commit pam_ssh for openSUSE:Factory
Hello community, here is the log from the commit of package pam_ssh for openSUSE:Factory checked in at 2020-06-09 00:07:25 Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old) and /work/SRC/openSUSE:Factory/.pam_ssh.new.3606 (New) Package is "pam_ssh" Tue Jun 9 00:07:25 2020 rev:32 rq:812541 version:2.3 Changes: --- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2019-01-21 10:56:56.799541542 +0100 +++ /work/SRC/openSUSE:Factory/.pam_ssh.new.3606/pam_ssh.changes 2020-06-09 00:09:35.06260 +0200 @@ -1,0 +2,5 @@ +Mon Jun 8 08:19:19 UTC 2020 - Pedro Monreal Gonzalez + +- Use -fcommon flag to build with GCC 10. + +--- Other differences: -- ++ pam_ssh.spec ++ --- /var/tmp/diff_new_pack.F1DVoV/_old 2020-06-09 00:09:37.166339817 +0200 +++ /var/tmp/diff_new_pack.F1DVoV/_new 2020-06-09 00:09:37.166339817 +0200 @@ -1,7 +1,7 @@ # # spec file for package pam_ssh # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ Summary:PAM Module for SSH Authentication License:BSD-3-Clause Group: Productivity/Networking/SSH -Url:http://sourceforge.net/projects/pam-ssh/ +URL:http://sourceforge.net/projects/pam-ssh/ Source: http://sourceforge.net/projects/pam-ssh/files/pam_ssh/%{version}/%{name}-%{version}.tar.xz Source1: http://sourceforge.net/projects/pam-ssh/files/pam_ssh/%{version}/%{name}-%{version}.tar.xz.asc Source2:baselibs.conf @@ -45,7 +45,7 @@ %build autoreconf -fiv -export CFLAGS="%{optflags} -fno-strict-aliasing" +export CFLAGS="%{optflags} -fno-strict-aliasing -fcommon" %configure --libdir=/%{_lib} make %{?_smp_mflags}
commit pam_ssh for openSUSE:Factory
Hello community, here is the log from the commit of package pam_ssh for openSUSE:Factory checked in at 2019-01-21 10:56:35 Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old) and /work/SRC/openSUSE:Factory/.pam_ssh.new.28833 (New) Package is "pam_ssh" Mon Jan 21 10:56:35 2019 rev:31 rq:666321 version:2.3 Changes: --- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2017-12-01 15:54:40.537797009 +0100 +++ /work/SRC/openSUSE:Factory/.pam_ssh.new.28833/pam_ssh.changes 2019-01-21 10:56:56.799541542 +0100 @@ -1,0 +2,15 @@ +Tue Jan 15 17:03:51 UTC 2019 - Wolfgang Rosenauer + +- Update to 2.3 + * cleanup some leftovers from dropping SSH1 support in code and +documentation + +--- +Wed Jan 9 11:04:46 UTC 2019 - Wolfgang Rosenauer + +- Update to 2.2 + * upstream OpenSSL 1.1 compatibility +(drop pam_ssh-openssl11.patch) + * upstream removed support for SSH1 and RSA1 protocols + +--- Old: pam_ssh-2.1.tar.xz pam_ssh-2.1.tar.xz.asc pam_ssh-openssl11.patch New: pam_ssh-2.3.tar.xz pam_ssh-2.3.tar.xz.asc Other differences: -- ++ pam_ssh.spec ++ --- /var/tmp/diff_new_pack.UL4zJz/_old 2019-01-21 10:56:57.291540898 +0100 +++ /var/tmp/diff_new_pack.UL4zJz/_new 2019-01-21 10:56:57.291540898 +0100 @@ -1,7 +1,7 @@ # # spec file for package pam_ssh # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,12 +12,12 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: pam_ssh -Version:2.1 +Version:2.3 Release:0 Summary:PAM Module for SSH Authentication License:BSD-3-Clause @@ -27,7 +27,6 @@ Source1: http://sourceforge.net/projects/pam-ssh/files/pam_ssh/%{version}/%{name}-%{version}.tar.xz.asc Source2:baselibs.conf Source3:%{name}.keyring -Patch1: pam_ssh-openssl11.patch BuildRequires: libtool BuildRequires: openssh BuildRequires: openssl-devel @@ -43,12 +42,8 @@ %prep %setup -q -if pkg-config --atleast-version=1.1 openssl; then -%patch1 -p1 -fi %build -# Needed for patch1, but does not hurt in non-patched cases autoreconf -fiv export CFLAGS="%{optflags} -fno-strict-aliasing" %configure --libdir=/%{_lib} ++ pam_ssh-2.1.tar.xz -> pam_ssh-2.3.tar.xz ++ 28581 lines of diff (skipped)
commit pam_ssh for openSUSE:Factory
Hello community, here is the log from the commit of package pam_ssh for openSUSE:Factory checked in at 2017-12-01 15:54:24 Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old) and /work/SRC/openSUSE:Factory/.pam_ssh.new (New) Package is "pam_ssh" Fri Dec 1 15:54:24 2017 rev:30 rq:547009 version:2.1 Changes: --- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2015-06-11 09:10:39.0 +0200 +++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2017-12-01 15:54:40.537797009 +0100 @@ -1,0 +2,14 @@ +Fri Dec 1 10:02:21 UTC 2017 - dims...@opensuse.org + +- Explicitly call autoreconf: an implicit call requires the same + version automake/autoconf to be present that was used to + originally bootstrap the tarball (version 1.13). + +--- +Thu Nov 30 14:52:54 UTC 2017 - vci...@suse.com + +- Add support for building with OpenSSL 1.1 (bsc#1066988) + * partly based on https://github.com/openssh/openssh-portable/pull/48 + * add pam_ssh-openssl11.patch + +--- New: pam_ssh-openssl11.patch Other differences: -- ++ pam_ssh.spec ++ --- /var/tmp/diff_new_pack.lUCmH5/_old 2017-12-01 15:54:41.081777434 +0100 +++ /var/tmp/diff_new_pack.lUCmH5/_new 2017-12-01 15:54:41.081777434 +0100 @@ -1,7 +1,7 @@ # # spec file for package pam_ssh # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,7 @@ Source1: http://sourceforge.net/projects/pam-ssh/files/pam_ssh/%{version}/%{name}-%{version}.tar.xz.asc Source2:baselibs.conf Source3:%{name}.keyring +Patch1: pam_ssh-openssl11.patch BuildRequires: libtool BuildRequires: openssh BuildRequires: openssl-devel @@ -42,8 +43,13 @@ %prep %setup -q +if pkg-config --atleast-version=1.1 openssl; then +%patch1 -p1 +fi %build +# Needed for patch1, but does not hurt in non-patched cases +autoreconf -fiv export CFLAGS="%{optflags} -fno-strict-aliasing" %configure --libdir=/%{_lib} make %{?_smp_mflags} ++ pam_ssh-openssl11.patch ++ 1277 lines (skipped)
commit pam_ssh for openSUSE:Factory
Hello community, here is the log from the commit of package pam_ssh for openSUSE:Factory checked in at 2015-04-21 10:51:50 Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old) and /work/SRC/openSUSE:Factory/.pam_ssh.new (New) Package is "pam_ssh" Changes: --- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2013-11-22 07:25:03.0 +0100 +++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2015-04-21 10:51:52.0 +0200 @@ -1,0 +2,8 @@ +Sun Mar 8 23:48:59 UTC 2015 - p.drou...@gmail.com + +- Update to version 2.01 + * pam_ssh.1: updated man page to reflect the current implementation +- Remove gpg-offline require and verification; OBS handles it +- Use download Url as source + +--- Old: pam_ssh-2.0.tar.xz pam_ssh-2.0.tar.xz.asc New: pam_ssh-2.01.tar.xz pam_ssh-2.01.tar.xz.asc Other differences: -- ++ pam_ssh.spec ++ --- /var/tmp/diff_new_pack.pwFs0l/_old 2015-04-21 10:51:52.0 +0200 +++ /var/tmp/diff_new_pack.pwFs0l/_new 2015-04-21 10:51:52.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package pam_ssh # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,17 +22,14 @@ BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: xz -%if %suse_version > 1220 -BuildRequires: gpg-offline -%endif -Version:2.0 +Version:2.01 Release:0 Summary:PAM Module for SSH Authentication License:BSD-3-Clause Group: Productivity/Networking/SSH Url:http://sourceforge.net/projects/pam-ssh/ -Source: %{name}-%{version}.tar.xz -Source1:%{name}-%{version}.tar.xz.asc +Source: http://sourceforge.net/projects/pam-ssh/files/pam_ssh/%{version}/%{name}-%{version}.tar.xz +Source1: http://sourceforge.net/projects/pam-ssh/files/pam_ssh/%{version}/%{name}-%{version}.tar.xz.asc Source2:baselibs.conf Source3:%{name}.keyring BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -44,9 +41,6 @@ entire session, the user types no more passwords. %prep -%if 0%{?gpg_verify:1} -%gpg_verify %{S:1} -%endif %setup -q %build ++ pam_ssh-2.0.tar.xz -> pam_ssh-2.01.tar.xz ++ 1812 lines of diff (skipped) retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_ssh-2.0/ChangeLog new/pam_ssh-2.01/ChangeLog --- old/pam_ssh-2.0/ChangeLog 2013-11-18 11:25:42.0 +0100 +++ new/pam_ssh-2.01/ChangeLog 2014-05-24 09:33:39.0 +0200 @@ -1,3 +1,12 @@ +Version 2.01 released += + +2014-05-24 Wolfgang Rosenauer + + * changelog format cleanup + * pam_ssh.1: updated man page to reflect the current implementation + + Version 2.0 released @@ -10,52 +19,52 @@ 2013-11-10 Wolfgang Rosenauer -imported Debian patches - * update openssh embedded code - The upstream source embeds code from OpenSSH, - this embedded code is updated against OpenSSH-6.0p1 - code; then ECDSA keys can be supported. - Basically files containing the used code are - brought in from the OpenSSH-6.0p1 and then - the unused code is commented out by hand. - Ideally the involved code may be invoked through - a share library, but unfortunately such a library - does not exist. - - * pam_ssh.c: fix missing syslog include - - * pam_ssh.c: safe spawn of the ssh-agent - - * pam_ssh.c: inexistent configuration directory handling - Short cut the session phase if no configuration directory exists: - it is meant to prevent meangningless ssh-agent launches for users - that obviously never use ssh. - - * pam_ssh.c: let ssh-agent to determine the appropriate shell style - - * pam_get_pass.c, pam_get_pass.h, pam_ssh.c: - try_first_password implementation and specific login keys - Implement the intended semantics of try_first_password as described in - in the manual page (and PAM). - Ask for SSH passphrase even if user does not exist. - Look for SSH keys in $HOME/.ssh/login-keys.d/, given that SSH keys -
commit pam_ssh for openSUSE:Factory
Hello community, here is the log from the commit of package pam_ssh for openSUSE:Factory checked in at 2013-11-22 07:25:02 Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old) and /work/SRC/openSUSE:Factory/.pam_ssh.new (New) Package is "pam_ssh" Changes: --- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2013-06-19 14:55:50.0 +0200 +++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2013-11-22 07:25:03.0 +0100 @@ -1,0 +2,29 @@ +Mon Nov 18 11:26:01 UTC 2013 - w...@rosenauer.org + +- update to 2.0 + * added support for ECDSA keys + * ssh-agent is now spawned in a different improved way + * ssh-agent is not started anymore for users without keys + * support try_first_password PAM option + * still ask for passphrase even if user does not exist + * expect keys used for login in ~/.ssh/login-keys.d directory +(see README; this behaviour will cause old setups to fail +since the default keys are not used anymore for auth) + * "keyfiles" option has been removed and all found keys +which can be opened using the provided passphrase will be +added to the agent + * alternative keys not used for login purposes and not named +like the default keys will be decrypted and saved for the +agent when placed in ~/.ssh/session-keys.d directory + * when there is no controlling tty now use the PID to +create the session file + * return PAM_SESSION_ERR from within the session part +instead of PAM_AUTH_ERR + * honour TMPDIR for ssh-agent + * start ssh-agent with GID of the group given at +compile time to the new configure option +--with-ssh-agent-group +- switched archive to XZ +- verify detached signature + +--- Old: pam_ssh-1.97-no_tty_stay_as_user.patch pam_ssh-1.98.tar.bz2 New: pam_ssh-2.0.tar.xz pam_ssh-2.0.tar.xz.asc pam_ssh.keyring Other differences: -- ++ pam_ssh.spec ++ --- /var/tmp/diff_new_pack.UB0GZv/_old 2013-11-22 07:25:04.0 +0100 +++ /var/tmp/diff_new_pack.UB0GZv/_new 2013-11-22 07:25:04.0 +0100 @@ -21,15 +21,20 @@ BuildRequires: openssh BuildRequires: openssl-devel BuildRequires: pam-devel -Version:1.98 +BuildRequires: xz +%if %suse_version > 1220 +BuildRequires: gpg-offline +%endif +Version:2.0 Release:0 Summary:PAM Module for SSH Authentication License:BSD-3-Clause Group: Productivity/Networking/SSH Url:http://sourceforge.net/projects/pam-ssh/ -Source: %{name}-%{version}.tar.bz2 +Source: %{name}-%{version}.tar.xz +Source1:%{name}-%{version}.tar.xz.asc Source2:baselibs.conf -Patch: pam_ssh-1.97-no_tty_stay_as_user.patch +Source3:%{name}.keyring BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -39,14 +44,14 @@ entire session, the user types no more passwords. %prep +%if 0%{?gpg_verify:1} +%gpg_verify %{S:1} +%endif %setup -q -%patch %build -#autoreconf --verbose --force --install export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" -%configure --libdir=/%{_lib} \ ---with-pamdir=/%{_lib}/security +%configure --libdir=/%{_lib} make %{?_smp_mflags} %install ++ pam_ssh.keyring ++ pub 1024D/3EDE742E 2001-02-18 uid Wolfgang Rosenauer sub 1024g/AB30A1D1 2001-02-18 -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v2.0.19 (GNU/Linux) mQGiBDqPsTURBACtpJWNHRmkBQcnF2DZdYXl+CYOSQeQ0d91X1ZKHztnwKQgAHLe yXqwbiY8V2yFB1EFp9PRxg+EU9wfLJzM8+Y+tVzlMZ9TR2wZ3g7O+LDHmgiVxKHP zS+UBhasB+roi3x7UeuLbCmUa0QSUgOEG/Drj07dRDbRj8INjDPTD24OxwCglAwr zXz0qeg9avEayqEigO04CbMD/0EfSWdRCt5aRkPgHhYdk5fG5kduRUw577oW7ayY Wx39rHvFnT5RuX77/rFU/8si6kRPGviWCZl/KmjST99/17Za6JQzwxNWcKcPQGIn NbkPV0n5k8YFNejGqmyGCWFuLKV2/rENzAiWj+C+A3BZz24wgAR9BVkEhJulm0zh G+j9A/92Vq8ZSwKiECQH9gX9qf4AwNqJbQqMBeea0Yqi971NFqygKwKYw2H+wn3U mxe6f3FPsz7AwBDB3VnI+I37AVFj8rIUDSuz/ytldcDM3wbz5Dc6xXykljT81KaO 05z2Lw5QQxIDAnX1N7EXxpBFuvMM2D0DAjt6ap8/h6De5sdwLbQrV29sZmdhbmcg Um9zZW5hdWVyIDx3b2xmZ2FuZ0Byb3NlbmF1ZXIub3JnPohXBBMRAgAXBQI6j7E1 BQsHCgMEAxUDAgMWAgECF4AACgkQGA9qWz7edC6wzwCeINLI1NPBz86J6DTtt67C ZDHIGYIAoJNY1+n+f8F/+9/L8v1u88JE3bFFiEYEEBECAAYFAjqPsWYACgkQ7ymF bkmPczDnsgCbBAkxqQVlc9x45BS/EfQDciOErJYAoMOc1qzkGcp+QXvKPTfAXvLl uap+iEYEExECAAYFAj9mtU0ACgkQO7NMHilOjPG3xgCfUNo/GzjcD03k9kkDFSeJ m4LH8P0An1F8nJ/csrihkpp9NwlJNR9z1FcNiEYEExECAAYFAkHevvgACgkQGxrH qXFCPVkTGgCfUwF6YMapCLCPXPqzi3LGmtouNywAmgJAbkpUqVFqTh8tjMZleKa9 aASeiHMEEBECADMFAkPouRQFgwHhM4AmGmh0dHA6Ly93d3cuY2FjZXJ0Lm9yZy9p bmRleC5waHA/aWQ9MTAACgkQ0rsNAWXQ/VjRfgCfYpCtiI3n7zvr8hsq+ZjKaO/q FVwAn29o0gZ3RmdcwYLUpbaraMoz5rQ1iEYEExECAAYFAkWvuqgACgkQaPNY9sE5 ZHyHLQCfcuztOA2wHikyev9pRkAGVK1
commit pam_ssh for openSUSE:Factory
Hello community, here is the log from the commit of package pam_ssh for openSUSE:Factory checked in at 2013-06-19 14:55:49 Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old) and /work/SRC/openSUSE:Factory/.pam_ssh.new (New) Package is "pam_ssh" Changes: --- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2013-05-13 15:10:59.0 +0200 +++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2013-06-19 14:55:50.0 +0200 @@ -1,0 +2,7 @@ +Thu Jun 6 09:17:42 UTC 2013 - vci...@suse.com + +- restore credentials before exitting from pam_sm_open_session + * fixes bnc#823484 + * added James Carter's pam_ssh-1.97-no_tty_stay_as_user.patch + +--- New: pam_ssh-1.97-no_tty_stay_as_user.patch Other differences: -- ++ pam_ssh.spec ++ --- /var/tmp/diff_new_pack.xJYfXc/_old 2013-06-19 14:55:50.0 +0200 +++ /var/tmp/diff_new_pack.xJYfXc/_new 2013-06-19 14:55:50.0 +0200 @@ -29,6 +29,7 @@ Url:http://sourceforge.net/projects/pam-ssh/ Source: %{name}-%{version}.tar.bz2 Source2:baselibs.conf +Patch: pam_ssh-1.97-no_tty_stay_as_user.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -39,6 +40,7 @@ %prep %setup -q +%patch %build #autoreconf --verbose --force --install ++ pam_ssh-1.97-no_tty_stay_as_user.patch ++ Index: pam_ssh.c === --- pam_ssh.c.orig 2013-04-29 12:24:46.0 +0200 +++ pam_ssh.c 2013-06-06 11:26:36.227623175 +0200 @@ -632,6 +632,7 @@ pam_sm_open_session(pam_handle_t *pamh, pam_ssh_log(LOG_ERR, "stat() failed on %s", per_agent); pam_set_data(pamh, "ssh_agent_env_agent", NULL, NULL); fclose(env_read); +openpam_restore_cred(pamh); return retval; } file_ctime = stat_buf.st_mtime; @@ -875,6 +876,7 @@ pam_sm_open_session(pam_handle_t *pamh, * with the per-session file */ if (!tty_raw) { pam_ssh_log(LOG_DEBUG, "session has no tty"); +openpam_restore_cred(pamh); return PAM_SUCCESS; } -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam_ssh for openSUSE:Factory
Hello community, here is the log from the commit of package pam_ssh for openSUSE:Factory checked in at 2013-05-13 15:10:57 Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old) and /work/SRC/openSUSE:Factory/.pam_ssh.new (New) Package is "pam_ssh" Changes: --- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2013-01-14 11:14:41.0 +0100 +++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2013-05-13 15:10:59.0 +0200 @@ -1,0 +2,10 @@ +Mon Apr 29 10:39:54 UTC 2013 - w...@rosenauer.org + +- update to 1.98 + * bugfix update obsoleting +- pam_ssh-1.97-empty_passphrase_segfault.patch +- pam_ssh-1.97-setgid.patch +- pam_ssh-1.97-sigmask.patch +- pam_ssh-double-free.patch + +--- Old: pam_ssh-1.97-empty_passphrase_segfault.patch pam_ssh-1.97-setgid.patch pam_ssh-1.97-sigmask.patch pam_ssh-1.97.tar.bz2 pam_ssh-double-free.patch New: pam_ssh-1.98.tar.bz2 Other differences: -- ++ pam_ssh.spec ++ --- /var/tmp/diff_new_pack.yEAJS6/_old 2013-05-13 15:11:00.0 +0200 +++ /var/tmp/diff_new_pack.yEAJS6/_new 2013-05-13 15:11:00.0 +0200 @@ -21,7 +21,7 @@ BuildRequires: openssh BuildRequires: openssl-devel BuildRequires: pam-devel -Version:1.97 +Version:1.98 Release:0 Summary:PAM Module for SSH Authentication License:BSD-3-Clause @@ -29,11 +29,6 @@ Url:http://sourceforge.net/projects/pam-ssh/ Source: %{name}-%{version}.tar.bz2 Source2:baselibs.conf -Patch0: pam_ssh-double-free.patch -Patch1: pam_ssh-1.97-setgid.patch -Patch2: pam_ssh-1.97-sigmask.patch -# PATCH-FIX-OPENSUSE crashed on EOF passphrase (bnc#741541) -Patch3: pam_ssh-1.97-empty_passphrase_segfault.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -44,13 +39,9 @@ %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p0 -%patch3 -p1 %build -autoreconf --verbose --force --install +#autoreconf --verbose --force --install export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" %configure --libdir=/%{_lib} \ --with-pamdir=/%{_lib}/security ++ pam_ssh-1.97.tar.bz2 -> pam_ssh-1.98.tar.bz2 ++ 53544 lines of diff (skipped) retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_ssh-1.97/ChangeLog new/pam_ssh-1.98/ChangeLog --- old/pam_ssh-1.97/ChangeLog 2009-04-11 21:37:43.0 +0200 +++ new/pam_ssh-1.98/ChangeLog 2013-04-29 12:24:46.0 +0200 @@ -1,3 +1,26 @@ +Version 1.98 released += +2013-04-29 Wolfgang Rosenauer + + * pam_ssh.c: Under some conditions, there is a double-free bug + in pam_ssh. The data of the "ssh_agent_env_agent" + pam_handle_t's item may have been free'd without being + nullified, which trigger a bug on the cleanup phase. + (ticket #13 double-free bug with pam_ssh-1.97) + + * pam_ssh.c: Before executing ssh-agent, pam_ssh restores root + privileges with openpam_restore_cred, then uses only setuid + to adjust privileges. Thus ssh-agent runs with gid 0. + (ticket #12 pam_ssh doesn't set gid/groups before executing ssh-agent) + + * pam_ssh.c: Clear signal mask before executing ssh-agent as + pam_ssh code can be called from kdm with blocked TERM signal + which would be inherited by ssh-agent + + * pam_get_pass.c: fixed crash caused by EOF password + (ticket 14 pam_ssh segfaults on abort with empty password) + + Version 1.97 released = 2009-04-11 Wolfgang Rosenauer diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_ssh-1.97/NEWS new/pam_ssh-1.98/NEWS --- old/pam_ssh-1.97/NEWS 2009-04-11 21:43:44.0 +0200 +++ new/pam_ssh-1.98/NEWS 2013-04-29 12:24:46.0 +0200 @@ -1,9 +1,28 @@ -$Id: NEWS,v 1.12 2009/04/11 19:43:44 rosenauer Exp $ +Version 1.98 + + +Fixed some possible crashes and minor issues: + +* Under some conditions, there is a double-free bug + in pam_ssh. The data of the "ssh_agent_env_agent" + pam_handle_t's item may have been free'd witho
commit pam_ssh for openSUSE:Factory
Hello community, here is the log from the commit of package pam_ssh for openSUSE:Factory checked in at 2013-01-14 11:14:40 Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old) and /work/SRC/openSUSE:Factory/.pam_ssh.new (New) Package is "pam_ssh", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2012-01-19 09:43:48.0 +0100 +++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2013-01-14 11:14:41.0 +0100 @@ -1,0 +2,5 @@ +Sat Jan 12 19:18:08 UTC 2013 - co...@suse.com + +- remove suse_update_config + +--- Other differences: -- ++ pam_ssh.spec ++ --- /var/tmp/diff_new_pack.6SfY9X/_old 2013-01-14 11:14:42.0 +0100 +++ /var/tmp/diff_new_pack.6SfY9X/_new 2013-01-14 11:14:42.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package pam_ssh # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -42,13 +42,6 @@ SSH private key. An ssh-agent is started and keys are added. For the entire session, the user types no more passwords. - - -Authors: - -Andrew J. Korty -Roderick Schertler - %prep %setup -q %patch0 -p1 @@ -57,7 +50,6 @@ %patch3 -p1 %build -%{suse_update_config -f} autoreconf --verbose --force --install export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" %configure --libdir=/%{_lib} \ -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam_ssh for openSUSE:Factory
Hello community, here is the log from the commit of package pam_ssh for openSUSE:Factory checked in at 2012-01-19 09:43:46 Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old) and /work/SRC/openSUSE:Factory/.pam_ssh.new (New) Package is "pam_ssh", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2011-11-28 12:55:33.0 +0100 +++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2012-01-19 09:43:48.0 +0100 @@ -1,0 +2,12 @@ +Thu Jan 12 15:57:39 UTC 2012 - vci...@suse.com + +- added patch that prevents segfault when empty passphrase is + supplied (bnc#741541) + +--- +Mon Nov 28 11:47:01 UTC 2011 - jeng...@medozas.de + +- Remove redundant/unwanted tags/section (cf. specfile guidelines) +- Use %_smp_mflags for parallel building + +--- New: pam_ssh-1.97-empty_passphrase_segfault.patch Other differences: -- ++ pam_ssh.spec ++ --- /var/tmp/diff_new_pack.phklDF/_old 2012-01-19 09:43:49.0 +0100 +++ /var/tmp/diff_new_pack.phklDF/_new 2012-01-19 09:43:49.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package pam_ssh # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,20 +16,24 @@ # - Name: pam_ssh -BuildRequires: libtool openssh openssl-devel pam-devel -License:BSD3c(or similar) -Group: Productivity/Networking/SSH +BuildRequires: libtool +BuildRequires: openssh +BuildRequires: openssl-devel +BuildRequires: pam-devel Version:1.97 Release:0 Summary:PAM Module for SSH Authentication +License:BSD-3-Clause +Group: Productivity/Networking/SSH Url:http://sourceforge.net/projects/pam-ssh/ Source: %{name}-%{version}.tar.bz2 Source2:baselibs.conf Patch0: pam_ssh-double-free.patch Patch1: pam_ssh-1.97-setgid.patch Patch2: pam_ssh-1.97-sigmask.patch +# PATCH-FIX-OPENSUSE crashed on EOF passphrase (bnc#741541) +Patch3: pam_ssh-1.97-empty_passphrase_segfault.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -50,16 +54,15 @@ %patch0 -p1 %patch1 -p1 %patch2 -p0 +%patch3 -p1 %build %{suse_update_config -f} autoreconf --verbose --force --install -CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \ -./configure --libdir=/%{_lib} \ ---with-pamdir=/%{_lib}/security \ ---prefix=%{_prefix} \ - --mandir=%{_mandir} -make +export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" +%configure --libdir=/%{_lib} \ +--with-pamdir=/%{_lib}/security +make %{?_smp_mflags} %install install -d 755 $RPM_BUILD_ROOT/%{_lib}/security @@ -67,9 +70,6 @@ install -d 755 $RPM_BUILD_ROOT%{_mandir}/man8 install -m 644 pam_ssh.8 $RPM_BUILD_ROOT%{_mandir}/man8/ -%clean -rm -rf $RPM_BUILD_ROOT - %files %defattr(444,root,root,755) %doc README TODO NEWS ++ pam_ssh-1.97-empty_passphrase_segfault.patch ++ --- pam_ssh-1.92.orig/pam_get_pass.c2004-02-19 19:59:05.0 +0100 +++ pam_ssh-1.92/pam_get_pass.c 2009-04-18 13:51:10.0 +0200 @@ -63,6 +63,8 @@ retval = conv->conv(1, msgs, &resp, conv->appdata_ptr); if (retval != PAM_SUCCESS) return retval; + if (resp[0].resp == NULL) + return PAM_AUTHTOK_RECOVERY_ERR; retval = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp); if (retval != PAM_SUCCESS) return retval; ++ pam_ssh-1.97-sigmask.patch ++ --- /var/tmp/diff_new_pack.phklDF/_old 2012-01-19 09:43:49.0 +0100 +++ /var/tmp/diff_new_pack.phklDF/_new 2012-01-19 09:43:49.0 +0100 @@ -1,7 +1,8 @@ -diff -up pam_ssh.c.orig-sigmask pam_ssh.c pam_ssh.c.orig-sigmask 2011-10-30 16:38:41.365415881 +0100 -+++ pam_ssh.c 2011-10-30 16:39:09.396068291 +0100 -@@ -554,6 +554,7 @@ pam_sm_open_session(pam_handle_t *pamh, +Index: pam_ssh.c +=== +--- pam_ssh.c.orig 2012-01-12 12:20:00.108458104 +0100 pam_ssh.c 2012-01-12 16:00:01.650388767 +0100 +@@ -554,6 +554,7 @@ time_t file_ctime; /* creation time of per-agent file */ time_t time_now;/* current time */ time_t time_up; /* uptime */ @@ -9,7 +10,7 @@ memset(&options, 0, sizeof options); pam
commit pam_ssh for openSUSE:Factory
Hello community, here is the log from the commit of package pam_ssh for openSUSE:Factory checked in at 2011-11-28 12:55:32 Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old) and /work/SRC/openSUSE:Factory/.pam_ssh.new (New) Package is "pam_ssh", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2011-11-02 12:11:29.0 +0100 +++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2011-11-28 12:55:33.0 +0100 @@ -1,0 +2,5 @@ +Sun Nov 27 06:54:30 UTC 2011 - co...@suse.com + +- add libtool as buildrequire to avoid implicit dependency + +--- Other differences: -- ++ pam_ssh.spec ++ --- /var/tmp/diff_new_pack.mILK1H/_old 2011-11-28 12:55:34.0 +0100 +++ /var/tmp/diff_new_pack.mILK1H/_new 2011-11-28 12:55:34.0 +0100 @@ -15,16 +15,14 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: pam_ssh -BuildRequires: openssh openssl-devel pam-devel +BuildRequires: libtool openssh openssl-devel pam-devel License:BSD3c(or similar) Group: Productivity/Networking/SSH -AutoReqProv:on Version:1.97 -Release:13 +Release:0 Summary:PAM Module for SSH Authentication Url:http://sourceforge.net/projects/pam-ssh/ Source: %{name}-%{version}.tar.bz2 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam_ssh for openSUSE:Factory
Hello community, here is the log from the commit of package pam_ssh for openSUSE:Factory checked in at 2011-11-02 12:11:28 Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old) and /work/SRC/openSUSE:Factory/.pam_ssh.new (New) Package is "pam_ssh", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2011-09-23 12:21:36.0 +0200 +++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2011-11-02 12:11:29.0 +0100 @@ -1,0 +2,8 @@ +Sun Oct 30 16:55:04 UTC 2011 - mkube...@suse.cz + +- pam_ssh-1.97-sigmask.patch: + Clear signal mask before executing ssh-agent as pam_ssh code can + be called from kdm with blocked TERM signal which would be + inherited by ssh-agent (bnc#727246). + +--- New: pam_ssh-1.97-sigmask.patch Other differences: -- ++ pam_ssh.spec ++ --- /var/tmp/diff_new_pack.9k9Pqo/_old 2011-11-02 12:11:30.0 +0100 +++ /var/tmp/diff_new_pack.9k9Pqo/_new 2011-11-02 12:11:30.0 +0100 @@ -31,6 +31,7 @@ Source2:baselibs.conf Patch0: pam_ssh-double-free.patch Patch1: pam_ssh-1.97-setgid.patch +Patch2: pam_ssh-1.97-sigmask.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -50,6 +51,7 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p0 %build %{suse_update_config -f} ++ pam_ssh-1.97-sigmask.patch ++ diff -up pam_ssh.c.orig-sigmask pam_ssh.c --- pam_ssh.c.orig-sigmask 2011-10-30 16:38:41.365415881 +0100 +++ pam_ssh.c 2011-10-30 16:39:09.396068291 +0100 @@ -554,6 +554,7 @@ pam_sm_open_session(pam_handle_t *pamh, time_t file_ctime; /* creation time of per-agent file */ time_t time_now;/* current time */ time_t time_up; /* uptime */ + sigset_t sigmask; /* blocked signal mask */ memset(&options, 0, sizeof options); pam_std_option(&options, other_options, argc, argv); @@ -708,6 +709,10 @@ pam_sm_open_session(pam_handle_t *pamh, _exit(EX_OSERR); } } + + sigemptyset(&sigmask); + sigprocmask(SIG_SETMASK, &sigmask, NULL); + arg[0] = "ssh-agent"; arg[1] = "-s"; arg[2] = NULL; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam_ssh for openSUSE:Factory
Hello community, here is the log from the commit of package pam_ssh for openSUSE:Factory checked in at Tue Jun 28 09:53:13 CEST 2011. --- pam_ssh/pam_ssh.changes 2010-02-01 13:21:25.0 +0100 +++ /mounts/work_src_done/STABLE/pam_ssh/pam_ssh.changes2011-05-11 17:07:20.0 +0200 @@ -1,0 +2,10 @@ +Wed May 11 15:02:57 UTC 2011 - vci...@novell.com + +- set gid/groups before executing ssh-agent (bnc#665061) + +--- +Mon Apr 18 13:53:35 UTC 2011 - vci...@novell.com + +- fix for bnc#688120 (pam_ssh double free) + +--- calling whatdependson for head-i586 New: pam_ssh-1.97-setgid.patch pam_ssh-double-free.patch Other differences: -- ++ pam_ssh.spec ++ --- /var/tmp/diff_new_pack.oD0DNz/_old 2011-06-28 09:49:01.0 +0200 +++ /var/tmp/diff_new_pack.oD0DNz/_new 2011-06-28 09:49:01.0 +0200 @@ -1,7 +1,7 @@ # -# spec file for package pam_ssh (Version 1.97) +# spec file for package pam_ssh # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,11 +24,13 @@ Group: Productivity/Networking/SSH AutoReqProv:on Version:1.97 -Release:3 +Release:13 Summary:PAM Module for SSH Authentication Url:http://sourceforge.net/projects/pam-ssh/ Source: %{name}-%{version}.tar.bz2 Source2:baselibs.conf +Patch0: pam_ssh-double-free.patch +Patch1: pam_ssh-1.97-setgid.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -46,6 +48,8 @@ %prep %setup -q +%patch0 -p1 +%patch1 -p1 %build %{suse_update_config -f} ++ pam_ssh-1.97-setgid.patch ++ Index: pam_ssh-1.97/pam_ssh.c === --- pam_ssh-1.97.orig/pam_ssh.c +++ pam_ssh-1.97/pam_ssh.c @@ -684,7 +684,8 @@ pam_sm_open_session(pam_handle_t *pamh, _exit(EX_OSERR); /* NOTREACHED */ case PAM_SUCCESS: - if (setuid(pwent->pw_uid) == -1) { + if (initgroups(pwent->pw_name, pwent->pw_gid) == -1 || + setgid(pwent->pw_gid) == -1 || setuid(pwent->pw_uid) == -1) { pam_ssh_log(LOG_ERR, "can't drop privileges: %m", pwent->pw_uid); ++ pam_ssh-double-free.patch ++ Index: pam_ssh-1.97/pam_ssh.c === --- pam_ssh-1.97.orig/pam_ssh.c +++ pam_ssh-1.97/pam_ssh.c @@ -627,7 +627,7 @@ pam_sm_open_session(pam_handle_t *pamh, * than the file creation time */ if (retval = stat(per_agent, &stat_buf)) { pam_ssh_log(LOG_ERR, "stat() failed on %s", per_agent); -free(per_agent); +pam_set_data(pamh, "ssh_agent_env_agent", NULL, NULL); fclose(env_read); return retval; } @@ -646,7 +646,7 @@ pam_sm_open_session(pam_handle_t *pamh, if (start_agent) { if ((env_write = open(per_agent, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR)) < 0) { pam_ssh_log(LOG_ERR, "can't write to %s", per_agent); -free(per_agent); +pam_set_data(pamh, "ssh_agent_env_agent", NULL, NULL); openpam_restore_cred(pamh); return PAM_SERVICE_ERR; } Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org