diff options
| author | Steve Langasek <vorlon@debian.org> | 2008-07-26 15:09:28 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 17:01:54 -0800 |
| commit | 34803638c89e95833bb7b6e43bf2e47212a2c8fe (patch) | |
| tree | 7d6e768dc96b6309a33a96d20e4498f92820dc31 | |
| parent | b3e91cdcd4b70cee2ed87ef5bc6d53119d074a57 (diff) | |
| download | pam-34803638c89e95833bb7b6e43bf2e47212a2c8fe.tar.gz pam-34803638c89e95833bb7b6e43bf2e47212a2c8fe.tar.bz2 pam-34803638c89e95833bb7b6e43bf2e47212a2c8fe.zip | |
New patch thread-safe_save_old_password.patch, to make sure all our
getpwnam() use in pam_unix is thread-safe (fixes an upstream regression)
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/patches-applied/series | 1 | ||||
| -rw-r--r-- | debian/patches-applied/thread-safe_save_old_password.patch | 21 |
3 files changed, 24 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 19aac216..3701e1fd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -21,6 +21,8 @@ pam (0.99.10.0-1) UNRELEASED; urgency=low now is really just "pam_group_miscfixes". * Patch 007_modules_pam_unix partially superseded upstream; stripping hpux-style expiry information off of password fields is now supported. + * New patch thread-safe_save_old_password.patch, to make sure all our + getpwnam() use in pam_unix is thread-safe (fixes an upstream regression) * The password-changing helper functionality for SELinux systems has been split out into a separate unix_update binary, so at long last we can change unix_chkpwd to be sgid shadow instead of suid root. diff --git a/debian/patches-applied/series b/debian/patches-applied/series index 1cd60c79..df46ff97 100644 --- a/debian/patches-applied/series +++ b/debian/patches-applied/series @@ -18,3 +18,4 @@ hurd_no_setfsuid PAM-manpage-section pam_env_ignore_garbage.patch -p2 autoconf.patch +thread-safe_save_old_password.patch diff --git a/debian/patches-applied/thread-safe_save_old_password.patch b/debian/patches-applied/thread-safe_save_old_password.patch new file mode 100644 index 00000000..cc3fc5e4 --- /dev/null +++ b/debian/patches-applied/thread-safe_save_old_password.patch @@ -0,0 +1,21 @@ +Patch to keep save_old_password() thread-safe when called by the PAM +module, since nothing blocks other threads from calling getpwnam in +parallel + +Authors: Steve Langasek <steve.langasek@canonical.com> + +Upstream status: to be submitted + +Index: pam.deb/modules/pam_unix/passverify.c +=================================================================== +--- pam.deb.orig/modules/pam_unix/passverify.c ++++ pam.deb/modules/pam_unix/passverify.c +@@ -653,7 +653,7 @@ + fclose(opwfile); + + if (!found) { +- pwd = getpwnam(forwho); ++ pwd = pam_modutil_getpwnam(pamh, forwho); + if (pwd == NULL) { + err = 1; + } else { |