Compare commits
1 Commits
5c0d402dd0
...
9ec2951e20
Author | SHA256 | Date | |
---|---|---|---|
9ec2951e20 |
@@ -1,39 +0,0 @@
|
||||
From 8da6c472ddcf18a30676bf8f7c55785dd2de91c5 Mon Sep 17 00:00:00 2001
|
||||
From: Paul Wolneykien <manowar@altlinux.org>
|
||||
Date: Fri, 26 Apr 2024 18:10:24 +0300
|
||||
Subject: [PATCH] Set 'slot_num' configuration parameter to 0 by default
|
||||
|
||||
See https://github.com/OpenSC/pam_pkcs11/pull/74 for details.
|
||||
|
||||
Signed-off-by: Paul Wolneykien <manowar@altlinux.org>
|
||||
---
|
||||
src/pam_pkcs11/pam_config.c | 11 +++--------
|
||||
1 file changed, 3 insertions(+), 8 deletions(-)
|
||||
|
||||
--- a/src/pam_pkcs11/pam_config.c
|
||||
+++ b/src/pam_pkcs11/pam_config.c
|
||||
@@ -50,7 +50,7 @@ struct configuration_st configuration =
|
||||
NULL, /* const char *pkcs11_module_path; */
|
||||
NULL, /* screen savers */
|
||||
NULL, /* slot_description */
|
||||
- -1, /* int slot_num; */
|
||||
+ 0, /* int slot_num; */
|
||||
0, /* support threads */
|
||||
/* cert policy; */
|
||||
{
|
||||
@@ -167,13 +167,8 @@ static void parse_config_file(void) {
|
||||
configuration.slot_num =
|
||||
scconf_get_int(pkcs11_mblk,"slot_num",configuration.slot_num);
|
||||
|
||||
- if (configuration.slot_description != NULL && configuration.slot_num != -1) {
|
||||
- DBG1("Can not specify both slot_description and slot_num in file %s",configuration.config_file);
|
||||
- return;
|
||||
- }
|
||||
-
|
||||
- if (configuration.slot_description == NULL && configuration.slot_num == -1) {
|
||||
- DBG1("Neither slot_description nor slot_num found in file %s",configuration.config_file);
|
||||
+ if (configuration.slot_description != NULL && configuration.slot_num != 0) {
|
||||
+ DBG1("Can not specify both slot_description and slot_num != 0 in file %s",configuration.config_file);
|
||||
return;
|
||||
}
|
||||
|
@@ -1,29 +0,0 @@
|
||||
--- a/src/mappers/mapper.c
|
||||
+++ b/src/mappers/mapper.c
|
||||
@@ -83,7 +83,12 @@
|
||||
/* get a line from buffer */
|
||||
from = mfile->pt;
|
||||
/* set up pointer */
|
||||
- while( *from && isspace(*from) ) from++;
|
||||
+ while( *from && isspace(*from)){
|
||||
+ if(from - mfile->buffer + 1 >= mfile->length){
|
||||
+ return 0;
|
||||
+ }
|
||||
+ from++;
|
||||
+ }
|
||||
to = strchr(from,'\n');
|
||||
/* if no newline, assume string ends at end of buffer */
|
||||
if (!to) to=mfile->buffer+mfile->length;
|
||||
|
||||
--- a/src/pam_pkcs11/pam_pkcs11.c
|
||||
+++ b/src/pam_pkcs11/pam_pkcs11.c
|
||||
@@ -208,7 +208,7 @@
|
||||
{
|
||||
int i, rv;
|
||||
const char *user = NULL;
|
||||
- char *password;
|
||||
+ char *password = NULL;
|
||||
unsigned int slot_num = 0;
|
||||
int is_a_screen_saver = 0;
|
||||
struct configuration_st *configuration;
|
||||
|
@@ -1,7 +1,7 @@
|
||||
Index: pam_pkcs11-pam_pkcs11-0.6.12/etc/pam_pkcs11.conf.example.in
|
||||
Index: pam_pkcs11-pam_pkcs11-0.6.13/etc/pam_pkcs11.conf.example.in
|
||||
===================================================================
|
||||
--- pam_pkcs11-pam_pkcs11-0.6.12.orig/etc/pam_pkcs11.conf.example.in
|
||||
+++ pam_pkcs11-pam_pkcs11-0.6.12/etc/pam_pkcs11.conf.example.in
|
||||
--- pam_pkcs11-pam_pkcs11-0.6.13.orig/etc/pam_pkcs11.conf.example.in
|
||||
+++ pam_pkcs11-pam_pkcs11-0.6.13/etc/pam_pkcs11.conf.example.in
|
||||
@@ -9,7 +9,7 @@ pam_pkcs11 {
|
||||
nullok = true;
|
||||
|
||||
@@ -24,8 +24,8 @@ Index: pam_pkcs11-pam_pkcs11-0.6.12/etc/pam_pkcs11.conf.example.in
|
||||
+ }
|
||||
|
||||
pkcs11_module opensc {
|
||||
module = /usr/lib/opensc-pkcs11.so;
|
||||
@@ -162,7 +167,7 @@ pam_pkcs11 {
|
||||
module = @libdir@/opensc-pkcs11.so;
|
||||
@@ -164,7 +169,7 @@ pam_pkcs11 {
|
||||
# If used null mapper should be the last in the list :-)
|
||||
# Also you should select at least one mapper, otherwise
|
||||
# certificate will not match :-)
|
||||
|
@@ -1,6 +1,8 @@
|
||||
--- pam_pkcs11-0.6.1/src/pam_pkcs11/pam_config.c
|
||||
+++ pam_pkcs11-0.6.1/src/pam_pkcs11/pam_config.c
|
||||
@@ -45,7 +45,7 @@
|
||||
Index: pam_pkcs11-pam_pkcs11-0.6.13/src/pam_pkcs11/pam_config.c
|
||||
===================================================================
|
||||
--- pam_pkcs11-pam_pkcs11-0.6.13.orig/src/pam_pkcs11/pam_config.c
|
||||
+++ pam_pkcs11-pam_pkcs11-0.6.13/src/pam_pkcs11/pam_config.c
|
||||
@@ -47,7 +47,7 @@ struct configuration_st configuration =
|
||||
0, /* int card_only; */
|
||||
0, /* int wait_for_card; */
|
||||
"default", /* const char *pkcs11_module; */
|
||||
@@ -8,4 +10,4 @@
|
||||
+ NULL, /* const char *pkcs11_module_path; */
|
||||
NULL, /* screen savers */
|
||||
NULL, /* slot_description */
|
||||
-1, /* int slot_num; */
|
||||
0, /* int slot_num; */
|
||||
|
BIN
pam_pkcs11-0.6.12.tar.gz
(Stored with Git LFS)
BIN
pam_pkcs11-0.6.12.tar.gz
(Stored with Git LFS)
Binary file not shown.
BIN
pam_pkcs11-0.6.13.tar.gz
(Stored with Git LFS)
Normal file
BIN
pam_pkcs11-0.6.13.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
@@ -1,105 +0,0 @@
|
||||
From b665b287ff955bbbd9539252ff9f9e2754c3fb48 Mon Sep 17 00:00:00 2001
|
||||
From: Frank Morgner <frankmorgner@gmail.com>
|
||||
Date: Fri, 6 Dec 2024 04:39:04 +0100
|
||||
Subject: [PATCH] fixed possible authentication bypass: Use signatures to
|
||||
verify authentication by default
|
||||
|
||||
If cert_policy is set to none (the default value), then pam_pkcs11 will
|
||||
only check if the user is capable of logging into the token. An attacker
|
||||
may create a different token with the user's public data (e.g. the
|
||||
user's certificate) and a PIN known to the attacker. If no signature
|
||||
with the private key is required, then the attacker may now login as
|
||||
user with that created token.
|
||||
|
||||
This change, by default, uses the private key to crate a signature. A
|
||||
new policy, `no_signature` is introduced if the module should really
|
||||
*not* validate the key's signature
|
||||
---
|
||||
src/common/cert_vfy.h | 2 +-
|
||||
src/pam_pkcs11/pam_config.c | 16 +++++++++++-----
|
||||
src/pam_pkcs11/pam_pkcs11.c | 2 +-
|
||||
3 files changed, 13 insertions(+), 7 deletions(-)
|
||||
|
||||
Index: pam_pkcs11-pam_pkcs11-0.6.12/src/common/cert_vfy.h
|
||||
===================================================================
|
||||
--- pam_pkcs11-pam_pkcs11-0.6.12.orig/src/common/cert_vfy.h
|
||||
+++ pam_pkcs11-pam_pkcs11-0.6.12/src/common/cert_vfy.h
|
||||
@@ -48,7 +48,7 @@ typedef enum {
|
||||
struct cert_policy_st {
|
||||
int ca_policy;
|
||||
int crl_policy;
|
||||
- int signature_policy;
|
||||
+ int no_signature_policy;
|
||||
const char *ca_dir;
|
||||
const char *crl_dir;
|
||||
const char *nss_dir;
|
||||
Index: pam_pkcs11-pam_pkcs11-0.6.12/src/pam_pkcs11/pam_config.c
|
||||
===================================================================
|
||||
--- pam_pkcs11-pam_pkcs11-0.6.12.orig/src/pam_pkcs11/pam_config.c
|
||||
+++ pam_pkcs11-pam_pkcs11-0.6.12/src/pam_pkcs11/pam_config.c
|
||||
@@ -87,7 +87,7 @@ static void display_config (void) {
|
||||
DBG1("support_threads %d",configuration.support_threads);
|
||||
DBG1("ca_policy %d",configuration.policy.ca_policy);
|
||||
DBG1("crl_policy %d",configuration.policy.crl_policy);
|
||||
- DBG1("signature_policy %d",configuration.policy.signature_policy);
|
||||
+ DBG1("no_signature_policy %d",configuration.policy.no_signature_policy);
|
||||
DBG1("ocsp_policy %d",configuration.policy.ocsp_policy);
|
||||
DBG1("err_display_time %d", configuration.err_display_time);
|
||||
}
|
||||
@@ -180,7 +180,7 @@ static void parse_config_file(void) {
|
||||
configuration.policy.crl_policy=CRLP_NONE;
|
||||
configuration.policy.ocsp_policy=OCSP_NONE;
|
||||
configuration.policy.ca_policy=0;
|
||||
- configuration.policy.signature_policy=0;
|
||||
+ configuration.policy.no_signature_policy=0;
|
||||
break;
|
||||
} else if ( !strcmp(policy_list->data,"crl_auto") ) {
|
||||
configuration.policy.crl_policy=CRLP_AUTO;
|
||||
@@ -193,7 +193,10 @@ static void parse_config_file(void) {
|
||||
} else if ( !strcmp(policy_list->data,"ca") ) {
|
||||
configuration.policy.ca_policy=1;
|
||||
} else if ( !strcmp(policy_list->data,"signature") ) {
|
||||
- configuration.policy.signature_policy=1;
|
||||
+ // ignore this setting for legacy reasons
|
||||
+ } else if ( !strcmp(policy_list->data,"no_signature") ) {
|
||||
+ // ignore this setting for legacy reasons
|
||||
+ configuration.policy.no_signature_policy=1;
|
||||
} else {
|
||||
DBG1("Invalid CRL policy: %s",policy_list->data);
|
||||
}
|
||||
@@ -321,7 +324,7 @@ struct configuration_st *pk_configure( i
|
||||
if (strstr(argv[i],"none")) {
|
||||
configuration.policy.crl_policy=CRLP_NONE;
|
||||
configuration.policy.ca_policy=0;
|
||||
- configuration.policy.signature_policy=0;
|
||||
+ configuration.policy.no_signature_policy=0;
|
||||
configuration.policy.ocsp_policy=OCSP_NONE;
|
||||
}
|
||||
if (strstr(argv[i],"crl_online")) {
|
||||
@@ -340,7 +343,10 @@ struct configuration_st *pk_configure( i
|
||||
configuration.policy.ca_policy=1;
|
||||
}
|
||||
if (strstr(argv[i],"signature")) {
|
||||
- configuration.policy.signature_policy=1;
|
||||
+ // ignore this setting for legacy reasons
|
||||
+ }
|
||||
+ if (strstr(argv[i],"no_signature")) {
|
||||
+ configuration.policy.no_signature_policy=1;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
Index: pam_pkcs11-pam_pkcs11-0.6.12/src/pam_pkcs11/pam_pkcs11.c
|
||||
===================================================================
|
||||
--- pam_pkcs11-pam_pkcs11-0.6.12.orig/src/pam_pkcs11/pam_pkcs11.c
|
||||
+++ pam_pkcs11-pam_pkcs11-0.6.12/src/pam_pkcs11/pam_pkcs11.c
|
||||
@@ -618,8 +618,8 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
|
||||
|
||||
|
||||
/* if signature check is enforced, generate random data, sign and verify */
|
||||
- if (configuration->policy.signature_policy) {
|
||||
- pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Checking signature"));
|
||||
+ if (!configuration->policy.no_signature_policy) {
|
||||
+ pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Checking signature"));
|
||||
|
||||
|
||||
#ifdef notdef
|
@@ -1,104 +0,0 @@
|
||||
From 2ecba68d404c3112546a9e802e3776b9f6c50a6a Mon Sep 17 00:00:00 2001
|
||||
From: Frank Morgner <frankmorgner@gmail.com>
|
||||
Date: Fri, 6 Dec 2024 03:08:38 +0100
|
||||
Subject: [PATCH] Fixed possible authentication bypass: Don't return PAM_IGNORE
|
||||
|
||||
Starting with bac6cf8e0b242e508e8b715e7f78d52f1227840a (released with
|
||||
pam_pkcs11-0.6.12), return codes defaulted to PAM_IGNORE in most cases
|
||||
where authentication was not possible. This change has not been
|
||||
anticipated in PAM configurations and may lead to authentication
|
||||
bypasses. If pam_pkcs11 was configured as the only module which could
|
||||
provide authentication and would silently fail with PAM_IGNORE, then
|
||||
this return code may be transformed to PAM_SUCCESS by subsequent PAM
|
||||
modules that don't actually perform authentication. This change avoids
|
||||
this situation by *not* returning PAM_IGNORE by default as done in
|
||||
0.6.11 and before.
|
||||
|
||||
If pam_pkcs11 is the only module providing authentication in the PAM
|
||||
stack, then the following PAM configuration could be used to avoid this
|
||||
situation as well:
|
||||
|
||||
auth [success=ok default=bad] pam_pkcs11.so wait_for_card card_only
|
||||
|
||||
In the configuration above, PAM_IGNORE will lead to an authentication
|
||||
failure even for an unpatched pam_pkcs11-0.6.12 (note the missing
|
||||
`ignore=ignore`).
|
||||
|
||||
Thanks to Matthias Gerstner (@mgerstner) and the SUSE Linux team for
|
||||
reporting this problem providing analysis and the workaround
|
||||
configuration of a possibly vulnerable PAM stack.
|
||||
---
|
||||
src/pam_pkcs11/pam_pkcs11.c | 35 +++++++----------------------------
|
||||
1 file changed, 7 insertions(+), 28 deletions(-)
|
||||
|
||||
Index: pam_pkcs11-pam_pkcs11-0.6.12/src/pam_pkcs11/pam_pkcs11.c
|
||||
===================================================================
|
||||
--- pam_pkcs11-pam_pkcs11-0.6.12.orig/src/pam_pkcs11/pam_pkcs11.c
|
||||
+++ pam_pkcs11-pam_pkcs11-0.6.12/src/pam_pkcs11/pam_pkcs11.c
|
||||
@@ -281,13 +281,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
|
||||
}
|
||||
}
|
||||
|
||||
- if (!configuration->card_only || !login_token_name) {
|
||||
- /* Allow to pass to the next module if the auth isn't
|
||||
- restricted to card only. */
|
||||
- pkcs11_pam_fail = PAM_IGNORE;
|
||||
- } else {
|
||||
- pkcs11_pam_fail = PAM_CRED_INSUFFICIENT;
|
||||
- }
|
||||
+ pkcs11_pam_fail = PAM_CRED_INSUFFICIENT;
|
||||
|
||||
/* fail if we are using a remote server
|
||||
* local login: DISPLAY=:0
|
||||
@@ -366,13 +360,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
|
||||
}
|
||||
|
||||
if (rv != 0) {
|
||||
- /* No token found */
|
||||
- if (!configuration->card_only) {
|
||||
- /* If the login isn't restricted to card-only, then proceed
|
||||
- to the next auth. module quietly. */
|
||||
- release_pkcs11_module(ph);
|
||||
- goto exit_ignore;
|
||||
- }
|
||||
+ /* No token found */
|
||||
|
||||
ERR("no suitable token available");
|
||||
if (!configuration->quiet) {
|
||||
@@ -402,18 +390,12 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
|
||||
if (rv != 0) {
|
||||
release_pkcs11_module(ph);
|
||||
/* Still no card */
|
||||
- if (pkcs11_pam_fail != PAM_IGNORE) {
|
||||
- if (!configuration->quiet) {
|
||||
- pam_prompt(pamh, PAM_ERROR_MSG,
|
||||
- NULL, _("Error 2308: No smartcard found"));
|
||||
- sleep(configuration->err_display_time);
|
||||
- }
|
||||
- } else {
|
||||
- pam_prompt(pamh, PAM_TEXT_INFO,
|
||||
- NULL, _("No smartcard found"));
|
||||
- goto exit_ignore;
|
||||
- }
|
||||
+ if (!configuration->quiet) {
|
||||
+ pam_prompt(pamh, PAM_ERROR_MSG,
|
||||
+ NULL, _("Error 2308: No smart card found."));
|
||||
+ sleep(configuration->err_display_time);
|
||||
return pkcs11_pam_fail;
|
||||
+ }
|
||||
}
|
||||
|
||||
pam_prompt(pamh, PAM_TEXT_INFO, NULL,
|
||||
@@ -798,10 +780,8 @@ auth_failed:
|
||||
free( password );
|
||||
}
|
||||
|
||||
- if (PAM_IGNORE == pkcs11_pam_fail)
|
||||
- goto exit_ignore;
|
||||
- else
|
||||
- return pkcs11_pam_fail;
|
||||
+ return pkcs11_pam_fail;
|
||||
+
|
||||
|
||||
exit_ignore:
|
||||
pam_prompt( pamh, PAM_TEXT_INFO, NULL,
|
@@ -1,18 +1,29 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 19 13:50:20 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
|
||||
Thu Feb 6 16:04:09 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
|
||||
|
||||
- Update to 0.6.13
|
||||
* Added pkcs11-eventmgr systemd service unit.
|
||||
* Updated Russian translations for pam_pkcs11 (thx Max Kosmach and Andrey Cherepanov).
|
||||
* Fixed possible authentication bypass (CVE-2025-24032):
|
||||
* Use signatures to verify authentication by default (thx Frank Morgner).
|
||||
* Fixed possible authentication bypass (CVE-2025-24531):
|
||||
* Restoring the original card_only / wait_for_card behavior (thx Matthias Gerstner, Frank Morgner).
|
||||
* Move pam_securetty.so upward in the example PAM config.
|
||||
* Set 'slot_num' configuration parameter to 0 by default (thx Jpereyra316).
|
||||
* Print details about configuration parse errors (thx Jpereyra316).
|
||||
* Add Chinese (Simplified) translation.
|
||||
* Capitalize all PAM messages (thx Alynx Zhou).
|
||||
* Made pkcs11_make_hash_link support whitespaces in file names
|
||||
* Drop 0001-Set-slot_num-configuration-parameter-to-0-by-default.patch
|
||||
* Drop 0001-memory-leak-fixes.patch
|
||||
* Rebase pam_pkcs11-0.5.3-nss-conf.patch
|
||||
* Rebase pam_pkcs11-0.6.0-nss-autoconf.patch
|
||||
|
||||
- Security update fix [bsc#1237062, CVE-2025-24032]
|
||||
* Fix CVE-2025-24032: vulnerable to authentication bypass with default value for `cert_policy` (`none`)
|
||||
* Add pam_pkcs11-CVE-2025-24032.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 5 09:28:30 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
|
||||
Wed Jan 22 16:07:50 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
- Security fix [bsc#1236314, CVE-2025-24531]
|
||||
* fix regression returning PAM_IGNORE in many situations with possible authentication bypass
|
||||
* Add pam_pkcs11-CVE-2025-24531.patch
|
||||
- Fix RPM warnings
|
||||
- Add %check section running test suite
|
||||
- Drop rcFOO symlinks for CODE16 (PED-266).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 24 21:07:33 UTC 2024 - Simon Vogl <simon.vogl@gmx.net>
|
||||
|
@@ -19,7 +19,7 @@
|
||||
# It seems to be an upstream naming bug:
|
||||
%define _name pam_pkcs11-pam_pkcs11
|
||||
Name: pam_pkcs11
|
||||
Version: 0.6.12
|
||||
Version: 0.6.13
|
||||
Release: 0
|
||||
Summary: PKCS #11 PAM Module
|
||||
License: LGPL-2.1-or-later
|
||||
@@ -34,13 +34,7 @@ Source4: pkcs11_eventmgr.service
|
||||
Patch0: %{name}-fsf-address.patch
|
||||
Patch1: %{name}-0.5.3-nss-conf.patch
|
||||
Patch3: %{name}-0.6.0-nss-autoconf.patch
|
||||
Patch4: 0001-Set-slot_num-configuration-parameter-to-0-by-default.patch
|
||||
# 0001-memory-leak-fixes.patch - Fix memory leaks and issues with kscreenlocker (boo#1230870) - adapted from https://github.com/OpenSC/pam_pkcs11/commit/f8e7d85aa3ca4fd2e2a8c2dfe601d1224debe372.patch
|
||||
Patch6: 0001-memory-leak-fixes.patch
|
||||
# PATCH-FIX-UPSTREAM: bsc#1236314 CVE-2025-24531 has a regression returning PAM_IGNORE in many situations with possible authentication bypass
|
||||
Patch7: pam_pkcs11-CVE-2025-24531.patch
|
||||
# PATCH-FIX-UPSTREAM: bsc#1237062 CVE-2025-24032: vulnerable to authentication bypass with default value for `cert_policy` (`none`)
|
||||
Patch8: pam_pkcs11-CVE-2025-24032.patch
|
||||
|
||||
BuildRequires: curl-devel
|
||||
BuildRequires: docbook-xsl-stylesheets
|
||||
BuildRequires: doxygen
|
||||
@@ -55,7 +49,6 @@ BuildRequires: pam-devel
|
||||
BuildRequires: pcsc-lite-devel
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: systemd-rpm-macros
|
||||
|
||||
%{?systemd_requires}
|
||||
|
||||
%description
|
||||
@@ -82,7 +75,7 @@ Summary: PKCS #11 API PAM Documentation
|
||||
# File conflict. devel-doc split was done with 0.6.9 upgrade, after SLE 12 SP3, Leap 42.3.
|
||||
Group: Documentation/HTML
|
||||
Conflicts: pam_pkcs11 < 0.6.9
|
||||
BuildArch: noarch
|
||||
BuildArch: noarch
|
||||
|
||||
%description devel-doc
|
||||
API documentation for pam_pkcs11
|
||||
@@ -139,8 +132,11 @@ mkdir -p %{buildroot}%{_sysconfdir}/pam.d
|
||||
cp common-auth-smartcard %{buildroot}%{_sysconfdir}/pam.d/
|
||||
%endif
|
||||
install -D -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/pkcs11_eventmgr.service
|
||||
rm %{buildroot}%{_unitdir}/pkcs11-eventmgr.service
|
||||
%if 0%{?suse_version} < 1600
|
||||
mkdir -p %{buildroot}%{_sbindir}
|
||||
ln -s service %{buildroot}%{_sbindir}/rcpkcs11_eventmgr
|
||||
%endif
|
||||
%find_lang %{name}
|
||||
%fdupes -s %{buildroot}%{_docdir}/%{name}
|
||||
|
||||
@@ -185,7 +181,9 @@ done
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/common-auth-smartcard
|
||||
%endif
|
||||
%{_prefix}/lib/systemd/system/pkcs11_eventmgr.service
|
||||
%{_sbindir}/*
|
||||
%if 0%{?suse_version} < 1600
|
||||
%{_sbindir}/rc*
|
||||
%endif
|
||||
|
||||
%files devel-doc
|
||||
%doc %{_docdir}/%{name}/api
|
||||
|
Reference in New Issue
Block a user