From ff341f39c371e6ff54e128b9c063409a3c7eb0d25af56363820cc6ed2fdfa2ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 3 May 2024 17:40:22 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main pam_u2f revision d399dc47fa1169741bb98928659b91b5 --- .gitattributes | 23 ++++ baselib.conf | 2 + pam_u2f-1.3.0.tar.gz | 3 + pam_u2f-1.3.0.tar.gz.sig | Bin 0 -> 119 bytes pam_u2f.changes | 251 +++++++++++++++++++++++++++++++++++++++ pam_u2f.keyring | 28 +++++ pam_u2f.spec | 62 ++++++++++ 7 files changed, 369 insertions(+) create mode 100644 .gitattributes create mode 100644 baselib.conf create mode 100644 pam_u2f-1.3.0.tar.gz create mode 100644 pam_u2f-1.3.0.tar.gz.sig create mode 100644 pam_u2f.changes create mode 100644 pam_u2f.keyring create mode 100644 pam_u2f.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/baselib.conf b/baselib.conf new file mode 100644 index 0000000..5df3c11 --- /dev/null +++ b/baselib.conf @@ -0,0 +1,2 @@ +pam_yubico + supplements "packageand(pam_yubico:pam-)" diff --git a/pam_u2f-1.3.0.tar.gz b/pam_u2f-1.3.0.tar.gz new file mode 100644 index 0000000..ee4b5ed --- /dev/null +++ b/pam_u2f-1.3.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:72360c6875485eb4df409da8f8f52b17893f05e4d998529c238814480e115220 +size 456281 diff --git a/pam_u2f-1.3.0.tar.gz.sig b/pam_u2f-1.3.0.tar.gz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..ac26fa1d9d7cec7456c8f62a803cdca78fe13f918da25d9a0128b76454f83fb6 GIT binary patch literal 119 zcmeAuWnmEGVvrS6WZ7K6{9klI#uDMD+%mRVo==WE*jCKSlp4lA>el6;D!M(K@sY8nS99Q1+ehbaGBTVC`RdWvpu9U_!u10O+)n4H UUb}RW^Vm + +- update to 1.3.0: + * Add sanity checking of UV options to pamu2fcfg. + * Add support for username expansion in the authfile path. + * Improvements to the documentation. + +------------------------------------------------------------------- +Sun May 29 19:59:49 UTC 2022 - Dirk Müller + +- update to 1.2.1: + * Fixed an issue where native credentials could be truncated, resulting in + failure to authenticate or successful authentication with missing options. + * Stricter parsing of sshformat credentials. + * pamu2fcfg now allows a combination of the --username and --nouser options. + * Improved documentation on FIDO2 options. +- add keyring for validation + +------------------------------------------------------------------- +Mon Oct 18 20:00:36 UTC 2021 - Torsten Gruner + +- Define macro _pam_moduledir if not set to fix builds for Leap and SLE + +------------------------------------------------------------------- +Wed Oct 13 08:05:40 UTC 2021 - Paolo Perego + +- Update to version 1.2.0 (released 2021-09-22) + * Added support for EdDSA keys. + * Added support for SSH ed25519-sk keys. + * Added authenticator filtering based on user verification options. + * Fixed an issue with privilege restoration on MacOS. + * Fixed an issue where credentials created with pamu2fcfg 1.0.8 or earlier were not handled correctly if their origin and appid differed. + * Miscellaneous improvements to the documentation. + * Miscellaneous minor bug fixes found by fuzzing. + +- Fix for bsc#1190961 - Removed hardcoded library pathnames using %{_pam_moduledir} + +------------------------------------------------------------------- +Thu May 20 13:04:05 UTC 2021 - Torsten Gruner + +- Update to version 1.1.1 (released 2021-05-19) + * Fix an issue where PIN authentication could be bypassed (CVE-2021-31924). + * Fix an issue with nodetect and non-resident credentials. + * Fix build issues with musl libc. + * Add support for self-attestation in pamu2fcfg. + * Fix minor bugs found by fuzzing. + +------------------------------------------------------------------- +Thu Oct 15 17:59:59 UTC 2020 - Ismail Dönmez + +- Update to version 1.1.0 + * Add support to FIDO2 (move from libu2f-host+libu2f-server to libfido2) + * Add support to User Verification + * Add support to PIN Verification + * Add support to Resident Credentials + * Add support to SSH credential format +- Drop libu2f-host and libu2f-server BuildRequires +- Add BuildRequires on pkgconfig(libfido2) +- Add explicit BuildRequires on pkgconfig(libcrypto), this was being + pulled down implicitly before. + +------------------------------------------------------------------- +Tue Jun 4 13:19:36 UTC 2019 - Karol Babioch + +- Version 1.0.8 (released 2019-06-04) + * Fix insecure debug file handling CVE-2019-12209 (bsc#1135729). + * Fix debug file descriptor leak CVE-2019-12210 (bsc#1135727). + * Fix a non-critical buffer oob access. +- Applied spec-cleaner + +------------------------------------------------------------------- +Tue May 15 09:04:06 UTC 2018 - kbabioch@suse.com + +- Update to version 1.0.7: + - Add authpending_file to signal authentication activity + - Add nodetect to skip to avoid unnecessary cue messages + +------------------------------------------------------------------- +Wed Apr 18 11:47:00 UTC 2018 - kbabioch@suse.com + +- Update to version 1.0.6: + - Fix an issue when using syslog as a debug facility. + - Do not honor cue if no sutable device is found. + +------------------------------------------------------------------- +Wed Apr 18 07:54:00 UTC 2018 - jengelh@inai.de + +- Update descriptions, trim bias and other-OS stuff. +- Remove extraneous --bindir. + +------------------------------------------------------------------- +Tue Apr 17 06:59:04 UTC 2018 - kbabioch@suse.com + +- Update to version 1.0.5: + - General bugfixes and quality-of-life improvements. + +------------------------------------------------------------------- +Thu Jan 7 21:34:49 UTC 2016 - t.gruner@katodev.de + +- Version 1.0.4 (released 2016-01-07) + - Fixed possible permission escalation when using XDG_CONFIG_HOME. + +------------------------------------------------------------------- +Fri Nov 6 22:00:05 UTC 2015 - t.gruner@katodev.de + +- Version 1.0.3 (released 2015-11-02) + - Bugfix in pamu2fcfg. + - Minor improvements for verbose mode in pamu2fcfg. + +------------------------------------------------------------------- +Tue Oct 6 14:11:20 UTC 2015 - t.gruner@katodev.de + +- Version 1.0.2 (released 2015-10-06) + - Changes to automake flags. + - Improve build on OS X. +- Cleanup .spec file +- Add baselib.conf + +------------------------------------------------------------------- +Wed Jul 8 21:23:52 UTC 2015 - t.gruner@katodev.de + +- Version 1.0.1 (released 2015-06-18) + - Minor changes to man pages and install hooks. +- Version 1.0.0 (released 2015-06-17) + - Use XDG_CONFIG_HOME as default for config files. + - Added manual and interactive mode. + - Added verbose mode. + +------------------------------------------------------------------- +Wed Jan 21 15:05:38 UTC 2015 - t.gruner@katodev.de + +- Version 0.0.1 (released 2015-01-16) + - Changed failure mode after authentication error. + - Added call to setcred. + +------------------------------------------------------------------- +Tue Jan 13 07:45:00 UTC 2015 - t.gruner@katodev.de + +- Version 0.0.0 + +2014-12-16 Alessio Di Mauro + + * Makefile.am: More fix to Makefile.am. + +2014-12-16 Alessio Di Mauro + + * NEWS: Updated NEWS. + +2014-12-16 Alessio Di Mauro + + * Makefile.am, pamu2fcfg/Makefile.am: Cleaned release target. + +2014-12-16 Alessio Di Mauro + + * Makefile.am: Changed repo variable name. + +2014-12-16 Alessio Di Mauro + + * pam-u2f.c, util.c: Indent. + +2014-12-16 Alessio Di Mauro + + * README: Fixed link in AsciiDoc. + +2014-12-15 Alessio Di Mauro + + * .travis.yml: Added more asciidoc related packets to Travis build. + +2014-12-15 Alessio Di Mauro + + * build-aux/travis: Added more ldconfig. + +2014-12-15 Alessio Di Mauro + + * .travis.yml: Added check to Travis build. + +2014-12-15 Alessio Di Mauro + + * build-aux/travis: Permissions. + +2014-12-15 Alessio Di Mauro + + * .travis.yml: Removed libhidapi from Travis build. + +2014-12-15 Alessio Di Mauro + + * .travis.yml, build-aux/travis: Added travis build. + +2014-12-15 Alessio Di Mauro + + * Makefile.am, pamu2fcfg/Makefile.am: Fixed Makefile. + +2014-12-12 Alessio Di Mauro + + * configure.ac: Fixed typo in configure.ac. + +2014-12-12 Alessio Di Mauro + + * README: Updated README. + +2014-12-12 Alessio Di Mauro + + * pamu2fcfg/pamu2fcfg.c: Removed linebreak at the end of the final + printout. + +2014-12-12 Alessio Di Mauro + + * .gitignore, pamu2fcfg/cmdline.c, pamu2fcfg/cmdline.ggo, + pamu2fcfg/cmdline.h, pamu2fcfg/pamu2fcfg.1.txt, + pamu2fcfg/pamu2fcfg.c: Added man page. + +2014-12-12 Alessio Di Mauro + + * pamu2fcfg/pamu2fcfg.c: Improved timout presentation. + +2014-12-12 Alessio Di Mauro + + * Makefile.am, pamu2fcfg/cmdline.c, pamu2fcfg/cmdline.h, + pamu2fcfg/pamu2fcfg.c: Indent. + +2014-12-12 Alessio Di Mauro + + * .gitignore, Makefile.am, configure.ac, pamu2fcfg/Makefile.am, + pamu2fcfg/cmdline.c, pamu2fcfg/cmdline.ggo, pamu2fcfg/cmdline.h, + pamu2fcfg/pamu2fcfg.c: Added first version of the registration tool. + +2014-12-12 Alessio Di Mauro + + * pam-u2f.c, util.c: Fixed some warnings. + +2014-12-12 Alessio Di Mauro + + * README, pam-u2f.c, pam_u2f.8.txt, util.h: Changed default origin + and appid to pam://$HOSTNAME. + +2014-12-10 Alessio Di Mauro + + * README: Typo in README. + +2014-12-10 Alessio Di Mauro + + * .gitignore, AUTHORS, BLURB, COPYING, Makefile.am, NEWS, README, + README.adoc, README.md, configure.ac, m4/lib-ld.m4, m4/lib-link.m4, + m4/lib-prefix.m4, m4/manywarnings.m4, m4/warnings.m4, pam-u2f.c, + pam_u2f.8.txt, tests/Makefile.am, tests/basic.c, util.c, util.h: + Added initial content. + +2014-12-10 Alessio Di Mauro + + * Initial commit diff --git a/pam_u2f.keyring b/pam_u2f.keyring new file mode 100644 index 0000000..43236c7 --- /dev/null +++ b/pam_u2f.keyring @@ -0,0 +1,28 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEX2GtChYJKwYBBAHaRw8BAQdAXtF26PPVnk3a2UWoHe61aN1EwpBWXbKDhel3 +QrBTSVi0MUx1ZHZpZyBNaWNoYWVsc3NvbiA8bHVkdmlnLm1pY2hhZWxzc29uQGdt +YWlsLmNvbT6IkQQTFgoAOQIbAQQLCQgHBBUKCQgFFgIDAQACHgECF4AWIQR42ZfV +PpwKKiBTku0UoZeEcjyZiAUCX2Gu5wIZAQAKCRAUoZeEcjyZiNAZAP9GQtAV2Hwo +OUFmlzIR14BYpmSeMkafm3rvBFudTgwZpgEAp7tSOkar9lglvt+JzuT3/HakxUUJ +YiwqIDey9xhiTgy0Mkx1ZHZpZyBNaWNoYWVsc3NvbiA8bHVkdmlnLm1pY2hhZWxz +c29uQHl1Ymljby5jb20+iI4EExYKADYWIQR42ZfVPpwKKiBTku0UoZeEcjyZiAUC +X2GuMQIbAQQLCQgHBBUKCQgFFgIDAQACHgECF4AACgkQFKGXhHI8mYiYRwD+OGtP +gKJYD5n1W6fDWnt+YHOVPkpqTJqVWXsYYe6SACABAP3mduQ4XB/ZmwCk67VT6b5T +lAUamAKeqSPAcjD5fwMDuDMEX2Gt0BYJKwYBBAHaRw8BAQdARvrBRyA4/r+Lz80F +c+4kRpIOTnCcGkqrzIyVbKYuNAeIfgQYFgoAJgIbIBYhBHjZl9U+nAoqIFOS7RSh +l4RyPJmIBQJhLHrtBQkDwpt2AAoJEBShl4RyPJmIS7EBAJbpbnsFuYHfwbZxA5Wp +XYAx8soXp+VLK9Rr1ysj4D4kAP4+XGsRuxHz51/ozDmLrg0N1LCJUu8kSgJvLxaF +N16lB7g4BF9hragSCisGAQQBl1UBBQEBB0BljuLOy6u/JkSAM9+4+l3nfwhlIy/i ++ym0f5Nr2tuKfgMBCAeIfgQYFgoAJgIbDBYhBHjZl9U+nAoqIFOS7RShl4RyPJmI +BQJhLHrtBQkDwpueAAoJEBShl4RyPJmI44YBAJP/+Bsxaun1QmGxTI8cdMgy+I3h +79qZNDTXxtWQv6A2AQCdpDlMoJePwY9apCRsFV0Pq0clM0I2pk3gP82yvw9uCLgz +BF9hrXwWCSsGAQQB2kcPAQEHQEob8Md2DCEq+n0vM1YiR5B3pixFaKZzPykxvlbO +ko5tiPUEGBYKACYCGwIWIQR42ZfVPpwKKiBTku0UoZeEcjyZiAUCYSx65wUJA8Kb +ygCBdiAEGRYKAB0WIQSzcAP/FaBopBPlCxw9aknkxOC2cwUCX2GtfAAKCRA9aknk +xOC2cx2WAPsGC4TsSp8CqeglXKtYrRJ7JGIGfzCOLhNoqjQwE6QAyAEAuTd0ibXM +aVxUQWJFhjkJFf2yEnKDpmrvokMXkaakpwAJEBShl4RyPJmI92cBAMDXRBTM/cWO +zR13pPqTKfVohQ+TwcPMOVUcBjOdDMStAQDy4sLxrtWbQgT/rJw1t4efF6Jwo1DC +tPHJTXcWe11RDw== +=9Cxt +-----END PGP PUBLIC KEY BLOCK----- diff --git a/pam_u2f.spec b/pam_u2f.spec new file mode 100644 index 0000000..0bfae36 --- /dev/null +++ b/pam_u2f.spec @@ -0,0 +1,62 @@ +# +# spec file for package pam_u2f +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{!?_pam_moduledir: %define _pam_moduledir /%{_lib}/security} + +Name: pam_u2f +Version: 1.3.0 +Release: 0 +Summary: U2F authentication integration into PAM +License: BSD-2-Clause +Group: Productivity/Networking/Security +URL: https://developers.yubico.com +Source0: https://developers.yubico.com/pam-u2f/Releases/%{name}-%{version}.tar.gz +Source1: https://developers.yubico.com/pam-u2f/Releases/%{name}-%{version}.tar.gz.sig +Source2: baselib.conf +Source99: pam_u2f.keyring +BuildRequires: pam-devel +BuildRequires: pkgconfig +BuildRequires: pkgconfig(libcrypto) +BuildRequires: pkgconfig(libfido2) >= 1.3.0 + +%description +The PAM U2F module provides a way to integrate the Yubikey +(or other U2F-compliant authenticators) into the existing user +authentication infrastructure. + +%prep +%setup -q + +%build +%configure --with-pam-dir=%{_pam_moduledir} \ + --disable-static +make %{?_smp_mflags} + +%install +%make_install %{?_smp_mflags} + +find %{buildroot} -type f -name "*.la" -delete -print + +%files +%license COPYING +%doc AUTHORS NEWS ChangeLog README +%{_bindir}/pamu2fcfg +%{_mandir}/man?/* +%{_pam_moduledir}/pam_u2f.so + +%changelog