oath-toolkit/oath-toolkit.spec
Torsten Gruner fffc024737 - Fix security issue CVE-2024-47191 by adding
0001-usersfile-fix-potential-security-issues-in-PAM-modul.patch .
- Add patch to implement new null_usersfile_okay argument
  42-null_usersfile_okay.patch .
- Makes this version 2.6.11.12 to be able to depend on it.

OBS-URL: https://build.opensuse.org/package/show/security/oath-toolkit?expand=0&rev=39
2024-10-07 14:39:11 +00:00

205 lines
6.5 KiB
RPMSpec

#
# spec file for package oath-toolkit
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{!?_pam_moduledir: %define _pam_moduledir /%{_lib}/security}
Name: oath-toolkit
Version: 2.6.11.12
Release: 0
Summary: Toolkit for one-time password authentication systems
License: GPL-3.0-or-later AND LGPL-2.1-or-later
Group: Productivity/Networking/Security
URL: https://www.nongnu.org/oath-toolkit/
Source: https://download-mirror.savannah.gnu.org/releases/%{name}/%{name}-2.6.11.tar.gz
Source1: https://download-mirror.savannah.gnu.org/releases/%{name}/%{name}-2.6.11.tar.gz.sig
Source99: %{name}.keyring
Patch001: 0001-usersfile-fix-potential-security-issues-in-PAM-modul.patch
# https://gitlab.com/oath-toolkit/oath-toolkit/-/merge_requests/42
Patch002: 42-null_usersfile_okay.patch
BuildRequires: bison
BuildRequires: gengetopt
BuildRequires: libgcrypt-devel
BuildRequires: libtool
BuildRequires: pam-devel
BuildRequires: pkgconfig
BuildRequires: pkgconfig(gtk-doc)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(xmlsec1)
%description
The OATH Toolkit makes it possible to build one-time password
authentication systems. It contains shared libraries, command line
tools and a PAM module. Supported technologies include the
event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm
(RFC6238). OATH stands for Open AuTHentication, which is the
organization that specify the algorithms. For managing secret key
files, the Portable Symmetric Key Container (PSKC) format described in
RFC6030 is supported.
%package -n pam_oath
Summary: PAM module for pluggable login authentication for OATH
License: GPL-3.0-or-later
Group: Productivity/Networking/Security
%description -n pam_oath
The OATH Toolkit makes it possible to build one-time password
authentication systems.
This subpackage contains a module to integrate OATH into PAM.
%package -n liboath0
Summary: Library for Open AuTHentication (OATH) HOTP support
License: LGPL-2.1-or-later
Group: System/Libraries
Requires: %{name}-xml >= %{version}
%description -n liboath0
The OATH Toolkit makes it possible to build one-time password
authentication systems. Supported technologies include the
event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm
(RFC6238).
%package xml
Summary: XML data files needed by liboath
License: GPL-3.0-or-later AND LGPL-2.1-or-later
Group: Productivity/Networking/Security
BuildArch: noarch
%description xml
The OATH Toolkit makes it possible to build one-time password
authentication systems. It contains shared libraries, command line
tools and a PAM module. Supported technologies include the
event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm
(RFC6238). OATH stands for Open AuTHentication, which is the
organization that specify the algorithms. For managing secret key
files, the Portable Symmetric Key Container (PSKC) format described in
RFC6030 is supported.
%package -n liboath-devel
Summary: Development files for the Open AuTHentication (OATH) HOTP support library
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: liboath0 = %{version}
%description -n liboath-devel
The OATH Toolkit makes it possible to build one-time password
authentication systems.
This subpackage contains the header files for the HOTP/TOTP library.
%package -n libpskc0
Summary: Library for Portable Symmetric Key Container
License: LGPL-2.1-or-later
Group: System/Libraries
%description -n libpskc0
The OATH Toolkit makes it possible to build one-time password
authentication systems.
For managing secret key files, the Portable Symmetric Key Container
(PSKC) format described in RFC6030 is supported.
%package -n libpskc-devel
Summary: Development files for the Portable Symmetric Key Container library
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libpskc0 = %{version}
%description -n libpskc-devel
The OATH Toolkit makes it possible to build one-time password
authentication systems.
For managing secret key files, the Portable Symmetric Key Container
(PSKC) format described in RFC6030 is supported.
This subpackage contains the headers for this library.
%prep
%setup -q -n %{name}-2.6.11
%patch -P 001 -p1
%patch -P 002 -p1
%build
autoreconf -fiv
%configure \
--with-pam-dir=%{_pam_moduledir} \
--with-libgcrypt \
--disable-silent-rules \
--disable-static
# Only SLE and openSUSE >= 15.0 are using rpm >= 4.12
# See https://en.opensuse.org/openSUSE:Build_system_recipes#automake
%if 0%{?sle_version} >= 150000
%make_build
%else
make %{?_smp_mflags}
%endif
%install
%make_install
mv COPYING COPYING.summary
find %{buildroot} -type f -name "*.la" -delete -print
%post -n liboath0 -p /sbin/ldconfig
%postun -n liboath0 -p /sbin/ldconfig
%post -n libpskc0 -p /sbin/ldconfig
%postun -n libpskc0 -p /sbin/ldconfig
%files
%license COPYING.summary
%doc ChangeLog NEWS README
%license oathtool/COPYING
%{_bindir}/oathtool
%{_mandir}/man1/oathtool.*
%{_bindir}/pskctool
%{_mandir}/man1/pskctool.*
%files -n pam_oath
%doc pam_oath/README
%license pam_oath/COPYING
%{_pam_moduledir}/pam_oath.so
%files -n liboath0
%license liboath/COPYING
%{_libdir}/liboath.so.*
%files xml
%{_datadir}/xml/pskc/
%files -n liboath-devel
%{_libdir}/liboath.so
%{_includedir}/liboath/
%{_libdir}/pkgconfig/liboath.pc
%doc %{_datadir}/gtk-doc/html/liboath
%{_mandir}/man3/oath_*
%files -n libpskc0
# there's no COPYING for libpskc, but it's LGPL, like liboath
%doc libpskc/README
%license liboath/COPYING
%{_libdir}/libpskc.so.*
%files -n libpskc-devel
%{_libdir}/libpskc.so
%{_includedir}/pskc/
%{_libdir}/pkgconfig/libpskc.pc
%doc %{_datadir}/gtk-doc/html/libpskc
%{_mandir}/man3/pskc_*
%changelog