Sync from SUSE:SLFO:Main pam_u2f revision d399dc47fa1169741bb98928659b91b5

2024-05-03 17:40:22 +02:00 · 2024-05-03 17:40:22 +02:00 · ff341f39c3
commit ff341f39c3
7 changed files with 369 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/baselib.conf
+++ b/baselib.conf
@ -0,0 +1,2 @@
+pam_yubico
+  supplements "packageand(pam_yubico:pam-<targettype>)"
--- a/pam_u2f-1.3.0.tar.gz
+++ b/pam_u2f-1.3.0.tar.gz
--- a/pam_u2f-1.3.0.tar.gz.sig
+++ b/pam_u2f-1.3.0.tar.gz.sig
--- a/pam_u2f.changes
+++ b/pam_u2f.changes
@ -0,0 +1,251 @@
+-------------------------------------------------------------------
+Sat Apr 15 12:01:02 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.3.0:
+  * Add sanity checking of UV options to pamu2fcfg.
+  * Add support for username expansion in the authfile path.
+  * Improvements to the documentation.
+
+-------------------------------------------------------------------
+Sun May 29 19:59:49 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.2.1:
+  * Fixed an issue where native credentials could be truncated, resulting in
+    failure to authenticate or successful authentication with missing options.
+  * Stricter parsing of sshformat credentials.
+  * pamu2fcfg now allows a combination of the --username and --nouser options.
+  * Improved documentation on FIDO2 options.
+- add keyring for validation
+
+-------------------------------------------------------------------
+Mon Oct 18 20:00:36 UTC 2021 - Torsten Gruner <t.gruner@katodev.de>
+
+- Define macro _pam_moduledir if not set to fix builds for Leap and SLE
+
+-------------------------------------------------------------------
+Wed Oct 13 08:05:40 UTC 2021 - Paolo Perego <paolo.perego@suse.com>
+
+- Update to version 1.2.0 (released 2021-09-22)
+  * Added support for EdDSA keys.
+  * Added support for SSH ed25519-sk keys.
+  * Added authenticator filtering based on user verification options.
+  * Fixed an issue with privilege restoration on MacOS.
+  * Fixed an issue where credentials created with pamu2fcfg 1.0.8 or earlier were not handled correctly if their origin and appid differed.
+  * Miscellaneous improvements to the documentation.
+  * Miscellaneous minor bug fixes found by fuzzing.
+
+- Fix for bsc#1190961 - Removed hardcoded library pathnames using %{_pam_moduledir}
+
+-------------------------------------------------------------------
+Thu May 20 13:04:05 UTC 2021 - Torsten Gruner <t.gruner@katodev.de>
+
+- Update to version 1.1.1 (released 2021-05-19)
+  * Fix an issue where PIN authentication could be bypassed (CVE-2021-31924).
+  * Fix an issue with nodetect and non-resident credentials.
+  * Fix build issues with musl libc.
+  * Add support for self-attestation in pamu2fcfg.
+  * Fix minor bugs found by fuzzing.
+
+-------------------------------------------------------------------
+Thu Oct 15 17:59:59 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
+
+- Update to version 1.1.0
+  * Add support to FIDO2 (move from libu2f-host+libu2f-server to libfido2)
+  * Add support to User Verification
+  * Add support to PIN Verification
+  * Add support to Resident Credentials
+  * Add support to SSH credential format
+- Drop libu2f-host and libu2f-server BuildRequires
+- Add BuildRequires on pkgconfig(libfido2)
+- Add explicit BuildRequires on pkgconfig(libcrypto), this was being
+  pulled down implicitly before.
+
+-------------------------------------------------------------------
+Tue Jun  4 13:19:36 UTC 2019 - Karol Babioch <kbabioch@suse.de>
+
+- Version 1.0.8 (released 2019-06-04)
+  * Fix insecure debug file handling CVE-2019-12209 (bsc#1135729).
+  * Fix debug file descriptor leak CVE-2019-12210 (bsc#1135727).
+  * Fix a non-critical buffer oob access.
+- Applied spec-cleaner
+
+-------------------------------------------------------------------
+Tue May 15 09:04:06 UTC 2018 - kbabioch@suse.com
+
+- Update to version 1.0.7:
+  - Add authpending_file to signal authentication activity
+  - Add nodetect to skip to avoid unnecessary cue messages
+
+-------------------------------------------------------------------
+Wed Apr 18 11:47:00 UTC 2018 - kbabioch@suse.com
+
+- Update to version 1.0.6:
+  - Fix an issue when using syslog as a debug facility.
+  - Do not honor cue if no sutable device is found. 
+
+-------------------------------------------------------------------
+Wed Apr 18 07:54:00 UTC 2018 - jengelh@inai.de
+
+- Update descriptions, trim bias and other-OS stuff.
+- Remove extraneous --bindir.
+
+-------------------------------------------------------------------
+Tue Apr 17 06:59:04 UTC 2018 - kbabioch@suse.com
+
+- Update to version 1.0.5:
+  - General bugfixes and quality-of-life improvements. 
+
+-------------------------------------------------------------------
+Thu Jan  7 21:34:49 UTC 2016 - t.gruner@katodev.de
+
+- Version 1.0.4 (released 2016-01-07)
+  - Fixed possible permission escalation when using XDG_CONFIG_HOME.
+
+-------------------------------------------------------------------
+Fri Nov  6 22:00:05 UTC 2015 - t.gruner@katodev.de
+
+- Version 1.0.3 (released 2015-11-02)
+  - Bugfix in pamu2fcfg.
+  - Minor improvements for verbose mode in pamu2fcfg. 
+
+-------------------------------------------------------------------
+Tue Oct  6 14:11:20 UTC 2015 - t.gruner@katodev.de
+
+- Version 1.0.2 (released 2015-10-06)
+  - Changes to automake flags.
+  - Improve build on OS X.
+- Cleanup .spec file
+- Add baselib.conf
+
+-------------------------------------------------------------------
+Wed Jul  8 21:23:52 UTC 2015 - t.gruner@katodev.de
+
+- Version 1.0.1 (released 2015-06-18)
+  - Minor changes to man pages and install hooks.
+- Version 1.0.0 (released 2015-06-17)
+  - Use XDG_CONFIG_HOME as default for config files.
+  - Added manual and interactive mode.
+  - Added verbose mode.
+
+-------------------------------------------------------------------
+Wed Jan 21 15:05:38 UTC 2015 - t.gruner@katodev.de
+
+- Version 0.0.1 (released 2015-01-16)
+  - Changed failure mode after authentication error.
+  - Added call to setcred.
+
+-------------------------------------------------------------------
+Tue Jan 13 07:45:00 UTC 2015 - t.gruner@katodev.de
+
+- Version 0.0.0
+
+2014-12-16  Alessio Di Mauro <alessio@yubico.com>
+
+	* Makefile.am: More fix to Makefile.am.
+
+2014-12-16  Alessio Di Mauro <alessio@yubico.com>
+
+	* NEWS: Updated NEWS.
+
+2014-12-16  Alessio Di Mauro <alessio@yubico.com>
+
+	* Makefile.am, pamu2fcfg/Makefile.am: Cleaned release target.
+
+2014-12-16  Alessio Di Mauro <alessio@yubico.com>
+
+	* Makefile.am: Changed repo variable name.
+
+2014-12-16  Alessio Di Mauro <alessio@yubico.com>
+
+	* pam-u2f.c, util.c: Indent.
+
+2014-12-16  Alessio Di Mauro <alessio@yubico.com>
+
+	* README: Fixed link in AsciiDoc.
+
+2014-12-15  Alessio Di Mauro <alessio@yubico.com>
+
+	* .travis.yml: Added more asciidoc related packets to Travis build.
+
+2014-12-15  Alessio Di Mauro <alessio@yubico.com>
+
+	* build-aux/travis: Added more ldconfig.
+
+2014-12-15  Alessio Di Mauro <alessio@yubico.com>
+
+	* .travis.yml: Added check to Travis build.
+
+2014-12-15  Alessio Di Mauro <alessio@yubico.com>
+
+	* build-aux/travis: Permissions.
+
+2014-12-15  Alessio Di Mauro <alessio@yubico.com>
+
+	* .travis.yml: Removed libhidapi from Travis build.
+
+2014-12-15  Alessio Di Mauro <alessio@yubico.com>
+
+	* .travis.yml, build-aux/travis: Added travis build.
+
+2014-12-15  Alessio Di Mauro <alessio@yubico.com>
+
+	* Makefile.am, pamu2fcfg/Makefile.am: Fixed Makefile.
+
+2014-12-12  Alessio Di Mauro <alessio@yubico.com>
+
+	* configure.ac: Fixed typo in configure.ac.
+
+2014-12-12  Alessio Di Mauro <alessio@yubico.com>
+
+	* README: Updated README.
+
+2014-12-12  Alessio Di Mauro <alessio@yubico.com>
+
+	* pamu2fcfg/pamu2fcfg.c: Removed linebreak at the end of the final
+	printout.
+
+2014-12-12  Alessio Di Mauro <alessio@yubico.com>
+
+	* .gitignore, pamu2fcfg/cmdline.c, pamu2fcfg/cmdline.ggo,
+	pamu2fcfg/cmdline.h, pamu2fcfg/pamu2fcfg.1.txt,
+	pamu2fcfg/pamu2fcfg.c: Added man page.
+
+2014-12-12  Alessio Di Mauro <alessio@yubico.com>
+
+	* pamu2fcfg/pamu2fcfg.c: Improved timout presentation.
+
+2014-12-12  Alessio Di Mauro <alessio@yubico.com>
+
+	* Makefile.am, pamu2fcfg/cmdline.c, pamu2fcfg/cmdline.h,
+	pamu2fcfg/pamu2fcfg.c: Indent.
+
+2014-12-12  Alessio Di Mauro <alessio@yubico.com>
+
+	* .gitignore, Makefile.am, configure.ac, pamu2fcfg/Makefile.am,
+	pamu2fcfg/cmdline.c, pamu2fcfg/cmdline.ggo, pamu2fcfg/cmdline.h,
+	pamu2fcfg/pamu2fcfg.c: Added first version of the registration tool.
+
+2014-12-12  Alessio Di Mauro <alessio@yubico.com>
+
+	* pam-u2f.c, util.c: Fixed some warnings.
+
+2014-12-12  Alessio Di Mauro <alessio@yubico.com>
+
+	* README, pam-u2f.c, pam_u2f.8.txt, util.h: Changed default origin
+	and appid to pam://$HOSTNAME.
+
+2014-12-10  Alessio Di Mauro <alessio@yubico.com>
+
+	* README: Typo in README.
+
+2014-12-10  Alessio Di Mauro <alessio@yubico.com>
+
+	* .gitignore, AUTHORS, BLURB, COPYING, Makefile.am, NEWS, README,
+	README.adoc, README.md, configure.ac, m4/lib-ld.m4, m4/lib-link.m4,
+	m4/lib-prefix.m4, m4/manywarnings.m4, m4/warnings.m4, pam-u2f.c,
+	pam_u2f.8.txt, tests/Makefile.am, tests/basic.c, util.c, util.h: 
+	Added initial content.
+
+2014-12-10  Alessio Di Mauro <a-dma@users.noreply.github.com>
+
+	* Initial commit
--- a/pam_u2f.keyring
+++ b/pam_u2f.keyring
@ -0,0 +1,28 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEX2GtChYJKwYBBAHaRw8BAQdAXtF26PPVnk3a2UWoHe61aN1EwpBWXbKDhel3
+QrBTSVi0MUx1ZHZpZyBNaWNoYWVsc3NvbiA8bHVkdmlnLm1pY2hhZWxzc29uQGdt
+YWlsLmNvbT6IkQQTFgoAOQIbAQQLCQgHBBUKCQgFFgIDAQACHgECF4AWIQR42ZfV
+PpwKKiBTku0UoZeEcjyZiAUCX2Gu5wIZAQAKCRAUoZeEcjyZiNAZAP9GQtAV2Hwo
+OUFmlzIR14BYpmSeMkafm3rvBFudTgwZpgEAp7tSOkar9lglvt+JzuT3/HakxUUJ
+YiwqIDey9xhiTgy0Mkx1ZHZpZyBNaWNoYWVsc3NvbiA8bHVkdmlnLm1pY2hhZWxz
+c29uQHl1Ymljby5jb20+iI4EExYKADYWIQR42ZfVPpwKKiBTku0UoZeEcjyZiAUC
+X2GuMQIbAQQLCQgHBBUKCQgFFgIDAQACHgECF4AACgkQFKGXhHI8mYiYRwD+OGtP
+gKJYD5n1W6fDWnt+YHOVPkpqTJqVWXsYYe6SACABAP3mduQ4XB/ZmwCk67VT6b5T
+lAUamAKeqSPAcjD5fwMDuDMEX2Gt0BYJKwYBBAHaRw8BAQdARvrBRyA4/r+Lz80F
+c+4kRpIOTnCcGkqrzIyVbKYuNAeIfgQYFgoAJgIbIBYhBHjZl9U+nAoqIFOS7RSh
+l4RyPJmIBQJhLHrtBQkDwpt2AAoJEBShl4RyPJmIS7EBAJbpbnsFuYHfwbZxA5Wp
+XYAx8soXp+VLK9Rr1ysj4D4kAP4+XGsRuxHz51/ozDmLrg0N1LCJUu8kSgJvLxaF
+N16lB7g4BF9hragSCisGAQQBl1UBBQEBB0BljuLOy6u/JkSAM9+4+l3nfwhlIy/i
+ym0f5Nr2tuKfgMBCAeIfgQYFgoAJgIbDBYhBHjZl9U+nAoqIFOS7RShl4RyPJmI
+BQJhLHrtBQkDwpueAAoJEBShl4RyPJmI44YBAJP/+Bsxaun1QmGxTI8cdMgy+I3h
+79qZNDTXxtWQv6A2AQCdpDlMoJePwY9apCRsFV0Pq0clM0I2pk3gP82yvw9uCLgz
+BF9hrXwWCSsGAQQB2kcPAQEHQEob8Md2DCEq+n0vM1YiR5B3pixFaKZzPykxvlbO
+ko5tiPUEGBYKACYCGwIWIQR42ZfVPpwKKiBTku0UoZeEcjyZiAUCYSx65wUJA8Kb
+ygCBdiAEGRYKAB0WIQSzcAP/FaBopBPlCxw9aknkxOC2cwUCX2GtfAAKCRA9aknk
+xOC2cx2WAPsGC4TsSp8CqeglXKtYrRJ7JGIGfzCOLhNoqjQwE6QAyAEAuTd0ibXM
+aVxUQWJFhjkJFf2yEnKDpmrvokMXkaakpwAJEBShl4RyPJmI92cBAMDXRBTM/cWO
+zR13pPqTKfVohQ+TwcPMOVUcBjOdDMStAQDy4sLxrtWbQgT/rJw1t4efF6Jwo1DC
+tPHJTXcWe11RDw==
+=9Cxt
+-----END PGP PUBLIC KEY BLOCK-----
--- a/pam_u2f.spec
+++ b/pam_u2f.spec
@ -0,0 +1,62 @@
+#
+# spec file for package pam_u2f
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%{!?_pam_moduledir: %define _pam_moduledir /%{_lib}/security}
+
+Name:           pam_u2f
+Version:        1.3.0
+Release:        0
+Summary:        U2F authentication integration into PAM
+License:        BSD-2-Clause
+Group:          Productivity/Networking/Security
+URL:            https://developers.yubico.com
+Source0:        https://developers.yubico.com/pam-u2f/Releases/%{name}-%{version}.tar.gz
+Source1:        https://developers.yubico.com/pam-u2f/Releases/%{name}-%{version}.tar.gz.sig
+Source2:        baselib.conf
+Source99:       pam_u2f.keyring
+BuildRequires:  pam-devel
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(libcrypto)
+BuildRequires:  pkgconfig(libfido2) >= 1.3.0
+
+%description
+The PAM U2F module provides a way to integrate the Yubikey
+(or other U2F-compliant authenticators) into the existing user
+authentication infrastructure.
+
+%prep
+%setup -q
+
+%build
+%configure --with-pam-dir=%{_pam_moduledir} \
+           --disable-static
+make %{?_smp_mflags}
+
+%install
+%make_install %{?_smp_mflags}
+
+find %{buildroot} -type f -name "*.la" -delete -print
+
+%files
+%license COPYING
+%doc AUTHORS NEWS ChangeLog README
+%{_bindir}/pamu2fcfg
+%{_mandir}/man?/*
+%{_pam_moduledir}/pam_u2f.so
+
+%changelog