commit pam_pkcs11 for openSUSE:Factory
Hello community, here is the log from the commit of package pam_pkcs11 for openSUSE:Factory checked in at 2019-02-01 11:46:58 Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old) and /work/SRC/openSUSE:Factory/.pam_pkcs11.new.28833 (New) Package is "pam_pkcs11" Fri Feb 1 11:46:58 2019 rev:32 rq:670213 version:0.6.10 Changes: --- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2018-09-11 17:19:57.311165819 +0200 +++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new.28833/pam_pkcs11.changes 2019-02-01 11:46:59.820456877 +0100 @@ -1,0 +2,16 @@ +Tue Jan 29 22:45:28 CET 2019 - sbra...@suse.com + +- Update to version 0.6.10: + * Fix some security issues (thx @frankmorgner): +https://www.x41-dsec.de/lab/advisories/x41-2018-003-pam_pkcs11/ +(drop 0001-verify-using-a-nonce-from-the-system-not-the-card.patch, +0002-fixed-buffer-overflow-with-long-home-directory.patch, +0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch). + * Fix buffer overflow with long home directory. + * Fix wiping secrets (now using OpenSSL_cleanse()). + * Verify using a nonce from the system, not the card. + * Fix segfalt when checking CRLs +(drop pam_pkcs11-crl-check.patch). +- Add rcpkcs11_eventmgr service symlink. + +--- Old: 0001-verify-using-a-nonce-from-the-system-not-the-card.patch 0002-fixed-buffer-overflow-with-long-home-directory.patch 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch pam_pkcs11-0.6.9-ChangeLog.git pam_pkcs11-crl-check.patch pam_pkcs11-pam_pkcs11-0.6.9.tar.gz New: pam_pkcs11-0.6.10-ChangeLog.git pam_pkcs11-0.6.10.tar.gz Other differences: -- ++ pam_pkcs11.spec ++ --- /var/tmp/diff_new_pack.2lCZ7h/_old 2019-02-01 11:47:01.520455131 +0100 +++ /var/tmp/diff_new_pack.2lCZ7h/_new 2019-02-01 11:47:01.520455131 +0100 @@ -1,7 +1,7 @@ # # spec file for package pam_pkcs11 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,33 +12,28 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # It seems to be an upstream naming bug: %define _name pam_pkcs11-pam_pkcs11 Name: pam_pkcs11 -Version:0.6.9 +Version:0.6.10 Release:0 Summary:PKCS #11 PAM Module License:LGPL-2.1-or-later Group: Productivity/Security Url:https://github.com/OpenSC/pam_pkcs11 -Source: %{_name}-%{version}.tar.gz +Source: https://github.com/OpenSC/pam_pkcs11/archive/%{name}-%{version}.tar.gz Source1:pam_pkcs11-common-auth-smartcard.pam Source2:baselibs.conf # make dist was not called. -Source3:pam_pkcs11-0.6.9-ChangeLog.git +Source3:pam_pkcs11-0.6.10-ChangeLog.git Source4:pkcs11_eventmgr.service Patch0: %{name}-fsf-address.patch Patch1: %{name}-0.5.3-nss-conf.patch Patch3: %{name}-0.6.0-nss-autoconf.patch -# PATCH-FIX-UPSTEAM-PENDING pam_pkcs11-crl-check.patch https://github.com/OpenSC/pam_pkcs11/pull/26 -- Fix segfault and fetch problems when checking CRLs. -Patch4: %{name}-crl-check.patch -Patch5: 0001-verify-using-a-nonce-from-the-system-not-the-card.patch -Patch6: 0002-fixed-buffer-overflow-with-long-home-directory.patch -Patch7: 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch BuildRequires: curl-devel BuildRequires: docbook-xsl-stylesheets BuildRequires: doxygen @@ -93,10 +88,6 @@ %patch0 -p1 %patch1 -p1 %patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 cp -a %{SOURCE1} common-auth-smartcard sed -i s:/lib/:/%{_lib}/:g etc/pam_pkcs11.conf.example.in etc/pkcs11_eventmgr.conf.example # make dist was not called and cannot be called on a non git snapshot. @@ -132,6 +123,8 @@ mkdir -p %{buildroot}%{_sysconfdir}/pam.d cp common-auth-smartcard %{buildroot}%{_sysconfdir}/pam.d/ install -D -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/pkcs11_eventmgr.service +mkdir -p %{buildroot}%{_sbindir} +ln -s service %{buildroot}%{_sbindir}/rcpkcs11_eventmgr %find_lang %{name} %fdupes -s %{buildroot}%{_docdir}/%{name} @@ -160,6 +153,7 @@ %config(noreplace) %{_sysconfdir}/pam_pkcs11/*.conf %config(noreplace) %{_sysconfdir}/pam.d/common-auth-smartcard %{_prefix}/lib/systemd/system/pkcs11_eventmgr.service +%{_sbindir}/*
commit pam_pkcs11 for openSUSE:Factory
Hello community, here is the log from the commit of package pam_pkcs11 for openSUSE:Factory checked in at 2018-09-11 17:19:43 Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old) and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New) Package is "pam_pkcs11" Tue Sep 11 17:19:43 2018 rev:31 rq:634777 version:0.6.9 Changes: --- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2018-08-03 12:38:58.643719012 +0200 +++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new/pam_pkcs11.changes 2018-09-11 17:19:57.311165819 +0200 @@ -1,0 +2,12 @@ +Fri Aug 17 10:12:31 UTC 2018 - vci...@suse.com + +- Address security issues found by X41 D-Sec audit (bsc#1105012) + * Authentication Replay + * Buffer Overflow + * Memory not cleaned properly before free() +- add patches: + * 0001-verify-using-a-nonce-from-the-system-not-the-card.patch + * 0002-fixed-buffer-overflow-with-long-home-directory.patch + * 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch + +--- New: 0001-verify-using-a-nonce-from-the-system-not-the-card.patch 0002-fixed-buffer-overflow-with-long-home-directory.patch 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch Other differences: -- ++ pam_pkcs11.spec ++ --- /var/tmp/diff_new_pack.NG9Dq7/_old 2018-09-11 17:19:58.527163960 +0200 +++ /var/tmp/diff_new_pack.NG9Dq7/_new 2018-09-11 17:19:58.527163960 +0200 @@ -36,6 +36,9 @@ Patch3: %{name}-0.6.0-nss-autoconf.patch # PATCH-FIX-UPSTEAM-PENDING pam_pkcs11-crl-check.patch https://github.com/OpenSC/pam_pkcs11/pull/26 -- Fix segfault and fetch problems when checking CRLs. Patch4: %{name}-crl-check.patch +Patch5: 0001-verify-using-a-nonce-from-the-system-not-the-card.patch +Patch6: 0002-fixed-buffer-overflow-with-long-home-directory.patch +Patch7: 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch BuildRequires: curl-devel BuildRequires: docbook-xsl-stylesheets BuildRequires: doxygen @@ -91,6 +94,9 @@ %patch1 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 cp -a %{SOURCE1} common-auth-smartcard sed -i s:/lib/:/%{_lib}/:g etc/pam_pkcs11.conf.example.in etc/pkcs11_eventmgr.conf.example # make dist was not called and cannot be called on a non git snapshot. ++ 0001-verify-using-a-nonce-from-the-system-not-the-card.patch ++ >From cc51b3e2720ea862d500cab2ea517518ff39a497 Mon Sep 17 00:00:00 2001 From: Frank Morgner Date: Fri, 25 May 2018 23:46:41 +0200 Subject: [PATCH 1/3] verify using a nonce from the system, not the card Thanks to Eric Sesterhenn from X41 D-SEC GmbH for reporting the problem. --- src/common/pkcs11_lib.c | 66 + 1 file changed, 28 insertions(+), 38 deletions(-) diff --git a/src/common/pkcs11_lib.c b/src/common/pkcs11_lib.c index 46a93bd..d4433f2 100644 --- a/src/common/pkcs11_lib.c +++ b/src/common/pkcs11_lib.c @@ -131,6 +131,34 @@ memcmp_pad_max(void *d1, size_t d1_len, void *d2, size_t d2_len, return (0); } +int get_random_value(unsigned char *data, int length) +{ + static const char *random_device = "/dev/urandom"; + int rv, fh, l; + + DBG2("reading %d random bytes from %s", length, random_device); + fh = open(random_device, O_RDONLY); + if (fh == -1) { +set_error("open() failed: %s", strerror(errno)); +return -1; + } + + l = 0; + while (l < length) { +rv = read(fh, data + l, length - l); +if (rv <= 0) { + close(fh); + set_error("read() failed: %s", strerror(errno)); + return -1; +} +l += rv; + } + close(fh); + DBG5("random-value[%d] = [%02x:%02x:%02x:...:%02x]", length, data[0], + data[1], data[2], data[length - 1]); + return 0; +} + #ifdef HAVE_NSS /* @@ -834,16 +862,6 @@ int sign_value(pkcs11_handle_t *h, cert_object_t *cert, CK_BYTE *data, return 0; } -int get_random_value(unsigned char *data, int length) -{ - SECStatus rv = PK11_GenerateRandom(data,length); - if (rv != SECSuccess) { -DBG1("couldn't generate random number: %s", SECU_Strerror(PR_GetError())); - } - return (rv == SECSuccess) ? 0 : -1; -} - - struct tuple_str { PRErrorCode errNum; const char * errString; @@ -1778,32 +1796,4 @@ int sign_value(pkcs11_handle_t *h, cert_object_t *cert, CK_BYTE *data, (*signature)[0], (*signature)[1], (*signature)[2], (*signature)[*signature_length - 1]); return 0; } - -int get_random_value(unsigned char *data, int length) -{ - static const char *random_device = "/dev/urandom"; - int rv, fh, l; - - DBG2("reading %d random bytes from %s", length, random_device); - fh = open(random_device, O_RDONLY); - if (fh == -1) { -set_error("open() failed: %s",
commit pam_pkcs11 for openSUSE:Factory
Hello community, here is the log from the commit of package pam_pkcs11 for openSUSE:Factory checked in at 2018-08-03 12:38:56 Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old) and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New) Package is "pam_pkcs11" Fri Aug 3 12:38:56 2018 rev:30 rq:627119 version:0.6.9 Changes: --- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2017-09-27 16:55:16.647705858 +0200 +++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new/pam_pkcs11.changes 2018-08-03 12:38:58.643719012 +0200 @@ -1,0 +2,6 @@ +Mon Jul 23 17:36:18 CEST 2018 - sbra...@suse.com + +- Fix segfault and fetch problems when checking CRLs + (pam_pkcs11-crl-check.patch). + +--- New: pam_pkcs11-crl-check.patch Other differences: -- ++ pam_pkcs11.spec ++ --- /var/tmp/diff_new_pack.US4y7E/_old 2018-08-03 12:38:59.103719697 +0200 +++ /var/tmp/diff_new_pack.US4y7E/_new 2018-08-03 12:38:59.107719703 +0200 @@ -1,7 +1,7 @@ # # spec file for package pam_pkcs11 # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ Version:0.6.9 Release:0 Summary:PKCS #11 PAM Module -License:LGPL-2.1+ +License:LGPL-2.1-or-later Group: Productivity/Security Url:https://github.com/OpenSC/pam_pkcs11 Source: %{_name}-%{version}.tar.gz @@ -34,6 +34,8 @@ Patch0: %{name}-fsf-address.patch Patch1: %{name}-0.5.3-nss-conf.patch Patch3: %{name}-0.6.0-nss-autoconf.patch +# PATCH-FIX-UPSTEAM-PENDING pam_pkcs11-crl-check.patch https://github.com/OpenSC/pam_pkcs11/pull/26 -- Fix segfault and fetch problems when checking CRLs. +Patch4: %{name}-crl-check.patch BuildRequires: curl-devel BuildRequires: docbook-xsl-stylesheets BuildRequires: doxygen @@ -88,6 +90,7 @@ %patch0 -p1 %patch1 -p1 %patch3 -p1 +%patch4 -p1 cp -a %{SOURCE1} common-auth-smartcard sed -i s:/lib/:/%{_lib}/:g etc/pam_pkcs11.conf.example.in etc/pkcs11_eventmgr.conf.example # make dist was not called and cannot be called on a non git snapshot. ++ pam_pkcs11-crl-check.patch ++ https://github.com/OpenSC/pam_pkcs11/pull/26 https://github.com/gkloepfer/pam_pkcs11/commit/94325a2c2b03a10b7618375f828c90063881227e >From 94325a2c2b03a10b7618375f828c90063881227e Mon Sep 17 00:00:00 2001 From: Gil Kloepfer Date: Thu, 17 Aug 2017 07:51:25 -0500 Subject: [PATCH] Fixed segfault and fetch problems when checking CRLs Fixed segfault issue in src/common/cert_vfy.c that occurs when an attempt is made to check a certificate's CRL. This seems to be caused by changes that happened in the OpenSSL API, and got overlooked during updates to the code. Also fixed a problem in src/common/uri.c in the builtin URI fetch via HTTP where an extra newline (and missing carriage-returns) were sent, causing the HTTP request to fail. --- src/common/cert_vfy.c | 29 ++--- src/common/uri.c | 2 +- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/src/common/cert_vfy.c b/src/common/cert_vfy.c index 7efb0cb..6016ca0 100644 --- a/src/common/cert_vfy.c +++ b/src/common/cert_vfy.c @@ -143,21 +143,20 @@ static X509_CRL *download_crl(const char *uri) static int verify_crl(X509_CRL * crl, X509_STORE_CTX * ctx) { int rv; - X509_OBJECT *obj = NULL; + X509_OBJECT obj; EVP_PKEY *pkey = NULL; X509 *issuer_cert; /* get issuer certificate */ - rv = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_CRL_get_issuer(crl), obj); + rv = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_CRL_get_issuer(crl), ); if (rv <= 0) { set_error("getting the certificate of the crl-issuer failed"); return -1; } /* extract public key and verify signature */ - issuer_cert = X509_OBJECT_get0_X509(obj); + issuer_cert = X509_OBJECT_get0_X509(()); pkey = X509_get_pubkey(issuer_cert); - if (obj) - X509_OBJECT_free(obj); + X509_OBJECT_free_contents(); if (pkey == NULL) { set_error("getting the issuer's public key failed"); return -1; @@ -203,13 +202,14 @@ static int verify_crl(X509_CRL * crl, X509_STORE_CTX * ctx) static int check_for_revocation(X509 * x509, X509_STORE_CTX * ctx, crl_policy_t policy) { int rv, i, j; - X509_OBJECT *obj = NULL; + X509_OBJECT obj; X509_REVOKED *rev = NULL; STACK_OF(DIST_POINT) * dist_points; DIST_POINT *point; GENERAL_NAME *name; X509_CRL *crl; X509 *x509_ca = NULL; + EVP_PKEY
commit pam_pkcs11 for openSUSE:Factory
Hello community, here is the log from the commit of package pam_pkcs11 for openSUSE:Factory checked in at 2017-09-27 16:55:13 Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old) and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New) Package is "pam_pkcs11" Wed Sep 27 16:55:13 2017 rev:29 rq:528838 version:0.6.9 Changes: --- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2017-09-11 16:17:37.804189189 +0200 +++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new/pam_pkcs11.changes 2017-09-27 16:55:16.647705858 +0200 @@ -1,0 +2,7 @@ +Sun Sep 10 00:08:17 UTC 2017 - jeng...@inai.de + +- Repair bulletpoint that skidded in description. + Trim description of %name-devel-doc, it does not cotain + the programs. + +--- Other differences: -- ++ pam_pkcs11.spec ++ --- /var/tmp/diff_new_pack.hPkiRF/_old 2017-09-27 16:55:17.455592203 +0200 +++ /var/tmp/diff_new_pack.hPkiRF/_new 2017-09-27 16:55:17.459591641 +0200 @@ -59,8 +59,9 @@ verification of the users' certificates, locally stored CA certificates as well as online or locally accessible CRLs are used. -Additionally, the package includes pam_pkcs11-related tools: * - pkcs11_eventmgr: Generates actions on card insert, removal, or +Additionally, the package includes pam_pkcs11-related tools: + +* pkcs11_eventmgr: Generates actions on card insert, removal, or time-out events * pklogin_finder: Gets the login name that maps to a certificate @@ -80,21 +81,7 @@ API documentation for pam_pkcs11 This Linux PAM module allows X.509 a certificate-based user -authentication. The certificate and its dedicated private key are -thereby accessed by means of an appropriate PKCS #11 module. For the -verification of the users' certificates, locally stored CA certificates -as well as online or locally accessible CRLs are used. - -Additionally, the package includes pam_pkcs11-related tools: * - pkcs11_eventmgr: Generates actions on card insert, removal, or - time-out events - -* pklogin_finder: Gets the login name that maps to a certificate - -* pkcs11_inspect: Inspects the contents of a certificate - -* make_hash_links: Creates hash link directories for storing CAs and -CRLs +authentication. %prep %setup -q -n %{_name}-%{version}
commit pam_pkcs11 for openSUSE:Factory
Hello community, here is the log from the commit of package pam_pkcs11 for openSUSE:Factory checked in at 2017-09-11 16:17:35 Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old) and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New) Package is "pam_pkcs11" Mon Sep 11 16:17:35 2017 rev:28 rq:520503 version:0.6.9 Changes: --- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2016-04-07 13:32:18.0 +0200 +++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new/pam_pkcs11.changes 2017-09-11 16:17:37.804189189 +0200 @@ -1,0 +2,21 @@ +Wed Aug 9 15:08:07 UTC 2017 - astie...@suse.com + +- add service file bsc#1049219 + +--- +Thu Jul 20 18:02:57 CEST 2017 - sbra...@suse.com + +- Updated to version 0.6.9: + * Upstream web moved. + * pkcs11_listcerts: Do not fail on certificate error. + * Do not fail if card was already unlocked. + * Other bug fixes. + * Translation updates. +- Drop upstreamed pam_pkcs11-0.6.8-fix-crypto-cflags.patch. +- Work around incorrect upstream release process not calling + "make dist". +- Split API documentation into a separate package + pam_pkcs11-devel-doc. +- Add pam_pkcs11-fsf-address.patch. + +--- Old: pam_pkcs11-0.6.8-fix-crypto-cflags.patch pam_pkcs11-0.6.8.tar.gz New: pam_pkcs11-0.6.9-ChangeLog.git pam_pkcs11-fsf-address.patch pam_pkcs11-pam_pkcs11-0.6.9.tar.gz pkcs11_eventmgr.service Other differences: -- ++ pam_pkcs11.spec ++ --- /var/tmp/diff_new_pack.u2RbFO/_old 2017-09-11 16:17:39.279981936 +0200 +++ /var/tmp/diff_new_pack.u2RbFO/_new 2017-09-11 16:17:39.283981375 +0200 @@ -1,7 +1,7 @@ # # spec file for package pam_pkcs11 # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,21 +16,28 @@ # +# It seems to be an upstream naming bug: +%define _name pam_pkcs11-pam_pkcs11 Name: pam_pkcs11 -Version:0.6.8 +Version:0.6.9 Release:0 -Url:http://www.opensc-project.org/pam_pkcs11/ Summary:PKCS #11 PAM Module License:LGPL-2.1+ Group: Productivity/Security -Source: %{name}-%{version}.tar.gz +Url:https://github.com/OpenSC/pam_pkcs11 +Source: %{_name}-%{version}.tar.gz Source1:pam_pkcs11-common-auth-smartcard.pam Source2:baselibs.conf +# make dist was not called. +Source3:pam_pkcs11-0.6.9-ChangeLog.git +Source4:pkcs11_eventmgr.service +Patch0: %{name}-fsf-address.patch Patch1: %{name}-0.5.3-nss-conf.patch -# PATCH-FIX-UPSTREAM pam_pkcs11-0.6.8-fix-crypto-cflags.patch -- Fix CFLAGS and build for Tumbleweed -Patch2: %{name}-0.6.8-fix-crypto-cflags.patch Patch3: %{name}-0.6.0-nss-autoconf.patch BuildRequires: curl-devel +BuildRequires: docbook-xsl-stylesheets +BuildRequires: doxygen +BuildRequires: fdupes BuildRequires: flex BuildRequires: libtool BuildRequires: libxslt @@ -39,8 +46,11 @@ BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: pcsc-lite-devel -BuildRequires: pkg-config -BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: pkgconfig +%{?systemd_requires} +%if 0%{?suse_version} >= 1210 +BuildRequires: systemd-rpm-macros +%endif %description This Linux PAM module allows X.509 a certificate-based user @@ -60,26 +70,43 @@ * make_hash_links: Creates hash link directories for storing CAs and CRLs -Authors: - -Mario Strasser-Juan Antonio Martinez -Antti Tapaninen -Timo Sirainen -Ludovic Rousseau -Andreas Jellinghaus -Dominik Fischer -Ville Skyttä +%package devel-doc +Summary:PKCS #11 API PAM Documentation +# File conflict. devel-doc split was done with 0.6.9 upgrade, after SLE 12 SP3, Leap 42.3. +Group: Documentation/HTML +Conflicts: pam_pkcs11 < 0.6.9 + +%description devel-doc +API documentation for pam_pkcs11 + +This Linux PAM module allows X.509 a certificate-based user +authentication. The certificate and its dedicated private key are +thereby accessed by means of an appropriate PKCS #11 module. For the +verification of the users' certificates, locally stored CA certificates +as well as online or locally accessible CRLs are used. + +Additionally, the package includes
commit pam_pkcs11 for openSUSE:Factory
Hello community, here is the log from the commit of package pam_pkcs11 for openSUSE:Factory checked in at 2016-04-07 13:32:17 Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old) and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New) Package is "pam_pkcs11" Changes: --- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2012-07-12 10:50:20.0 +0200 +++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new/pam_pkcs11.changes 2016-04-07 13:32:18.0 +0200 @@ -1,0 +2,8 @@ +Tue Feb 9 19:02:43 UTC 2016 - antoine.belv...@laposte.net + +- Fix build for Tumbleweed: + * Add pam_pkcs11-0.6.8-fix-crypto-cflags.patch + * Rebuild configure with the bootstrap script (add libtool as +build dependency) + +--- New: pam_pkcs11-0.6.8-fix-crypto-cflags.patch Other differences: -- ++ pam_pkcs11.spec ++ --- /var/tmp/diff_new_pack.eNZ36U/_old 2016-04-07 13:32:19.0 +0200 +++ /var/tmp/diff_new_pack.eNZ36U/_new 2016-04-07 13:32:19.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package pam_pkcs11 # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,9 +27,12 @@ Source1:pam_pkcs11-common-auth-smartcard.pam Source2:baselibs.conf Patch1: %{name}-0.5.3-nss-conf.patch +# PATCH-FIX-UPSTREAM pam_pkcs11-0.6.8-fix-crypto-cflags.patch -- Fix CFLAGS and build for Tumbleweed +Patch2: %{name}-0.6.8-fix-crypto-cflags.patch Patch3: %{name}-0.6.0-nss-autoconf.patch BuildRequires: curl-devel BuildRequires: flex +BuildRequires: libtool BuildRequires: libxslt BuildRequires: mozilla-nss-devel BuildRequires: openldap2-devel @@ -71,6 +74,7 @@ %prep %setup -q %patch1 -p1 +%patch2 %patch3 -p1 cp -a %{S:1} common-auth-smartcard mv po/pt_br.po po/pt_BR.po @@ -78,6 +82,7 @@ sed -i s:/lib/:/%{_lib}/:g etc/pam_pkcs11.conf.example.in etc/pkcs11_eventmgr.conf.example %build +./bootstrap %configure\ --docdir=%{_docdir}/%{name}\ --with-nss\ ++ pam_pkcs11-0.6.8-fix-crypto-cflags.patch ++ diff -up ./configure.in.orig ./configure.in --- ./configure.in.orig 2016-02-08 23:31:17.057761702 +0100 +++ ./configure.in 2016-02-08 23:31:44.917760530 +0100 @@ -157,7 +157,7 @@ fi AM_CONDITIONAL(HAVE_NSS, test x$with_nss = xyes) if test "$with_nss" = "yes" then -CRYPTO_CFLAGS="${NSS_CFLAGS}-DHAVE_NSS" +CRYPTO_CFLAGS="${NSS_CFLAGS} -DHAVE_NSS" CRYPTO_LIBS=${NSS_LIBS} else CRYPTO_CFLAGS=${OPENSSL_CFLAGS}
commit pam_pkcs11 for openSUSE:Factory
Hello community, here is the log from the commit of package pam_pkcs11 for openSUSE:Factory checked in at 2012-07-12 10:50:18 Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old) and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New) Package is pam_pkcs11, Maintainer is sbra...@suse.com Changes: --- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2012-03-07 20:10:00.0 +0100 +++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new/pam_pkcs11.changes 2012-07-12 10:50:20.0 +0200 @@ -1,0 +2,8 @@ +Tue Jul 10 17:24:56 CEST 2012 - sbra...@suse.cz + +- Updated to version 0.6.8: + * Code cleanup. + * Bug fixes. + * Translation updates. + +--- Old: pam_pkcs11-0.6.6.tar.bz2 New: pam_pkcs11-0.6.8.tar.gz Other differences: -- ++ pam_pkcs11.spec ++ --- /var/tmp/diff_new_pack.hxaLTT/_old 2012-07-12 10:50:21.0 +0200 +++ /var/tmp/diff_new_pack.hxaLTT/_new 2012-07-12 10:50:21.0 +0200 @@ -15,22 +15,28 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - Name: pam_pkcs11 -Version:0.6.6 -Release:1 +Version:0.6.8 +Release:0 Url:http://www.opensc-project.org/pam_pkcs11/ -Group: Productivity/Security -License:LGPL-2.1+ Summary:PKCS #11 PAM Module -Source: %{name}-%{version}.tar.bz2 +License:LGPL-2.1+ +Group: Productivity/Security +Source: %{name}-%{version}.tar.gz Source1:pam_pkcs11-common-auth-smartcard.pam Source2:baselibs.conf Patch1: %{name}-0.5.3-nss-conf.patch Patch3: %{name}-0.6.0-nss-autoconf.patch -BuildRequires: curl-devel libxslt mozilla-nss-devel openldap2-devel openssl-devel pam-devel pcsc-lite-devel pkg-config +BuildRequires: curl-devel +BuildRequires: flex +BuildRequires: libxslt +BuildRequires: mozilla-nss-devel +BuildRequires: openldap2-devel +BuildRequires: openssl-devel +BuildRequires: pam-devel +BuildRequires: pcsc-lite-devel +BuildRequires: pkg-config BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam_pkcs11 for openSUSE:Factory
Hello community, here is the log from the commit of package pam_pkcs11 for openSUSE:Factory checked in at 2012-03-07 20:09:57 Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old) and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New) Package is pam_pkcs11, Maintainer is sbra...@suse.com Changes: --- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2011-09-23 12:21:36.0 +0200 +++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new/pam_pkcs11.changes 2012-03-07 20:10:00.0 +0100 @@ -1,0 +2,6 @@ +Tue Feb 28 19:54:16 CET 2012 - sbra...@suse.cz + +- Change nssdb path to /etc/pki/nssdb (bnc#463469). +- Make libdir paths in pam_pkcs11.conf biarch-wise. + +--- Other differences: -- ++ pam_pkcs11.spec ++ --- /var/tmp/diff_new_pack.h6aSA9/_old 2012-03-07 20:10:02.0 +0100 +++ /var/tmp/diff_new_pack.h6aSA9/_new 2012-03-07 20:10:02.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package pam_pkcs11 # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -69,6 +69,7 @@ cp -a %{S:1} common-auth-smartcard mv po/pt_br.po po/pt_BR.po sed -i s/pt_br/pt_BR/ configure.in configure +sed -i s:/lib/:/%{_lib}/:g etc/pam_pkcs11.conf.example.in etc/pkcs11_eventmgr.conf.example %build %configure\ ++ pam_pkcs11-0.5.3-nss-conf.patch ++ --- /var/tmp/diff_new_pack.h6aSA9/_old 2012-03-07 20:10:02.0 +0100 +++ /var/tmp/diff_new_pack.h6aSA9/_new 2012-03-07 20:10:02.0 +0100 @@ -17,7 +17,7 @@ + use_pkcs11_module = nss; + + pkcs11_module nss { -+nss_dir = /etc/ssl/nssdb; ++nss_dir = /etc/pki/nssdb; +crl_policy = none; + } -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam_pkcs11 for openSUSE:Factory
Hello community, here is the log from the commit of package pam_pkcs11 for openSUSE:Factory checked in at 2011-12-06 18:35:48 Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old) and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New) Package is pam_pkcs11, Maintainer is sbra...@suse.com Changes: Other differences: -- ++ pam_pkcs11.spec ++ --- /var/tmp/diff_new_pack.X8tkw2/_old 2011-12-06 19:02:55.0 +0100 +++ /var/tmp/diff_new_pack.X8tkw2/_new 2011-12-06 19:02:55.0 +0100 @@ -23,7 +23,7 @@ Release:1 Url:http://www.opensc-project.org/pam_pkcs11/ Group: Productivity/Security -License:LGPLv2.1+ +License:LGPL-2.1+ Summary:PKCS #11 PAM Module Source: %{name}-%{version}.tar.bz2 Source1:pam_pkcs11-common-auth-smartcard.pam -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org