From 8d4e5f1468fe21e5675ea0fca47715b5875b1fa7 Mon Sep 17 00:00:00 2001
From: Tomáš Mráz <tmraz@fedoraproject.org>
Date: Nov 28 2007 08:58:29 +0000
Subject: - do not free memory sent to putenv (#402101)

- pam_succeed_if: fix in operator (#295151)

---

diff --git a/pam-0.99.8.1-succif-in-operator.patch b/pam-0.99.8.1-succif-in-operator.patch
new file mode 100644
index 0000000..50adf76
--- /dev/null
+++ b/pam-0.99.8.1-succif-in-operator.patch
@@ -0,0 +1,32 @@
+Written-by: Tomas Mraz <tmraz@redhat.com>
+Reviewed-by: Karel Zak <kzak@redhat.com>
+
+diff -up Linux-PAM-0.99.8.1/modules/pam_succeed_if/pam_succeed_if.c.in-operator Linux-PAM-0.99.8.1/modules/pam_succeed_if/pam_succeed_if.c
+--- Linux-PAM-0.99.8.1/modules/pam_succeed_if/pam_succeed_if.c.in-operator	2006-08-31 12:20:39.000000000 +0200
++++ Linux-PAM-0.99.8.1/modules/pam_succeed_if/pam_succeed_if.c	2007-09-19 19:36:22.000000000 +0200
+@@ -191,13 +191,19 @@ static int
+ evaluate_inlist(const char *left, const char *right)
+ {
+ 	char *p;
+-	if ((p=strstr(right, left)) == NULL)
+-		return PAM_AUTH_ERR;
+-	if (p == right || *(p-1) == ':') { /* ':' is a list separator */
+-		p += strlen(left);
+-		if (*p == '\0' || *p == ':') {
+-		    return PAM_SUCCESS;
++	/* Don't care about left containing ':'. */
++	while ((p=strstr(right, left)) != NULL) {
++		if (p == right || *(p-1) == ':') { /* ':' is a list separator */
++			p += strlen(left);
++			if (*p == '\0' || *p == ':') {
++				return PAM_SUCCESS;
++			}
+ 		}
++		right = strchr(p, ':');
++		if (right == NULL)
++			break;
++		else
++			++right;
+ 	}
+ 	return PAM_AUTH_ERR;
+ }
diff --git a/pam-0.99.8.1-xauth-no-free.patch b/pam-0.99.8.1-xauth-no-free.patch
new file mode 100644
index 0000000..fcd9eff
--- /dev/null
+++ b/pam-0.99.8.1-xauth-no-free.patch
@@ -0,0 +1,11 @@
+diff -up Linux-PAM-0.99.8.1/modules/pam_xauth/pam_xauth.c.no-free Linux-PAM-0.99.8.1/modules/pam_xauth/pam_xauth.c
+--- Linux-PAM-0.99.8.1/modules/pam_xauth/pam_xauth.c.no-free	2007-09-21 16:02:06.000000000 +0200
++++ Linux-PAM-0.99.8.1/modules/pam_xauth/pam_xauth.c	2007-09-21 16:02:47.000000000 +0200
+@@ -573,6 +573,7 @@ pam_sm_open_session (pam_handle_t *pamh,
+ 				   "can't set environment variable '%s'",
+ 				   xauthority);
+ 		putenv (xauthority); /* The environment owns this string now. */
++		xauthority = NULL;
+ 
+ 		/* set $DISPLAY in pam handle to make su - work */
+ 		{
diff --git a/pam.spec b/pam.spec
index a4e04e2..0051aa7 100644
--- a/pam.spec
+++ b/pam.spec
@@ -11,7 +11,7 @@
 Summary: A security tool which provides authentication for applications
 Name: pam
 Version: 0.99.7.1
-Release: 5.1%{?dist}
+Release: 5.2%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 # pam_rhosts_auth module is BSD with advertising
@@ -50,6 +50,8 @@ Patch96: pam-0.99.6.2-namespace-dirnames.patch
 Patch97: pam-0.99.7.1-namespace-unknown-user.patch
 Patch98: pam-0.99.6.2-selinux-audit-context.patch
 Patch99: pam-0.99.6.2-namespace-docfix.patch
+Patch100: pam-0.99.8.1-succif-in-operator.patch
+Patch101: pam-0.99.8.1-xauth-no-free.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: cracklib, cracklib-dicts >= 2.8
@@ -125,6 +127,8 @@ cp %{SOURCE7} .
 %patch97 -p1 -b .unknown-user
 %patch98 -p1 -b .audit-context
 %patch99 -p1 -b .docfix
+%patch100 -p1 -b .in-operator
+%patch101 -p1 -b .no-free
 
 autoreconf
 
@@ -414,6 +418,10 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Wed Nov 28 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-5.2
+- do not free memory sent to putenv (#402101)
+- pam_succeed_if: fix in operator (#295151)
+
 * Tue Jun  5 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-5.1
 - pam_namespace: better document behavior on failure (#237249)
 - pam_unix: split out passwd change to a new helper binary (#236316)