commit pam_pkcs11 for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_pkcs11 for openSUSE:Factory
checked in at 2019-02-01 11:46:58
Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old)
and /work/SRC/openSUSE:Factory/.pam_pkcs11.new.28833 (New)
Package is "pam_pkcs11"
Fri Feb 1 11:46:58 2019 rev:32 rq:670213 version:0.6.10
Changes:
--- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2018-09-11
17:19:57.311165819 +0200
+++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new.28833/pam_pkcs11.changes
2019-02-01 11:46:59.820456877 +0100
@@ -1,0 +2,16 @@
+Tue Jan 29 22:45:28 CET 2019 - sbra...@suse.com
+
+- Update to version 0.6.10:
+ * Fix some security issues (thx @frankmorgner):
+https://www.x41-dsec.de/lab/advisories/x41-2018-003-pam_pkcs11/
+(drop 0001-verify-using-a-nonce-from-the-system-not-the-card.patch,
+0002-fixed-buffer-overflow-with-long-home-directory.patch,
+0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch).
+ * Fix buffer overflow with long home directory.
+ * Fix wiping secrets (now using OpenSSL_cleanse()).
+ * Verify using a nonce from the system, not the card.
+ * Fix segfalt when checking CRLs
+(drop pam_pkcs11-crl-check.patch).
+- Add rcpkcs11_eventmgr service symlink.
+
+---
Old:
0001-verify-using-a-nonce-from-the-system-not-the-card.patch
0002-fixed-buffer-overflow-with-long-home-directory.patch
0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch
pam_pkcs11-0.6.9-ChangeLog.git
pam_pkcs11-crl-check.patch
pam_pkcs11-pam_pkcs11-0.6.9.tar.gz
New:
pam_pkcs11-0.6.10-ChangeLog.git
pam_pkcs11-0.6.10.tar.gz
Other differences:
--
++ pam_pkcs11.spec ++
--- /var/tmp/diff_new_pack.2lCZ7h/_old 2019-02-01 11:47:01.520455131 +0100
+++ /var/tmp/diff_new_pack.2lCZ7h/_new 2019-02-01 11:47:01.520455131 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pam_pkcs11
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,33 +12,28 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# It seems to be an upstream naming bug:
%define _name pam_pkcs11-pam_pkcs11
Name: pam_pkcs11
-Version:0.6.9
+Version:0.6.10
Release:0
Summary:PKCS #11 PAM Module
License:LGPL-2.1-or-later
Group: Productivity/Security
Url:https://github.com/OpenSC/pam_pkcs11
-Source: %{_name}-%{version}.tar.gz
+Source:
https://github.com/OpenSC/pam_pkcs11/archive/%{name}-%{version}.tar.gz
Source1:pam_pkcs11-common-auth-smartcard.pam
Source2:baselibs.conf
# make dist was not called.
-Source3:pam_pkcs11-0.6.9-ChangeLog.git
+Source3:pam_pkcs11-0.6.10-ChangeLog.git
Source4:pkcs11_eventmgr.service
Patch0: %{name}-fsf-address.patch
Patch1: %{name}-0.5.3-nss-conf.patch
Patch3: %{name}-0.6.0-nss-autoconf.patch
-# PATCH-FIX-UPSTEAM-PENDING pam_pkcs11-crl-check.patch
https://github.com/OpenSC/pam_pkcs11/pull/26 -- Fix segfault and fetch problems
when checking CRLs.
-Patch4: %{name}-crl-check.patch
-Patch5: 0001-verify-using-a-nonce-from-the-system-not-the-card.patch
-Patch6: 0002-fixed-buffer-overflow-with-long-home-directory.patch
-Patch7: 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch
BuildRequires: curl-devel
BuildRequires: docbook-xsl-stylesheets
BuildRequires: doxygen
@@ -93,10 +88,6 @@
%patch0 -p1
%patch1 -p1
%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
cp -a %{SOURCE1} common-auth-smartcard
sed -i s:/lib/:/%{_lib}/:g etc/pam_pkcs11.conf.example.in
etc/pkcs11_eventmgr.conf.example
# make dist was not called and cannot be called on a non git snapshot.
@@ -132,6 +123,8 @@
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
cp common-auth-smartcard %{buildroot}%{_sysconfdir}/pam.d/
install -D -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/pkcs11_eventmgr.service
+mkdir -p %{buildroot}%{_sbindir}
+ln -s service %{buildroot}%{_sbindir}/rcpkcs11_eventmgr
%find_lang %{name}
%fdupes -s %{buildroot}%{_docdir}/%{name}
@@ -160,6 +153,7 @@
%config(noreplace) %{_sysconfdir}/pam_pkcs11/*.conf
%config(noreplace) %{_sysconfdir}/pam.d/common-auth-smartcard
%{_prefix}/lib/systemd/system/pkcs11_eventmgr.service
+%{_sbindir}/*
commit pam_pkcs11 for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_pkcs11 for openSUSE:Factory
checked in at 2018-09-11 17:19:43
Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old)
and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New)
Package is "pam_pkcs11"
Tue Sep 11 17:19:43 2018 rev:31 rq:634777 version:0.6.9
Changes:
--- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2018-08-03
12:38:58.643719012 +0200
+++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new/pam_pkcs11.changes
2018-09-11 17:19:57.311165819 +0200
@@ -1,0 +2,12 @@
+Fri Aug 17 10:12:31 UTC 2018 - vci...@suse.com
+
+- Address security issues found by X41 D-Sec audit (bsc#1105012)
+ * Authentication Replay
+ * Buffer Overflow
+ * Memory not cleaned properly before free()
+- add patches:
+ * 0001-verify-using-a-nonce-from-the-system-not-the-card.patch
+ * 0002-fixed-buffer-overflow-with-long-home-directory.patch
+ * 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch
+
+---
New:
0001-verify-using-a-nonce-from-the-system-not-the-card.patch
0002-fixed-buffer-overflow-with-long-home-directory.patch
0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch
Other differences:
--
++ pam_pkcs11.spec ++
--- /var/tmp/diff_new_pack.NG9Dq7/_old 2018-09-11 17:19:58.527163960 +0200
+++ /var/tmp/diff_new_pack.NG9Dq7/_new 2018-09-11 17:19:58.527163960 +0200
@@ -36,6 +36,9 @@
Patch3: %{name}-0.6.0-nss-autoconf.patch
# PATCH-FIX-UPSTEAM-PENDING pam_pkcs11-crl-check.patch
https://github.com/OpenSC/pam_pkcs11/pull/26 -- Fix segfault and fetch problems
when checking CRLs.
Patch4: %{name}-crl-check.patch
+Patch5: 0001-verify-using-a-nonce-from-the-system-not-the-card.patch
+Patch6: 0002-fixed-buffer-overflow-with-long-home-directory.patch
+Patch7: 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch
BuildRequires: curl-devel
BuildRequires: docbook-xsl-stylesheets
BuildRequires: doxygen
@@ -91,6 +94,9 @@
%patch1 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
cp -a %{SOURCE1} common-auth-smartcard
sed -i s:/lib/:/%{_lib}/:g etc/pam_pkcs11.conf.example.in
etc/pkcs11_eventmgr.conf.example
# make dist was not called and cannot be called on a non git snapshot.
++ 0001-verify-using-a-nonce-from-the-system-not-the-card.patch ++
>From cc51b3e2720ea862d500cab2ea517518ff39a497 Mon Sep 17 00:00:00 2001
From: Frank Morgner
Date: Fri, 25 May 2018 23:46:41 +0200
Subject: [PATCH 1/3] verify using a nonce from the system, not the card
Thanks to Eric Sesterhenn from X41 D-SEC GmbH
for reporting the problem.
---
src/common/pkcs11_lib.c | 66 +
1 file changed, 28 insertions(+), 38 deletions(-)
diff --git a/src/common/pkcs11_lib.c b/src/common/pkcs11_lib.c
index 46a93bd..d4433f2 100644
--- a/src/common/pkcs11_lib.c
+++ b/src/common/pkcs11_lib.c
@@ -131,6 +131,34 @@ memcmp_pad_max(void *d1, size_t d1_len, void *d2, size_t
d2_len,
return (0);
}
+int get_random_value(unsigned char *data, int length)
+{
+ static const char *random_device = "/dev/urandom";
+ int rv, fh, l;
+
+ DBG2("reading %d random bytes from %s", length, random_device);
+ fh = open(random_device, O_RDONLY);
+ if (fh == -1) {
+set_error("open() failed: %s", strerror(errno));
+return -1;
+ }
+
+ l = 0;
+ while (l < length) {
+rv = read(fh, data + l, length - l);
+if (rv <= 0) {
+ close(fh);
+ set_error("read() failed: %s", strerror(errno));
+ return -1;
+}
+l += rv;
+ }
+ close(fh);
+ DBG5("random-value[%d] = [%02x:%02x:%02x:...:%02x]", length, data[0],
+ data[1], data[2], data[length - 1]);
+ return 0;
+}
+
#ifdef HAVE_NSS
/*
@@ -834,16 +862,6 @@ int sign_value(pkcs11_handle_t *h, cert_object_t *cert,
CK_BYTE *data,
return 0;
}
-int get_random_value(unsigned char *data, int length)
-{
- SECStatus rv = PK11_GenerateRandom(data,length);
- if (rv != SECSuccess) {
-DBG1("couldn't generate random number: %s", SECU_Strerror(PR_GetError()));
- }
- return (rv == SECSuccess) ? 0 : -1;
-}
-
-
struct tuple_str {
PRErrorCode errNum;
const char * errString;
@@ -1778,32 +1796,4 @@ int sign_value(pkcs11_handle_t *h, cert_object_t *cert,
CK_BYTE *data,
(*signature)[0], (*signature)[1], (*signature)[2],
(*signature)[*signature_length - 1]);
return 0;
}
-
-int get_random_value(unsigned char *data, int length)
-{
- static const char *random_device = "/dev/urandom";
- int rv, fh, l;
-
- DBG2("reading %d random bytes from %s", length, random_device);
- fh = open(random_device, O_RDONLY);
- if (fh == -1) {
-set_error("open() failed: %s",
commit pam_pkcs11 for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_pkcs11 for openSUSE:Factory
checked in at 2018-08-03 12:38:56
Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old)
and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New)
Package is "pam_pkcs11"
Fri Aug 3 12:38:56 2018 rev:30 rq:627119 version:0.6.9
Changes:
--- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2017-09-27
16:55:16.647705858 +0200
+++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new/pam_pkcs11.changes
2018-08-03 12:38:58.643719012 +0200
@@ -1,0 +2,6 @@
+Mon Jul 23 17:36:18 CEST 2018 - sbra...@suse.com
+
+- Fix segfault and fetch problems when checking CRLs
+ (pam_pkcs11-crl-check.patch).
+
+---
New:
pam_pkcs11-crl-check.patch
Other differences:
--
++ pam_pkcs11.spec ++
--- /var/tmp/diff_new_pack.US4y7E/_old 2018-08-03 12:38:59.103719697 +0200
+++ /var/tmp/diff_new_pack.US4y7E/_new 2018-08-03 12:38:59.107719703 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pam_pkcs11
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
Version:0.6.9
Release:0
Summary:PKCS #11 PAM Module
-License:LGPL-2.1+
+License:LGPL-2.1-or-later
Group: Productivity/Security
Url:https://github.com/OpenSC/pam_pkcs11
Source: %{_name}-%{version}.tar.gz
@@ -34,6 +34,8 @@
Patch0: %{name}-fsf-address.patch
Patch1: %{name}-0.5.3-nss-conf.patch
Patch3: %{name}-0.6.0-nss-autoconf.patch
+# PATCH-FIX-UPSTEAM-PENDING pam_pkcs11-crl-check.patch
https://github.com/OpenSC/pam_pkcs11/pull/26 -- Fix segfault and fetch problems
when checking CRLs.
+Patch4: %{name}-crl-check.patch
BuildRequires: curl-devel
BuildRequires: docbook-xsl-stylesheets
BuildRequires: doxygen
@@ -88,6 +90,7 @@
%patch0 -p1
%patch1 -p1
%patch3 -p1
+%patch4 -p1
cp -a %{SOURCE1} common-auth-smartcard
sed -i s:/lib/:/%{_lib}/:g etc/pam_pkcs11.conf.example.in
etc/pkcs11_eventmgr.conf.example
# make dist was not called and cannot be called on a non git snapshot.
++ pam_pkcs11-crl-check.patch ++
https://github.com/OpenSC/pam_pkcs11/pull/26
https://github.com/gkloepfer/pam_pkcs11/commit/94325a2c2b03a10b7618375f828c90063881227e
>From 94325a2c2b03a10b7618375f828c90063881227e Mon Sep 17 00:00:00 2001
From: Gil Kloepfer
Date: Thu, 17 Aug 2017 07:51:25 -0500
Subject: [PATCH] Fixed segfault and fetch problems when checking CRLs
Fixed segfault issue in src/common/cert_vfy.c that occurs when
an attempt is made to check a certificate's CRL. This seems to
be caused by changes that happened in the OpenSSL API, and got
overlooked during updates to the code.
Also fixed a problem in src/common/uri.c in the builtin URI fetch
via HTTP where an extra newline (and missing carriage-returns) were
sent, causing the HTTP request to fail.
---
src/common/cert_vfy.c | 29 ++---
src/common/uri.c | 2 +-
2 files changed, 15 insertions(+), 16 deletions(-)
diff --git a/src/common/cert_vfy.c b/src/common/cert_vfy.c
index 7efb0cb..6016ca0 100644
--- a/src/common/cert_vfy.c
+++ b/src/common/cert_vfy.c
@@ -143,21 +143,20 @@ static X509_CRL *download_crl(const char *uri)
static int verify_crl(X509_CRL * crl, X509_STORE_CTX * ctx)
{
int rv;
- X509_OBJECT *obj = NULL;
+ X509_OBJECT obj;
EVP_PKEY *pkey = NULL;
X509 *issuer_cert;
/* get issuer certificate */
- rv = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_CRL_get_issuer(crl),
obj);
+ rv = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_CRL_get_issuer(crl),
);
if (rv <= 0) {
set_error("getting the certificate of the crl-issuer failed");
return -1;
}
/* extract public key and verify signature */
- issuer_cert = X509_OBJECT_get0_X509(obj);
+ issuer_cert = X509_OBJECT_get0_X509(());
pkey = X509_get_pubkey(issuer_cert);
- if (obj)
- X509_OBJECT_free(obj);
+ X509_OBJECT_free_contents();
if (pkey == NULL) {
set_error("getting the issuer's public key failed");
return -1;
@@ -203,13 +202,14 @@ static int verify_crl(X509_CRL * crl, X509_STORE_CTX *
ctx)
static int check_for_revocation(X509 * x509, X509_STORE_CTX * ctx,
crl_policy_t policy)
{
int rv, i, j;
- X509_OBJECT *obj = NULL;
+ X509_OBJECT obj;
X509_REVOKED *rev = NULL;
STACK_OF(DIST_POINT) * dist_points;
DIST_POINT *point;
GENERAL_NAME *name;
X509_CRL *crl;
X509 *x509_ca = NULL;
+ EVP_PKEY
commit pam_pkcs11 for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_pkcs11 for openSUSE:Factory
checked in at 2017-09-27 16:55:13
Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old)
and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New)
Package is "pam_pkcs11"
Wed Sep 27 16:55:13 2017 rev:29 rq:528838 version:0.6.9
Changes:
--- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2017-09-11
16:17:37.804189189 +0200
+++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new/pam_pkcs11.changes
2017-09-27 16:55:16.647705858 +0200
@@ -1,0 +2,7 @@
+Sun Sep 10 00:08:17 UTC 2017 - jeng...@inai.de
+
+- Repair bulletpoint that skidded in description.
+ Trim description of %name-devel-doc, it does not cotain
+ the programs.
+
+---
Other differences:
--
++ pam_pkcs11.spec ++
--- /var/tmp/diff_new_pack.hPkiRF/_old 2017-09-27 16:55:17.455592203 +0200
+++ /var/tmp/diff_new_pack.hPkiRF/_new 2017-09-27 16:55:17.459591641 +0200
@@ -59,8 +59,9 @@
verification of the users' certificates, locally stored CA certificates
as well as online or locally accessible CRLs are used.
-Additionally, the package includes pam_pkcs11-related tools: *
- pkcs11_eventmgr: Generates actions on card insert, removal, or
+Additionally, the package includes pam_pkcs11-related tools:
+
+* pkcs11_eventmgr: Generates actions on card insert, removal, or
time-out events
* pklogin_finder: Gets the login name that maps to a certificate
@@ -80,21 +81,7 @@
API documentation for pam_pkcs11
This Linux PAM module allows X.509 a certificate-based user
-authentication. The certificate and its dedicated private key are
-thereby accessed by means of an appropriate PKCS #11 module. For the
-verification of the users' certificates, locally stored CA certificates
-as well as online or locally accessible CRLs are used.
-
-Additionally, the package includes pam_pkcs11-related tools: *
- pkcs11_eventmgr: Generates actions on card insert, removal, or
- time-out events
-
-* pklogin_finder: Gets the login name that maps to a certificate
-
-* pkcs11_inspect: Inspects the contents of a certificate
-
-* make_hash_links: Creates hash link directories for storing CAs and
-CRLs
+authentication.
%prep
%setup -q -n %{_name}-%{version}
commit pam_pkcs11 for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_pkcs11 for openSUSE:Factory
checked in at 2017-09-11 16:17:35
Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old)
and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New)
Package is "pam_pkcs11"
Mon Sep 11 16:17:35 2017 rev:28 rq:520503 version:0.6.9
Changes:
--- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2016-04-07
13:32:18.0 +0200
+++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new/pam_pkcs11.changes
2017-09-11 16:17:37.804189189 +0200
@@ -1,0 +2,21 @@
+Wed Aug 9 15:08:07 UTC 2017 - astie...@suse.com
+
+- add service file bsc#1049219
+
+---
+Thu Jul 20 18:02:57 CEST 2017 - sbra...@suse.com
+
+- Updated to version 0.6.9:
+ * Upstream web moved.
+ * pkcs11_listcerts: Do not fail on certificate error.
+ * Do not fail if card was already unlocked.
+ * Other bug fixes.
+ * Translation updates.
+- Drop upstreamed pam_pkcs11-0.6.8-fix-crypto-cflags.patch.
+- Work around incorrect upstream release process not calling
+ "make dist".
+- Split API documentation into a separate package
+ pam_pkcs11-devel-doc.
+- Add pam_pkcs11-fsf-address.patch.
+
+---
Old:
pam_pkcs11-0.6.8-fix-crypto-cflags.patch
pam_pkcs11-0.6.8.tar.gz
New:
pam_pkcs11-0.6.9-ChangeLog.git
pam_pkcs11-fsf-address.patch
pam_pkcs11-pam_pkcs11-0.6.9.tar.gz
pkcs11_eventmgr.service
Other differences:
--
++ pam_pkcs11.spec ++
--- /var/tmp/diff_new_pack.u2RbFO/_old 2017-09-11 16:17:39.279981936 +0200
+++ /var/tmp/diff_new_pack.u2RbFO/_new 2017-09-11 16:17:39.283981375 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pam_pkcs11
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,21 +16,28 @@
#
+# It seems to be an upstream naming bug:
+%define _name pam_pkcs11-pam_pkcs11
Name: pam_pkcs11
-Version:0.6.8
+Version:0.6.9
Release:0
-Url:http://www.opensc-project.org/pam_pkcs11/
Summary:PKCS #11 PAM Module
License:LGPL-2.1+
Group: Productivity/Security
-Source: %{name}-%{version}.tar.gz
+Url:https://github.com/OpenSC/pam_pkcs11
+Source: %{_name}-%{version}.tar.gz
Source1:pam_pkcs11-common-auth-smartcard.pam
Source2:baselibs.conf
+# make dist was not called.
+Source3:pam_pkcs11-0.6.9-ChangeLog.git
+Source4:pkcs11_eventmgr.service
+Patch0: %{name}-fsf-address.patch
Patch1: %{name}-0.5.3-nss-conf.patch
-# PATCH-FIX-UPSTREAM pam_pkcs11-0.6.8-fix-crypto-cflags.patch -- Fix CFLAGS
and build for Tumbleweed
-Patch2: %{name}-0.6.8-fix-crypto-cflags.patch
Patch3: %{name}-0.6.0-nss-autoconf.patch
BuildRequires: curl-devel
+BuildRequires: docbook-xsl-stylesheets
+BuildRequires: doxygen
+BuildRequires: fdupes
BuildRequires: flex
BuildRequires: libtool
BuildRequires: libxslt
@@ -39,8 +46,11 @@
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: pcsc-lite-devel
-BuildRequires: pkg-config
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
+BuildRequires: pkgconfig
+%{?systemd_requires}
+%if 0%{?suse_version} >= 1210
+BuildRequires: systemd-rpm-macros
+%endif
%description
This Linux PAM module allows X.509 a certificate-based user
@@ -60,26 +70,43 @@
* make_hash_links: Creates hash link directories for storing CAs and
CRLs
-Authors:
-
-Mario Strasser
-Juan Antonio Martinez
-Antti Tapaninen
-Timo Sirainen
-Ludovic Rousseau
-Andreas Jellinghaus
-Dominik Fischer
-Ville Skyttä
+%package devel-doc
+Summary:PKCS #11 API PAM Documentation
+# File conflict. devel-doc split was done with 0.6.9 upgrade, after SLE 12
SP3, Leap 42.3.
+Group: Documentation/HTML
+Conflicts: pam_pkcs11 < 0.6.9
+
+%description devel-doc
+API documentation for pam_pkcs11
+
+This Linux PAM module allows X.509 a certificate-based user
+authentication. The certificate and its dedicated private key are
+thereby accessed by means of an appropriate PKCS #11 module. For the
+verification of the users' certificates, locally stored CA certificates
+as well as online or locally accessible CRLs are used.
+
+Additionally, the package includes
commit pam_pkcs11 for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_pkcs11 for openSUSE:Factory
checked in at 2016-04-07 13:32:17
Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old)
and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New)
Package is "pam_pkcs11"
Changes:
--- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2012-07-12
10:50:20.0 +0200
+++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new/pam_pkcs11.changes
2016-04-07 13:32:18.0 +0200
@@ -1,0 +2,8 @@
+Tue Feb 9 19:02:43 UTC 2016 - antoine.belv...@laposte.net
+
+- Fix build for Tumbleweed:
+ * Add pam_pkcs11-0.6.8-fix-crypto-cflags.patch
+ * Rebuild configure with the bootstrap script (add libtool as
+build dependency)
+
+---
New:
pam_pkcs11-0.6.8-fix-crypto-cflags.patch
Other differences:
--
++ pam_pkcs11.spec ++
--- /var/tmp/diff_new_pack.eNZ36U/_old 2016-04-07 13:32:19.0 +0200
+++ /var/tmp/diff_new_pack.eNZ36U/_new 2016-04-07 13:32:19.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pam_pkcs11
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -27,9 +27,12 @@
Source1:pam_pkcs11-common-auth-smartcard.pam
Source2:baselibs.conf
Patch1: %{name}-0.5.3-nss-conf.patch
+# PATCH-FIX-UPSTREAM pam_pkcs11-0.6.8-fix-crypto-cflags.patch -- Fix CFLAGS
and build for Tumbleweed
+Patch2: %{name}-0.6.8-fix-crypto-cflags.patch
Patch3: %{name}-0.6.0-nss-autoconf.patch
BuildRequires: curl-devel
BuildRequires: flex
+BuildRequires: libtool
BuildRequires: libxslt
BuildRequires: mozilla-nss-devel
BuildRequires: openldap2-devel
@@ -71,6 +74,7 @@
%prep
%setup -q
%patch1 -p1
+%patch2
%patch3 -p1
cp -a %{S:1} common-auth-smartcard
mv po/pt_br.po po/pt_BR.po
@@ -78,6 +82,7 @@
sed -i s:/lib/:/%{_lib}/:g etc/pam_pkcs11.conf.example.in
etc/pkcs11_eventmgr.conf.example
%build
+./bootstrap
%configure\
--docdir=%{_docdir}/%{name}\
--with-nss\
++ pam_pkcs11-0.6.8-fix-crypto-cflags.patch ++
diff -up ./configure.in.orig ./configure.in
--- ./configure.in.orig 2016-02-08 23:31:17.057761702 +0100
+++ ./configure.in 2016-02-08 23:31:44.917760530 +0100
@@ -157,7 +157,7 @@ fi
AM_CONDITIONAL(HAVE_NSS, test x$with_nss = xyes)
if test "$with_nss" = "yes"
then
-CRYPTO_CFLAGS="${NSS_CFLAGS}-DHAVE_NSS"
+CRYPTO_CFLAGS="${NSS_CFLAGS} -DHAVE_NSS"
CRYPTO_LIBS=${NSS_LIBS}
else
CRYPTO_CFLAGS=${OPENSSL_CFLAGS}
commit pam_pkcs11 for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_pkcs11 for openSUSE:Factory
checked in at 2012-07-12 10:50:18
Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old)
and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New)
Package is pam_pkcs11, Maintainer is sbra...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2012-03-07
20:10:00.0 +0100
+++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new/pam_pkcs11.changes
2012-07-12 10:50:20.0 +0200
@@ -1,0 +2,8 @@
+Tue Jul 10 17:24:56 CEST 2012 - sbra...@suse.cz
+
+- Updated to version 0.6.8:
+ * Code cleanup.
+ * Bug fixes.
+ * Translation updates.
+
+---
Old:
pam_pkcs11-0.6.6.tar.bz2
New:
pam_pkcs11-0.6.8.tar.gz
Other differences:
--
++ pam_pkcs11.spec ++
--- /var/tmp/diff_new_pack.hxaLTT/_old 2012-07-12 10:50:21.0 +0200
+++ /var/tmp/diff_new_pack.hxaLTT/_new 2012-07-12 10:50:21.0 +0200
@@ -15,22 +15,28 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
-
Name: pam_pkcs11
-Version:0.6.6
-Release:1
+Version:0.6.8
+Release:0
Url:http://www.opensc-project.org/pam_pkcs11/
-Group: Productivity/Security
-License:LGPL-2.1+
Summary:PKCS #11 PAM Module
-Source: %{name}-%{version}.tar.bz2
+License:LGPL-2.1+
+Group: Productivity/Security
+Source: %{name}-%{version}.tar.gz
Source1:pam_pkcs11-common-auth-smartcard.pam
Source2:baselibs.conf
Patch1: %{name}-0.5.3-nss-conf.patch
Patch3: %{name}-0.6.0-nss-autoconf.patch
-BuildRequires: curl-devel libxslt mozilla-nss-devel openldap2-devel
openssl-devel pam-devel pcsc-lite-devel pkg-config
+BuildRequires: curl-devel
+BuildRequires: flex
+BuildRequires: libxslt
+BuildRequires: mozilla-nss-devel
+BuildRequires: openldap2-devel
+BuildRequires: openssl-devel
+BuildRequires: pam-devel
+BuildRequires: pcsc-lite-devel
+BuildRequires: pkg-config
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam_pkcs11 for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_pkcs11 for openSUSE:Factory
checked in at 2012-03-07 20:09:57
Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old)
and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New)
Package is pam_pkcs11, Maintainer is sbra...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/pam_pkcs11/pam_pkcs11.changes2011-09-23
12:21:36.0 +0200
+++ /work/SRC/openSUSE:Factory/.pam_pkcs11.new/pam_pkcs11.changes
2012-03-07 20:10:00.0 +0100
@@ -1,0 +2,6 @@
+Tue Feb 28 19:54:16 CET 2012 - sbra...@suse.cz
+
+- Change nssdb path to /etc/pki/nssdb (bnc#463469).
+- Make libdir paths in pam_pkcs11.conf biarch-wise.
+
+---
Other differences:
--
++ pam_pkcs11.spec ++
--- /var/tmp/diff_new_pack.h6aSA9/_old 2012-03-07 20:10:02.0 +0100
+++ /var/tmp/diff_new_pack.h6aSA9/_new 2012-03-07 20:10:02.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pam_pkcs11
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -69,6 +69,7 @@
cp -a %{S:1} common-auth-smartcard
mv po/pt_br.po po/pt_BR.po
sed -i s/pt_br/pt_BR/ configure.in configure
+sed -i s:/lib/:/%{_lib}/:g etc/pam_pkcs11.conf.example.in
etc/pkcs11_eventmgr.conf.example
%build
%configure\
++ pam_pkcs11-0.5.3-nss-conf.patch ++
--- /var/tmp/diff_new_pack.h6aSA9/_old 2012-03-07 20:10:02.0 +0100
+++ /var/tmp/diff_new_pack.h6aSA9/_new 2012-03-07 20:10:02.0 +0100
@@ -17,7 +17,7 @@
+ use_pkcs11_module = nss;
+
+ pkcs11_module nss {
-+nss_dir = /etc/ssl/nssdb;
++nss_dir = /etc/pki/nssdb;
+crl_policy = none;
+ }
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam_pkcs11 for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_pkcs11 for openSUSE:Factory
checked in at 2011-12-06 18:35:48
Comparing /work/SRC/openSUSE:Factory/pam_pkcs11 (Old)
and /work/SRC/openSUSE:Factory/.pam_pkcs11.new (New)
Package is pam_pkcs11, Maintainer is sbra...@suse.com
Changes:
Other differences:
--
++ pam_pkcs11.spec ++
--- /var/tmp/diff_new_pack.X8tkw2/_old 2011-12-06 19:02:55.0 +0100
+++ /var/tmp/diff_new_pack.X8tkw2/_new 2011-12-06 19:02:55.0 +0100
@@ -23,7 +23,7 @@
Release:1
Url:http://www.opensc-project.org/pam_pkcs11/
Group: Productivity/Security
-License:LGPLv2.1+
+License:LGPL-2.1+
Summary:PKCS #11 PAM Module
Source: %{name}-%{version}.tar.bz2
Source1:pam_pkcs11-common-auth-smartcard.pam
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
