revert to 1.1.4 with best work

2025-02-23 16:32:51 +00:00 · 2012-03-22 01:18:54 +04:00 · 2012-03-22 01:18:54 +04:00 · d3e200f8b8
commit d3e200f8b8
parent a1c9483dd5
5 changed files with 111 additions and 586 deletions
--- a/.abf.yml
+++ b/.abf.yml
@ -1,4 +1,3 @@
 sources:
-  "Linux-PAM-1.1.3.tar.bz2": 97d36d2b9af3211b4818ea8e6fcc6893ca1b6722
+  "Linux-PAM-1.1.4.tar.bz2": 4634b09f9e059f384ce69dbaa4a67f88bef5cf7b
  "Linux-PAM-1.1.5.tar.bz2": 662a769f66708c3b9b5a41d62802ed69bf489e09
  "pam-redhat-0.99.10-1.tar.bz2": 09e618edc5dcda9a6eb435a31db742afca673ae1
--- a/Linux-PAM-1.1.3.tar.bz2.sign
+++ b/Linux-PAM-1.1.3.tar.bz2.sign
@ -1,8 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 Comment: See http://www.kernel.org/signature.html for info
 iD8DBQBMyYZZyGugalF9Dw4RAtMkAJwIeAEXVkGZ3mL4YQKixP5zx3D6iACghePh
 sG43bk6Idz0UGC24QRQPDYE=
 =lJnB
 -----END PGP SIGNATURE-----
--- a/Linux-PAM-1.1.4-add-now-missing-nis-constant.patch
+++ b/Linux-PAM-1.1.4-add-now-missing-nis-constant.patch
@ -0,0 +1,11 @@
 --- Linux-PAM-1.1.4/modules/pam_unix/support.c.yp_const~	2011-07-19 14:31:36.081046306 +0200
 +++ Linux-PAM-1.1.4/modules/pam_unix/support.c	2011-07-19 14:31:38.058067705 +0200
@@ -21,6 +21,8 @@
 #include <sys/resource.h>
 #ifdef HAVE_RPCSVC_YPCLNT_H
 #include <rpcsvc/ypclnt.h>
 +#else
 +#define YPERR_SUCCESS 0
 #endif
 #include <security/_pam_macros.h>
--- a/Linux-PAM-1.1.4.tar.bz2.sign
+++ b/Linux-PAM-1.1.4.tar.bz2.sign
@ -0,0 +1,8 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 Comment: See http://www.kernel.org/signature.html for info
 iD8DBQBOBHzAyGugalF9Dw4RAvUUAJ0SfOT7ITyalk4JsmIe5tJSdIB5ygCfZ2ku
 aHp5ptRfKYgWdlnFv+3F7H4=
 =kqy6
 -----END PGP SIGNATURE-----
--- a/pam.spec
+++ b/pam.spec
@ -1,22 +1,32 @@
-%define libname %mklibname %name 0
+%define major	0
-%define develname %mklibname %name -d
+%define libname %mklibname %{name} %{major}
 %define libnamec %mklibname %{name}c %{major}
 %define libname_misc %mklibname %{name}_misc %{major}
 %define develname %mklibname %{name} -d
 %define with_prelude 0
 %{?_without_prelude: %{expand: %%global with_prelude 0}}
 %{?_with_prelude: %{expand: %%global with_prelude 1}}
 %define bootstrap 0
 %{?_without_bootstrap: %global bootstrap 0}
 %{?_with_bootstrap: %global bootstrap 1}
 %define pam_redhat_version 0.99.10-1
 Epoch:	1
 Summary:	A security tool which provides authentication for applications
 Name:		pam
-Version:	1.1.5
+Version:	1.1.4
-Release:	5
+Release:	7
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 License:	BSD and GPLv2+
 Group:		System/Libraries
-Url:        https://fedorahosted.org/linux-pam/
+Url:		http://www.kernel.org/pub/linux/libs/pam/index.html
-Source0:    https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-%{version}.tar.bz2
+Source0:	ftp://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2
 Source1:	ftp://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2.sign
 Source2:	pam-redhat-%{pam_redhat_version}.tar.bz2
 Source3:	pam-0.99.3.0-README.update
 Source4:	pam-0.99.8.1-11mdv2009.0-README.update
@ -26,6 +36,9 @@ Source7:	config-util.pamd
 Source8:	dlopen.sh
 Source9:	system-auth.5
 Source10:	config-util.5
 #add missing documentation
 Source501: 	pam_tty_audit.8
 Source502:	README
 # RedHat patches
 Patch1:		pam-1.0.90-redhat-modules.patch
@ -46,27 +59,24 @@ Patch508:	Linux-PAM-0.99.3.0-pamtimestampadm.patch
 #      access to /usr/X11R6/bin dir is controlled by a group
 Patch512:	Linux-PAM-1.1.1-xauth-groups.patch
 # (tv/blino) add defaults for nice/rtprio in /etc/security/limits.conf
-# Patch517:	Linux-PAM-0.99.3.0-enable_rt.patch
+Patch517:	Linux-PAM-0.99.3.0-enable_rt.patch
 # (blino) fix parallel build (pam_console)
 Patch521:	Linux-PAM-0.99.3.0-pbuild-rh.patch
 Patch700:	pam_fix_static_pam_console.patch
 # (fc) do not output error when no file is in /etc/security/console.perms.d/
 Patch701:	pam-1.1.0-console-nopermsd.patch
 # (proyvind): add missing constant that went with rpc removal from glibc 2.14
 Patch702:	Linux-PAM-1.1.4-add-now-missing-nis-constant.patch
-#add missing documentation
+BuildRequires:	bison
-Source501: 	pam_tty_audit.8
+BuildRequires:	cracklib-devel
-Source502:	README
+BuildRequires:	flex
-Requires:	cracklib-dicts
+%if !%{bootstrap}
-Requires:	setup >= 2.7.12-2
+# this pulls in the mega texlive load
 Requires:	pam_tcb >= 1.0.2-16
 Conflicts:	initscripts < 3.94
 Requires(pre):	rpm-helper
 Requires(post):	coreutils
 Requires(post):	tcb >= 1.0.2-16
 BuildRequires:	bison cracklib-devel flex
 BuildRequires:	linuxdoc-tools
-BuildRequires:	db_nss-devel >= 4.6
+%endif
 BuildRequires:	db_nss-devel
 BuildRequires:	openssl-devel
 BuildRequires:	libaudit-devel
 BuildRequires:	glibc-crypt_blowfish-devel
@ -75,8 +85,13 @@ BuildRequires:	prelude-devel >= 0.9.0
 %else
 BuildConflicts:	prelude-devel
 %endif
-Obsoletes:	pamconfig
+Requires:	cracklib-dicts
-Provides:	pamconfig
+Requires:	setup >= 2.7.12-2
 Requires:	pam_tcb >= 1.0.2-16
 Requires(pre):	rpm-helper
 Requires(post):	coreutils
 Requires(post):	tcb >= 1.0.2-16
 Conflicts:	%{_lib}pam0 < 1.1.4-5
 %description
 PAM (Pluggable Authentication Modules) is a system security tool that
@ -86,43 +101,48 @@ having to recompile programs that handle authentication.
 %package	doc
 Summary:	Additional documentation for %{name}
 Group:		System/Libraries
-Requires:	%{name} = %{version}
+Requires:	%{name} = %{EVRD}
 %description	doc
-PAM (Pluggable Authentication Modules) is a system security tool that
+This is the documentation package of %{name}.
 allows system administrators to set authentication policy without
 having to recompile programs that handle authentication.
 This is the documentation package of %{name}
 %package -n	%{libname}
-Summary:	Libraries for %{name}
+Summary:	Library for %{name}
 Group:		System/Libraries
 Conflicts:	%{name} < 0.99.8.1-10mdv
 Conflicts:	pam_tcb < 1.0.2-16
 %description -n	%{libname}
-PAM (Pluggable Authentication Modules) is a system security tool that
+This package contains the library libpam for %{name}.
 allows system administrators to set authentication policy without
 having to recompile programs that handle authentication.
-This package contains the librairies for %{name}
+%package -n	%{libnamec}
 Summary:	Library for %{name}
 Group:		System/Libraries
 Conflicts:	%{_lib}pam0 < 1.1.4-5
 %description -n	%{libnamec}
 This package contains the library libpamc for %{name}.
 %package -n	%{libname_misc}
 Summary:	Library for %{name}
 Group:		System/Libraries
 Conflicts:	%{_lib}pam0 < 1.1.4-5
 %description -n	%{libname_misc}
 This package contains the library libpam_misc for %{name}.
 %package -n	%{develname}
 Summary:	Development headers and libraries for %{name}
 Group:		Development/Other
-Requires:	%{libname} = %{version}
+Requires:	%{libname} = %{EVRD}
-Provides:	%{name}-devel = %{version}-%{release}
+Requires:	%{libnamec} = %{EVRD}
-Provides:	lib%{name}-devel = %{version}-%{release}
+Requires:	%{libname_misc} = %{EVRD}
-Obsoletes:	%{name}-devel <= 0.77-9mdk
+Provides:	%{name}-devel = %{EVRD}
 Obsoletes:	%{mklibname %name 0 -d} <= 0.99.8.1
 %description -n	%{develname}
 PAM (Pluggable Authentication Modules) is a system security tool that
 allows system administrators to set authentication policy without
 having to recompile programs that handle authentication.
-This package contains the development librairies for %{name}
+This package contains the development libraries for %{name}.
 %prep
 %setup -q -n Linux-PAM-%{version} -a 2
@ -144,10 +164,11 @@ mv pam-redhat-%{pam_redhat_version}/* modules
 %patch507 -p1 -b .loop
 %patch508 -p1 -b .pamtimestampadm
 %patch512 -p0 -b .xauth-groups
-#patch517 -p1 -b .enable_rt
+%patch517 -p1 -b .enable_rt
 %patch521 -p1 -b .pbuild-rh
 %patch700 -p1 -b .static
 %patch701 -p1 -b .nopermsd
 %patch702 -p1 -b .nis_const~
 # 08/08/2008 - vdanen - make pam provide pam_unix until we can work out all the issues in pam_tcb; this
 # just makes things easier but is not meant to be a permanent solution
@ -158,7 +179,6 @@ mv pam-redhat-%{pam_redhat_version}/* modules
 #    sed -i "s/ $d / /" modules/Makefile.am
 #done
 install -m644 %{SOURCE501} %{SOURCE502} modules/pam_tty_audit/
 mkdir -p doc/txts
@ -186,7 +206,7 @@ CFLAGS="$RPM_OPT_FLAGS -fPIC -I%{_includedir}/db_nss -D_GNU_SOURCE" \
 %install
 mkdir -p %{buildroot}%{_includedir}/security
 mkdir -p %{buildroot}/%{_lib}/security
-make install DESTDIR=%{buildroot} LDCONFIG=:
+%makeinstall_std LDCONFIG=:
 install -d -m 755 %{buildroot}/etc/pam.d
 install -m 644 %{SOURCE5} %{buildroot}/etc/pam.d/other
 install -m 644 %{SOURCE6} %{buildroot}/etc/pam.d/system-auth
@ -198,22 +218,23 @@ install -m 600 /dev/null %{buildroot}/var/log/tallylog
 # Install man pages.
 install -m 644 %{SOURCE9} %{SOURCE10} %{buildroot}%{_mandir}/man5/
 # remove unpackaged .la files
 rm -rf %{buildroot}/%{_lib}/*.la %{buildroot}/%{_lib}/security/*.la
 # no longer needed, handled by ACL in udev
 for phase in auth acct passwd session ; do
 	ln -sf pam_unix.so %{buildroot}/%{_lib}/security/pam_unix_${phase}.so
 done
 # cleanup
 rm -f %{buildroot}/%{_lib}/security/*.la
 rm -f %{buildroot}/%{_lib}/*.la
 %find_lang Linux-PAM
 %check
 # (blino) we don't want to test if SE Linux is built, it's disabled
 # Make sure every module subdirectory gave us a module.  Yes, this is hackish.
 for dir in modules/pam_* ; do
-if [ -d ${dir} ] && [ ${dir} != "modules/pam_selinux" && [ ${dir} != "modules/pam_sepermit"  ]; then
+if [ -d ${dir} ] && [[ "${dir}" != "modules/pam_selinux" ]] && [[ "${dir}" != "modules/pam_sepermit" ]]; then
-         [ ${dir} = "modules/pam_tally" ] && continue
+         [[ "${dir}" = "modules/pam_tally" ]] && continue
 	if ! ls -1 %{buildroot}/%{_lib}/security/`basename ${dir}`*.so ; then
 		echo ERROR `basename ${dir}` did not build a module.
 		exit 1
@ -226,7 +247,7 @@ done
 /sbin/ldconfig -n %{buildroot}/%{_lib}
 for module in %{buildroot}/%{_lib}/security/pam*.so ; do
 	if ! env LD_LIBRARY_PATH=%{buildroot}/%{_lib} \
-		 %{SOURCE8} -ldl -lpam -L%{buildroot}/%{_lib} ${module} ; then
+		sh %{SOURCE8} -ldl -lpam -L%{buildroot}/%{_lib} ${module} ; then
 		echo ERROR module: ${module} cannot be loaded.
 		exit 1
 	fi
@ -242,11 +263,10 @@ fi
 if [ ! -a /var/log/tallylog ] ; then
       install -m 600 /dev/null /var/log/tallylog
 fi
-if [ -f /etc/login.defs -a ! "$(grep -q USE_TCB /etc/login.defs)" ]; then
+if [ -f /etc/login.defs ] && ! grep -q USE_TCB /etc/login.defs; then
       /usr/sbin/set_tcb --auto --migrate
 fi
 %files -f Linux-PAM.lang
 %doc NEWS README.0.99.8.1.update.urpmi
 %docdir %{_docdir}/%{name}
@ -274,18 +294,22 @@ fi
 %config(noreplace) %{_sysconfdir}/security/opasswd
 %dir %{_sysconfdir}/security/console.apps
 %dir %{_sysconfdir}/security/console.perms.d
 %dir /%{_lib}/security
 /%{_lib}/security/*.so
 /%{_lib}/security/pam_filter
 %dir /var/run/console
 %ghost %verify(not md5 size mtime) /var/log/tallylog
 %{_mandir}/man5/*
 %{_mandir}/man8/*
 %files -n %{libname}
-/%{_lib}/libpam.so.*
+/%{_lib}/libpam.so.%{major}*
-/%{_lib}/libpamc.so.*
+
-/%{_lib}/libpam_misc.so.*
+%files -n %{libnamec}
-/%{_lib}/security/*.so
+/%{_lib}/libpamc.so.%{major}*
-/%{_lib}/security/pam_filter
+
-%dir /%{_lib}/security
+%files -n %{libname_misc}
 /%{_lib}/libpam_misc.so.%{major}*
 %files -n %{develname}
 %doc Copyright
@ -297,512 +321,3 @@ fi
 %files doc
 %doc doc/txts doc/specs/rfc86.0.txt Copyright
 %changelog
 * Wed Mar 21 2012 Alexander Kazancev <kazancas@mandriva.ru> 1.1.5-1
 - 1.1.5
 - fix URL
 - Drop default rt prio/nice values for members of the audio group.
 - Ensure pam_systemd is included in system-auth
 * Mon Feb 20 2012 abf
 - The release updated by ABF
 * Tue Jul 19 2011 Per Ã˜yvind Karlsen <peroyvind@mandriva.org> 1.1.3-4
 + Revision: 690600
 - remove obsolete/deprecated rpm stuff
 - check if /etc/login.defs exists before trying to open it in scriptlet
 * Wed May 04 2011 Oden Eriksson <oeriksson@mandriva.com> 1.1.3-3
 + Revision: 666974
 - mass rebuild
  + Per Ã˜yvind Karlsen <peroyvind@mandriva.org>
    - work around ordering issue by moving %%post script to %%posttrans
 * Wed Nov 03 2010 Oden Eriksson <oeriksson@mandriva.com> 1.1.3-1mdv2011.0
 + Revision: 592873
 - 1.1.3
 - sync patches with pam-1.1.3-1.fc15.src.rpm
 - rediffed P512
 * Mon Mar 15 2010 Oden Eriksson <oeriksson@mandriva.com> 1.1.1-2mdv2010.1
 + Revision: 519980
 - rebuilt against audit-2 libs
 * Wed Dec 30 2009 Frederik Himpe <fhimpe@mandriva.org> 1.1.1-1mdv2010.1
 + Revision: 484161
 - Update to new version 1.1.1
 - Remove authok patch: integrated upstream
 - Rediff xauth groups patch
 - Don't run libtoolize: it breaks build
 - drop tests for not pulling in libpthread like in Fedora (as NPTL
  should be safe and pam_userdb now links to libpthread on x86_64)
 * Tue Oct 06 2009 Frederic Crozat <fcrozat@mandriva.com> 1.1.0-6mdv2010.0
 + Revision: 454902
 - Patch701: do not complain if there is no files in /etc/security/console.perms.d/
 * Sun Sep 27 2009 Olivier Blin <oblin@mandriva.com> 1.1.0-5mdv2010.0
 + Revision: 450211
 - fix crash on some archs, pam is building with static all functions
  with is plain wrong, this tends to make pam_comsole_apply
  unhappy/crashing (from Arnaud Patard)
 * Tue Sep 08 2009 Frederic Crozat <fcrozat@mandriva.com> 1.1.0-4mdv2010.0
 + Revision: 433622
 - Patch4 (Fedora): do not chmod tty on login/login with pam_console anymore
 - Patch5 (Fedora): drop pam_tally, use pam_tally2 instead
 * Thu Aug 27 2009 Frederic Crozat <fcrozat@mandriva.com> 1.1.0-3mdv2010.0
 + Revision: 421690
 - Patch3 (Fedora): fix for pam_cracklib from upstream
 * Mon Jul 27 2009 Frederic Crozat <fcrozat@mandriva.com> 1.1.0-2mdv2010.0
 + Revision: 400600
 - remove default rules for console.perms, device ownership should not change anymore
 * Mon Jul 27 2009 Frederic Crozat <fcrozat@mandriva.com> 1.1.0-1mdv2010.0
 + Revision: 400582
 - Release 1.1.0
 - no longer change devices ownership based on console privilege, handled by consolekit now (remove source500, patches 500, 501)
 * Sun May 10 2009 Frederik Himpe <fhimpe@mandriva.org> 1.0.92-1mdv2010.0
 + Revision: 374099
 - Remove verbose limits patch: a similar change was implemented upstream
 - Update to new version Linux-PAM 1.0.92 and pam-redhat 0.99.10-1
 - Resync patches with Fedora
 - Rediff xauth-groups patch
 - Remove man page typo fix, noselinux and bid 34010 patches
  (integrated upstream)
 - Don't conflict with libselinux-devel and use --disable-selinux in
  configure call
 - Disable verbose call patch for now, upstream code has changed too
 * Thu Apr 16 2009 Frederik Himpe <fhimpe@mandriva.org> 0.99.8.1-20mdv2009.1
 + Revision: 367795
 - Disable fork option for pam_tcb, to reflect the change made in set_tcb
 * Mon Mar 30 2009 Frederic Crozat <fcrozat@mandriva.com> 0.99.8.1-19mdv2009.1
 + Revision: 362380
 - Add console for raw1394 (Mdv bug #47622)
 * Thu Mar 19 2009 Frederik Himpe <fhimpe@mandriva.org> 0.99.8.1-18mdv2009.1
 + Revision: 358110
 - Add upstream patch fixing security issue (Bugtraq ID 34010)
 * Sun Mar 08 2009 Michael Scherer <misc@mandriva.org> 0.99.8.1-17mdv2009.1
 + Revision: 352736
 - fix build by updating libtool script
 - update patch 32
 - rediff patch 31
  + Antoine Ginies <aginies@mandriva.com>
    - rebuild
 * Tue Aug 12 2008 Vincent Danen <vdanen@mandriva.com> 0.99.8.1-16mdv2009.0
 + Revision: 271144
 - call set_tcb in %%post and require tcb itself as a result
 * Tue Aug 12 2008 Olivier Blin <oblin@mandriva.com> 0.99.8.1-15mdv2009.0
 + Revision: 271055
 - move pam_tcb conflict in the proper lib package (#42709)
 * Mon Aug 11 2008 Olivier Blin <oblin@mandriva.com> 0.99.8.1-14mdv2009.0
 + Revision: 270658
 - conflict with old tcb package that contained pam_unix
 * Sat Aug 09 2008 Vincent Danen <vdanen@mandriva.com> 0.99.8.1-13mdv2009.0
 + Revision: 270079
 - require new pam_tcb release
  require specific setup version for the shadow group
  restore old pam_unix and its symlinks
  ensure system-auth permissions and ownership
 * Thu Aug 07 2008 Thierry Vignaud <tv@mandriva.org> 0.99.8.1-12mdv2009.0
 + Revision: 265321
 - rebuild early 2009.0 package (before pixel changes)
  + Oden Eriksson <oeriksson@mandriva.com>
    - unset BROWSER
  + Pixel <pixel@mandriva.com>
    - do not call ldconfig in %%post/%%postun, it is now handled by filetriggers
 * Thu May 22 2008 Vincent Danen <vdanen@mandriva.com> 0.99.8.1-11mdv2009.0
 + Revision: 210056
 - libpam conflicts with pam < 0.99.8.1-10mdv
 - dropped the system-auth migration as per blino
 - restored the 0.99.3.1 README
 - renamed and trimmed the 0.99.8.1-11mdv README
 * Tue May 20 2008 Vincent Danen <vdanen@mandriva.com> 0.99.8.1-10mdv2009.0
 + Revision: 209289
 - gracefully handle non-standard system-auth configurations to replace pam_unix with pam_tcb (for instances like using ldap for auth, etc.) which, if not done correctly or immediately, could result in local accounts being locked out
 * Mon May 19 2008 Vincent Danen <vdanen@mandriva.com> 0.99.8.1-9mdv2009.0
 + Revision: 209172
 - add -D_GNU_SOURCE to $CFLAGS in order to compile pam_console and pam_timestamp
 - requires pam_tcb
 - buildrequires glibc-crypt_blowfish-devel
 - don't build pam_unix; pam_tcb provides it
 - unix_chkpwd and unix_update are no longer required without pam_unix
 - clean up system-auth(5)
 - update system-auth to use pam_tcb
 - updated the Mandriva-specific README
 * Fri Jan 18 2008 Frederic Crozat <fcrozat@mandriva.com> 0.99.8.1-8mdv2008.1
 + Revision: 154727
 - Update license info based on fedora specfile
 - Update patches 25, 44 with latest version from fedora
 - Remove patch26, merged into patch25
 - Patch42, 43 (Fedora): don't use pam_console to change device ownership, rely on HAL ACL now
 - Patch46 (Fedora): fix in operator (Fedora #295151)
 - Patch47 (Fedora): fix invalid free on xauth module
 - Patch48 (Fedora): add support for substack include
 - Patch49, 50 (Fedora): add tty_audio module
 - Patch523: fix build when SELinux is disabled
 - Source501, 502 : add missing documentation from tarball
 - Resync system-auth file with Fedora
 * Fri Dec 21 2007 Oden Eriksson <oeriksson@mandriva.com> 0.99.8.1-7mdv2008.1
 + Revision: 136256
 - link against the bdb 4.6.x assembly-mutex-only db (buchan)
  + Thierry Vignaud <tv@mandriva.org>
    - kill re-definition of %%buildroot on Pixel's request
  + Marcelo Ricardo Leitner <mrl@mandriva.com>
    - As Blino pointed out, we can do Requires(post): coreutils as coreutils
      currently just "Requires: pam", with no specific order.
      This also fix a bug in the previous "fix" that would make the /dev/null
      device be copied instead of creating a blank file.
    - Do not use the install utility on %%post section because we can't require
      coreutils as coreutils already requires us. So replace install calls by
      cp -a and chmod ones, fixing without introducing a circular dependency.
 * Thu Sep 20 2007 Frederic Crozat <fcrozat@mandriva.com> 0.99.8.1-6mdv2008.0
 + Revision: 91448
 - Update patch24 with latest fedora version
 - Patch25 (Fedora): do not ask for blank password when SELinux confined (Fedora #254044)
 * Wed Sep 12 2007 Anssi Hannula <anssi@mandriva.org> 0.99.8.1-5mdv2008.0
 + Revision: 84662
 - show 0.99.3.0 notes only when upgrading from an older version
 * Mon Sep 10 2007 Olivier Blin <oblin@mandriva.com> 0.99.8.1-4mdv2008.0
 + Revision: 84153
 - make evdev mouse devices owned by console user (fix synclient, #32955)
 * Mon Sep 03 2007 Frederic Crozat <fcrozat@mandriva.com> 0.99.8.1-3mdv2008.0
 + Revision: 78627
 - Update patches 40 & 5 with latest version from RH (Fix Mdv bug #32741)
 - Patch44 (RH): fix homedir init with namespace module
 * Mon Aug 13 2007 Olivier Blin <oblin@mandriva.com> 0.99.8.1-2mdv2008.0
 + Revision: 62485
 - add scanner devices in the usb group (#29489, #29562)
 - make sure devices are accessible by their group if specified in console.perms (#29489)
 - remove mode definitions from mdvperms patch (will be done by a one-liner in the spec)
 - restore console settings for lp class (wrongly removed in 0.99.6.0 rediff, #29562)
 - move lp class in 50-mandriva.perms
 - add compatibility symlinks for pam_unix_{auth,acct,passwd,session}.so
 - add /etc/security/opasswd file
 - add more module checks in check section (from Fedora)
 - move checks in check section
 - properly include /var/log/faillog and tallylog as ghosts and create them in post script (from Fedora)
 - add user and new instance parameters to namespace init (from Fedora)
 - fix typo in man pages
 - enable libaudit
 - rediff mdv perms patch
 - do not log an audit error when uid != 0 (from Fedora)
 - update to pam-redhat-0.99.8-1
 - adapt to new devel library policy
 - add signature
 - rename sources to match RH spec file
 - remove useless chmod
 * Tue Jul 24 2007 Olivier Blin <oblin@mandriva.com> 0.99.8.1-1mdv2008.0
 + Revision: 55033
 - 0.99.8.1
 - update RH patches
 - package /sbin/unix_update
 - remove old packaging hacks
 - use new doc directory policy
 * Sat Jul 21 2007 David Walluck <walluck@mandriva.org> 0.99.7.1-3mdv2008.0
 + Revision: 54187
 - add config-util.pamd
 * Wed Feb 07 2007 Olivier Blin <oblin@mandriva.com> 0.99.7.1-2mdv2007.0
 + Revision: 117173
 - mark doc dir as docdir
 - fix doc installation
 - update pam_redhat to 0.99.7-1
 - allow more X displays as consoles (RH #227462)
 * Wed Jan 24 2007 Olivier Blin <oblin@mandriva.com> 0.99.7.1-1mdv2007.1
 + Revision: 112870
 - 0.99.7.1
 * Tue Jan 23 2007 Olivier Blin <oblin@mandriva.com> 0.99.7.0-1mdv2007.1
 + Revision: 112280
 - 0.99.7.0
 * Fri Oct 20 2006 Olivier Blin <oblin@mandriva.com> 0.99.6.3-1mdv2007.1
 + Revision: 71373
 - link pam_userdb with db4 (#26242 and #26572)
 - pam_loginuid is now in upstream sources
 - remove console reset patch, now handled upstream
 - 0.99.6.3
 * Sat Sep 16 2006 Olivier Blin <oblin@mandriva.com> 0.99.6.0-3mdv2007.0
 + Revision: 61618
 - 0.99.6.0-3mdv
 - chown IR remote controls devices to console user (Anssi Hannula, #24785)
 - add /dev/scd* /dev/sg* /dev/cdrw* /dev/dvdrw* in burner devices list (#25371 and #24541)
 * Wed Aug 30 2006 Olivier Blin <oblin@mandriva.com> 0.99.6.0-2mdv2007.0
 + Revision: 58719
 - bump release
 - make cdrom devices owned by cdrom group
  + Anssi Hannula <anssi@mandriva.org>
    - add /dev/input/by-path/*-joystick to <joystick> class (fixes #23775)
    - make <sound> class devices accessible by audio group (fixes #24300)
    - make <v4l> and <dvb> class devices accessible by video group (fixes #24786)
 * Fri Aug 11 2006 Olivier Blin <oblin@mandriva.com> 0.99.6.0-1mdv2007.0
 + Revision: 55258
 - use ndbm from db1 to build pam_userdb
 - drop html, ps and pdf doc (pdf doc would require Apache's fop to be packaged)
 - make doc/txts directory (not provided upstream anymore)
 - namespace.init is now provided upstream
 - drop more sgml hacks (sgml not used upstream anymore)
 - remove pam-0.77-use_uid.patch (fixed upstream)
 - remove pam_keyinit patches (merged upstream)
 - remove pam-0.99.5.0-access-gai.patch (applied upstream)
 - remove pam-0.99.4.0-succif-service.patch (merged upstream)
 - remove sgml2latex patch, it doesn't apply anymore since xml is used instead of sgml in 0.99.6.0
 - 0.99.6.0
 - really use pam-redhat-0.99.6-1
 - remove patch merged in pam-redhat 0.99.6-1
 - revoke keyrings properly when pam_keyinit called more than once (RH)
 - don't log pam_keyinit debug messages by default
 - drop ainit from console.handlers (RH)
 - add pam_keyinit to the default system-auth file (RH)
 - fixed network match in pam_access (from Redhat)
 - sync with pam-redhat 0.99.6-1 (and rediff mdvperms, RH merged a lot of our permissions)
 - import pam-0.99.5.0-2mdv2007.0
 * Tue Jul 04 2006 Olivier Blin <oblin@mandriva.com> 0.99.5.0-2mdv2007.0
 - Source500: add ttyACM* devices in the serial class (#23190)
 - Patch83 (from Fedora): add service as value to be matched and list
  matching to pam_succeed_if
 - use upstream redhat-modules patch
 * Thu Jun 29 2006 Olivier Blin <oblin@mandriva.com> 0.99.5.0-1mdv2007.0
 - 0.99.5.0
 - Patch523: temporary patch to add namespace.init, which is missing from dist
  (extracted from RH old namespace patch)
 - package namespace files in /etc/security
 - Patch84 (from RH): pam_console_apply shouldn't access /var when called with -r
 * Thu Jun 29 2006 Olivier Blin <oblin@mandriva.com> 0.99.4.0-1mdv2007.0
 - 0.99.4.0
 - from Fedora:
  o pam-0.99.4.0-redhat-modules
  o pam-redhat-0.99.5-1
  o add system-auth and config-util man pages
 - drop Patch523 and all pwdb bits
 - drop glib2-devel BuildRequires (pam_console_apply don't need it anymore)
 - rediff Patch500 (mdv perms)
 - drop Patch520 (merged upstream)
 - don't check for userdb module, we don't built it
  (it requires an internal libdb copy)
 - package pam_tally2
 * Thu Feb 02 2006 Olivier Blin <oblin@mandriva.com> 0.99.3.0-6mdk
 - update instructions in the README.update.urpmi file (Source4)
 * Wed Feb 01 2006 Thierry Vignaud <tvignaud@mandriva.com> 0.99.3.0-5mdk
 - patch 500:
  o fix firewire perms (#20270)
  o fix printer perms (#13013)
 * Mon Jan 30 2006 Olivier Blin <oblin@mandriva.com> 0.99.3.0-4mdk
 - don't build prelude (#20896)
 - Patch523: allow to disable pwdb
 - disable pam_pwdb
 - make unix_chkpwd setuid root again
 - Source2: remove hardcoded /lib/security in source
  (even if spec-helper fixes it later)
 - don't add video group in %%pre, it's already in the setup package
 - remove hardcoded workaround for a (more than) 2 years-old pam
 - more BuildRequires fixes: drop autoconf2.1, use glib2-devel
  (thanks to Stefan van der Eijk)
 - rpmbuildupdatable
 - Source4: README.update.urpmi
 * Sat Jan 28 2006 Olivier Blin <oblin@mandriva.com> 0.99.3.0-3mdk
 - BuildRequires automake1.8 (Stefan van der Eijk)
 - fix again Patch517 (use real patch name)
 - fix typo in modules installation test
 * Sat Jan 28 2006 Olivier Blin <oblin@mandriva.com> 0.99.3.0-2mdk
 - BuildConflicts with libselinux-devel (#20871)
 - don't test if modules/pam_selinux is built, we don't want it
 - Patch517: fix typo in limits.conf (Andrey Borzenkov, #20872)
 - BuildRequires openssl-devel (#20874)
 - Patch511: use pam_syslog instead of old _pam_log in pam_limits
  (Andrey Borzenkov, #20876)
 - BuildRequires prelude-devel
 * Sat Jan 28 2006 Olivier Blin <oblin@mandriva.com> 0.99.3.0-1mdk
 - 0.99.3.0
 - sync with RH (all of their others patches are either merged upstream,
  or useless in Mandriva, such as SE Linux):
  o drop Patch39 (wasn't needed for 0.77)
  o drop Patch[0,1,2,3,5,6,7,8,9,11,12,13,14,15,16,17,18,19,20],
    Patch[22,23,24,25,26,27,30,31,32,33,35,36,37,40] and Source4
    (dropped during 0.78 upgrade)
  o drop Patch29 (dropped during 0.79 upgrade)
  o drop Patch4 (dropped during 0.80 upgrade)
  o rediff Patch21
  o don't use fakeroot anymore
  o don't enable static-pam
  o drop Patch10 (dropped during 0.99.2.1 upgrade)
  o rediff Patch34
  o fix descriptions
 - rediff Patch500, and split out Mandriva-specific perms in Source500
  (installed as 50-mandriva.perms)
 - remove devfs-style paths in Patch500/Source500
 - drop Patch502 (dead X problem fixed otherwise upstream)
 - drop Patch503 (we don't need pam_console_apply_devfsd)
 - rediff Patch504 (drop merged parts), Patch508, Patch512
 - drop Patch506 (not required anymore to detect cracklib dicts on x86_64)
 - drop Patch507 (tty name not found fixed otherwise upstream)
 - drop Patch509 (fixed upstream)
 - drop Patch513 (fixed otherwise upstream, should still work with lsb-test-pam)
 - drop Patch514 (kill pam_console_setowner, pam_console_apply should be used)
 - drop Patch515 (/etc/environment test fixed upstream)
 - drop Patch516 (RT now supported upstream)
 - rediff Patch517 (apply on limits.conf, use new rtprio keyword instead of
  previous rt_priority)
 - drop Patch518 (build with gcc 4 works fine now)
 - add comments about ghost patches
 - Patch520 and Patch521: fix parallel build
 - Patch522: ensure that sgml2txt worked
 - package new security/console.handlers and security/console.perms.d/
 - package pam_filter/upperLOWER
 - package libpamc
 - package security/chroot.conf
 - package lang files
 - don't package pwdb_chkpwd
 - more description fixes
 * Thu Jan 26 2006 Olivier Blin <oblin@mandriva.com> 0.77-37mdk
 - handle permissions for /dev/bus/usb
 * Tue Jan 24 2006 Olivier Blin <oblin@mandriva.com> 0.77-36mdk
 - fix permissions for more DVB devices (merge Patch520 in Patch500)
 * Mon Jan 23 2006 Olivier Blin <oblin@mandriva.com> 0.77-35mdk
 - update Patch514 to handle multiple arguments in pam_console_setowner,
  (from Andrey Borzenkov, #20269, it's about reimplementing recent
   pam_console_apply in our weird pam_console_setowner)
 - use requires instead of prereq for pam-doc
 * Tue Jan 10 2006 Thierry Vignaud <tvignaud@mandriva.com> 0.77-34mdk
 - patch 520: set perms for DVB devices (#14688)
 * Fri Jan 06 2006 Oden Eriksson <oeriksson@mandriva.com> 0.77-33mdk
 - drop selinux (P60)
 - removed two hunks from P40 (required the selinux patch applied)
 - dropped P62 (required the selinux patch applied)
 - rebuilt against a non selinux enabled pwdb lib (thanks stefan)
 * Wed Oct 05 2005 Gwenole Beauchesne <gbeauchesne@mandriva.com> 0.77-32mdk
 - fix build on ppc64
 * Tue Sep 20 2005 Frederic Lepied <flepied@mandriva.com> 0.77-31mdk
 - fix uninitialized variable user (aka fix crash on C3)
 * Sun Jul 31 2005 Couriousous <couriousous@mandriva.org> 0.77-30mdk
 - Don't apply 64bit patch ( fix #16961 )
 * Wed Jun 22 2005 Frederic Lepied <flepied@mandriva.com> 0.77-29mdk
 - fixed dependencies
 * Mon May 16 2005 Thierry Vignaud <tvignaud@mandrakesoft.com> 0.77-28mdk 
 - patch 516: add support for RT/nice rlimit settings (kernel-2.6.12+)
 - patch 517: enable new RT privileges for audio group in limits.conf
 - patch 518: fix build with gcc-4.0
 * Thu Apr 07 2005 Frederic Crozat <fcrozat@mandrakesoft.com> 0.77-27mdk 
 - Update Patch500 to add /dev/zip* and /dev/jaz* as zip/jaz group for
  console privilege
 * Thu Sep 30 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.77-26mdk
 - give access to /dev/nvram in ro for console users
 - handle /dev/dri* and /dev/nvidia the same way in startx and *dm modes.
 * Tue Sep 21 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.77-25mdk
 - pam_env: don't abort if /etc/environment isn't present (Oded Arbel)
 - fix BuildRequires (Oded Arbel)
 - create an empty /etc/environment
 - add USB joystick devices to console.perms (bug #11190)
 * Fri Sep 17 2004 Gwenole Beauchesne <gbeauchesne@mandrakesoft.com> 0.77-24mdk
 - really build pam_console_apply_devfs against glib-1.2
 * Sat Sep 11 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.77-23mdk
 - fixed debug code in pam_console_apply_devfsd
 - added a way to debug pam_console_setowner by setting PAM_DEBUG env variable
 - don't apply patch63 to have console.lock at the usual place
 * Fri Sep 10 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.77-22mdk
 - implement pam_console_setowner for udev
 * Thu Sep 09 2004 Frederic Crozat <fcrozat@mandrakesoft.com> 0.77-21mdk
 - add sr* to cdrom group
 * Wed Sep 08 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.77-20mdk
 - fixed lookup when a group or a user doesn't exist (bug #11256)
 - fixed the group of audio devices when nobody is connected
 * Tue Aug 24 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.77-19mdk
 - added /dev/rfcomm* /dev/ircomm* to serial group (Fred Crozat)
 * Tue Aug 24 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.77-18mdk
 - put back <serial> group in console.perms
 * Tue Aug 24 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.77-17mdk
 - manage dri files perm (bug #10876 )
 - manage perm of /dev/raw1394 (bug #9240)
 - console.perms more group friendly (bug #3033)
 - merged with rh 0.77-54
 * Wed Jul 28 2004 Frederic Crozat <fcrozat@mandrakesoft.com> 0.77-16mdk
 - Update patch16 to give console permissions to rfcomm devices
 * Tue Jul 06 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.77-15mdk
 - fixed typo in provides for devel package
 * Sat Jul 03 2004 Stew Benedict <sbenedict@mandrakesoft.com> 0.77-14mdk
 - patch for lsb2 lsb-test-pam compliance (patch513)
 * Mon Jun 14 2004 Per Øyvind Karlsen <peroyvind@linux-mandrake.com> 0.77-13mdk
 - fix buildrequires
 - fix provides
 - cosmetics
 * Tue Feb 24 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.77-12mdk
 - console.perms: /proc/usb => /proc/bus/usb (Marcel Pol) [bug #8285]
 * Thu Feb 19 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.77-11mdk
 - added a trigger to be able to upgrade