Hello community, here is the log from the commit of package pam_ldap checked in at Tue Oct 28 18:12:46 CET 2008. -------- --- pam_ldap/pam_ldap.changes 2008-08-28 18:15:04.000000000 +0200 +++ /mounts/work_src_done/STABLE/pam_ldap/pam_ldap.changes 2008-10-28 16:26:20.000000000 +0100 @@ -1,0 +2,7 @@ +Tue Oct 28 13:54:56 CET 2008 - rhafer@suse.de + +- fixed check for message buffer in ldap_get_lderrno and return + PAM_AUTHTOK_ERR instead of PAM_PERM_DENIED when password changing + fails. (bnc#439436) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- pam_ldap-chauthtok-errcode.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_ldap.spec ++++++ --- /var/tmp/diff_new_pack.f12146/_old 2008-10-28 18:12:08.000000000 +0100 +++ /var/tmp/diff_new_pack.f12146/_new 2008-10-28 18:12:08.000000000 +0100 @@ -24,7 +24,7 @@ Group: Productivity/Networking/LDAP/Clients AutoReqProv: on Version: 184 -Release: 135 +Release: 144 Summary: A PAM Module for LDAP Authentication Url: http://www.padl.com/OSS/pam_ldap.html Source: pam_ldap-%{version}.tar.bz2 @@ -32,6 +32,7 @@ Patch: pam_ldap.patch Patch1: pam_ldap-ppolicy-referral-fix.dif Patch2: pam_ldap-expirewarning.dif +Patch3: pam_ldap-chauthtok-errcode.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -53,6 +54,7 @@ %patch -E %patch1 -p1 %patch2 -p1 +%patch3 -p1 cp -v %{S:1} . %{suse_update_libdir README pam_ldap.c pam.conf} @@ -80,6 +82,10 @@ /%{_lib}/security/pam_ldap.so %changelog +* Tue Oct 28 2008 rhafer@suse.de +- fixed check for message buffer in ldap_get_lderrno and return + PAM_AUTHTOK_ERR instead of PAM_PERM_DENIED when password changing + fails. (bnc#439436) * Thu Aug 28 2008 rhafer@suse.de - improve Password expiration warnings - inform user about grace logins (bnc#420051) @@ -149,7 +155,7 @@ - fixed neededforbuild * Sat Mar 08 2003 kukuk@suse.de - Add workaround for KDM Bug [Bug #24931] -* Fri Feb 21 2003 kukuk@suse.de +* Thu Feb 20 2003 kukuk@suse.de - Fix base and scope values if we have an nss_base_passwd option without scope * Thu Feb 20 2003 rhafer@suse.de @@ -207,7 +213,7 @@ * Tue Dec 05 2000 kukuk@suse.de - Update to version 82 - Don't log user name of failed logins -* Sun Nov 05 2000 kukuk@suse.de +* Sat Nov 04 2000 kukuk@suse.de - Use ldaplib in neededforbuild * Wed Sep 27 2000 kukuk@suse.de - Fix sshd example ++++++ pam_ldap-chauthtok-errcode.dif ++++++ Index: pam_ldap-184/pam_ldap.c =================================================================== --- pam_ldap-184.orig/pam_ldap.c +++ pam_ldap-184/pam_ldap.c @@ -3264,7 +3264,7 @@ _update_authtok (pam_handle_t *pamh, { syslog (LOG_ERR, "pam_ldap: ldap_extended_operation_s %s", ldap_err2string (rc)); - rc = PAM_PERM_DENIED; + rc = PAM_AUTHTOK_ERR; } else { ++++++ pam_ldap-ppolicy-referral-fix.dif ++++++ --- /var/tmp/diff_new_pack.f12146/_old 2008-10-28 18:12:09.000000000 +0100 +++ /var/tmp/diff_new_pack.f12146/_new 2008-10-28 18:12:09.000000000 +0100 @@ -11,15 +11,6 @@ #ifdef YPLDAPD static int _ypldapd_read_config (pam_ldap_config_t ** presult); #endif -@@ -361,7 +363,7 @@ ldap_get_lderrno (LDAP * ld, char **m, c - lderrno = ld->ld_errno; - #endif - -- if (s != NULL) -+ if (m != NULL) - { - #if defined(HAVE_LDAP_GET_OPTION) && defined(LDAP_OPT_ERROR_STRING) - rc = ldap_get_option (ld, LDAP_OPT_ERROR_STRING, s); @@ -1612,8 +1614,19 @@ _rebind_proc (LDAP * ld, LDAP_CONST char pam_ldap_session_t *session = global_session; #endif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org