Domain, Freeware
+License: GPL v2 only ; Public Domain, Freeware
Group: System/Libraries
Summary: SELinux library and simple utilities
Source: libselinux-%{version}.tar.bz2
Patch0: libselinux-%{version}-rhat.patch.bz2
-Patch1: libselinux-%{version}-memleak.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define debug_package_requires python-selinux = %{version}-%{release}
@@ -102,7 +101,6 @@
%prep
%setup -q -n libselinux-%{version}
%patch0 -p1
-%patch1
%build
make %{?jobs:-j%jobs} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src
@@ -129,42 +127,3 @@
%{_libdir}/ruby/site_ruby/%{rb_ver}/%{rb_arch}/selinux.so
%changelog
-* Fri Apr 17 2009 prusnak(a)suse.cz
-- fixed memory leak (memleak.patch)
-* Wed Jan 14 2009 prusnak(a)suse.cz
-- updated to 2.0.77
- * add new function getseuser which will take username and service
- and return seuser and level; ipa will populate file in future
- * change selinuxdefcon to return just the context by default
- * fix segfault if seusers file does not work
- * strip trailing / for matchpathcon
- * fix restorecon python code
-* Mon Dec 01 2008 prusnak(a)suse.cz
-- updated to 2.0.76
- * allow shell-style wildcarding in X names
- * add Restorecon/Install python functions
- * correct message types in AVC log messages
- * make matchpathcon -V pass mode
- * add man page for selinux_file_context_cmp
- * update flask headers from refpolicy trunk
-* Wed Oct 22 2008 mrueckert(a)suse.de
-- fix debug_packages_requires define
-* Tue Sep 23 2008 prusnak(a)suse.cz
-- require only version, not release [bnc#429053]
-* Tue Sep 02 2008 prusnak(a)suse.cz
-- updated to 2.0.71
- * Add group support to seusers using %%groupname syntax from Dan Walsh.
- * Mark setrans socket close-on-exec from Stephen Smalley.
- * Only apply nodups checking to base file contexts from Stephen Smalley.
- * Merge ruby bindings from Dan Walsh.
-* Mon Sep 01 2008 aj(a)suse.de
-- Fix build of debuginfo.
-* Fri Aug 22 2008 prusnak(a)suse.cz
-- added baselibs.conf file
-- split bindings into separate subpackage (libselinux-bindings)
-- split tools into separate subpackage (selinux-tools)
-* Fri Aug 01 2008 ro(a)suse.de
-- fix requires for debuginfo package
-* Tue Jul 15 2008 prusnak(a)suse.cz
-- initial version 2.0.67
- * based on Fedora package by Dan Walsh <dwalsh(a)redhat.com>
++++++ libselinux.spec ++++++
--- /var/tmp/diff_new_pack.QC7003/_old 2009-06-29 14:15:25.000000000 +0200
+++ /var/tmp/diff_new_pack.QC7003/_new 2009-06-29 14:15:25.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package libselinux (Version 2.0.77)
+# spec file for package libselinux (Version 2.0.80)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -21,15 +21,14 @@
BuildRequires: libsepol-devel >= %{libsepol_ver}
Name: libselinux
-Version: 2.0.77
-Release: 2
+Version: 2.0.80
+Release: 1
Url: http://www.nsa.gov/selinux/
-License: GPL v2 only; Public Domain, Freeware
+License: GPL v2 only ; Public Domain, Freeware
Group: System/Libraries
Summary: SELinux library and simple utilities
Source: %{name}-%{version}.tar.bz2
Patch0: %{name}-%{version}-rhat.patch.bz2
-Patch1: %{name}-%{version}-memleak.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define debug_package_requires libselinux1 = %{version}-%{release}
@@ -51,7 +50,7 @@
%package -n libselinux1
-License: GPL v2 only; Public Domain, Freeware
+License: GPL v2 only ; Public Domain, Freeware
Group: System/Libraries
Summary: SELinux library and simple utilities
@@ -73,7 +72,7 @@
%package -n selinux-tools
-License: GPL v2 only; Public Domain, Freeware
+License: GPL v2 only ; Public Domain, Freeware
Group: System/Base
Summary: SELinux library and simple utilities
@@ -95,11 +94,10 @@
%package devel
-License: GPL v2 only; Public Domain, Freeware
+License: GPL v2 only ; Public Domain, Freeware
Summary: Development Include Files and Libraries for SELinux
Group: Development/Libraries/C and C++
-Requires: libselinux1 = %{version}
-Requires: libsepol-devel >= %{libsepol_ver}
+Requires: libselinux1 = %{version} glibc-devel
%description devel
Security-enhanced Linux is a patch of the Linux(R) kernel and a number
@@ -120,7 +118,6 @@
%prep
%setup -q
%patch0 -p1
-%patch1
%build
make %{?jobs:-j%jobs} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS"
@@ -147,6 +144,7 @@
rm -f $RPM_BUILD_ROOT%{_sbindir}/selinux_check_securetty_context
mv $RPM_BUILD_ROOT%{_sbindir}/getdefaultcon $RPM_BUILD_ROOT%{_sbindir}/selinuxdefcon
mv $RPM_BUILD_ROOT%{_sbindir}/getconlist $RPM_BUILD_ROOT%{_sbindir}/selinuxconlist
+rm -f %{buildroot}%{_libdir}/*.a
%clean
rm -rf $RPM_BUILD_ROOT
@@ -178,48 +176,8 @@
%files devel
%defattr(-,root,root,-)
%{_libdir}/libselinux.so
-%{_libdir}/libselinux.a
%dir %{_includedir}/selinux
%{_includedir}/selinux/*
%{_mandir}/man3/*
%changelog
-* Fri Apr 17 2009 prusnak(a)suse.cz
-- fixed memory leak (memleak.patch)
-* Wed Jan 14 2009 prusnak(a)suse.cz
-- updated to 2.0.77
- * add new function getseuser which will take username and service
- and return seuser and level; ipa will populate file in future
- * change selinuxdefcon to return just the context by default
- * fix segfault if seusers file does not work
- * strip trailing / for matchpathcon
- * fix restorecon python code
-* Mon Dec 01 2008 prusnak(a)suse.cz
-- updated to 2.0.76
- * allow shell-style wildcarding in X names
- * add Restorecon/Install python functions
- * correct message types in AVC log messages
- * make matchpathcon -V pass mode
- * add man page for selinux_file_context_cmp
- * update flask headers from refpolicy trunk
-* Wed Oct 22 2008 mrueckert(a)suse.de
-- fix debug_packages_requires define
-* Tue Sep 23 2008 prusnak(a)suse.cz
-- require only version, not release [bnc#429053]
-* Tue Sep 02 2008 prusnak(a)suse.cz
-- updated to 2.0.71
- * Add group support to seusers using %%groupname syntax from Dan Walsh.
- * Mark setrans socket close-on-exec from Stephen Smalley.
- * Only apply nodups checking to base file contexts from Stephen Smalley.
- * Merge ruby bindings from Dan Walsh.
-* Mon Sep 01 2008 aj(a)suse.de
-- Fix build of debuginfo.
-* Fri Aug 22 2008 prusnak(a)suse.cz
-- added baselibs.conf file
-- split bindings into separate subpackage (libselinux-bindings)
-- split tools into separate subpackage (selinux-tools)
-* Fri Aug 01 2008 ro(a)suse.de
-- fix requires for debuginfo package
-* Tue Jul 15 2008 prusnak(a)suse.cz
-- initial version 2.0.67
- * based on Fedora package by Dan Walsh <dwalsh(a)redhat.com>
++++++ libselinux-2.0.77-rhat.patch.bz2 -> libselinux-2.0.80-rhat.patch.bz2 ++++++
Files libselinux/libselinux-2.0.77-rhat.patch.bz2 and libselinux/libselinux-2.0.80-rhat.patch.bz2 differ
++++++ libselinux-2.0.77.tar.bz2 -> libselinux-2.0.80.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/ChangeLog new/libselinux-2.0.80/ChangeLog
--- old/libselinux-2.0.77/ChangeLog 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/ChangeLog 2009-04-08 15:06:24.000000000 +0200
@@ -1,3 +1,18 @@
+2.0.80 2009-04-07
+ * deny_unknown wrapper function from KaiGai Kohei.
+ * security_compute_av_flags API from KaiGai Kohei.
+ * Netlink socket management and callbacks from KaiGai Kohei.
+
+2.0.79 2009-03-11
+ * Netlink socket handoff patch from Adam Jackson.
+ * AVC caching of compute_create results by Eric Paris.
+
+2.0.78 2009-02-27
+ * Fix incorrect conversion in discover_class code.
+
+2.0.77 2009-01-12
+ * add restorecon to python bindings from Dan Walsh.
+
2.0.76 2009-01-08
* Client support for translating raw contexts to colors via setrans.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/include/selinux/avc.h new/libselinux-2.0.80/include/selinux/avc.h
--- old/libselinux-2.0.77/include/selinux/avc.h 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/include/selinux/avc.h 2009-04-08 15:06:24.000000000 +0200
@@ -427,6 +427,44 @@
*/
void avc_sid_stats(void);
+/**
+ * avc_netlink_open - Create a netlink socket and connect to the kernel.
+ */
+int avc_netlink_open(int blocking);
+
+/**
+ * avc_netlink_loop - Wait for netlink messages from the kernel
+ */
+void avc_netlink_loop(void);
+
+/**
+ * avc_netlink_close - Close the netlink socket
+ */
+void avc_netlink_close(void);
+
+/**
+ * avc_netlink_acquire_fd - Acquire netlink socket fd.
+ *
+ * Allows the application to manage messages from the netlink socket in
+ * its own main loop.
+ */
+int avc_netlink_acquire_fd(void);
+
+/**
+ * avc_netlink_release_fd - Release netlink socket fd.
+ *
+ * Returns ownership of the netlink socket to the library.
+ */
+void avc_netlink_release_fd(void);
+
+/**
+ * avc_netlink_check_nb - Check netlink socket for new messages.
+ *
+ * Called by the application when using avc_netlink_acquire_fd() to
+ * process kernel netlink events.
+ */
+int avc_netlink_check_nb(void);
+
#ifdef __cplusplus
}
#endif
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/include/selinux/selinux.h new/libselinux-2.0.80/include/selinux/selinux.h
--- old/libselinux-2.0.77/include/selinux/selinux.h 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/include/selinux/selinux.h 2009-04-08 15:06:24.000000000 +0200
@@ -130,8 +130,12 @@
access_vector_t auditallow;
access_vector_t auditdeny;
unsigned int seqno;
+ unsigned int flags;
};
+/* Definitions of av_decision.flags */
+#define SELINUX_AVD_FLAGS_PERMISSIVE 0x0001
+
/* Structure for passing options, used by AVC and label subsystems */
struct selinux_opt {
int type;
@@ -153,11 +157,17 @@
char *msgbuf, size_t msgbufsize);
/* validate the supplied context, modifying if necessary */
int (*func_validate) (security_context_t *ctx);
+ /* netlink callback for setenforce message */
+ int (*func_setenforce) (int enforcing);
+ /* netlink callback for policyload message */
+ int (*func_policyload) (int seqno);
};
#define SELINUX_CB_LOG 0
#define SELINUX_CB_AUDIT 1
#define SELINUX_CB_VALIDATE 2
+#define SELINUX_CB_SETENFORCE 3
+#define SELINUX_CB_POLICYLOAD 4
extern union selinux_callback selinux_get_callback(int type);
extern void selinux_set_callback(int type, union selinux_callback cb);
@@ -180,6 +190,17 @@
access_vector_t requested,
struct av_decision *avd);
+extern int security_compute_av_flags(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd);
+extern int security_compute_av_flags_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd);
+
/* Compute a labeling decision and set *newcon to refer to it.
Caller must free via freecon. */
extern int security_compute_create(security_context_t scon,
@@ -295,6 +316,9 @@
/* Set the enforce flag value. */
extern int security_setenforce(int value);
+/* Get the behavior for undefined classes/permissions */
+extern int security_deny_unknown(void);
+
/* Disable SELinux at runtime (must be done prior to initial policy load). */
extern int security_disable(void);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/avc_netlink_acquire_fd.3 new/libselinux-2.0.80/man/man3/avc_netlink_acquire_fd.3
--- old/libselinux-2.0.77/man/man3/avc_netlink_acquire_fd.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/avc_netlink_acquire_fd.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1 @@
+.so man3/avc_netlink_loop.3
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/avc_netlink_check_nb.3 new/libselinux-2.0.80/man/man3/avc_netlink_check_nb.3
--- old/libselinux-2.0.77/man/man3/avc_netlink_check_nb.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/avc_netlink_check_nb.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1 @@
+.so man3/avc_netlink_loop.3
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/avc_netlink_close.3 new/libselinux-2.0.80/man/man3/avc_netlink_close.3
--- old/libselinux-2.0.77/man/man3/avc_netlink_close.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/avc_netlink_close.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1 @@
+.so man3/avc_netlink_loop.3
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/avc_netlink_loop.3 new/libselinux-2.0.80/man/man3/avc_netlink_loop.3
--- old/libselinux-2.0.77/man/man3/avc_netlink_loop.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/avc_netlink_loop.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1,88 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: KaiGai Kohei (kaigai(a)ak.jp.nec.com) 2009
+.TH "avc_netlink_loop" "3" "30 Mar 2009" "" "SELinux API documentation"
+.SH "NAME"
+avc_netlink_open, avc_netlink_close, avc_netlink_acquire_fd,
+avc_netlink_release_fd, avc_netlink_check_nb, avc_netlink_loop \- SELinux
+netlink processing.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "int avc_netlink_open(int " blocking ");"
+.sp
+.BI "void avc_netlink_close(void);"
+.sp
+.BI "int avc_netlink_acquire_fd(void);"
+.sp
+.BI "void avc_netlink_release_fd(void);"
+.sp
+.BI "void avc_netlink_loop(void);"
+.sp
+.BI "int avc_netlink_check_nb(void);"
+.sp
+.SH "DESCRIPTION"
+These functions enable applications to handle notification of SELinux events
+via netlink. The userspace AVC normally checks for netlink messages on each
+call to
+.BR avc_has_perm (3).
+Applications may wish to override this behavior and check for notification
+separately, for example in a
+.BR select (2)
+loop. These functions also permit netlink monitoring without requiring a
+call to
+.BR avc_open (3).
+
+.B avc_netlink_open
+opens a netlink socket to receive SELinux notifications. The socket
+descriptor is stored internally; use
+.BR avc_netlink_acquire_fd (3)
+to take ownership of it in application code. The
+.I blocking
+argument specifies whether read operations on the socket will block.
+.BR avc_open (3)
+calls this function internally, specifying non-blocking behavior (unless
+threading callbacks were explicitly set using the deprecated
+.BR avc_init (3)
+interface, in which case blocking behavior is set).
+
+.B avc_netlink_close
+closes the netlink socket. This function is called automatically by
+.BR avc_destroy (3).
+
+.B avc_netlink_acquire_fd
+returns the netlink socket descriptor number and informs the userspace AVC
+not to check the socket descriptor automatically on calls to
+.BR avc_has_perm (3).
+
+.B avc_netlink_release_fd
+returns control of the netlink socket to the userspace AVC, re-enabling
+automatic processing of notifications.
+
+.B avc_netlink_check_nb
+checks the netlink socket for pending messages and processes them.
+Callbacks for policyload and enforcing changes will be called;
+see
+.BR selinux_set_callback (3).
+This function does not block unless
+.BR avc_netlink_open (3)
+specified blocking behavior.
+
+.B avc_netlink_loop
+enters a loop blocking on the netlink socket and processing messages as they
+are received. This function will not return unless an error occurs on
+the socket, in which case the socket is closed.
+
+.SH "RETURN VALUE"
+.B avc_netlink_acquire_fd
+returns a non-negative file descriptor number on success. Other functions
+with a return value return zero on success. On error, -1 is returned and
+.I errno
+is set appropriately.
+
+.SH "SEE ALSO"
+.BR avc_open (3),
+.BR selinux_set_callback (3),
+.BR selinux (8)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/avc_netlink_open.3 new/libselinux-2.0.80/man/man3/avc_netlink_open.3
--- old/libselinux-2.0.77/man/man3/avc_netlink_open.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/avc_netlink_open.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1 @@
+.so man3/avc_netlink_loop.3
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/avc_netlink_release_fd.3 new/libselinux-2.0.80/man/man3/avc_netlink_release_fd.3
--- old/libselinux-2.0.77/man/man3/avc_netlink_release_fd.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/avc_netlink_release_fd.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1 @@
+.so man3/avc_netlink_loop.3
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/security_compute_av.3 new/libselinux-2.0.80/man/man3/security_compute_av.3
--- old/libselinux-2.0.77/man/man3/security_compute_av.3 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/security_compute_av.3 2009-04-08 15:06:24.000000000 +0200
@@ -1,6 +1,6 @@
.TH "security_compute_av" "3" "1 January 2004" "russell(a)coker.com.au" "SELinux API documentation"
.SH "NAME"
-security_compute_av, security_compute_create, security_compute_relabel,
+security_compute_av, security_compute_av_flags, security_compute_create, security_compute_relabel,
security_compute_member, security_compute_user, security_get_initial_context \- query
the SELinux policy database in the kernel.
@@ -11,6 +11,8 @@
.sp
.BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
.sp
+.BI "int security_compute_av_flags(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
+.sp
.BI "int security_compute_create(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
.sp
.BI "int security_compute_relabel(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
@@ -34,7 +36,19 @@
.B tclass
with the
.B requested
-access vector. See the cron source for a usage example.
+access vector. The decision is returned in
+.BR avd .
+
+.B security_compute_av_flags
+is identical to
+.B security_compute_av
+but additionally sets the
+.B flags
+field of
+.BR avd .
+Currently one flag is supported:
+.BR SELINUX_AVD_FLAGS_PERMISSIVE ,
+which indicates the decision is computed on a permissive domain.
.B security_compute_create
is used to compute a context to use for labeling a new object in a particular
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/security_compute_av_flags.3 new/libselinux-2.0.80/man/man3/security_compute_av_flags.3
--- old/libselinux-2.0.77/man/man3/security_compute_av_flags.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/security_compute_av_flags.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/security_deny_unknown.3 new/libselinux-2.0.80/man/man3/security_deny_unknown.3
--- old/libselinux-2.0.77/man/man3/security_deny_unknown.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/security_deny_unknown.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1 @@
+.so man3/security_getenforce.3
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/security_getenforce.3 new/libselinux-2.0.80/man/man3/security_getenforce.3
--- old/libselinux-2.0.77/man/man3/security_getenforce.3 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/security_getenforce.3 2009-04-08 15:06:24.000000000 +0200
@@ -1,13 +1,15 @@
.TH "security_getenforce" "3" "1 January 2004" "russell(a)coker.com.au" "SELinux API documentation"
.SH "NAME"
-security_getenforce, security_setenforce \- get or set the enforcing state of SELinux
+security_getenforce, security_setenforce, security_deny_unknown \- get or set the enforcing state of SELinux
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
-.B int security_getenforce();
+.B int security_getenforce(void);
.BI "int security_setenforce(int "value );
+.B int security_deny_unknown(void);
+
.SH "DESCRIPTION"
.B security_getenforce
returns 0 if SELinux is running in permissive mode, 1 if it is running in
@@ -18,6 +20,10 @@
permissive mode if 0 is passed in. On success 0 is returned, on error -1 is
returned.
+.B security_deny_unknown
+returns 0 if SELinux treats policy queries on undefined object classes or
+permissions as being allowed, 1 if such queries are denied, and -1 on error.
+
.SH "SEE ALSO"
.BR selinux "(8)"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/selinux_set_callback.3 new/libselinux-2.0.80/man/man3/selinux_set_callback.3
--- old/libselinux-2.0.77/man/man3/selinux_set_callback.3 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/selinux_set_callback.3 2009-04-08 15:06:24.000000000 +0200
@@ -79,6 +79,28 @@
.B EINVAL
to indicate an invalid context.
+.TP
+.B SELINUX_CB_SETENFORCE
+.BI "int (*" func_setenforce ") (int " enforcing ");"
+
+This callback is invoked when the system enforcing state changes.
+The
+.I enforcing
+argument indicates the new value and is set to
+.I 1
+for enforcing mode, and
+.I 0
+for permissive mode.
+
+.TP
+.B SELINUX_CB_POLICYLOAD
+.BI "int (*" func_policyload ") (int " seqno ");"
+
+This callback is invoked when the system security policy is reloaded.
+The
+.I seqno
+argument is the current sequential number of the policy generation in the system.
+
.SH "RETURN VALUE"
None.
@@ -91,5 +113,6 @@
.SH "SEE ALSO"
.BR selabel_open (3),
.BR avc_init (3),
+.BR avc_netlink_open(3),
.BR selinux (8)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/avc.c new/libselinux-2.0.80/src/avc.c
--- old/libselinux-2.0.77/src/avc.c 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/avc.c 2009-04-08 15:06:24.000000000 +0200
@@ -20,6 +20,7 @@
security_id_t tsid;
security_class_t tclass;
struct av_decision avd;
+ security_id_t create_sid;
int used; /* used recently */
};
@@ -340,6 +341,15 @@
return cur;
}
+static inline void avc_clear_avc_entry(struct avc_entry *ae)
+{
+ ae->ssid = ae->tsid = ae->create_sid = NULL;
+ ae->tclass = 0;
+ ae->avd.allowed = ae->avd.decided = 0;
+ ae->avd.auditallow = ae->avd.auditdeny = 0;
+ ae->used = 0;
+}
+
static inline struct avc_node *avc_claim_node(security_id_t ssid,
security_id_t tsid,
security_class_t tclass)
@@ -361,6 +371,7 @@
}
hvalue = avc_hash(ssid, tsid, tclass);
+ avc_clear_avc_entry(&new->ae);
new->ae.used = 1;
new->ae.ssid = ssid;
new->ae.tsid = tsid;
@@ -498,8 +509,8 @@
* avc_remove - Remove AVC and sidtab entries for SID.
* @sid: security identifier to be removed
*
- * Remove all AVC entries containing @sid as source
- * or target, and remove @sid from the SID table.
+ * Remove all AVC entries containing @sid as source, target, or
+ * create_sid, and remove @sid from the SID table.
* Free the memory allocated for the structure corresponding
* to @sid. After this function has been called, @sid must
* not be used until another call to avc_context_to_sid() has
@@ -514,19 +525,15 @@
cur = avc_cache.slots[i];
prev = NULL;
while (cur) {
- if (sid == cur->ae.ssid || sid == cur->ae.tsid) {
+ if (sid == cur->ae.ssid || sid == cur->ae.tsid ||
+ sid == cur->ae.create_sid) {
if (prev)
prev->next = cur->next;
else
avc_cache.slots[i] = cur->next;
tmp = cur;
cur = cur->next;
- tmp->ae.ssid = tmp->ae.tsid = NULL;
- tmp->ae.tclass = 0;
- tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
- tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny =
- 0;
- tmp->ae.used = 0;
+ avc_clear_avc_entry(&tmp->ae);
tmp->next = avc_node_freelist;
avc_node_freelist = tmp;
avc_cache.active_nodes--;
@@ -570,11 +577,7 @@
while (node) {
tmp = node;
node = node->next;
- tmp->ae.ssid = tmp->ae.tsid = NULL;
- tmp->ae.tclass = 0;
- tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
- tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny = 0;
- tmp->ae.used = 0;
+ avc_clear_avc_entry(&tmp->ae);
tmp->next = avc_node_freelist;
avc_node_freelist = tmp;
avc_cache.active_nodes--;
@@ -812,7 +815,7 @@
access_vector_t denied;
struct avc_entry_ref ref;
- if (!avc_using_threads) {
+ if (!avc_using_threads && !avc_app_main_loop) {
(void)avc_netlink_check_nb();
}
@@ -846,9 +849,9 @@
rc = -1;
goto out;
}
- rc = security_compute_av_raw(ssid->ctx, tsid->ctx,
- tclass, requested,
- &entry.avd);
+ rc = security_compute_av_flags_raw(ssid->ctx, tsid->ctx,
+ tclass, requested,
+ &entry.avd);
if (rc)
goto out;
rc = avc_insert(ssid, tsid, tclass, &entry, aeref);
@@ -864,11 +867,13 @@
denied = requested & ~(ae->avd.allowed);
if (!requested || denied) {
- if (avc_enforcing) {
+ if (!avc_enforcing ||
+ (ae->avd.flags & SELINUX_AVD_FLAGS_PERMISSIVE))
+ ae->avd.allowed |= requested;
+ else {
errno = EACCES;
rc = -1;
- } else
- ae->avd.allowed |= requested;
+ }
}
out:
@@ -882,9 +887,11 @@
security_class_t tclass, access_vector_t requested,
struct avc_entry_ref *aeref, void *auditdata)
{
- struct av_decision avd = { 0, 0, 0, 0, 0 };
+ struct av_decision avd;
int errsave, rc;
+ memset(&avd, 0, sizeof(avd));
+
rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, aeref, &avd);
errsave = errno;
avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
@@ -896,23 +903,55 @@
security_class_t tclass, security_id_t *newsid)
{
int rc;
+ struct avc_entry_ref aeref;
+ struct avc_entry entry;
+ security_context_t ctx;
+
*newsid = NULL;
+ avc_entry_ref_init(&aeref);
+
avc_get_lock(avc_lock);
- if (ssid->refcnt > 0 && tsid->refcnt > 0) {
- security_context_t ctx = NULL;
+ if (ssid->refcnt <= 0 || tsid->refcnt <= 0) {
+ errno = EINVAL; /* bad reference count */
+ rc = -1;
+ goto out;
+ }
+
+ /* check for a cached entry */
+ rc = avc_lookup(ssid, tsid, tclass, 0, &aeref);
+ if (rc) {
+ /* need to make a cache entry for this tuple */
+ rc = security_compute_av_flags_raw(ssid->ctx, tsid->ctx,
+ tclass, 0, &entry.avd);
+ if (rc)
+ goto out;
+ rc = avc_insert(ssid, tsid, tclass, &entry, &aeref);
+ if (rc)
+ goto out;
+ }
+
+ /* check for a saved compute_create value */
+ if (!aeref.ae->create_sid) {
+ /* need to query the kernel policy */
rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass,
&ctx);
if (rc)
goto out;
rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid);
- if (!rc)
- (*newsid)->refcnt++;
freecon(ctx);
+ if (rc)
+ goto out;
+
+ aeref.ae->create_sid = *newsid;
} else {
- errno = EINVAL; /* bad reference count */
- rc = -1;
+ /* found saved value */
+ *newsid = aeref.ae->create_sid;
}
+
+ rc = 0;
out:
+ if (*newsid)
+ (*newsid)->refcnt++;
avc_release_lock(avc_lock);
return rc;
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/avc_internal.c new/libselinux-2.0.80/src/avc_internal.c
--- old/libselinux-2.0.77/src/avc_internal.c 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/avc_internal.c 2009-04-08 15:06:24.000000000 +0200
@@ -19,6 +19,7 @@
#include <sys/socket.h>
#include <linux/types.h>
#include <linux/netlink.h>
+#include "callbacks.h"
#include "selinux_netlink.h"
#include "avc_internal.h"
@@ -34,6 +35,7 @@
void (*avc_func_audit) (void *, security_class_t, char *, size_t) = NULL;
int avc_using_threads = 0;
+int avc_app_main_loop = 0;
void *(*avc_func_create_thread) (void (*)(void)) = NULL;
void (*avc_func_stop_thread) (void *) = NULL;
@@ -167,6 +169,9 @@
avc_prefix, rc, errno);
return rc;
}
+ rc = selinux_netlink_setenforce(msg->val);
+ if (rc < 0)
+ return rc;
break;
}
@@ -182,6 +187,9 @@
avc_prefix, rc, errno);
return rc;
}
+ rc = selinux_netlink_policyload(msg->seqno);
+ if (rc < 0)
+ return rc;
break;
}
@@ -250,3 +258,15 @@
"%s: netlink thread: errors encountered, terminating\n",
avc_prefix);
}
+
+int avc_netlink_acquire_fd(void)
+{
+ avc_app_main_loop = 1;
+
+ return fd;
+}
+
+void avc_netlink_release_fd(void)
+{
+ avc_app_main_loop = 0;
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/avc_internal.h new/libselinux-2.0.80/src/avc_internal.h
--- old/libselinux-2.0.77/src/avc_internal.h 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/avc_internal.h 2009-04-08 15:06:24.000000000 +0200
@@ -35,6 +35,7 @@
extern void (*avc_func_audit) (void *, security_class_t, char *, size_t)hidden;
extern int avc_using_threads hidden;
+extern int avc_app_main_loop hidden;
extern void *(*avc_func_create_thread) (void (*)(void))hidden;
extern void (*avc_func_stop_thread) (void *)hidden;
@@ -183,10 +184,6 @@
/* netlink kernel message code */
extern int avc_netlink_trouble hidden;
-int avc_netlink_open(int blocking) hidden;
-int avc_netlink_check_nb(void) hidden;
-void avc_netlink_loop(void) hidden;
-void avc_netlink_close(void) hidden;
hidden_proto(avc_av_stats)
hidden_proto(avc_cleanup)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/callbacks.c new/libselinux-2.0.80/src/callbacks.c
--- old/libselinux-2.0.77/src/callbacks.c 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/callbacks.c 2009-04-08 15:06:24.000000000 +0200
@@ -37,6 +37,18 @@
return security_check_context(*ctx);
}
+static int
+default_selinux_setenforce(int enforcing __attribute__((unused)))
+{
+ return 0;
+}
+
+static int
+default_selinux_policyload(int seqno __attribute__((unused)))
+{
+ return 0;
+}
+
/* callback pointers */
int __attribute__ ((format(printf, 2, 3)))
(*selinux_log)(int, const char *, ...) =
@@ -50,6 +62,14 @@
(*selinux_validate)(security_context_t *ctx) =
default_selinux_validate;
+int
+(*selinux_netlink_setenforce) (int enforcing) =
+ default_selinux_setenforce;
+
+int
+(*selinux_netlink_policyload) (int seqno) =
+ default_selinux_policyload;
+
/* callback setting function */
void
selinux_set_callback(int type, union selinux_callback cb)
@@ -64,6 +84,12 @@
case SELINUX_CB_VALIDATE:
selinux_validate = cb.func_validate;
break;
+ case SELINUX_CB_SETENFORCE:
+ selinux_netlink_setenforce = cb.func_setenforce;
+ break;
+ case SELINUX_CB_POLICYLOAD:
+ selinux_netlink_policyload = cb.func_policyload;
+ break;
}
}
@@ -83,6 +109,12 @@
case SELINUX_CB_VALIDATE:
cb.func_validate = selinux_validate;
break;
+ case SELINUX_CB_SETENFORCE:
+ cb.func_setenforce = selinux_netlink_setenforce;
+ break;
+ case SELINUX_CB_POLICYLOAD:
+ cb.func_policyload = selinux_netlink_policyload;
+ break;
default:
memset(&cb, 0, sizeof(cb));
errno = EINVAL;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/callbacks.h new/libselinux-2.0.80/src/callbacks.h
--- old/libselinux-2.0.77/src/callbacks.h 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/callbacks.h 2009-04-08 15:06:24.000000000 +0200
@@ -21,4 +21,10 @@
extern int
(*selinux_validate)(security_context_t *ctx) hidden;
+extern int
+(*selinux_netlink_setenforce) (int enforcing) hidden;
+
+extern int
+(*selinux_netlink_policyload) (int seqno) hidden;
+
#endif /* _SELINUX_CALLBACKS_H_ */
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/compute_av.c new/libselinux-2.0.80/src/compute_av.c
--- old/libselinux-2.0.77/src/compute_av.c 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/compute_av.c 2009-04-08 15:06:24.000000000 +0200
@@ -10,10 +10,11 @@
#include "policy.h"
#include "mapping.h"
-int security_compute_av_raw(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- access_vector_t requested, struct av_decision *avd)
+int security_compute_av_flags_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd)
{
char path[PATH_MAX];
char *buf;
@@ -49,12 +50,15 @@
if (ret < 0)
goto out2;
- if (sscanf(buf, "%x %x %x %x %u", &avd->allowed,
- &avd->decided, &avd->auditallow, &avd->auditdeny,
- &avd->seqno) != 5) {
+ ret = sscanf(buf, "%x %x %x %x %u %x",
+ &avd->allowed, &avd->decided,
+ &avd->auditallow, &avd->auditdeny,
+ &avd->seqno, &avd->flags);
+ if (ret < 5) {
ret = -1;
goto out2;
- }
+ } else if (ret < 6)
+ avd->flags = 0;
map_decision(tclass, avd);
@@ -66,16 +70,44 @@
return ret;
}
-hidden_def(security_compute_av_raw)
+hidden_def(security_compute_av_flags_raw)
-int security_compute_av(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- access_vector_t requested, struct av_decision *avd)
+int security_compute_av_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd)
{
+ struct av_decision lavd;
int ret;
+
+ ret = security_compute_av_flags_raw(scon, tcon, tclass,
+ requested, &lavd);
+ if (ret == 0) {
+ avd->allowed = lavd.allowed;
+ avd->decided = lavd.decided;
+ avd->auditallow = lavd.auditallow;
+ avd->auditdeny = lavd.auditdeny;
+ avd->seqno = lavd.seqno;
+ /* NOTE:
+ * We should not return avd->flags via the interface
+ * due to the binary compatibility.
+ */
+ }
+ return ret;
+}
+
+hidden_def(security_compute_av_raw)
+
+int security_compute_av_flags(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd)
+{
security_context_t rscon = scon;
security_context_t rtcon = tcon;
+ int ret;
if (selinux_trans_to_raw_context(scon, &rscon))
return -1;
@@ -83,8 +115,8 @@
freecon(rscon);
return -1;
}
-
- ret = security_compute_av_raw(rscon, rtcon, tclass, requested, avd);
+ ret = security_compute_av_flags_raw(rscon, rtcon, tclass,
+ requested, avd);
freecon(rscon);
freecon(rtcon);
@@ -92,4 +124,32 @@
return ret;
}
+hidden_def(security_compute_av_flags)
+
+int security_compute_av(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested, struct av_decision *avd)
+{
+ struct av_decision lavd;
+ int ret;
+
+ ret = security_compute_av_flags(scon, tcon, tclass,
+ requested, &lavd);
+ if (ret == 0)
+ {
+ avd->allowed = lavd.allowed;
+ avd->decided = lavd.decided;
+ avd->auditallow = lavd.auditallow;
+ avd->auditdeny = lavd.auditdeny;
+ avd->seqno = lavd.seqno;
+ /* NOTE:
+ * We should not return avd->flags via the interface
+ * due to the binary compatibility.
+ */
+ }
+
+ return ret;
+}
+
hidden_def(security_compute_av)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/deny_unknown.c new/libselinux-2.0.80/src/deny_unknown.c
--- old/libselinux-2.0.77/src/deny_unknown.c 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/src/deny_unknown.c 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1,40 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <stdio.h>
+#include <limits.h>
+
+int security_deny_unknown(void)
+{
+ int fd, ret, deny_unknown = 0;
+ char path[PATH_MAX];
+ char buf[20];
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof(path), "%s/deny_unknown", selinux_mnt);
+ fd = open(path, O_RDONLY);
+ if (fd < 0)
+ return -1;
+
+ memset(buf, 0, sizeof(buf));
+ ret = read(fd, buf, sizeof(buf) - 1);
+ close(fd);
+ if (ret < 0)
+ return -1;
+
+ if (sscanf(buf, "%d", &deny_unknown) != 1)
+ return -1;
+
+ return deny_unknown;
+}
+
+hidden_def(security_deny_unknown);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/selinux_internal.h new/libselinux-2.0.80/src/selinux_internal.h
--- old/libselinux-2.0.77/src/selinux_internal.h 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/selinux_internal.h 2009-04-08 15:06:24.000000000 +0200
@@ -16,6 +16,8 @@
hidden_proto(security_canonicalize_context_raw)
hidden_proto(security_compute_av)
hidden_proto(security_compute_av_raw)
+ hidden_proto(security_compute_av_flags)
+ hidden_proto(security_compute_av_flags_raw)
hidden_proto(security_compute_user)
hidden_proto(security_compute_user_raw)
hidden_proto(security_compute_create)
@@ -51,6 +53,7 @@
hidden_proto(setsockcreatecon_raw)
hidden_proto(security_getenforce)
hidden_proto(security_setenforce)
+ hidden_proto(security_deny_unknown)
hidden_proto(selinux_binary_policy_path)
hidden_proto(selinux_default_context_path)
hidden_proto(selinux_securetty_types_path)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/selinux.py new/libselinux-2.0.80/src/selinux.py
--- old/libselinux-2.0.77/src/selinux.py 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/selinux.py 2009-04-08 15:06:24.000000000 +0200
@@ -1,5 +1,5 @@
# This file was automatically generated by SWIG (http://www.swig.org)
-# Version 1.3.33
+# Version 1.3.35
#
# Don't modify this file, modify the SWIG interface instead.
# This file is compatible with both classic and new-style classes.
@@ -48,6 +48,20 @@
del types
+import shutil, os, stat
+
+def restorecon(path, recursive=False):
+ """ Restore SELinux context on a given path """
+ mode = os.lstat(path)[stat.ST_MODE]
+ status, context = matchpathcon(path, mode)
+ if status == 0:
+ lsetfilecon(path, context)
+ if recursive:
+ os.path.walk(path, lambda arg, dirname, fnames:
+ map(restorecon, [os.path.join(dirname, fname)
+ for fname in fnames]), None)
+
+
is_selinux_enabled = _selinux.is_selinux_enabled
is_selinux_mls_enabled = _selinux.is_selinux_mls_enabled
getcon = _selinux.getcon
@@ -286,6 +300,7 @@
selinux_users_path = _selinux.selinux_users_path
selinux_usersconf_path = _selinux.selinux_usersconf_path
selinux_translations_path = _selinux.selinux_translations_path
+selinux_colors_path = _selinux.selinux_colors_path
selinux_netfilter_context_path = _selinux.selinux_netfilter_context_path
selinux_path = _selinux.selinux_path
selinux_check_passwd_access = _selinux.selinux_check_passwd_access
@@ -296,6 +311,7 @@
is_context_customizable = _selinux.is_context_customizable
selinux_trans_to_raw_context = _selinux.selinux_trans_to_raw_context
selinux_raw_to_trans_context = _selinux.selinux_raw_to_trans_context
+selinux_raw_context_to_color = _selinux.selinux_raw_context_to_color
getseuserbyname = _selinux.getseuserbyname
selinux_file_context_cmp = _selinux.selinux_file_context_cmp
selinux_file_context_verify = _selinux.selinux_file_context_verify
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/selinuxswig.i new/libselinux-2.0.80/src/selinuxswig.i
--- old/libselinux-2.0.77/src/selinuxswig.i 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/selinuxswig.i 2009-04-08 15:06:24.000000000 +0200
@@ -50,6 +50,11 @@
%ignore avc_add_callback;
+/* Ignore netlink stuff for now */
+%ignore avc_netlink_acquire_fd;
+%ignore avc_netlink_release_fd;
+%ignore avc_netlink_check_nb;
+
%include "../include/selinux/selinux.h"
%include "../include/selinux/avc.h"
%include "../include/selinux/get_default_type.h"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/selinuxswig_python.i new/libselinux-2.0.80/src/selinuxswig_python.i
--- old/libselinux-2.0.77/src/selinuxswig_python.i 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/selinuxswig_python.i 2009-04-08 15:06:24.000000000 +0200
@@ -6,6 +6,23 @@
#include "selinux/selinux.h"
%}
+%pythoncode %{
+
+import shutil, os, stat
+
+def restorecon(path, recursive=False):
+ """ Restore SELinux context on a given path """
+ mode = os.lstat(path)[stat.ST_MODE]
+ status, context = matchpathcon(path, mode)
+ if status == 0:
+ lsetfilecon(path, context)
+ if recursive:
+ os.path.walk(path, lambda arg, dirname, fnames:
+ map(restorecon, [os.path.join(dirname, fname)
+ for fname in fnames]), None)
+
+%}
+
/* security_get_boolean_names() typemap */
%typemap(argout) (char ***names, int *len) {
PyObject* list = PyList_New(*$2);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/selinuxswig_wrap.c new/libselinux-2.0.80/src/selinuxswig_wrap.c
--- old/libselinux-2.0.77/src/selinuxswig_wrap.c 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/selinuxswig_wrap.c 2009-04-08 15:06:24.000000000 +0200
@@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org)
- * Version 1.3.33
+ * Version 1.3.35
*
* This file is not intended to be easily readable and contains a number of
* coding conventions designed to improve portability and efficiency. Do not make
@@ -126,7 +126,7 @@
/* This should only be incremented when either the layout of swig_type_info changes,
or for whatever reason, the runtime changes incompatibly */
-#define SWIG_RUNTIME_VERSION "3"
+#define SWIG_RUNTIME_VERSION "4"
/* define SWIG_TYPE_TABLE_NAME as "SWIG_TYPE_TABLE" */
#ifdef SWIG_TYPE_TABLE
@@ -161,6 +161,7 @@
/* Flags for pointer conversions */
#define SWIG_POINTER_DISOWN 0x1
+#define SWIG_CAST_NEW_MEMORY 0x2
/* Flags for new pointer objects */
#define SWIG_POINTER_OWN 0x1
@@ -301,10 +302,10 @@
extern "C" {
#endif
-typedef void *(*swig_converter_func)(void *);
+typedef void *(*swig_converter_func)(void *, int *);
typedef struct swig_type_info *(*swig_dycast_func)(void **);
-/* Structure to store inforomation on one type */
+/* Structure to store information on one type */
typedef struct swig_type_info {
const char *name; /* mangled name of this type */
const char *str; /* human readable name of this type */
@@ -431,8 +432,8 @@
Cast a pointer up an inheritance hierarchy
*/
SWIGRUNTIMEINLINE void *
-SWIG_TypeCast(swig_cast_info *ty, void *ptr) {
- return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr);
+SWIG_TypeCast(swig_cast_info *ty, void *ptr, int *newmemory) {
+ return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr, newmemory);
}
/*
@@ -856,7 +857,7 @@
Py_DECREF(old_str);
Py_DECREF(value);
} else {
- PyErr_Format(PyExc_RuntimeError, mesg);
+ PyErr_SetString(PyExc_RuntimeError, mesg);
}
}
@@ -1416,7 +1417,7 @@
{
PySwigObject *sobj = (PySwigObject *) v;
PyObject *next = sobj->next;
- if (sobj->own) {
+ if (sobj->own == SWIG_POINTER_OWN) {
swig_type_info *ty = sobj->ty;
PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0;
PyObject *destroy = data ? data->destroy : 0;
@@ -1434,12 +1435,13 @@
res = ((*meth)(mself, v));
}
Py_XDECREF(res);
- } else {
- const char *name = SWIG_TypePrettyName(ty);
+ }
#if !defined(SWIG_PYTHON_SILENT_MEMLEAK)
- printf("swig/python detected a memory leak of type '%s', no destructor found.\n", name);
-#endif
+ else {
+ const char *name = SWIG_TypePrettyName(ty);
+ printf("swig/python detected a memory leak of type '%s', no destructor found.\n", (name ? name : "unknown"));
}
+#endif
}
Py_XDECREF(next);
PyObject_DEL(v);
@@ -1944,7 +1946,7 @@
SWIGRUNTIME int
SWIG_Python_AcquirePtr(PyObject *obj, int own) {
- if (own) {
+ if (own == SWIG_POINTER_OWN) {
PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
if (sobj) {
int oldown = sobj->own;
@@ -1965,6 +1967,8 @@
return SWIG_OK;
} else {
PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
+ if (own)
+ *own = 0;
while (sobj) {
void *vptr = sobj->ptr;
if (ty) {
@@ -1978,7 +1982,15 @@
if (!tc) {
sobj = (PySwigObject *)sobj->next;
} else {
- if (ptr) *ptr = SWIG_TypeCast(tc,vptr);
+ if (ptr) {
+ int newmemory = 0;
+ *ptr = SWIG_TypeCast(tc,vptr,&newmemory);
+ if (newmemory == SWIG_CAST_NEW_MEMORY) {
+ assert(own);
+ if (own)
+ *own = *own | SWIG_CAST_NEW_MEMORY;
+ }
+ }
break;
}
}
@@ -1988,7 +2000,8 @@
}
}
if (sobj) {
- if (own) *own = sobj->own;
+ if (own)
+ *own = *own | sobj->own;
if (flags & SWIG_POINTER_DISOWN) {
sobj->own = 0;
}
@@ -2053,8 +2066,13 @@
}
if (ty) {
swig_cast_info *tc = SWIG_TypeCheck(desc,ty);
- if (!tc) return SWIG_ERROR;
- *ptr = SWIG_TypeCast(tc,vptr);
+ if (tc) {
+ int newmemory = 0;
+ *ptr = SWIG_TypeCast(tc,vptr,&newmemory);
+ assert(!newmemory); /* newmemory handling not yet implemented */
+ } else {
+ return SWIG_ERROR;
+ }
} else {
*ptr = vptr;
}
@@ -2506,7 +2524,7 @@
#define SWIG_name "_selinux"
-#define SWIGVERSION 0x010333
+#define SWIGVERSION 0x010335
#define SWIG_VERSION SWIGVERSION
@@ -4273,7 +4291,7 @@
struct av_decision *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_av_decision")) SWIG_fail;
- result = (struct av_decision *)(struct av_decision *) calloc(1, sizeof(struct av_decision));
+ result = (struct av_decision *)calloc(1, sizeof(struct av_decision));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_av_decision, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -4305,7 +4323,7 @@
SWIGINTERN PyObject *av_decision_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_av_decision, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -4428,7 +4446,7 @@
struct selinux_opt *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_selinux_opt")) SWIG_fail;
- result = (struct selinux_opt *)(struct selinux_opt *) calloc(1, sizeof(struct selinux_opt));
+ result = (struct selinux_opt *)calloc(1, sizeof(struct selinux_opt));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_selinux_opt, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -4460,7 +4478,7 @@
SWIGINTERN PyObject *selinux_opt_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_selinux_opt, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -4626,7 +4644,7 @@
union selinux_callback *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_selinux_callback")) SWIG_fail;
- result = (union selinux_callback *)(union selinux_callback *) calloc(1, sizeof(union selinux_callback));
+ result = (union selinux_callback *)calloc(1, sizeof(union selinux_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_selinux_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -4658,7 +4676,7 @@
SWIGINTERN PyObject *selinux_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_selinux_callback, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -5586,7 +5604,7 @@
SELboolean *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_SELboolean")) SWIG_fail;
- result = (SELboolean *)(SELboolean *) calloc(1, sizeof(SELboolean));
+ result = (SELboolean *)calloc(1, sizeof(SELboolean));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_SELboolean, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -5618,7 +5636,7 @@
SWIGINTERN PyObject *SELboolean_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_SELboolean, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -6139,7 +6157,7 @@
struct security_class_mapping *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_security_class_mapping")) SWIG_fail;
- result = (struct security_class_mapping *)(struct security_class_mapping *) calloc(1, sizeof(struct security_class_mapping));
+ result = (struct security_class_mapping *)calloc(1, sizeof(struct security_class_mapping));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_security_class_mapping, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -6171,7 +6189,7 @@
SWIGINTERN PyObject *security_class_mapping_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_security_class_mapping, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -6994,6 +7012,19 @@
}
+SWIGINTERN PyObject *_wrap_selinux_colors_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_colors_path")) SWIG_fail;
+ result = (char *)selinux_colors_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_selinux_netfilter_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
char *result = 0 ;
@@ -7334,6 +7365,42 @@
}
+SWIGINTERN PyObject *_wrap_selinux_raw_context_to_color(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ char **arg2 = (char **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ char *temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_raw_context_to_color",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_raw_context_to_color" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)selinux_raw_context_to_color(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ free(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_getseuserbyname(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
char *arg1 = (char *) 0 ;
@@ -7596,7 +7663,7 @@
struct security_id *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_security_id")) SWIG_fail;
- result = (struct security_id *)(struct security_id *) calloc(1, sizeof(struct security_id));
+ result = (struct security_id *)calloc(1, sizeof(struct security_id));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_security_id, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -7628,7 +7695,7 @@
SWIGINTERN PyObject *security_id_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_security_id, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -7915,7 +7982,7 @@
struct avc_entry_ref *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_avc_entry_ref")) SWIG_fail;
- result = (struct avc_entry_ref *)(struct avc_entry_ref *) calloc(1, sizeof(struct avc_entry_ref));
+ result = (struct avc_entry_ref *)calloc(1, sizeof(struct avc_entry_ref));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_entry_ref, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -7947,7 +8014,7 @@
SWIGINTERN PyObject *avc_entry_ref_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_entry_ref, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -8061,7 +8128,7 @@
struct avc_memory_callback *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_avc_memory_callback")) SWIG_fail;
- result = (struct avc_memory_callback *)(struct avc_memory_callback *) calloc(1, sizeof(struct avc_memory_callback));
+ result = (struct avc_memory_callback *)calloc(1, sizeof(struct avc_memory_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_memory_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -8093,7 +8160,7 @@
SWIGINTERN PyObject *avc_memory_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_memory_callback, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -8207,7 +8274,7 @@
struct avc_log_callback *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_avc_log_callback")) SWIG_fail;
- result = (struct avc_log_callback *)(struct avc_log_callback *) calloc(1, sizeof(struct avc_log_callback));
+ result = (struct avc_log_callback *)calloc(1, sizeof(struct avc_log_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_log_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -8239,7 +8306,7 @@
SWIGINTERN PyObject *avc_log_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_log_callback, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -8353,7 +8420,7 @@
struct avc_thread_callback *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_avc_thread_callback")) SWIG_fail;
- result = (struct avc_thread_callback *)(struct avc_thread_callback *) calloc(1, sizeof(struct avc_thread_callback));
+ result = (struct avc_thread_callback *)calloc(1, sizeof(struct avc_thread_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_thread_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -8385,7 +8452,7 @@
SWIGINTERN PyObject *avc_thread_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_thread_callback, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -8603,7 +8670,7 @@
struct avc_lock_callback *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_avc_lock_callback")) SWIG_fail;
- result = (struct avc_lock_callback *)(struct avc_lock_callback *) calloc(1, sizeof(struct avc_lock_callback));
+ result = (struct avc_lock_callback *)calloc(1, sizeof(struct avc_lock_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_lock_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -8635,7 +8702,7 @@
SWIGINTERN PyObject *avc_lock_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_lock_callback, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -9493,7 +9560,7 @@
struct avc_cache_stats *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_avc_cache_stats")) SWIG_fail;
- result = (struct avc_cache_stats *)(struct avc_cache_stats *) calloc(1, sizeof(struct avc_cache_stats));
+ result = (struct avc_cache_stats *)calloc(1, sizeof(struct avc_cache_stats));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_cache_stats, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -9525,7 +9592,7 @@
SWIGINTERN PyObject *avc_cache_stats_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_cache_stats, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -10207,6 +10274,7 @@
{ (char *)"selinux_users_path", _wrap_selinux_users_path, METH_VARARGS, NULL},
{ (char *)"selinux_usersconf_path", _wrap_selinux_usersconf_path, METH_VARARGS, NULL},
{ (char *)"selinux_translations_path", _wrap_selinux_translations_path, METH_VARARGS, NULL},
+ { (char *)"selinux_colors_path", _wrap_selinux_colors_path, METH_VARARGS, NULL},
{ (char *)"selinux_netfilter_context_path", _wrap_selinux_netfilter_context_path, METH_VARARGS, NULL},
{ (char *)"selinux_path", _wrap_selinux_path, METH_VARARGS, NULL},
{ (char *)"selinux_check_passwd_access", _wrap_selinux_check_passwd_access, METH_VARARGS, NULL},
@@ -10217,6 +10285,7 @@
{ (char *)"is_context_customizable", _wrap_is_context_customizable, METH_VARARGS, NULL},
{ (char *)"selinux_trans_to_raw_context", _wrap_selinux_trans_to_raw_context, METH_VARARGS, NULL},
{ (char *)"selinux_raw_to_trans_context", _wrap_selinux_raw_to_trans_context, METH_VARARGS, NULL},
+ { (char *)"selinux_raw_context_to_color", _wrap_selinux_raw_context_to_color, METH_VARARGS, NULL},
{ (char *)"getseuserbyname", _wrap_getseuserbyname, METH_VARARGS, NULL},
{ (char *)"selinux_file_context_cmp", _wrap_selinux_file_context_cmp, METH_VARARGS, NULL},
{ (char *)"selinux_file_context_verify", _wrap_selinux_file_context_verify, METH_VARARGS, NULL},
@@ -10513,7 +10582,7 @@
SWIG_InitializeModule(void *clientdata) {
size_t i;
swig_module_info *module_head, *iter;
- int found;
+ int found, init;
clientdata = clientdata;
@@ -10523,6 +10592,9 @@
swig_module.type_initial = swig_type_initial;
swig_module.cast_initial = swig_cast_initial;
swig_module.next = &swig_module;
+ init = 1;
+ } else {
+ init = 0;
}
/* Try and load any already created modules */
@@ -10551,6 +10623,12 @@
module_head->next = &swig_module;
}
+ /* When multiple interpeters are used, a module could have already been initialized in
+ a different interpreter, but not yet have a pointer in this interpreter.
+ In this case, we do not want to continue adding types... everything should be
+ set up already */
+ if (init == 0) return;
+
/* Now work on filling in swig_module.types */
#ifdef SWIGRUNTIME_DEBUG
printf("SWIG_InitializeModule: size %d\n", swig_module.size);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/stringrep.c new/libselinux-2.0.80/src/stringrep.c
--- old/libselinux-2.0.77/src/stringrep.c 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/stringrep.c 2009-04-08 15:06:24.000000000 +0200
@@ -225,7 +225,7 @@
if (ret < 0)
goto err3;
- if (sscanf(buf, "%u", (unsigned int*)&node->value) != 1)
+ if (sscanf(buf, "%hu", &node->value) != 1)
goto err3;
/* load up permission indicies */
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/VERSION new/libselinux-2.0.80/VERSION
--- old/libselinux-2.0.77/VERSION 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/VERSION 2009-04-08 15:06:24.000000000 +0200
@@ -1 +1 @@
-2.0.77
+2.0.80
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package libsepol for openSUSE:Factory
checked in at Mon Jun 29 14:15:05 CEST 2009.
--------
--- libsepol/libsepol.changes 2008-12-01 11:38:39.000000000 +0100
+++ libsepol/libsepol.changes 2009-06-19 13:26:58.000000000 +0200
@@ -1,0 +2,13 @@
+Fri Jun 19 13:26:45 CEST 2009 - prusnak(a)suse.cz
+
+- put static library in libsepol-devel-static
+
+-------------------------------------------------------------------
+Wed May 27 13:56:59 CEST 2009 - prusnak(a)suse.cz
+
+- updated to 2.0.36
+ * fix alias field in module format, caused by boundary format
+ change from Caleb Case
+ * fix boolean state smashing from Joshua Brindle
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
libsepol-2.0.34.tar.bz2
New:
----
libsepol-2.0.36.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libsepol.spec ++++++
--- /var/tmp/diff_new_pack.kG2853/_old 2009-06-29 14:13:06.000000000 +0200
+++ /var/tmp/diff_new_pack.kG2853/_new 2009-06-29 14:13:06.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package libsepol (Version 2.0.34)
+# spec file for package libsepol (Version 2.0.36)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -19,8 +19,8 @@
Name: libsepol
-Version: 2.0.34
-Release: 2
+Version: 2.0.36
+Release: 1
Url: http://www.nsa.gov/selinux/
License: LGPL v2.1 or later
Group: System/Libraries
@@ -79,12 +79,25 @@
Requires: libsepol1 = %{version}
%description devel
-The libsepol-devel package contains the static libraries and header
+The libsepol-devel package contains the libraries and header
files needed for developing applications that manipulate binary
policies.
+%package devel-static
+License: LGPL v2.1 or later
+Summary: Development Include Files and Libraries for SELinux policy manipulation
+Group: Development/Libraries/C and C++
+Requires: libsepol-devel = %{version}
+
+%description devel-static
+The libsepol-devel-static package contains the static libraries
+needed for developing applications that manipulate binary
+policies.
+
+
+
%prep
%setup -q
@@ -117,26 +130,14 @@
%files devel
%defattr(-,root,root)
%{_libdir}/libsepol.so
-%{_libdir}/libsepol.a
%{_mandir}/man3/*
%dir %{_includedir}/sepol
%{_includedir}/sepol/*.h
%dir %{_includedir}/sepol/policydb
%{_includedir}/sepol/policydb/*.h
+%files devel-static
+%defattr(-,root,root)
+%{_libdir}/libsepol.a
+
%changelog
-* Mon Dec 01 2008 prusnak(a)suse.cz
-- updated to 2.0.34
- * add bounds support
- * fix invalid aliases bug
-* Wed Oct 22 2008 mrueckert(a)suse.de
-- fix debug_packages_requires define
-* Tue Sep 23 2008 prusnak(a)suse.cz
-- require only version, not release [bnc#429053]
-* Fri Aug 22 2008 prusnak(a)suse.cz
-- added baselibs.conf file
-* Fri Aug 01 2008 ro(a)suse.de
-- fix requires for debuginfo package
-* Tue Jul 15 2008 prusnak(a)suse.cz
-- initial version 2.0.32
- * based on Fedora package by Dan Walsh <dwalsh(a)redhat.com>
++++++ libsepol-2.0.34.tar.bz2 -> libsepol-2.0.36.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libsepol-2.0.34/ChangeLog new/libsepol-2.0.36/ChangeLog
--- old/libsepol-2.0.34/ChangeLog 2008-10-14 19:57:54.000000000 +0200
+++ new/libsepol-2.0.36/ChangeLog 2009-03-25 21:15:27.000000000 +0100
@@ -1,3 +1,10 @@
+2.0.36 2009-03-25
+ * Fix boolean state smashing from Joshua Brindle.
+
+2.0.35 2009-02-19
+ * Fix alias field in module format, caused by boundary format change
+ from Caleb Case.
+
2.0.34 2008-10-09
* Add bounds support from KaiGai Kohei.
* Fix invalid aliases bug from Joshua Brindle.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libsepol-2.0.34/include/sepol/policydb/policydb.h new/libsepol-2.0.36/include/sepol/policydb/policydb.h
--- old/libsepol-2.0.34/include/sepol/policydb/policydb.h 2008-10-14 19:57:54.000000000 +0200
+++ new/libsepol-2.0.36/include/sepol/policydb/policydb.h 2009-03-25 21:15:27.000000000 +0100
@@ -614,17 +614,18 @@
#define POLICYDB_VERSION_MAX POLICYDB_VERSION_BOUNDARY
/* Module versions and specific changes*/
-#define MOD_POLICYDB_VERSION_BASE 4
-#define MOD_POLICYDB_VERSION_VALIDATETRANS 5
-#define MOD_POLICYDB_VERSION_MLS 5
-#define MOD_POLICYDB_VERSION_RANGETRANS 6
-#define MOD_POLICYDB_VERSION_MLS_USERS 6
-#define MOD_POLICYDB_VERSION_POLCAP 7
-#define MOD_POLICYDB_VERSION_PERMISSIVE 8
-#define MOD_POLICYDB_VERSION_BOUNDARY 9
+#define MOD_POLICYDB_VERSION_BASE 4
+#define MOD_POLICYDB_VERSION_VALIDATETRANS 5
+#define MOD_POLICYDB_VERSION_MLS 5
+#define MOD_POLICYDB_VERSION_RANGETRANS 6
+#define MOD_POLICYDB_VERSION_MLS_USERS 6
+#define MOD_POLICYDB_VERSION_POLCAP 7
+#define MOD_POLICYDB_VERSION_PERMISSIVE 8
+#define MOD_POLICYDB_VERSION_BOUNDARY 9
+#define MOD_POLICYDB_VERSION_BOUNDARY_ALIAS 10
#define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_BOUNDARY
+#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_BOUNDARY_ALIAS
#define POLICYDB_CONFIG_MLS 1
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libsepol-2.0.34/src/link.c new/libsepol-2.0.36/src/link.c
--- old/libsepol-2.0.34/src/link.c 2008-10-14 19:57:54.000000000 +0200
+++ new/libsepol-2.0.36/src/link.c 2009-03-25 21:15:27.000000000 +0100
@@ -540,6 +540,7 @@
char *id = key, *new_id = NULL;
cond_bool_datum_t *booldatum, *base_bool, *new_bool = NULL;
link_state_t *state = (link_state_t *) data;
+ scope_datum_t *scope;
booldatum = (cond_bool_datum_t *) datum;
@@ -556,7 +557,6 @@
(cond_bool_datum_t *) malloc(sizeof(*new_bool))) == NULL) {
goto cleanup;
}
- new_bool->state = booldatum->state;
new_bool->s.value = state->base->p_bools.nprim + 1;
ret = hashtab_insert(state->base->p_bools.table,
@@ -570,6 +570,14 @@
}
+ /* Get the scope info for this boolean to see if this is the declaration,
+ * if so set the state */
+ scope = hashtab_search(state->cur->policy->p_bools_scope.table, id);
+ if (!scope)
+ return SEPOL_ERR;
+ if (scope->scope == SCOPE_DECL)
+ base_bool->state = booldatum->state;
+
state->cur->map[SYM_BOOLS][booldatum->s.value - 1] = base_bool->s.value;
return 0;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libsepol-2.0.34/src/policydb.c new/libsepol-2.0.36/src/policydb.c
--- old/libsepol-2.0.34/src/policydb.c 2008-10-14 19:57:54.000000000 +0200
+++ new/libsepol-2.0.36/src/policydb.c 2009-03-25 21:15:27.000000000 +0100
@@ -153,6 +153,12 @@
.ocon_num = OCON_NODE6 + 1,
},
{
+ .type = POLICY_BASE,
+ .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
.type = POLICY_MOD,
.version = MOD_POLICYDB_VERSION_BASE,
.sym_num = SYM_NUM,
@@ -188,6 +194,12 @@
.sym_num = SYM_NUM,
.ocon_num = 0
},
+ {
+ .type = POLICY_MOD,
+ .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
+ .sym_num = SYM_NUM,
+ .ocon_num = 0
+ },
};
#if 0
@@ -1942,13 +1954,19 @@
uint32_t buf[5];
size_t len;
int rc, to_read;
+ int pos = 0;
typdatum = calloc(1, sizeof(type_datum_t));
if (!typdatum)
return -1;
- if (policydb_has_boundary_feature(p))
- to_read = 4;
+ if (policydb_has_boundary_feature(p)) {
+ if (p->policy_type != POLICY_KERN
+ && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS)
+ to_read = 5;
+ else
+ to_read = 4;
+ }
else if (p->policy_type == POLICY_KERN)
to_read = 3;
else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
@@ -1960,13 +1978,23 @@
if (rc < 0)
goto bad;
- len = le32_to_cpu(buf[0]);
- typdatum->s.value = le32_to_cpu(buf[1]);
+ len = le32_to_cpu(buf[pos]);
+ typdatum->s.value = le32_to_cpu(buf[++pos]);
if (policydb_has_boundary_feature(p)) {
- uint32_t properties = le32_to_cpu(buf[2]);
+ uint32_t properties;
+
+ if (p->policy_type != POLICY_KERN
+ && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) {
+ typdatum->primary = le32_to_cpu(buf[++pos]);
+ properties = le32_to_cpu(buf[++pos]);
+ }
+ else {
+ properties = le32_to_cpu(buf[++pos]);
+
+ if (properties & TYPEDATUM_PROPERTY_PRIMARY)
+ typdatum->primary = 1;
+ }
- if (properties & TYPEDATUM_PROPERTY_PRIMARY)
- typdatum->primary = 1;
if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE)
typdatum->flavor = TYPE_ATTRIB;
if (properties & TYPEDATUM_PROPERTY_ALIAS
@@ -1976,13 +2004,13 @@
&& p->policy_type != POLICY_KERN)
typdatum->flags |= TYPE_FLAGS_PERMISSIVE;
- typdatum->bounds = le32_to_cpu(buf[3]);
+ typdatum->bounds = le32_to_cpu(buf[++pos]);
} else {
- typdatum->primary = le32_to_cpu(buf[2]);
+ typdatum->primary = le32_to_cpu(buf[++pos]);
if (p->policy_type != POLICY_KERN) {
- typdatum->flavor = le32_to_cpu(buf[3]);
+ typdatum->flavor = le32_to_cpu(buf[++pos]);
if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
- typdatum->flags = le32_to_cpu(buf[4]);
+ typdatum->flags = le32_to_cpu(buf[++pos]);
}
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libsepol-2.0.34/src/write.c new/libsepol-2.0.36/src/write.c
--- old/libsepol-2.0.34/src/write.c 2008-10-14 19:57:54.000000000 +0200
+++ new/libsepol-2.0.36/src/write.c 2009-03-25 21:15:27.000000000 +0100
@@ -970,6 +970,11 @@
if (policydb_has_boundary_feature(p)) {
uint32_t properties = 0;
+ if (p->policy_type != POLICY_KERN
+ && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) {
+ buf[items++] = cpu_to_le32(typdatum->primary);
+ }
+
if (typdatum->primary)
properties |= TYPEDATUM_PROPERTY_PRIMARY;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libsepol-2.0.34/VERSION new/libsepol-2.0.36/VERSION
--- old/libsepol-2.0.34/VERSION 2008-10-14 19:57:54.000000000 +0200
+++ new/libsepol-2.0.36/VERSION 2009-03-25 21:15:27.000000000 +0100
@@ -1 +1 @@
-2.0.34
+2.0.36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package mozilla-xulrunner191 for openSUSE:Factory
checked in at Wed Jun 24 10:22:58 CEST 2009.
--------
--- mozilla-xulrunner191/mozilla-xulrunner191.changes 2009-06-18 00:47:10.000000000 +0200
+++ /mounts/work_src_done/STABLE/mozilla-xulrunner191/mozilla-xulrunner191.changes 2009-06-19 20:08:29.000000000 +0200
@@ -1,0 +2,7 @@
+Fri Jun 19 20:06:18 CEST 2009 - wr(a)rosenauer.org
+
+- removed locale.patch and added the pref to build specific ones
+- added mozilla-prefer_plugin_pref.patch to introduce a new set of
+ prefs to support preferring certain plugins for mime-types
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
locale.patch
New:
----
mozilla-prefer_plugin_pref.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mozilla-xulrunner191.spec ++++++
--- /var/tmp/diff_new_pack.I30525/_old 2009-06-24 10:21:38.000000000 +0200
+++ /var/tmp/diff_new_pack.I30525/_new 2009-06-24 10:21:38.000000000 +0200
@@ -32,9 +32,9 @@
%if %suse_version > 1100
BuildRequires: nss-shared-helper-devel
%endif
-License: GPL v2 or later ; LGPL v2.1 or later ; MPL ..
+License: GPL v2 or later ; LGPL v2.1 or later ; MPL
Version: 1.9.1.0
-Release: 1
+Release: 2
Summary: Mozilla Runtime Environment 1.9.1
Url: http://www.mozilla.org
Group: Productivity/Other
@@ -49,7 +49,6 @@
Source4: xulrunner-openSUSE-prefs.js
Source5: add-plugins.sh.in
Patch1: toolkit-download-folder.patch
-Patch2: locale.patch
Patch3: mozilla-pkgconfig.patch
Patch4: idldir.patch
Patch5: mozilla-path_len.patch
@@ -59,6 +58,7 @@
Patch9: mozilla-system-hunspell.patch.bz2
Patch10: mozilla-restart-cmd.patch
Patch11: mozilla-milestone4digit.patch
+Patch12: mozilla-prefer_plugin_pref.patch
Patch15: mozilla-pyxpcom.patch
# PATCH-FEATURE-SLED FATE#302023, FATE#302024 - hfiguiere(a)novell.com
Patch16: gconf-backend.patch.bz2
@@ -109,7 +109,7 @@
Mozilla Foundation <drivers(a)mozilla.org>
%package devel
-License: GPL v2 or later ; LGPL v2.1 or later ; MPL ..
+License: GPL v2 or later ; LGPL v2.1 or later ; MPL
Summary: XULRunner/Gecko SDK 1.9.1
Group: Development/Libraries/Other
%if %has_system_nspr
@@ -126,7 +126,7 @@
%package translations
-License: GPL v2 or later ; LGPL v2.1 or later ; MPL ..
+License: GPL v2 or later ; LGPL v2.1 or later ; MPL
Summary: Translations for XULRunner 1.9.1
Group: System/Localization
PreReq: %{name} = %{version}
@@ -150,7 +150,7 @@
Mozilla Foundation <drivers(a)mozilla.org>
%package gnomevfs
-License: GPL v2 or later ; LGPL v2.1 or later ; MPL ..
+License: GPL v2 or later ; LGPL v2.1 or later ; MPL
Summary: XULRunner components depending on gnome-vfs
Group: Productivity/Other
PreReq: %{name} = %{version}-%{release}
@@ -189,7 +189,6 @@
%prep
%setup -n mozilla -q -b 1
%patch1 -p1
-%patch2
%patch3 -p1
%patch4
%patch5 -p1
@@ -201,6 +200,7 @@
popd
%patch10
%patch11
+%patch12 -p1
%patch15
%patch16 -p1
%patch17
@@ -483,36 +483,4 @@
%files translations -f %{_tmppath}/translations.list
%defattr(-,root,root)
%endif
-
%changelog
-* Thu Jun 18 2009 wr(a)rosenauer.org
-- update to 1.9.1rc2 (20090617)
- * added or locale
-* Wed Jun 10 2009 wr(a)rosenauer.org
-- removed outdated mozilla-deprecated-gtk-macros.patch for now
- to fix build
-* Sat Jun 06 2009 wr(a)rosenauer.org
-- update to 1.9.1b99 (20090604)
-- adapted supported locale list
-- added mozilla-sysplugin-biarch.patch to use
- /usr/$LIB/mozilla/plugins as system plugin dir (bmo#496708)
-- added mozilla-deprecated-gtk-macros.patch to change GTK_macros
- to G_TYPE (bmo#461277)
-* Fri May 08 2009 wr(a)rosenauer.org
-- fixing rpath linker flags (part of bnc#501174)
-- improved pkgconfig files
-- use non-localized Downloads folder (bnc#501724)
-* Mon Apr 27 2009 wr(a)rosenauer.org
-- update to 1.9.1b4
-- removed obsolete pango and gcc4.4 patches
-- added newly supported locales
-* Tue Mar 24 2009 wr(a)rosenauer.org
-- add patch to compile with gcc 4.4 (bmo#483956)
-* Tue Mar 17 2009 wr(a)rosenauer.org
-- update to 1.9.1b3
-- added Pango patch needed for API change (bmo#481193)
-- make mozjs consumers using rpath to the correct location
- to find the library at runtime (bnc#479505)
-- don't use system sqlite (missing FTS3 support)
-* Mon Aug 25 2008 wr(a)rosenauer.org
-- initial package
++++++ mozilla-prefer_plugin_pref.patch ++++++
From: Ubuntu
Subject: introduce a pref to prefer certain plugins for mime-types
diff --git a/modules/plugin/base/src/nsPluginHostImpl.cpp b/modules/plugin/base/src/nsPluginHostImpl.cpp
--- a/modules/plugin/base/src/nsPluginHostImpl.cpp
+++ b/modules/plugin/base/src/nsPluginHostImpl.cpp
@@ -4228,14 +4228,47 @@ nsPluginHostImpl::FindPluginForType(cons
LoadPlugins();
// if we have a mimetype passed in, search the mPlugins
// linked list for a match
if (nsnull != aMimeType) {
+ nsresult res;
+ nsCOMPtr<nsIPrefBranch> prefB (do_QueryInterface(mPrefService));
+
+ char *preferredPluginPath = NULL;
+ nsCAutoString mimetypePrefString ("modules.plugins.mimetype.");
+ mimetypePrefString.Append(aMimeType);
+ const char *mimetypePrefChar = mimetypePrefString.get();
+ res = prefB->GetCharPref(mimetypePrefChar, &preferredPluginPath);
+
+ if(!NS_SUCCEEDED(res)) preferredPluginPath = NULL;
+
plugins = mPlugins;
-
+ if(preferredPluginPath) {
+ while (nsnull != plugins) {
+ if (0 == PL_strcasecmp(plugins->mFileName.get(), preferredPluginPath) ||
+ 0 == PL_strcasecmp(plugins->mFullPath.get(), preferredPluginPath)) {
+ return plugins;
+ }
+ plugins = plugins->mNext;
+ }
+
+ // now lets search for substrings
+ plugins=mPlugins;
+ while (nsnull != plugins) {
+ if (nsnull != PL_strstr(plugins->mFileName.get(), preferredPluginPath) ||
+ nsnull != PL_strstr(plugins->mFullPath.get(), preferredPluginPath)) {
+ return plugins;
+ }
+ plugins = plugins->mNext;
+ }
+ }
+
+ // if there is no pref for this mime-type, or if the plugin named in pref
+ // isn't found, we pick the first that matches for this mime-type
+ plugins = mPlugins;
while (nsnull != plugins) {
variants = plugins->mVariants;
for (cnt = 0; cnt < variants; cnt++) {
if ((!aCheckEnabled || plugins->IsEnabled()) &&
plugins->mMimeTypeArray[cnt] &&
(0 == PL_strcasecmp(plugins->mMimeTypeArray[cnt], aMimeType))) {
++++++ xulrunner-openSUSE-prefs.js ++++++
--- /var/tmp/diff_new_pack.I30525/_old 2009-06-24 10:21:39.000000000 +0200
+++ /var/tmp/diff_new_pack.I30525/_new 2009-06-24 10:21:39.000000000 +0200
@@ -1,2 +1,3 @@
// openSUSE overrides for default settings
pref("layout.word_select.stop_at_punctuation", false);
+pref("intl.locale.matchOS", true);
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package MozillaFirefox for openSUSE:Factory
checked in at Wed Jun 24 10:20:40 CEST 2009.
--------
--- MozillaFirefox/MozillaFirefox.changes 2009-06-18 10:39:55.000000000 +0200
+++ /mounts/work_src_done/STABLE/MozillaFirefox/MozillaFirefox.changes 2009-06-23 09:40:30.000000000 +0200
@@ -1,0 +2,5 @@
+Tue Jun 23 09:39:50 CEST 2009 - wr(a)rosenauer.org
+
+- fixed build by linking to a real file
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MozillaFirefox.spec ++++++
--- /var/tmp/diff_new_pack.B26170/_old 2009-06-24 10:19:55.000000000 +0200
+++ /var/tmp/diff_new_pack.B26170/_new 2009-06-24 10:19:55.000000000 +0200
@@ -25,11 +25,11 @@
%if %suse_version > 1020
BuildRequires: fdupes
%endif
-License: GPL v2 or later ; LGPL v2.1 or later ; MPL ..
+License: GPL v2 or later ; LGPL v2.1 or later ; MPL
Provides: web_browser
Provides: firefox
Version: 3.5.0
-Release: 1
+Release: 2
Summary: Mozilla Firefox Web Browser
Url: http://www.mozilla.org/
Group: Productivity/Networking/Web/Browsers
@@ -86,7 +86,7 @@
%package translations
Summary: Translations for MozillaFirefox
-License: GPL v2 or later ; LGPL v2.1 or later ; MPL ..
+License: GPL v2 or later ; LGPL v2.1 or later ; MPL
Provides: locale(%{name}:af;ar;as;be;bg;bn_BD;bn_IN;ca;cs;cy;da;de;el;en_GB;eo;es_AR;es_CL;es_ES;ex_MX;et;eu;fa;fi;fr;fy_NL;ga_IE;gl;gu_IN;he;hi_IN;hr;hu;id;is;it;ja;ka;kk;kn;ko;ku;lt;lv;mk;ml;mr;nb_NO;nl;nn_NO;oc;or;pa_IN;pl;pt_BR;pt_PT;rm;ro;ru;si;sk;sl;sq;sr;sv_SE;ta;ta_LK;te;th;uk;vi;zh_CN;zh_TW)
Group: System/Localization
PreReq: %{name} = %{version}
@@ -99,7 +99,7 @@
%endif
%package branding-upstream
-License: GPL v2 or later ; LGPL v2.1 or later ; MPL ..
+License: GPL v2 or later ; LGPL v2.1 or later ; MPL
Summary: Upstream branding for MozillaFirefox
Group: Productivity/Networking/Web/Browsers
Provides: %{name}-branding = 3.5
@@ -230,7 +230,7 @@
mkdir -p $RPM_BUILD_ROOT/usr/share/pixmaps/
%if %branding
ln -sf %{progdir}/icons/mozicon128.png $RPM_BUILD_ROOT/usr/share/pixmaps/%{progname}.png
-ln -sf %{progname}.png $RPM_BUILD_ROOT/usr/share/pixmaps/%{progname}-gnome.png
+ln -sf %{progdir}/icons/mozicon128.png $RPM_BUILD_ROOT/usr/share/pixmaps/%{progname}-gnome.png
for size in 16 32 48; do
mkdir -p $RPM_BUILD_ROOT%{gnome_dir}/share/icons/hicolor/${size}x${size}/apps/
ln -sf %{progdir}/chrome/icons/default/default$size.png \
@@ -244,9 +244,6 @@
%fdupes $RPM_BUILD_ROOT%{progdir}
%fdupes $RPM_BUILD_ROOT%{_datadir}
%endif
-%if %branding
-chmod -x $RPM_BUILD_ROOT%{_datadir}/pixmaps/%{progname}.png
-%endif
%clean
rm -rf $RPM_BUILD_ROOT
@@ -333,4 +330,3 @@
%defattr(-,root,root)
%{progdir}/browserconfig.properties
%{progdir}/defaults/profile/bookmarks.html
-
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0