pam-1.1.1-5

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@3556 ec354946-7b23-47d6-9f5a-488ba84defc7

p/pam/pam-vl.spec

@@ -6,7 +6,7 @@ Summary: A security tool which provides authentication for applications
 Summary(ja): アプリケーションに認証の仕組みを提供するセキュリティツール
 Name: pam
 Version: 1.1.1
-Release: 4%{?_dist_release}
+Release: 5%{?_dist_release}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+
 License: BSD and GPLv2+
@@ -30,6 +30,12 @@ Patch8:  pam-1.1.1-authtok-prompt.patch
 
 Patch700: pam-0.99.9-sg-dev.patch
 
+## security patch(es)
+# fix CVE-2010-3435 and CVE-2010-3316
+Patch1009:  pam-1.1.1-drop-privs.patch
+# fix CVE-2010-3853
+Patch1010: pam-1.1.1-cve-2010-3853.patch
+
 %define _sbindir /sbin
 %define _moduledir /%{_lib}/security
 %define _secconfdir %{_sysconfdir}/security
@@ -163,6 +169,10 @@ mv pam-redhat-%{pam_redhat_version}/* modules
 
 %patch700 -p1
 
+## security patch(es)
+%patch1009 -p1 -b .drop-privs
+%patch1010 -p1 -b .execle
+
 libtoolize -f
 autoreconf
 
@@ -493,6 +503,11 @@ fi
 
 
 %changelog
+* Tue Apr 19 2011 IWAI, Masaharu <iwai@alib.jp> 1.1.1-5
+- add patches from RHEL 1.1.1-4.1
+ - drop-privs patch (Patch1009): fix CVE-2010-3435 and CVE-2010-3316
+ - CVE-2010-3853 (Patch1010)
+
 * Mon Apr 18 2011 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1-4
 - rebuilt with recent environment.