diff --git a/0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch b/0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch new file mode 100644 index 0000000..885b699 --- /dev/null +++ b/0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch @@ -0,0 +1,25 @@ +From 00a46bcead2857002ed720f22b558b6f6d349fc8 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> +Date: Tue, 2 Nov 2021 11:45:59 +0100 +Subject: [PATCH 1/3] Include pam_xauth_data.3.xml in source archive (#400) + +--- + doc/man/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am +index 78c891df..c6fd73db 100644 +--- a/doc/man/Makefile.am ++++ b/doc/man/Makefile.am +@@ -43,7 +43,7 @@ XMLS = pam.3.xml pam.8.xml \ + pam_item_types_std.inc.xml pam_item_types_ext.inc.xml \ + pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml \ + misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \ +- pam_misc_setenv.3.xml ++ pam_misc_setenv.3.xml pam_xauth_data.3.xml + + if ENABLE_REGENERATE_MAN + PAM.8: pam.8 +-- +2.31.1 + diff --git a/0002-Only-include-vendordir-in-manual-page-if-set-401.patch b/0002-Only-include-vendordir-in-manual-page-if-set-401.patch new file mode 100644 index 0000000..f5d345e --- /dev/null +++ b/0002-Only-include-vendordir-in-manual-page-if-set-401.patch @@ -0,0 +1,51 @@ +From 04109c25a7dbd11404f7f23a9a405b9b9d6b7246 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> +Date: Tue, 2 Nov 2021 11:46:24 +0100 +Subject: [PATCH 2/3] Only include vendordir in manual page if set (#401) + +--- + configure.ac | 4 ++-- + doc/man/pam.8.xml | 5 ++--- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git a/configure.ac b/configure.ac +index c06bc7dd..eb98d69a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -507,9 +507,9 @@ AC_ARG_ENABLE([vendordir], + if test -n "$enable_vendordir"; then + AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"], + [Directory for distribution provided configuration files]) +- STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir'" ++ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir'" + else +- STRINGPARAM_VENDORDIR="--stringparam vendordir ''" ++ STRINGPARAM_VENDORDIR="--stringparam profile.condition 'without_vendordir'" + fi + AC_SUBST([STRINGPARAM_VENDORDIR]) + +diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml +index 464af0e5..8eef665a 100644 +--- a/doc/man/pam.8.xml ++++ b/doc/man/pam.8.xml +@@ -158,15 +158,14 @@ closing hook for modules to affect the services available to a user. + + + +- ++ + %vendordir%/pam.d + + + the Linux-PAM vendor configuration + directory. Files in /etc/pam.d and + /usr/lib/pam.d override files with the same +- name in this directory. Only available if Linux-PAM was compiled +- with vendordir enabled. ++ name in this directory. + + + +-- +2.31.1 + diff --git a/0003-Use-vendor-specific-limits.conf-as-fallback-402.patch b/0003-Use-vendor-specific-limits.conf-as-fallback-402.patch new file mode 100644 index 0000000..fab98fe --- /dev/null +++ b/0003-Use-vendor-specific-limits.conf-as-fallback-402.patch @@ -0,0 +1,61 @@ +From 5deaac423159103d02b146afa753a8ebb7fddf09 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> +Date: Wed, 3 Nov 2021 09:02:40 +0100 +Subject: [PATCH 3/3] Use vendor specific limits.conf as fallback (#402) + +* Use vendor specific limits.conf as fallback +--- + modules/pam_limits/pam_limits.8.xml | 6 ++++++ + modules/pam_limits/pam_limits.c | 19 ++++++++++++++++--- + 2 files changed, 22 insertions(+), 3 deletions(-) + +diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml +index bc46cbf4..c1c10eca 100644 +--- a/modules/pam_limits/pam_limits.8.xml ++++ b/modules/pam_limits/pam_limits.8.xml +@@ -57,6 +57,12 @@ + If a config file is explicitly specified with a module option then the + files in the above directory are not parsed. + ++ ++ If there is no explicitly specified configuration file and ++ /etc/security/limits.conf does not exist, ++ %vendordir%/security/limits.conf is used. ++ If this file does not exist, too, an error is thrown. ++ + + The module must not be called by a multithreaded application. + +diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c +index 7cc45d77..53188965 100644 +--- a/modules/pam_limits/pam_limits.c ++++ b/modules/pam_limits/pam_limits.c +@@ -816,9 +816,22 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, + pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE); + fil = fopen(CONF_FILE, "r"); + if (fil == NULL) { +- pam_syslog (pamh, LOG_WARNING, +- "cannot read settings from %s: %m", CONF_FILE); +- return PAM_SERVICE_ERR; ++ int err = errno; ++ ++#ifdef VENDORDIR ++ /* if the specified file does not exist, and it is not provided by ++ the user, try the vendor file as fallback. */ ++ if (pl->conf_file == NULL && err == ENOENT) ++ fil = fopen(VENDORDIR"/security/limits.conf", "r"); ++ ++ if (fil == NULL) ++#endif ++ { ++ pam_syslog (pamh, LOG_WARNING, ++ "cannot read settings from %s: %s", CONF_FILE, ++ strerror(err)); ++ return PAM_SERVICE_ERR; ++ } + } + + /* start the show */ +-- +2.31.1 + diff --git a/Makefile-pam_unix-nis.diff b/Makefile-pam_unix-nis.diff deleted file mode 100644 index a3967c8..0000000 --- a/Makefile-pam_unix-nis.diff +++ /dev/null @@ -1,21 +0,0 @@ -diff -urN Linux-PAM-1.5.1.orig/modules/pam_unix/Makefile.in Linux-PAM-1.5.1/modules/pam_unix/Makefile.in ---- Linux-PAM-1.5.1.orig/modules/pam_unix/Makefile.in 2020-11-25 17:57:14.000000000 +0100 -+++ Linux-PAM-1.5.1/modules/pam_unix/Makefile.in 2021-02-12 14:33:38.159412343 +0100 -@@ -155,7 +155,7 @@ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } - LTLIBRARIES = $(securelib_LTLIBRARIES) --pam_unix_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la -+pam_unix_la_DEPENDENCIES = - am_pam_unix_la_OBJECTS = bigcrypt.lo pam_unix_acct.lo pam_unix_auth.lo \ - pam_unix_passwd.lo pam_unix_sess.lo support.lo passverify.lo \ - yppasswd_xdr.lo md5_good.lo md5_broken.lo -@@ -654,7 +654,7 @@ - - pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module \ - $(am__append_1) --pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ -+pam_unix_la_LIBADD = -lpam \ - @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@ - - securelib_LTLIBRARIES = pam_unix.la diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..86627c6 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + full + diff --git a/baselibs.conf b/baselibs.conf index 7c3bca9..00ed537 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -4,5 +4,3 @@ pam-extra pam-devel pam_unix conflicts "pam_unix-nis-" -pam_unix-nis - conflicts "pam_unix-" diff --git a/common-session.pamd b/common-session.pamd index 0a8ae2c..f20e8c2 100644 --- a/common-session.pamd +++ b/common-session.pamd @@ -6,8 +6,8 @@ # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # +session optional pam_systemd.so session required pam_limits.so session required pam_unix.so try_first_pass session optional pam_umask.so session optional pam_env.so -session optional pam_systemd.so diff --git a/pam.changes b/pam.changes index b9161be..a11b844 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk + +- Don't define doc/manpages packages in main build + +------------------------------------------------------------------- +Wed Nov 24 13:45:22 UTC 2021 - Thorsten Kukuk + +- Add missing recommends and split provides + +------------------------------------------------------------------- +Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk + +- Use multibuild to build docu with correct paths and available + features. + +------------------------------------------------------------------- +Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk + +- common-session: move pam_systemd to first position as if the + file would have been generated with pam-config +- Add vendordir fixes and enhancements from upstream: + - pam_xauth_data.3.xml.patch + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch +- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other + spec file. + ------------------------------------------------------------------- Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec diff --git a/pam.spec b/pam.spec index 3206500..6ca6d85 100644 --- a/pam.spec +++ b/pam.spec @@ -17,6 +17,18 @@ %bcond_with debug +%define flavor @BUILD_FLAVOR@%{nil} + +%if "%{flavor}" == "full" +%define build_main 0 +%define build_doc 1 +%define name_suffix -%{flavor}-src +%else +%define build_main 1 +%define build_doc 0 +%define name_suffix %{nil} +%endif + # %define enable_selinux 1 %define libpam_so_version 0.85.1 @@ -29,7 +41,7 @@ # %{load:%{_sourcedir}/macros.pam} # -Name: pam +Name: pam%{name_suffix} # Version: 1.5.2 Release: 0 @@ -52,11 +64,15 @@ Source12: pam-login_defs-check.sh Source13: pam.tmpfiles Source14: Linux-PAM-%{version}-docs.tar.xz.asc Source15: Linux-PAM-%{version}.tar.xz.asc -Patch2: pam-limit-nproc.patch -Patch4: pam-hostnames-in-access_conf.patch -Patch5: pam-xauth_ownership.patch -Patch8: pam-bsc1177858-dont-free-environment-string.patch -Patch12: pam_umask-usergroups-login_defs.patch +Patch1: pam-limit-nproc.patch +Patch2: pam-hostnames-in-access_conf.patch +Patch3: pam-xauth_ownership.patch +Patch4: pam-bsc1177858-dont-free-environment-string.patch +Patch5: pam_umask-usergroups-login_defs.patch +Patch10: pam_xauth_data.3.xml.patch +Patch11: 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch +Patch12: 0002-Only-include-vendordir-in-manual-page-if-set-401.patch +Patch13: 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex @@ -75,6 +91,7 @@ BuildRequires: libselinux-devel %endif Requires: pam_unix.so Suggests: pam_unix +Recommends: pam-manpages %if 0%{?suse_version} >= 1330 Requires(pre): group(shadow) Requires(pre): user(root) @@ -88,6 +105,7 @@ having to recompile programs that do authentication. %package -n pam_unix Summary: PAM module for standard UNIX authentication Group: System/Libraries +Provides: pam:/%{_lib}/security/pam_unix.so Provides: pam_unix.so Conflicts: pam_unix-nis @@ -111,18 +129,38 @@ This package contains useful extra modules eg pam_userdb which is used to verify a username/password pair against values stored in a Berkeley DB database. -%package doc +%if %{build_doc} + +%package -n pam-doc Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML BuildArch: noarch -%description doc +%description -n pam-doc PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policies without having to recompile programs that do authentication. This package contains the documentation. +%package -n pam-manpages +Summary: Manualpages for Pluggable Authentication Modules +Group: Documentation/HTML +Provides: pam:/%{_mandir}/man8/PAM.8.gz +BuildArch: noarch +BuildRequires: docbook-xsl-stylesheets +BuildRequires: elinks +BuildRequires: xmlgraphics-fop + +%description -n pam-manpages +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the manual pages. + +%endif + %package devel Summary: Include Files and Libraries for PAM Development Group: Development/Libraries/C and C++ @@ -140,11 +178,15 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 cp -a %{SOURCE12} . +%patch1 -p1 %patch2 -p1 +%patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch8 -p1 +%patch10 -p1 +%patch11 -p1 %patch12 -p1 +%patch13 -p1 %build bash ./pam-login_defs-check.sh @@ -167,8 +209,10 @@ CFLAGS="$CFLAGS -DNDEBUG" %make_build gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam +%if %{build_main} %check %make_build check +%endif %install mkdir -p %{buildroot}%{_pam_confdir} @@ -209,16 +253,39 @@ done popd # Install unix2_chkpwd install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{_sbindir} -install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ -# bsc#1188724 -echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 + # rpm macros install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam # /run/motd.d install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf + +mkdir %{buildroot}%{_distconfdir}/security +mv %{buildroot}%{_sysconfdir}/security/limits.conf %{buildroot}%{_distconfdir}/security/limits.conf + +# Remove manual pages for main package +%if !%{build_doc} +rm -rf %{buildroot}%{_mandir}/man[58]/* +install -m 644 modules/pam_userdb/pam_userdb.8 %{buildroot}/%{_mandir}/man8/ +%else +install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ +# bsc#1188724 +echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 +%endif +%if !%{build_main} +rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_includedir},%{_libdir},%{_prefix}/lib} +rm -rf %{buildroot}%{_mandir}/man3/* +rm -rf %{buildroot}%{_mandir}/man8/pam_userdb.8* + +%else + # Create filelist with translations %find_lang Linux-PAM +%endif + +%if %{build_main} + %verifyscript %verify_permissions -e %{_sbindir}/unix_chkpwd %verify_permissions -e %{_sbindir}/unix2_chkpwd @@ -242,11 +309,17 @@ for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/comm done %files -f Linux-PAM.lang -%exclude %{_defaultdocdir}/pam +%doc NEWS +%license COPYING +%exclude %{_defaultdocdir}/pam/html +%exclude %{_defaultdocdir}/pam/modules +%exclude %{_defaultdocdir}/pam/pdf +%exclude %{_defaultdocdir}/pam/*.txt %dir %{_pam_confdir} %dir %{_pam_vendordir} %dir %{_pam_secconfdir} %dir %{_pam_secconfdir}/limits.d +%dir %{_distconfdir}/security %dir %{_prefix}/lib/motd.d %if %{defined config_noreplace} %config(noreplace) %{_pam_confdir}/other @@ -259,7 +332,7 @@ done %config(noreplace) %{_pam_secconfdir}/access.conf %config(noreplace) %{_pam_secconfdir}/group.conf %config(noreplace) %{_pam_secconfdir}/faillock.conf -%config(noreplace) %{_pam_secconfdir}/limits.conf +%{_distconfdir}/security/limits.conf %config(noreplace) %{_pam_secconfdir}/pam_env.conf %if %{enable_selinux} %config(noreplace) %{_pam_secconfdir}/sepermit.conf @@ -268,65 +341,6 @@ done %config(noreplace) %{_pam_secconfdir}/namespace.conf %config(noreplace) %{_pam_secconfdir}/namespace.init %dir %{_pam_secconfdir}/namespace.d -%doc NEWS -%license COPYING -%{_mandir}/man5/environment.5%{?ext_man} -%{_mandir}/man5/*.conf.5%{?ext_man} -%{_mandir}/man5/pam.d.5%{?ext_man} -%{_mandir}/man5/motd.5%{?ext_man} -%{_mandir}/man8/PAM.8%{?ext_man} -%{_mandir}/man8/faillock.8%{?ext_man} -%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} -%{_mandir}/man8/pam.8%{?ext_man} -%{_mandir}/man8/pam_access.8%{?ext_man} -%{_mandir}/man8/pam_debug.8%{?ext_man} -%{_mandir}/man8/pam_deny.8%{?ext_man} -%{_mandir}/man8/pam_echo.8%{?ext_man} -%{_mandir}/man8/pam_env.8%{?ext_man} -%{_mandir}/man8/pam_exec.8%{?ext_man} -%{_mandir}/man8/pam_faildelay.8%{?ext_man} -%{_mandir}/man8/pam_faillock.8%{?ext_man} -%{_mandir}/man8/pam_filter.8%{?ext_man} -%{_mandir}/man8/pam_ftp.8%{?ext_man} -%{_mandir}/man8/pam_group.8%{?ext_man} -%{_mandir}/man8/pam_issue.8%{?ext_man} -%{_mandir}/man8/pam_keyinit.8%{?ext_man} -%{_mandir}/man8/pam_lastlog.8%{?ext_man} -%{_mandir}/man8/pam_limits.8%{?ext_man} -%{_mandir}/man8/pam_listfile.8%{?ext_man} -%{_mandir}/man8/pam_localuser.8%{?ext_man} -%{_mandir}/man8/pam_loginuid.8%{?ext_man} -%{_mandir}/man8/pam_mail.8%{?ext_man} -%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} -%{_mandir}/man8/pam_motd.8%{?ext_man} -%{_mandir}/man8/pam_namespace.8%{?ext_man} -%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} -%{_mandir}/man8/pam_nologin.8%{?ext_man} -%{_mandir}/man8/pam_permit.8%{?ext_man} -%{_mandir}/man8/pam_pwhistory.8%{?ext_man} -%{_mandir}/man8/pam_rhosts.8%{?ext_man} -%{_mandir}/man8/pam_rootok.8%{?ext_man} -%{_mandir}/man8/pam_securetty.8%{?ext_man} -%{_mandir}/man8/pam_selinux.8%{?ext_man} -%{_mandir}/man8/pam_sepermit.8%{?ext_man} -%{_mandir}/man8/pam_setquota.8%{?ext_man} -%{_mandir}/man8/pam_shells.8%{?ext_man} -%{_mandir}/man8/pam_stress.8%{?ext_man} -%{_mandir}/man8/pam_succeed_if.8%{?ext_man} -%{_mandir}/man8/pam_time.8%{?ext_man} -%{_mandir}/man8/pam_timestamp.8%{?ext_man} -%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} -%{_mandir}/man8/pam_tty_audit.8%{?ext_man} -%{_mandir}/man8/pam_umask.8%{?ext_man} -%{_mandir}/man8/pam_unix.8%{?ext_man} -%{_mandir}/man8/pam_usertype.8%{?ext_man} -%{_mandir}/man8/pam_warn.8%{?ext_man} -%{_mandir}/man8/pam_wheel.8%{?ext_man} -%{_mandir}/man8/pam_xauth.8%{?ext_man} -%{_mandir}/man8/pwhistory_helper.8%{?ext_man} -%{_mandir}/man8/unix2_chkpwd.8%{?ext_man} -%{_mandir}/man8/unix_chkpwd.8%{?ext_man} -%{_mandir}/man8/unix_update.8%{?ext_man} %{_libdir}/libpam.so.0 %{_libdir}/libpam.so.%{libpam_so_version} %{_libdir}/libpamc.so.0 @@ -404,14 +418,6 @@ done %{_pam_moduledir}/pam_userdb.so %{_mandir}/man8/pam_userdb.8%{?ext_man} -%files doc -%defattr(644,root,root,755) -%dir %{_defaultdocdir}/pam -%doc %{_defaultdocdir}/pam/html -%doc %{_defaultdocdir}/pam/modules -%doc %{_defaultdocdir}/pam/pdf -%doc %{_defaultdocdir}/pam/*.txt - %files devel %defattr(644,root,root,755) %dir %{_includedir}/security @@ -424,4 +430,77 @@ done %{_rpmmacrodir}/macros.pam %{_libdir}/pkgconfig/pam*.pc +%endif + +%if %{build_doc} + +%files -n pam-doc +%defattr(644,root,root,755) +%dir %{_defaultdocdir}/pam +%doc %{_defaultdocdir}/pam/html +%doc %{_defaultdocdir}/pam/modules +%doc %{_defaultdocdir}/pam/pdf +%doc %{_defaultdocdir}/pam/*.txt + +%files -n pam-manpages +%{_mandir}/man5/environment.5%{?ext_man} +%{_mandir}/man5/*.conf.5%{?ext_man} +%{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man5/motd.5%{?ext_man} +%{_mandir}/man8/PAM.8%{?ext_man} +%{_mandir}/man8/faillock.8%{?ext_man} +%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} +%{_mandir}/man8/pam.8%{?ext_man} +%{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_debug.8%{?ext_man} +%{_mandir}/man8/pam_deny.8%{?ext_man} +%{_mandir}/man8/pam_echo.8%{?ext_man} +%{_mandir}/man8/pam_env.8%{?ext_man} +%{_mandir}/man8/pam_exec.8%{?ext_man} +%{_mandir}/man8/pam_faildelay.8%{?ext_man} +%{_mandir}/man8/pam_faillock.8%{?ext_man} +%{_mandir}/man8/pam_filter.8%{?ext_man} +%{_mandir}/man8/pam_ftp.8%{?ext_man} +%{_mandir}/man8/pam_group.8%{?ext_man} +%{_mandir}/man8/pam_issue.8%{?ext_man} +%{_mandir}/man8/pam_keyinit.8%{?ext_man} +%{_mandir}/man8/pam_lastlog.8%{?ext_man} +%{_mandir}/man8/pam_limits.8%{?ext_man} +%{_mandir}/man8/pam_listfile.8%{?ext_man} +%{_mandir}/man8/pam_localuser.8%{?ext_man} +%{_mandir}/man8/pam_loginuid.8%{?ext_man} +%{_mandir}/man8/pam_mail.8%{?ext_man} +%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} +%{_mandir}/man8/pam_motd.8%{?ext_man} +%{_mandir}/man8/pam_namespace.8%{?ext_man} +%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} +%{_mandir}/man8/pam_nologin.8%{?ext_man} +%{_mandir}/man8/pam_permit.8%{?ext_man} +%{_mandir}/man8/pam_pwhistory.8%{?ext_man} +%{_mandir}/man8/pam_rhosts.8%{?ext_man} +%{_mandir}/man8/pam_rootok.8%{?ext_man} +%{_mandir}/man8/pam_securetty.8%{?ext_man} +%{_mandir}/man8/pam_selinux.8%{?ext_man} +%{_mandir}/man8/pam_sepermit.8%{?ext_man} +%{_mandir}/man8/pam_setquota.8%{?ext_man} +%{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_stress.8%{?ext_man} +%{_mandir}/man8/pam_succeed_if.8%{?ext_man} +%{_mandir}/man8/pam_time.8%{?ext_man} +%{_mandir}/man8/pam_timestamp.8%{?ext_man} +%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} +%{_mandir}/man8/pam_tty_audit.8%{?ext_man} +%{_mandir}/man8/pam_umask.8%{?ext_man} +%{_mandir}/man8/pam_unix.8%{?ext_man} +%{_mandir}/man8/pam_usertype.8%{?ext_man} +%{_mandir}/man8/pam_warn.8%{?ext_man} +%{_mandir}/man8/pam_wheel.8%{?ext_man} +%{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/pwhistory_helper.8%{?ext_man} +%{_mandir}/man8/unix2_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_update.8%{?ext_man} + +%endif + %changelog diff --git a/pam_unix-nis.changes b/pam_unix-nis.changes deleted file mode 100644 index cfe83cc..0000000 --- a/pam_unix-nis.changes +++ /dev/null @@ -1,32 +0,0 @@ -------------------------------------------------------------------- -Fri Sep 10 10:23:13 UTC 2021 - Thorsten Kukuk - -- Update to version 1.5.2 - -------------------------------------------------------------------- -Tue Jul 13 13:40:54 UTC 2021 - Thorsten Kukuk - -- revert-check_shadow_expiry.diff: revert wrong - CRYPT_SALT_METHOD_LEGACY check. - -------------------------------------------------------------------- -Wed Jun 9 14:02:02 UTC 2021 - Ludwig Nussel - -- Remove usrmerged conditional as it's now the default - -------------------------------------------------------------------- -Thu Feb 18 22:16:58 UTC 2021 - Thorsten Kukuk - -- Add missing conflicts for pam_unix - -------------------------------------------------------------------- -Tue Feb 16 10:27:27 UTC 2021 - Thorsten Kukuk - -- Fix split provides and BuildRequires -- Makefile-pam_unix-nis.diff: Link pam_unix-nis.so against outside - pam library - -------------------------------------------------------------------- -Fri Feb 12 13:44:39 UTC 2021 - Thorsten Kukuk - -- standalone pam_unix with NIS support diff --git a/pam_unix-nis.spec b/pam_unix-nis.spec deleted file mode 100644 index 50f4fac..0000000 --- a/pam_unix-nis.spec +++ /dev/null @@ -1,88 +0,0 @@ -# -# spec file for package pam -# -# Copyright (c) 2020 SUSE LLC -# -# All modifications and additions to the file contributed by third parties -# remain the property of their copyright owners, unless otherwise agreed -# upon. The license for this file, and modifications and additions to the -# file, is the same license as for the pristine package itself (unless the -# license for the pristine package is not an Open Source License, in which -# case the license is the MIT License). An "Open Source License" is a -# license that conforms to the Open Source Definition (Version 1.9) -# published by the Open Source Initiative. - -# Please submit bugfixes or comments via https://bugs.opensuse.org/ -# - - -# -%define enable_selinux 1 -%define libpam_so_version 0.85.1 -%define libpam_misc_so_version 0.82.1 -%define libpamc_so_version 0.82.1 -%if ! %{defined _distconfdir} - %define _distconfdir %{_sysconfdir} - %define config_noreplace 1 -%endif -Name: pam_unix-nis -# -Version: 1.5.2 -Release: 0 -Summary: PAM module for standard UNIX and NIS authentication -License: GPL-2.0-or-later OR BSD-3-Clause -Group: System/Libraries -URL: http://www.linux-pam.org/ -Source: Linux-PAM-%{version}.tar.xz -Source9: baselibs.conf -Patch: Makefile-pam_unix-nis.diff -BuildRequires: pam-devel -%if 0%{?suse_version} > 1320 -BuildRequires: pkgconfig(libeconf) -BuildRequires: pkgconfig(libnsl) -BuildRequires: pkgconfig(libtirpc) -%endif -%if %{enable_selinux} -BuildRequires: libselinux-devel -%endif -Provides: pam:/%{_lib}/security/pam_unix.so -Provides: pam_unix.so -Conflicts: pam_unix - -%description -This package contains the pam_unix module, which does the standard -UNIX authentication against the passwd and shadow database. This -module has NIS support. - -%prep -%setup -q -n Linux-PAM-%{version} -%patch -p1 - -%build -export CFLAGS="%{optflags} -DNDEBUG" -%configure \ - --includedir=%{_includedir}/security \ - --docdir=%{_docdir}/pam \ - --htmldir=%{_docdir}/pam/html \ - --pdfdir=%{_docdir}/pam/pdf \ - --enable-isadir=../..%{_pam_moduledir} \ - --enable-securedir=%{_pam_moduledir} \ - --enable-vendordir=%{_distconfdir} -make -C modules/pam_unix - -%install -mkdir -p %{buildroot}%{_pam_moduledir} -install -m 755 modules/pam_unix/.libs/pam_unix.so %{buildroot}%{_pam_moduledir}/ -for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do - ln -f %{buildroot}%{_pam_moduledir}/pam_unix.so %{buildroot}%{_pam_moduledir}/$x.so -done - -%files -%license COPYING -%{_pam_moduledir}/pam_unix.so -%{_pam_moduledir}/pam_unix_acct.so -%{_pam_moduledir}/pam_unix_auth.so -%{_pam_moduledir}/pam_unix_passwd.so -%{_pam_moduledir}/pam_unix_session.so - -%changelog diff --git a/pam_xauth_data.3.xml.patch b/pam_xauth_data.3.xml.patch new file mode 100644 index 0000000..7902e64 --- /dev/null +++ b/pam_xauth_data.3.xml.patch @@ -0,0 +1,97 @@ +--- a/doc/man/pam_xauth_data.3.xml 2021-11-01 12:04:45.640077994 +0100 ++++ b/doc/man/pam_xauth_data.3.xml 2019-09-24 13:06:13.531781973 +0200 +@@ -0,0 +1,94 @@ ++ ++ ++ ++ ++ ++ ++ pam_xauth_data ++ 3 ++ Linux-PAM Manual ++ ++ ++ ++ pam_xauth_data ++ structure containing X authentication data ++ ++ ++ ++ ++ ++ ++ #include <security/pam_appl.h> ++ ++ ++struct pam_xauth_data { ++ int namelen; ++ char *name; ++ int datalen; ++ char *data; ++}; ++ ++ ++ ++ ++ DESCRIPTION ++ ++ The pam_xauth_data structure contains X ++ authentication data used to make a connection to an X display. ++ Using this mechanism, an application can communicate X ++ authentication data to PAM service modules. This allows modules to ++ make a connection to the user's X display in order to label the ++ user's session on login, display visual feedback or for other ++ purposes. ++ ++ ++ The name field contains the name of the ++ authentication method, such as "MIT-MAGIC-COOKIE-1". The ++ namelen field contains the length of this string, ++ not including the trailing NUL character. ++ ++ ++ The data field contains the authentication ++ method-specific data corresponding to the specified name. The ++ datalen field contains its length in bytes. ++ ++ ++ The X authentication data can be changed with the ++ PAM_XAUTH_DATA item. It can be queried and ++ set with ++ ++ pam_get_item3 ++ ++ and ++ ++ pam_set_item 3 ++ respectively. The value used to set it should be ++ a pointer to a pam_xauth_data structure. An internal copy of both ++ the structure itself and its fields is made by PAM when setting the ++ item. ++ ++ ++ ++ ++ SEE ALSO ++ ++ ++ pam_start3 ++ , ++ ++ pam_get_item3 ++ , ++ ++ ++ ++ ++ STANDARDS ++ ++ The pam_xauth_data structure and ++ PAM_XAUTH_DATA item are ++ Linux-PAM extensions. ++ ++ ++ ++