Hello community, here is the log from the commit of package pam_mount checked in at Thu Mar 15 01:48:19 CET 2007. -------- --- pam_mount/pam_mount.changes 2007-01-23 17:16:18.000000000 +0100 +++ /mounts/work_src_done/STABLE/pam_mount/pam_mount.changes 2007-03-13 10:20:33.355355000 +0100 @@ -1,0 +2,6 @@ +Tue Mar 13 10:18:26 CET 2007 - mc@suse.de + +- fix reference counting of pmvarrun app + [#252243] + +------------------------------------------------------------------- New: ---- pam_mount-0.18-fix-pmvarrun-ref-count.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_mount.spec ++++++ --- /var/tmp/diff_new_pack.d19846/_old 2007-03-15 01:48:09.000000000 +0100 +++ /var/tmp/diff_new_pack.d19846/_new 2007-03-15 01:48:09.000000000 +0100 @@ -14,7 +14,7 @@ BuildRequires: glib2-devel openssl-devel pam-devel Summary: A PAM Module that can Mount Volumes for a User Session. Version: 0.18 -Release: 32 +Release: 37 License: GNU Library General Public License v. 2.0 and 2.1 (LGPL) Prefix: /usr Group: System/Libraries @@ -23,6 +23,7 @@ Patch1: pam_mount-0.18-umount-home-dir.dif Patch2: pam_mount-0.18-bump-max-par.diff Patch3: pam_mount-0.18-disable-debug.diff +Patch4: pam_mount-0.18-fix-pmvarrun-ref-count.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build URL: http://pam-mount.sourceforge.net/ @@ -61,6 +62,7 @@ %patch1 %patch2 %patch3 +%patch4 %build CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" ./configure \ @@ -99,7 +101,10 @@ %doc %{_mandir}/man8/pmvarrun.8.gz %doc %{_mandir}/man8/umount.crypt.8.gz -%changelog -n pam_mount +%changelog +* Tue Mar 13 2007 - mc@suse.de +- fix reference counting of pmvarrun app + [#252243] * Tue Jan 23 2007 - mc@suse.de - fix umount encrypted homedirectories [#237793] ++++++ pam_mount-0.18-fix-pmvarrun-ref-count.dif ++++++ diff -ur ../pam_mount-0.18/src/pam_mount.c ./src/pam_mount.c --- src/pam_mount.c 2007-03-12 12:01:49.000000000 -0400 +++ src/pam_mount.c 2007-03-12 11:01:53.000000000 -0400 @@ -328,7 +328,7 @@ log_argv(_argv); if(!spawn_apS(NULL, _argv, NULL, G_SPAWN_DO_NOT_REAP_CHILD, set_myuid, - user, &pid, NULL, &cstdout, NULL, &err)) { + NULL, &pid, NULL, &cstdout, NULL, &err)) { l0g(PMPREFIX "error executing /usr/sbin/pmvarrun\n"); fnval = -1; goto _return; diff -ur ../pam_mount-0.18/src/pmvarrun.c ./src/pmvarrun.c --- src/pmvarrun.c 2006-07-28 18:43:41.000000000 -0400 +++ src/pmvarrun.c 2007-03-12 12:02:22.000000000 -0400 @@ -95,6 +95,11 @@ return; } +static int user_sanity_check (const char *user) +{ + size_t len = strlen(user); + return strstr(user, "../") || user[0] == '-' || user[len - 1] == '/'; +} /* parse_args @argc: number of elements in @argv @@ -129,6 +134,11 @@ usage(EXIT_FAILURE, "count string is not valid"); break; case 'u': + if (user_sanity_check (optarg)) { + fprintf(stderr, "Invalid user name\n"); + exit (EXIT_FAILURE); + } + g_strlcpy(settings->user, optarg, sizeof(settings->user)); break; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org