Hello community, here is the log from the commit of package pam_ssh for openSUSE:Factory checked in at Tue Jun 28 09:53:13 CEST 2011. -------- --- pam_ssh/pam_ssh.changes 2010-02-01 13:21:25.000000000 +0100 +++ /mounts/work_src_done/STABLE/pam_ssh/pam_ssh.changes 2011-05-11 17:07:20.000000000 +0200 @@ -1,0 +2,10 @@ +Wed May 11 15:02:57 UTC 2011 - vcizek@novell.com + +- set gid/groups before executing ssh-agent (bnc#665061) + +------------------------------------------------------------------- +Mon Apr 18 13:53:35 UTC 2011 - vcizek@novell.com + +- fix for bnc#688120 (pam_ssh double free) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- pam_ssh-1.97-setgid.patch pam_ssh-double-free.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_ssh.spec ++++++ --- /var/tmp/diff_new_pack.oD0DNz/_old 2011-06-28 09:49:01.000000000 +0200 +++ /var/tmp/diff_new_pack.oD0DNz/_new 2011-06-28 09:49:01.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package pam_ssh (Version 1.97) +# spec file for package pam_ssh # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,11 +24,13 @@ Group: Productivity/Networking/SSH AutoReqProv: on Version: 1.97 -Release: 3 +Release: 13 Summary: PAM Module for SSH Authentication Url: http://sourceforge.net/projects/pam-ssh/ Source: %{name}-%{version}.tar.bz2 Source2: baselibs.conf +Patch0: pam_ssh-double-free.patch +Patch1: pam_ssh-1.97-setgid.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -46,6 +48,8 @@ %prep %setup -q +%patch0 -p1 +%patch1 -p1 %build %{suse_update_config -f} ++++++ pam_ssh-1.97-setgid.patch ++++++ Index: pam_ssh-1.97/pam_ssh.c =================================================================== --- pam_ssh-1.97.orig/pam_ssh.c +++ pam_ssh-1.97/pam_ssh.c @@ -684,7 +684,8 @@ pam_sm_open_session(pam_handle_t *pamh, _exit(EX_OSERR); /* NOTREACHED */ case PAM_SUCCESS: - if (setuid(pwent->pw_uid) == -1) { + if (initgroups(pwent->pw_name, pwent->pw_gid) == -1 || + setgid(pwent->pw_gid) == -1 || setuid(pwent->pw_uid) == -1) { pam_ssh_log(LOG_ERR, "can't drop privileges: %m", pwent->pw_uid); ++++++ pam_ssh-double-free.patch ++++++ Index: pam_ssh-1.97/pam_ssh.c =================================================================== --- pam_ssh-1.97.orig/pam_ssh.c +++ pam_ssh-1.97/pam_ssh.c @@ -627,7 +627,7 @@ pam_sm_open_session(pam_handle_t *pamh, * than the file creation time */ if (retval = stat(per_agent, &stat_buf)) { pam_ssh_log(LOG_ERR, "stat() failed on %s", per_agent); - free(per_agent); + pam_set_data(pamh, "ssh_agent_env_agent", NULL, NULL); fclose(env_read); return retval; } @@ -646,7 +646,7 @@ pam_sm_open_session(pam_handle_t *pamh, if (start_agent) { if ((env_write = open(per_agent, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR)) < 0) { pam_ssh_log(LOG_ERR, "can't write to %s", per_agent); - free(per_agent); + pam_set_data(pamh, "ssh_agent_env_agent", NULL, NULL); openpam_restore_cred(pamh); return PAM_SERVICE_ERR; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org