--- ChangeLog	29 Aug 2008 08:58:04 -0000	1.332.2.6
+++ ChangeLog	9 Dec 2008 07:27:09 -0000	1.332.2.10
@@ -1,3 +1,24 @@
+2008-12-09  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	* release version 1.0.3
+
+	* configure.in: ENABLE_NLS needs to be at the bottom of config.h
+
+2008-11-25  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	* modules/pam_time/pam_time.c (is_same): Fix check
+	of correct string length (debian bug #326407).
+
+2008-10-17  Tomas Mraz <t8m@centrum.cz> 
+
+	* modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Save the old
+	euid to suid to be able to restore it.
+
+2008-09-25  Tomas Mraz <t8m@centrum.cz>
+
+	* modules/pam_tally/pam_tally.c(get_tally): Fix syslog message.
+	(tally_check): Open faillog read only. Close file descriptor.
+
 2008-08-29  Thorsten Kukuk  <kukuk@thkukuk.de>
 
 	* release version 1.0.2
--- NEWS	29 Aug 2008 08:58:04 -0000	1.84.2.2
+++ NEWS	9 Dec 2008 07:27:09 -0000	1.84.2.3
@@ -1,6 +1,11 @@
 Linux-PAM NEWS -- history of user-visible changes.
 
 
+Release 1.0.3
+
+* Small bug fix release
+
+
 Release 1.0.2
 
 * Regression fixed in pam_selinux
--- configure.in	29 Aug 2008 08:58:04 -0000	1.122.2.2
+++ configure.in	9 Dec 2008 07:27:09 -0000	1.122.2.3
@@ -1,6 +1,6 @@
 dnl Process this file with autoconf to produce a configure script.
 AC_INIT(conf/pam_conv1/pam_conv_y.y)
-AM_INIT_AUTOMAKE("Linux-PAM", 1.0.2)
+AM_INIT_AUTOMAKE("Linux-PAM", 1.0.3)
 AC_PREREQ([2.60])
 AM_CONFIG_HEADER(config.h)
 AC_CANONICAL_HOST
@@ -491,8 +491,7 @@
 AM_GNU_GETTEXT([external])
 AC_CHECK_FUNCS(dngettext)
 
-AH_VERBATIM([_ZZENABLE_NLS],
-[#ifdef ENABLE_NLS
+AH_BOTTOM([#ifdef ENABLE_NLS
 #include <libintl.h>
 #define _(msgid) dgettext(PACKAGE, msgid)
 #define N_(msgid) msgid
--- modules/pam_keyinit/pam_keyinit.c	18 Dec 2006 21:07:42 -0000	1.5
+++ modules/pam_keyinit/pam_keyinit.c	17 Oct 2008 11:11:10 -0000	1.5.2.1
@@ -143,7 +143,7 @@
 			error(pamh, "Unable to change GID to %d temporarily\n",
 			      revoke_as_gid);
 
-		if (revoke_as_uid != old_uid && setreuid(-1, revoke_as_uid) < 0)
+		if (revoke_as_uid != old_uid && setresuid(-1, revoke_as_uid, old_uid) < 0)
 			error(pamh, "Unable to change UID to %d temporarily\n",
 			      revoke_as_uid);
 
--- modules/pam_tally/pam_tally.c	20 Nov 2007 10:58:11 -0000	1.29
+++ modules/pam_tally/pam_tally.c	25 Sep 2008 19:01:12 -0000	1.29.2.1
@@ -342,7 +342,7 @@
     }
 
     if ( ! ( *TALLY = fopen(filename,(*tally!=TALLY_HI)?"r+":"r") ) ) {
-      pam_syslog(pamh, LOG_ALERT, "Error opening %s for update", filename);
+      pam_syslog(pamh, LOG_ALERT, "Error opening %s for %s", filename, *tally!=TALLY_HI?"update":"read");
 
 /* Discovering why account service fails: e/uid are target user.
  *
@@ -496,7 +496,7 @@
   tally_t
     deny          = opts->deny;
   tally_t
-    tally         = 0;  /* !TALLY_HI --> Log opened for update */
+    tally         = TALLY_HI;
   long
     lock_time     = opts->lock_time;
 
@@ -507,6 +507,10 @@
     i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp);
     if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); }
 
+    if ( TALLY != NULL ) {
+      fclose(TALLY);
+    }
+
     if ( !(opts->ctrl & OPT_MAGIC_ROOT) || getuid() ) {       /* magic_root skips tally check */
 
       /* To deny or not to deny; that is the question */
--- modules/pam_time/pam_time.c	7 Dec 2007 15:40:02 -0000	1.16
+++ modules/pam_time/pam_time.c	25 Nov 2008 13:49:37 -0000	1.16.2.1
@@ -358,8 +358,8 @@
 
      /* Ok, we know that b is a substring from A and does not contain
         wildcards, but now the length of both strings must be the same,
-        too. */
-     if (strlen (a) != strlen(b))
+        too. In this case it means, a[i] has to be the end of the string. */
+     if (a[i] != '\0')
           return FALSE;
 
      return ( !len );