new version 1.1.5

.abf.yml

@@ -1,3 +1,4 @@
 sources:
   "Linux-PAM-1.1.3.tar.bz2": 97d36d2b9af3211b4818ea8e6fcc6893ca1b6722
+  "Linux-PAM-1.1.5.tar.bz2": 662a769f66708c3b9b5a41d62802ed69bf489e09
   "pam-redhat-0.99.10-1.tar.bz2": 09e618edc5dcda9a6eb435a31db742afca673ae1

pam.spec

@@ -9,14 +9,14 @@
 
 Summary:	A security tool which provides authentication for applications
 Name:		pam
-Version:	1.1.3
+Version:	1.1.5
 Release:	5
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 License:	BSD and GPLv2+
 Group:		System/Libraries
-Source0:	ftp://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2
+Url:        https://fedorahosted.org/linux-pam/
-Source1:	ftp://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2.sign
+Source0:    https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-%{version}.tar.bz2
 Source2:	pam-redhat-%{pam_redhat_version}.tar.bz2
 Source3:	pam-0.99.3.0-README.update
 Source4:	pam-0.99.8.1-11mdv2009.0-README.update
@@ -46,7 +46,7 @@ Patch508:	Linux-PAM-0.99.3.0-pamtimestampadm.patch
 #      access to /usr/X11R6/bin dir is controlled by a group
 Patch512:	Linux-PAM-1.1.1-xauth-groups.patch
 # (tv/blino) add defaults for nice/rtprio in /etc/security/limits.conf
-Patch517:	Linux-PAM-0.99.3.0-enable_rt.patch
+# Patch517:	Linux-PAM-0.99.3.0-enable_rt.patch
 # (blino) fix parallel build (pam_console)
 Patch521:	Linux-PAM-0.99.3.0-pbuild-rh.patch
 
@@ -145,7 +145,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
 %patch507 -p1 -b .loop
 %patch508 -p1 -b .pamtimestampadm
 %patch512 -p0 -b .xauth-groups
-%patch517 -p1 -b .enable_rt
+#patch517 -p1 -b .enable_rt
 %patch521 -p1 -b .pbuild-rh
 %patch700 -p1 -b .static
 %patch701 -p1 -b .nopermsd
@@ -185,26 +185,26 @@ CFLAGS="$RPM_OPT_FLAGS -fPIC -I%{_includedir}/db_nss -D_GNU_SOURCE" \
 %make
 
 %install
-mkdir -p $RPM_BUILD_ROOT%{_includedir}/security
+mkdir -p %{buildroot}%{_includedir}/security
-mkdir -p $RPM_BUILD_ROOT/%{_lib}/security
+mkdir -p %{buildroot}/%{_lib}/security
-make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=:
+make install DESTDIR=%{buildroot} LDCONFIG=:
-install -d -m 755 $RPM_BUILD_ROOT/etc/pam.d
+install -d -m 755 %{buildroot}/etc/pam.d
-install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/other
+install -m 644 %{SOURCE5} %{buildroot}/etc/pam.d/other
-install -m 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/system-auth
+install -m 644 %{SOURCE6} %{buildroot}/etc/pam.d/system-auth
-install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/etc/pam.d/config-util
+install -m 644 %{SOURCE7} %{buildroot}/etc/pam.d/config-util
-install -m 600 /dev/null $RPM_BUILD_ROOT%{_sysconfdir}/security/opasswd
+install -m 600 /dev/null %{buildroot}%{_sysconfdir}/security/opasswd
-install -d -m 755 $RPM_BUILD_ROOT/var/log
+install -d -m 755 %{buildroot}/var/log
-install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
+install -m 600 /dev/null %{buildroot}/var/log/tallylog
 
 # Install man pages.
-install -m 644 %{SOURCE9} %{SOURCE10} $RPM_BUILD_ROOT%{_mandir}/man5/
+install -m 644 %{SOURCE9} %{SOURCE10} %{buildroot}%{_mandir}/man5/
 
 # remove unpackaged .la files
-rm -rf $RPM_BUILD_ROOT/%{_lib}/*.la $RPM_BUILD_ROOT/%{_lib}/security/*.la
+ rm -rf %{buildroot}/%{_lib}/*.la %{buildroot}/%{_lib}/security/*.la
 
 # no longer needed, handled by ACL in udev
 for phase in auth acct passwd session ; do	 
-	ln -sf pam_unix.so $RPM_BUILD_ROOT/%{_lib}/security/pam_unix_${phase}.so	 
+	ln -sf pam_unix.so %{buildroot}/%{_lib}/security/pam_unix_${phase}.so 
 done
 
 %find_lang Linux-PAM
@@ -215,7 +215,7 @@ done
 for dir in modules/pam_* ; do
 if [ -d ${dir} ] && [ ${dir} != "modules/pam_selinux" && [ ${dir} != "modules/pam_sepermit"  ]; then
          [ ${dir} = "modules/pam_tally" ] && continue
-	if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then
+	if ! ls -1 %{buildroot}/%{_lib}/security/`basename ${dir}`*.so ; then
 		echo ERROR `basename ${dir}` did not build a module.
 		exit 1
 	fi
@@ -224,16 +224,22 @@ done
 
 # Check for module problems.  Specifically, check that every module we just
 # installed can actually be loaded by a minimal PAM-aware application.
-/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}
+/sbin/ldconfig -n %{buildroot}/%{_lib}
-for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do
+for module in %{buildroot}/%{_lib}/security/pam*.so ; do
-	if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
+	if ! env LD_LIBRARY_PATH=%{buildroot}/%{_lib} \
-		 %{SOURCE8} -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then
+		 %{SOURCE8} -ldl -lpam -L%{buildroot}/%{_lib} ${module} ; then
 		echo ERROR module: ${module} cannot be loaded.
 		exit 1
 	fi
 done
 
 %posttrans
+# (cg) Ensure that the pam_systemd.so is included for user ACLs under systemd
+# Note: Only affects upgrades, but does no harm so always update if needed.
+if ! grep -q "pam_systemd\.so" /etc/pam.d/system-auth; then
+	echo "-session    optional      pam_systemd.so" >>/etc/pam.d/system-auth
+fi
+
 if [ ! -a /var/log/tallylog ] ; then
        install -m 600 /dev/null /var/log/tallylog
 fi
@@ -294,10 +300,14 @@ fi
 %doc doc/txts doc/specs/rfc86.0.txt Copyright
 
 
-
-
-
 %changelog
+* Wed Mar 21 2012 Alexander Kazancev <kazancas@mandriva.ru> 1.1.5-1
+- 1.1.5
+- fix URL
+- Drop default rt prio/nice values for members of the audio group.
+- Ensure pam_systemd is included in system-auth
+
+
 * Mon Feb 20 2012 abf
 - The release updated by ABF