From 30c0969bef137b1beda35e82d82da5c60f0f4726ea28cb28275eff58f5c17b3d Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 24 Nov 2021 13:43:37 +0000 Subject: [PATCH 1/4] Accepting request 933444 from home:kukuk:tiu - Use multibuild to build docu with correct paths and available features. - common-session: move pam_systemd to first position as if the file would have been generated with pam-config - Add vendordir fixes and enhancements from upstream: - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch OBS-URL: https://build.opensuse.org/request/show/933444 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=254 --- ...uth_data.3.xml-in-source-archive-400.patch | 25 ++ ...-vendordir-in-manual-page-if-set-401.patch | 51 ++++ ...specific-limits.conf-as-fallback-402.patch | 61 +++++ _multibuild | 3 + common-session.pamd | 2 +- pam.changes | 16 ++ pam.spec | 235 ++++++++++++------ pam_unix-nis.changes | 32 --- pam_unix-nis.spec | 88 ------- pam_xauth_data.3.xml.patch | 97 ++++++++ 10 files changed, 408 insertions(+), 202 deletions(-) create mode 100644 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch create mode 100644 0002-Only-include-vendordir-in-manual-page-if-set-401.patch create mode 100644 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch create mode 100644 _multibuild delete mode 100644 pam_unix-nis.changes delete mode 100644 pam_unix-nis.spec create mode 100644 pam_xauth_data.3.xml.patch diff --git a/0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch b/0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch new file mode 100644 index 0000000..885b699 --- /dev/null +++ b/0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch @@ -0,0 +1,25 @@ +From 00a46bcead2857002ed720f22b558b6f6d349fc8 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> +Date: Tue, 2 Nov 2021 11:45:59 +0100 +Subject: [PATCH 1/3] Include pam_xauth_data.3.xml in source archive (#400) + +--- + doc/man/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am +index 78c891df..c6fd73db 100644 +--- a/doc/man/Makefile.am ++++ b/doc/man/Makefile.am +@@ -43,7 +43,7 @@ XMLS = pam.3.xml pam.8.xml \ + pam_item_types_std.inc.xml pam_item_types_ext.inc.xml \ + pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml \ + misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \ +- pam_misc_setenv.3.xml ++ pam_misc_setenv.3.xml pam_xauth_data.3.xml + + if ENABLE_REGENERATE_MAN + PAM.8: pam.8 +-- +2.31.1 + diff --git a/0002-Only-include-vendordir-in-manual-page-if-set-401.patch b/0002-Only-include-vendordir-in-manual-page-if-set-401.patch new file mode 100644 index 0000000..f5d345e --- /dev/null +++ b/0002-Only-include-vendordir-in-manual-page-if-set-401.patch @@ -0,0 +1,51 @@ +From 04109c25a7dbd11404f7f23a9a405b9b9d6b7246 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> +Date: Tue, 2 Nov 2021 11:46:24 +0100 +Subject: [PATCH 2/3] Only include vendordir in manual page if set (#401) + +--- + configure.ac | 4 ++-- + doc/man/pam.8.xml | 5 ++--- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git a/configure.ac b/configure.ac +index c06bc7dd..eb98d69a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -507,9 +507,9 @@ AC_ARG_ENABLE([vendordir], + if test -n "$enable_vendordir"; then + AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"], + [Directory for distribution provided configuration files]) +- STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir'" ++ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir'" + else +- STRINGPARAM_VENDORDIR="--stringparam vendordir ''" ++ STRINGPARAM_VENDORDIR="--stringparam profile.condition 'without_vendordir'" + fi + AC_SUBST([STRINGPARAM_VENDORDIR]) + +diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml +index 464af0e5..8eef665a 100644 +--- a/doc/man/pam.8.xml ++++ b/doc/man/pam.8.xml +@@ -158,15 +158,14 @@ closing hook for modules to affect the services available to a user. + + + +- ++ + %vendordir%/pam.d + + + the Linux-PAM vendor configuration + directory. Files in /etc/pam.d and + /usr/lib/pam.d override files with the same +- name in this directory. Only available if Linux-PAM was compiled +- with vendordir enabled. ++ name in this directory. + + + +-- +2.31.1 + diff --git a/0003-Use-vendor-specific-limits.conf-as-fallback-402.patch b/0003-Use-vendor-specific-limits.conf-as-fallback-402.patch new file mode 100644 index 0000000..fab98fe --- /dev/null +++ b/0003-Use-vendor-specific-limits.conf-as-fallback-402.patch @@ -0,0 +1,61 @@ +From 5deaac423159103d02b146afa753a8ebb7fddf09 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> +Date: Wed, 3 Nov 2021 09:02:40 +0100 +Subject: [PATCH 3/3] Use vendor specific limits.conf as fallback (#402) + +* Use vendor specific limits.conf as fallback +--- + modules/pam_limits/pam_limits.8.xml | 6 ++++++ + modules/pam_limits/pam_limits.c | 19 ++++++++++++++++--- + 2 files changed, 22 insertions(+), 3 deletions(-) + +diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml +index bc46cbf4..c1c10eca 100644 +--- a/modules/pam_limits/pam_limits.8.xml ++++ b/modules/pam_limits/pam_limits.8.xml +@@ -57,6 +57,12 @@ + If a config file is explicitly specified with a module option then the + files in the above directory are not parsed. + ++ ++ If there is no explicitly specified configuration file and ++ /etc/security/limits.conf does not exist, ++ %vendordir%/security/limits.conf is used. ++ If this file does not exist, too, an error is thrown. ++ + + The module must not be called by a multithreaded application. + +diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c +index 7cc45d77..53188965 100644 +--- a/modules/pam_limits/pam_limits.c ++++ b/modules/pam_limits/pam_limits.c +@@ -816,9 +816,22 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, + pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE); + fil = fopen(CONF_FILE, "r"); + if (fil == NULL) { +- pam_syslog (pamh, LOG_WARNING, +- "cannot read settings from %s: %m", CONF_FILE); +- return PAM_SERVICE_ERR; ++ int err = errno; ++ ++#ifdef VENDORDIR ++ /* if the specified file does not exist, and it is not provided by ++ the user, try the vendor file as fallback. */ ++ if (pl->conf_file == NULL && err == ENOENT) ++ fil = fopen(VENDORDIR"/security/limits.conf", "r"); ++ ++ if (fil == NULL) ++#endif ++ { ++ pam_syslog (pamh, LOG_WARNING, ++ "cannot read settings from %s: %s", CONF_FILE, ++ strerror(err)); ++ return PAM_SERVICE_ERR; ++ } + } + + /* start the show */ +-- +2.31.1 + diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..86627c6 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + full + diff --git a/common-session.pamd b/common-session.pamd index 0a8ae2c..f20e8c2 100644 --- a/common-session.pamd +++ b/common-session.pamd @@ -6,8 +6,8 @@ # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # +session optional pam_systemd.so session required pam_limits.so session required pam_unix.so try_first_pass session optional pam_umask.so session optional pam_env.so -session optional pam_systemd.so diff --git a/pam.changes b/pam.changes index b9161be..19095fe 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk + +- Use multibuild to build docu with correct paths and available + features. + +------------------------------------------------------------------- +Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk + +- common-session: move pam_systemd to first position as if the + file would have been generated with pam-config +- Add vendordir fixes and enhancements from upstream: + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch + ------------------------------------------------------------------- Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec diff --git a/pam.spec b/pam.spec index 3206500..831c81c 100644 --- a/pam.spec +++ b/pam.spec @@ -17,6 +17,18 @@ %bcond_with debug +%define flavor @BUILD_FLAVOR@%{nil} + +%if "%{flavor}" == "full" +%define build_main 0 +%define build_doc 1 +%define name_suffix -%{flavor}-src +%else +%define build_main 1 +%define build_doc 0 +%define name_suffix %{nil} +%endif + # %define enable_selinux 1 %define libpam_so_version 0.85.1 @@ -29,7 +41,7 @@ # %{load:%{_sourcedir}/macros.pam} # -Name: pam +Name: pam%{name_suffix} # Version: 1.5.2 Release: 0 @@ -52,11 +64,15 @@ Source12: pam-login_defs-check.sh Source13: pam.tmpfiles Source14: Linux-PAM-%{version}-docs.tar.xz.asc Source15: Linux-PAM-%{version}.tar.xz.asc -Patch2: pam-limit-nproc.patch -Patch4: pam-hostnames-in-access_conf.patch -Patch5: pam-xauth_ownership.patch -Patch8: pam-bsc1177858-dont-free-environment-string.patch -Patch12: pam_umask-usergroups-login_defs.patch +Patch1: pam-limit-nproc.patch +Patch2: pam-hostnames-in-access_conf.patch +Patch3: pam-xauth_ownership.patch +Patch4: pam-bsc1177858-dont-free-environment-string.patch +Patch5: pam_umask-usergroups-login_defs.patch +Patch10: pam_xauth_data.3.xml.patch +Patch11: 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch +Patch12: 0002-Only-include-vendordir-in-manual-page-if-set-401.patch +Patch13: 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex @@ -88,6 +104,7 @@ having to recompile programs that do authentication. %package -n pam_unix Summary: PAM module for standard UNIX authentication Group: System/Libraries +Provides: pam:/%{_lib}/security/pam_unix.so Provides: pam_unix.so Conflicts: pam_unix-nis @@ -111,18 +128,33 @@ This package contains useful extra modules eg pam_userdb which is used to verify a username/password pair against values stored in a Berkeley DB database. -%package doc +%package -n pam-doc Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML BuildArch: noarch -%description doc +%description -n pam-doc PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policies without having to recompile programs that do authentication. This package contains the documentation. +%package -n pam-manpages +Summary: Manualpages for Pluggable Authentication Modules +Group: Documentation/HTML +BuildArch: noarch +BuildRequires: docbook-xsl-stylesheets +BuildRequires: elinks +BuildRequires: xmlgraphics-fop + +%description -n pam-manpages +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the manual pages. + %package devel Summary: Include Files and Libraries for PAM Development Group: Development/Libraries/C and C++ @@ -140,11 +172,15 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 cp -a %{SOURCE12} . +%patch1 -p1 %patch2 -p1 +%patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch8 -p1 +%patch10 -p1 +%patch11 -p1 %patch12 -p1 +%patch13 -p1 %build bash ./pam-login_defs-check.sh @@ -167,8 +203,10 @@ CFLAGS="$CFLAGS -DNDEBUG" %make_build gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam +%if %{build_main} %check %make_build check +%endif %install mkdir -p %{buildroot}%{_pam_confdir} @@ -209,16 +247,39 @@ done popd # Install unix2_chkpwd install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{_sbindir} -install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ -# bsc#1188724 -echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 + # rpm macros install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam # /run/motd.d install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf + +mkdir %{buildroot}%{_distconfdir}/security +mv %{buildroot}%{_sysconfdir}/security/limits.conf %{buildroot}%{_distconfdir}/security/limits.conf + +# Remove manual pages for main package +%if !%{build_doc} +rm -rf %{buildroot}%{_mandir}/man[58]/* +install -m 644 modules/pam_userdb/pam_userdb.8 %{buildroot}/%{_mandir}/man8/ +%else +install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ +# bsc#1188724 +echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 +%endif +%if !%{build_main} +rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_includedir},%{_libdir},%{_prefix}/lib} +rm -rf %{buildroot}%{_mandir}/man3/* +rm -rf %{buildroot}%{_mandir}/man8/pam_userdb.8* + +%else + # Create filelist with translations %find_lang Linux-PAM +%endif + +%if %{build_main} + %verifyscript %verify_permissions -e %{_sbindir}/unix_chkpwd %verify_permissions -e %{_sbindir}/unix2_chkpwd @@ -242,11 +303,17 @@ for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/comm done %files -f Linux-PAM.lang -%exclude %{_defaultdocdir}/pam +%doc NEWS +%license COPYING +%exclude %{_defaultdocdir}/pam/html +%exclude %{_defaultdocdir}/pam/modules +%exclude %{_defaultdocdir}/pam/pdf +%exclude %{_defaultdocdir}/pam/*.txt %dir %{_pam_confdir} %dir %{_pam_vendordir} %dir %{_pam_secconfdir} %dir %{_pam_secconfdir}/limits.d +%dir %{_distconfdir}/security %dir %{_prefix}/lib/motd.d %if %{defined config_noreplace} %config(noreplace) %{_pam_confdir}/other @@ -259,7 +326,7 @@ done %config(noreplace) %{_pam_secconfdir}/access.conf %config(noreplace) %{_pam_secconfdir}/group.conf %config(noreplace) %{_pam_secconfdir}/faillock.conf -%config(noreplace) %{_pam_secconfdir}/limits.conf +%{_distconfdir}/security/limits.conf %config(noreplace) %{_pam_secconfdir}/pam_env.conf %if %{enable_selinux} %config(noreplace) %{_pam_secconfdir}/sepermit.conf @@ -268,65 +335,6 @@ done %config(noreplace) %{_pam_secconfdir}/namespace.conf %config(noreplace) %{_pam_secconfdir}/namespace.init %dir %{_pam_secconfdir}/namespace.d -%doc NEWS -%license COPYING -%{_mandir}/man5/environment.5%{?ext_man} -%{_mandir}/man5/*.conf.5%{?ext_man} -%{_mandir}/man5/pam.d.5%{?ext_man} -%{_mandir}/man5/motd.5%{?ext_man} -%{_mandir}/man8/PAM.8%{?ext_man} -%{_mandir}/man8/faillock.8%{?ext_man} -%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} -%{_mandir}/man8/pam.8%{?ext_man} -%{_mandir}/man8/pam_access.8%{?ext_man} -%{_mandir}/man8/pam_debug.8%{?ext_man} -%{_mandir}/man8/pam_deny.8%{?ext_man} -%{_mandir}/man8/pam_echo.8%{?ext_man} -%{_mandir}/man8/pam_env.8%{?ext_man} -%{_mandir}/man8/pam_exec.8%{?ext_man} -%{_mandir}/man8/pam_faildelay.8%{?ext_man} -%{_mandir}/man8/pam_faillock.8%{?ext_man} -%{_mandir}/man8/pam_filter.8%{?ext_man} -%{_mandir}/man8/pam_ftp.8%{?ext_man} -%{_mandir}/man8/pam_group.8%{?ext_man} -%{_mandir}/man8/pam_issue.8%{?ext_man} -%{_mandir}/man8/pam_keyinit.8%{?ext_man} -%{_mandir}/man8/pam_lastlog.8%{?ext_man} -%{_mandir}/man8/pam_limits.8%{?ext_man} -%{_mandir}/man8/pam_listfile.8%{?ext_man} -%{_mandir}/man8/pam_localuser.8%{?ext_man} -%{_mandir}/man8/pam_loginuid.8%{?ext_man} -%{_mandir}/man8/pam_mail.8%{?ext_man} -%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} -%{_mandir}/man8/pam_motd.8%{?ext_man} -%{_mandir}/man8/pam_namespace.8%{?ext_man} -%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} -%{_mandir}/man8/pam_nologin.8%{?ext_man} -%{_mandir}/man8/pam_permit.8%{?ext_man} -%{_mandir}/man8/pam_pwhistory.8%{?ext_man} -%{_mandir}/man8/pam_rhosts.8%{?ext_man} -%{_mandir}/man8/pam_rootok.8%{?ext_man} -%{_mandir}/man8/pam_securetty.8%{?ext_man} -%{_mandir}/man8/pam_selinux.8%{?ext_man} -%{_mandir}/man8/pam_sepermit.8%{?ext_man} -%{_mandir}/man8/pam_setquota.8%{?ext_man} -%{_mandir}/man8/pam_shells.8%{?ext_man} -%{_mandir}/man8/pam_stress.8%{?ext_man} -%{_mandir}/man8/pam_succeed_if.8%{?ext_man} -%{_mandir}/man8/pam_time.8%{?ext_man} -%{_mandir}/man8/pam_timestamp.8%{?ext_man} -%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} -%{_mandir}/man8/pam_tty_audit.8%{?ext_man} -%{_mandir}/man8/pam_umask.8%{?ext_man} -%{_mandir}/man8/pam_unix.8%{?ext_man} -%{_mandir}/man8/pam_usertype.8%{?ext_man} -%{_mandir}/man8/pam_warn.8%{?ext_man} -%{_mandir}/man8/pam_wheel.8%{?ext_man} -%{_mandir}/man8/pam_xauth.8%{?ext_man} -%{_mandir}/man8/pwhistory_helper.8%{?ext_man} -%{_mandir}/man8/unix2_chkpwd.8%{?ext_man} -%{_mandir}/man8/unix_chkpwd.8%{?ext_man} -%{_mandir}/man8/unix_update.8%{?ext_man} %{_libdir}/libpam.so.0 %{_libdir}/libpam.so.%{libpam_so_version} %{_libdir}/libpamc.so.0 @@ -404,14 +412,6 @@ done %{_pam_moduledir}/pam_userdb.so %{_mandir}/man8/pam_userdb.8%{?ext_man} -%files doc -%defattr(644,root,root,755) -%dir %{_defaultdocdir}/pam -%doc %{_defaultdocdir}/pam/html -%doc %{_defaultdocdir}/pam/modules -%doc %{_defaultdocdir}/pam/pdf -%doc %{_defaultdocdir}/pam/*.txt - %files devel %defattr(644,root,root,755) %dir %{_includedir}/security @@ -424,4 +424,77 @@ done %{_rpmmacrodir}/macros.pam %{_libdir}/pkgconfig/pam*.pc +%endif + +%if %{build_doc} + +%files -n pam-doc +%defattr(644,root,root,755) +%dir %{_defaultdocdir}/pam +%doc %{_defaultdocdir}/pam/html +%doc %{_defaultdocdir}/pam/modules +%doc %{_defaultdocdir}/pam/pdf +%doc %{_defaultdocdir}/pam/*.txt + +%files -n pam-manpages +%{_mandir}/man5/environment.5%{?ext_man} +%{_mandir}/man5/*.conf.5%{?ext_man} +%{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man5/motd.5%{?ext_man} +%{_mandir}/man8/PAM.8%{?ext_man} +%{_mandir}/man8/faillock.8%{?ext_man} +%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} +%{_mandir}/man8/pam.8%{?ext_man} +%{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_debug.8%{?ext_man} +%{_mandir}/man8/pam_deny.8%{?ext_man} +%{_mandir}/man8/pam_echo.8%{?ext_man} +%{_mandir}/man8/pam_env.8%{?ext_man} +%{_mandir}/man8/pam_exec.8%{?ext_man} +%{_mandir}/man8/pam_faildelay.8%{?ext_man} +%{_mandir}/man8/pam_faillock.8%{?ext_man} +%{_mandir}/man8/pam_filter.8%{?ext_man} +%{_mandir}/man8/pam_ftp.8%{?ext_man} +%{_mandir}/man8/pam_group.8%{?ext_man} +%{_mandir}/man8/pam_issue.8%{?ext_man} +%{_mandir}/man8/pam_keyinit.8%{?ext_man} +%{_mandir}/man8/pam_lastlog.8%{?ext_man} +%{_mandir}/man8/pam_limits.8%{?ext_man} +%{_mandir}/man8/pam_listfile.8%{?ext_man} +%{_mandir}/man8/pam_localuser.8%{?ext_man} +%{_mandir}/man8/pam_loginuid.8%{?ext_man} +%{_mandir}/man8/pam_mail.8%{?ext_man} +%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} +%{_mandir}/man8/pam_motd.8%{?ext_man} +%{_mandir}/man8/pam_namespace.8%{?ext_man} +%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} +%{_mandir}/man8/pam_nologin.8%{?ext_man} +%{_mandir}/man8/pam_permit.8%{?ext_man} +%{_mandir}/man8/pam_pwhistory.8%{?ext_man} +%{_mandir}/man8/pam_rhosts.8%{?ext_man} +%{_mandir}/man8/pam_rootok.8%{?ext_man} +%{_mandir}/man8/pam_securetty.8%{?ext_man} +%{_mandir}/man8/pam_selinux.8%{?ext_man} +%{_mandir}/man8/pam_sepermit.8%{?ext_man} +%{_mandir}/man8/pam_setquota.8%{?ext_man} +%{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_stress.8%{?ext_man} +%{_mandir}/man8/pam_succeed_if.8%{?ext_man} +%{_mandir}/man8/pam_time.8%{?ext_man} +%{_mandir}/man8/pam_timestamp.8%{?ext_man} +%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} +%{_mandir}/man8/pam_tty_audit.8%{?ext_man} +%{_mandir}/man8/pam_umask.8%{?ext_man} +%{_mandir}/man8/pam_unix.8%{?ext_man} +%{_mandir}/man8/pam_usertype.8%{?ext_man} +%{_mandir}/man8/pam_warn.8%{?ext_man} +%{_mandir}/man8/pam_wheel.8%{?ext_man} +%{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/pwhistory_helper.8%{?ext_man} +%{_mandir}/man8/unix2_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_update.8%{?ext_man} + +%endif + %changelog diff --git a/pam_unix-nis.changes b/pam_unix-nis.changes deleted file mode 100644 index cfe83cc..0000000 --- a/pam_unix-nis.changes +++ /dev/null @@ -1,32 +0,0 @@ -------------------------------------------------------------------- -Fri Sep 10 10:23:13 UTC 2021 - Thorsten Kukuk - -- Update to version 1.5.2 - -------------------------------------------------------------------- -Tue Jul 13 13:40:54 UTC 2021 - Thorsten Kukuk - -- revert-check_shadow_expiry.diff: revert wrong - CRYPT_SALT_METHOD_LEGACY check. - -------------------------------------------------------------------- -Wed Jun 9 14:02:02 UTC 2021 - Ludwig Nussel - -- Remove usrmerged conditional as it's now the default - -------------------------------------------------------------------- -Thu Feb 18 22:16:58 UTC 2021 - Thorsten Kukuk - -- Add missing conflicts for pam_unix - -------------------------------------------------------------------- -Tue Feb 16 10:27:27 UTC 2021 - Thorsten Kukuk - -- Fix split provides and BuildRequires -- Makefile-pam_unix-nis.diff: Link pam_unix-nis.so against outside - pam library - -------------------------------------------------------------------- -Fri Feb 12 13:44:39 UTC 2021 - Thorsten Kukuk - -- standalone pam_unix with NIS support diff --git a/pam_unix-nis.spec b/pam_unix-nis.spec deleted file mode 100644 index 50f4fac..0000000 --- a/pam_unix-nis.spec +++ /dev/null @@ -1,88 +0,0 @@ -# -# spec file for package pam -# -# Copyright (c) 2020 SUSE LLC -# -# All modifications and additions to the file contributed by third parties -# remain the property of their copyright owners, unless otherwise agreed -# upon. The license for this file, and modifications and additions to the -# file, is the same license as for the pristine package itself (unless the -# license for the pristine package is not an Open Source License, in which -# case the license is the MIT License). An "Open Source License" is a -# license that conforms to the Open Source Definition (Version 1.9) -# published by the Open Source Initiative. - -# Please submit bugfixes or comments via https://bugs.opensuse.org/ -# - - -# -%define enable_selinux 1 -%define libpam_so_version 0.85.1 -%define libpam_misc_so_version 0.82.1 -%define libpamc_so_version 0.82.1 -%if ! %{defined _distconfdir} - %define _distconfdir %{_sysconfdir} - %define config_noreplace 1 -%endif -Name: pam_unix-nis -# -Version: 1.5.2 -Release: 0 -Summary: PAM module for standard UNIX and NIS authentication -License: GPL-2.0-or-later OR BSD-3-Clause -Group: System/Libraries -URL: http://www.linux-pam.org/ -Source: Linux-PAM-%{version}.tar.xz -Source9: baselibs.conf -Patch: Makefile-pam_unix-nis.diff -BuildRequires: pam-devel -%if 0%{?suse_version} > 1320 -BuildRequires: pkgconfig(libeconf) -BuildRequires: pkgconfig(libnsl) -BuildRequires: pkgconfig(libtirpc) -%endif -%if %{enable_selinux} -BuildRequires: libselinux-devel -%endif -Provides: pam:/%{_lib}/security/pam_unix.so -Provides: pam_unix.so -Conflicts: pam_unix - -%description -This package contains the pam_unix module, which does the standard -UNIX authentication against the passwd and shadow database. This -module has NIS support. - -%prep -%setup -q -n Linux-PAM-%{version} -%patch -p1 - -%build -export CFLAGS="%{optflags} -DNDEBUG" -%configure \ - --includedir=%{_includedir}/security \ - --docdir=%{_docdir}/pam \ - --htmldir=%{_docdir}/pam/html \ - --pdfdir=%{_docdir}/pam/pdf \ - --enable-isadir=../..%{_pam_moduledir} \ - --enable-securedir=%{_pam_moduledir} \ - --enable-vendordir=%{_distconfdir} -make -C modules/pam_unix - -%install -mkdir -p %{buildroot}%{_pam_moduledir} -install -m 755 modules/pam_unix/.libs/pam_unix.so %{buildroot}%{_pam_moduledir}/ -for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do - ln -f %{buildroot}%{_pam_moduledir}/pam_unix.so %{buildroot}%{_pam_moduledir}/$x.so -done - -%files -%license COPYING -%{_pam_moduledir}/pam_unix.so -%{_pam_moduledir}/pam_unix_acct.so -%{_pam_moduledir}/pam_unix_auth.so -%{_pam_moduledir}/pam_unix_passwd.so -%{_pam_moduledir}/pam_unix_session.so - -%changelog diff --git a/pam_xauth_data.3.xml.patch b/pam_xauth_data.3.xml.patch new file mode 100644 index 0000000..7902e64 --- /dev/null +++ b/pam_xauth_data.3.xml.patch @@ -0,0 +1,97 @@ +--- a/doc/man/pam_xauth_data.3.xml 2021-11-01 12:04:45.640077994 +0100 ++++ b/doc/man/pam_xauth_data.3.xml 2019-09-24 13:06:13.531781973 +0200 +@@ -0,0 +1,94 @@ ++ ++ ++ ++ ++ ++ ++ pam_xauth_data ++ 3 ++ Linux-PAM Manual ++ ++ ++ ++ pam_xauth_data ++ structure containing X authentication data ++ ++ ++ ++ ++ ++ ++ #include <security/pam_appl.h> ++ ++ ++struct pam_xauth_data { ++ int namelen; ++ char *name; ++ int datalen; ++ char *data; ++}; ++ ++ ++ ++ ++ DESCRIPTION ++ ++ The pam_xauth_data structure contains X ++ authentication data used to make a connection to an X display. ++ Using this mechanism, an application can communicate X ++ authentication data to PAM service modules. This allows modules to ++ make a connection to the user's X display in order to label the ++ user's session on login, display visual feedback or for other ++ purposes. ++ ++ ++ The name field contains the name of the ++ authentication method, such as "MIT-MAGIC-COOKIE-1". The ++ namelen field contains the length of this string, ++ not including the trailing NUL character. ++ ++ ++ The data field contains the authentication ++ method-specific data corresponding to the specified name. The ++ datalen field contains its length in bytes. ++ ++ ++ The X authentication data can be changed with the ++ PAM_XAUTH_DATA item. It can be queried and ++ set with ++ ++ pam_get_item3 ++ ++ and ++ ++ pam_set_item 3 ++ respectively. The value used to set it should be ++ a pointer to a pam_xauth_data structure. An internal copy of both ++ the structure itself and its fields is made by PAM when setting the ++ item. ++ ++ ++ ++ ++ SEE ALSO ++ ++ ++ pam_start3 ++ , ++ ++ pam_get_item3 ++ , ++ ++ ++ ++ ++ STANDARDS ++ ++ The pam_xauth_data structure and ++ PAM_XAUTH_DATA item are ++ Linux-PAM extensions. ++ ++ ++ ++ From 3139982e021e0e02012262f292c9bfcbc91913fe3864ba45cb8d93d7a8512a51 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 24 Nov 2021 14:34:36 +0000 Subject: [PATCH 2/4] Accepting request 933454 from home:kukuk:tiu - Add missing recommends and split provides OBS-URL: https://build.opensuse.org/request/show/933454 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=255 --- Makefile-pam_unix-nis.diff | 21 --------------------- baselibs.conf | 2 -- pam.changes | 5 +++++ pam.spec | 2 ++ 4 files changed, 7 insertions(+), 23 deletions(-) delete mode 100644 Makefile-pam_unix-nis.diff diff --git a/Makefile-pam_unix-nis.diff b/Makefile-pam_unix-nis.diff deleted file mode 100644 index a3967c8..0000000 --- a/Makefile-pam_unix-nis.diff +++ /dev/null @@ -1,21 +0,0 @@ -diff -urN Linux-PAM-1.5.1.orig/modules/pam_unix/Makefile.in Linux-PAM-1.5.1/modules/pam_unix/Makefile.in ---- Linux-PAM-1.5.1.orig/modules/pam_unix/Makefile.in 2020-11-25 17:57:14.000000000 +0100 -+++ Linux-PAM-1.5.1/modules/pam_unix/Makefile.in 2021-02-12 14:33:38.159412343 +0100 -@@ -155,7 +155,7 @@ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } - LTLIBRARIES = $(securelib_LTLIBRARIES) --pam_unix_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la -+pam_unix_la_DEPENDENCIES = - am_pam_unix_la_OBJECTS = bigcrypt.lo pam_unix_acct.lo pam_unix_auth.lo \ - pam_unix_passwd.lo pam_unix_sess.lo support.lo passverify.lo \ - yppasswd_xdr.lo md5_good.lo md5_broken.lo -@@ -654,7 +654,7 @@ - - pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module \ - $(am__append_1) --pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ -+pam_unix_la_LIBADD = -lpam \ - @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@ - - securelib_LTLIBRARIES = pam_unix.la diff --git a/baselibs.conf b/baselibs.conf index 7c3bca9..00ed537 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -4,5 +4,3 @@ pam-extra pam-devel pam_unix conflicts "pam_unix-nis-" -pam_unix-nis - conflicts "pam_unix-" diff --git a/pam.changes b/pam.changes index 19095fe..85d70cf 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Nov 24 13:45:22 UTC 2021 - Thorsten Kukuk + +- Add missing recommends and split provides + ------------------------------------------------------------------- Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 831c81c..a123cfd 100644 --- a/pam.spec +++ b/pam.spec @@ -91,6 +91,7 @@ BuildRequires: libselinux-devel %endif Requires: pam_unix.so Suggests: pam_unix +Recommends: pam-manpages %if 0%{?suse_version} >= 1330 Requires(pre): group(shadow) Requires(pre): user(root) @@ -143,6 +144,7 @@ This package contains the documentation. %package -n pam-manpages Summary: Manualpages for Pluggable Authentication Modules Group: Documentation/HTML +Provides: pam:/%{_mandir}/man8/PAM.8.gz BuildArch: noarch BuildRequires: docbook-xsl-stylesheets BuildRequires: elinks From 16f5bfc37557a60c804c79886432ff3c6adb341593ae901d19ef2bba5c7e2282 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 24 Nov 2021 15:07:30 +0000 Subject: [PATCH 3/4] Accepting request 933489 from home:kukuk:tiu - Add missing recommends and split provides - Use multibuild to build docu with correct paths and available features. - common-session: move pam_systemd to first position as if the file would have been generated with pam-config - Add vendordir fixes and enhancements from upstream: - pam_xauth_data.3.xml.patch - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch - For buggy bot: Makefile-pam_unix-nis.diff belonged to the other spec file. - Update pam-login_defs-check.sh regexp and login_defs-support-for-pam symbol to version 1.5.2 (new variable HMAC_CRYPTO_ALGO). - Add /run/pam_timestamp to pam.tmpfiles - Corrected macro definition of %_pam_moduledir: %_pam_moduledir %{_libdir}/security [macros.pam] - Prepend a slash to the expansion of %{_lib} in macros.pam as this are defined without a leading slash! - Rename motd.tmpfiles to pam.tmpfiles - Add /run/faillock directory - pam-login_defs-check.sh: adjust for new login.defs variable usages - Update to 1.5.2 Noteworthy changes in Linux-PAM 1.5.2: * pam_exec: implemented quiet_log option. * pam_mkhomedir: added support of HOME_MODE and UMASK from /etc/login.defs. * pam_timestamp: changed hmac algorithm to call openssl instead of the bundled sha1 implementation if selected, added option to select the hash algorithm to use with HMAC. * Added pkgconfig files for provided libraries. * Added --with-systemdunitdir configure option to specify systemd unit directory. * Added --with-misc-conv-bufsize configure option to specify the buffer size in libpam_misc's misc_conv() function, raised the default value for this parameter from 512 to 4096. * Multiple minor bug fixes, portability fixes, documentation improvements, and translation updates. pam_tally2 has been removed upstream, remove pam_tally2-removal.patch pam_cracklib has been removed from the upstream sources. This obsoletes pam-pam_cracklib-add-usersubstr.patch and pam_cracklib-removal.patch. The following patches have been accepted upstream and, so, are obsolete: - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch - pam_securetty-don-t-complain-about-missing-config.patch - bsc1184358-prevent-LOCAL-from-being-resolved.patch - revert-check_shadow_expiry.diff [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, pam_securetty-don-t-complain-about-missing-config.patch, bsc1184358-prevent-LOCAL-from-being-resolved.patch, revert-check_shadow_expiry.diff] - pam_umask-usergroups-login_defs.patch: Deprecate pam_umask explicit "usergroups" option and instead read it from login.def's "USERGROUP_ENAB" option if umask is only defined there. [bsc#1189139] - package man5/motd.5 as a man-pages link to man8/pam_motd.8 [bsc#1188724] - revert-check_shadow_expiry.diff: revert wrong CRYPT_SALT_METHOD_LEGACY check. - Create /run/motd.d - Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff) - Backport patch to not install /usr/etc/securetty (boo#1033626) ie no distro defaults and don't complain about it missing (pam_securetty-don-t-complain-about-missing-config.patch) - add debug bcond to be able to build pam with debug output easily - add macros file to allow other packages to stop hardcoding directory names. Compatible with Fedora. - In the 32-bit compatibility package for 64-bit architectures, require "systemd-32bit" to be also installed as it contains pam_systemd.so for 32 bit applications. [bsc#1185562, baselibs.conf] - If "LOCAL" is configured in access.conf, and a login attempt from a remote host is made, pam_access tries to resolve "LOCAL" as a hostname and logs a failure. Checking explicitly for "LOCAL" and rejecting access in this case resolves this issue. [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] - pam_limits: "unlimited" is not a legitimate value for "nofile" (see setrlimit(2)). So, when "nofile" is set to one of the "unlimited" values, it is set to the contents of "/proc/sys/fs/nr_open" instead. Also changed the manpage of pam_limits to express this. [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] - Add missing conflicts for pam_unix-nis - Split out pam_unix module and build without NIS support - Update to 1.5.1 - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user doesn't exist and root password is blank [bsc#1179166] - pam_faillock: added nodelay option to not set pam_fail_delay - pam_wheel: use pam_modutil_user_in_group to check for the group membership with getgrouplist where it is available - add macros.pam to abstract directory for pam modules - Update to 1.5.0 - obsoletes pam-bsc1178727-initialize-daysleft.patch - Multiple minor bug fixes, portability fixes, and documentation improvements. - Extended libpam API with pam_modutil_check_user_in_passwd function. - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. - pam_motd: read motd files with target user credentials skipping unreadable ones. - pam_pwhistory: added a SELinux helper executable. - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. - pam_env: Reading of the user environment is deprecated and will be removed at some point in the future. - libpam: pam_modutil_drop_priv() now correctly sets the target user's supplementary groups, allowing pam_motd to filter messages accordingly - Refresh pam-xauth_ownership.patch - pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package - pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package - pam_cracklib: added code to check whether the password contains a substring of of the user's name of at least characters length in some form. This is enabled by the new parameter "usersubstr=" See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] - pam_xauth.c: do not free() a string which has been (successfully) passed to putenv(). [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] - Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" to avoid spurious (and misleading) Warning: your password will expire in ... days. fixed upstream with commit db6b293046a [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] - Enable pam_faillock [bnc#1171562] - prepare usrmerge (boo#1029961, pam-usrmerge.diff) - /usr/bin/xauth chokes on the old user's $HOME being on an NFS file system. Run /usr/bin/xauth using the old user's uid/gid Patch courtesy of Dr. Werner Fink. [bsc#1174593, pam-xauth_ownership.patch] - pam-login_defs-check.sh: Fix the regexp to get a real variable list (boo#1164274). - Revert the previous change [SR#815713]. The group is not necessary for PAM functionality but used only during testing. The test system should therefore create this group. [bsc#1171016, pam.spec] - Add requirement for group "wheel" to spec file. [bsc#1171016, pam.spec] - Update to final 1.4.0 release - includes pam-check-user-home-dir.patch - obsoletes fix-man-links.dif - common-password: remove pam_cracklib, as that is deprecated. - pam_setquota.so: When setting quota, don't apply any quota if the user's $HOME is a mountpoint (ie the user has a partition of his/her own). [bsc#1171721, pam-check-user-home-dir.patch] - Update to current Linux-PAM snapshot - pam_tally* and pam_cracklib got deprecated - Disable pam_faillock and pam_setquota until they are whitelisted - Adapted patch pam-hostnames-in-access_conf.patch for new version New version obsoleted patch use-correct-IP-address.patch [pam-hostnames-in-access_conf.patch, use-correct-IP-address.patch] - Update to current Linux-PAM snapshot - Obsoletes pam_namespace-systemd.diff - Update to current Linux-PAM snapshot - Add pam_faillock - Multiple minor bug fixes and documentation improvements - Fixed grammar of messages printed via pam_prompt - Added support for a vendor directory and libeconf - configure: Allowed disabling documentation through --disable-doc - pam_get_authtok_verify: Avoid duplicate password verification - pam_env: Changed the default to not read the user .pam_environment file - pam_group, pam_time: Fixed logical error with multiple ! operators - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session - pam_lastlog: Do not log info about failed login if the session was opened with PAM_SILENT flag - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' limit - pam_motd: Export MOTD_SHOWN=pam after showing MOTD - pam_motd: Support multiple motd paths specified, with filename overrides - pam_namespace: Added a systemd service, which creates the namespaced instance parent directories during boot - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts - pam_shells: Recognize /bin/sh as the default shell - pam_succeed_if: Support lists in group membership checks - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE - pam_umask: Added new 'nousergroups' module argument and allowed specifying the default for usergroups at build-time - pam_unix: Added 'nullresetok' option to allow resetting blank passwords - pam_unix: Report unusable hashes found by checksalt to syslog - pam_unix: Support for (gost-)yescrypt hashing methods - pam_unix: Use bcrypt b-variant when it bcrypt is chosen - pam_usertype: New module to tell if uid is in login.defs ranges - Added new API call pam_start_confdir() for special applications that cannot use the system-default PAM configuration paths and need to explicitly specify another path - pam_namespace-systemd.diff: fix path of pam_namespace.services - own /usr/lib/motd.d/ so other packages can add files there - Listed all manual pages seperately as pam_userdb.8 has been moved to pam-extra. Also %exclude %{_defaultdocdir}/pam as the docs are in a separate package. [pam.spec] - pam_userdb moved to a new package pam-extra as pam-modules is obsolete and not part of SLE. [bsc#1166510, pam.spec] - Removed pam_userdb from this package and moved to pam-modules. This removed the requirement for libdb. Also made "xz" required for all releases. Remove limits for nproc from /etc/security/limits.conf [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec] - Recommend login.defs only (no hard requirement) - Update to version 1.3.1+git20190923.ea78d67: * Fixed missing quotes in configure script * Add support for a vendor directory and libeconf (#136) * pam_lastlog: document the 'unlimited' option * pam_lastlog: prevent crash due to reduced 'fsize' limit * pam_unix_sess.c add uid for opening session * Fix the man page for "pam_fail_delay()" * Fix a typo * Update a function comment - drop usr-etc-support.patch (accepted upstream) - Add migration support from /etc to /usr/etc during upgrade - Update to version 1.3.1+git20190902.9de67ee: * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd - Update to version 1.3.1+git20190826.1b087ed: * libpam/pam_modutil_sanitize.c: optimize the way to close fds - Replace old $RPM_* shell vars by macros. - Avoid unnecessary invocation of subshells. - Shorten recipe for constructing securetty contents on s390. - usr-etc-support.patch: Add support for /usr/etc/pam.d - encryption_method_nis.diff: obsolete, NIS clients shouldn't require DES anymore. - etc.environment: removed, the sources contain the same - Update to version 1.3.1+git20190807.e31dd6c: * pam_tty_audit: Manual page clarification about password logging * pam_get_authtok_verify: Avoid duplicate password verification * Mention that ./autogen.sh is needeed to be run if you check out the sources from git * pam_unix: Correct MAXPASS define name in the previous two commits. * Restrict password length when changing password * Trim password at PAM_MAX_RESP_SIZE chars * pam_succeed_if: Request user data only when needed * pam_tally2: Remove unnecessary fsync() * Fixed a grammer mistake * Fix documentation for pam_wheel * Fix a typo in the documentation * pam_lastlog: Improve silent option documentation * pam_lastlog: Respect PAM_SILENT flag * Fix regressions from the last commits. * Replace strndupa with strncpy * build: ignore pam_lastlog when logwtmp is not available. * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. * pam_motd: Cleanup the code and avoid unnecessary logging * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. * Move the duplicated search_key function to pam_modutil. * pam_unix: Use pam_syslog instead of helper_log_err. * pam_unix: Report unusable hashes found by checksalt to syslog. * Revert "pam_unix: Add crypt_default method, if supported." * pam_unix: Add crypt_default method, if supported. * Revert part of the commit 4da9febc * pam_unix: Add support for (gost-)yescrypt hashing methods. * pam_unix: Fix closing curly brace. (#77) * pam_unix: Add support for crypt_checksalt, if libcrypt supports it. * pam_unix: Prefer a gensalt function, that supports auto entropy. * pam_motd: Fix segmentation fault when no motd_dir specified (#76) * pam_motd: Support multiple motd paths specified, with filename overrides (#69) * pam_unix: Use bcrypt b-variant for computing new hashes. * pam_tally, pam_tally2: fix grammar and spelling (#54) * Fix grammar of messages printed via pam_prompt * pam_stress: do not mark messages for translation * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros * pam_unix: remove obsolete _unix_read_password prototype - Add virtual symbols for login.defs compatibility (bsc#1121197). - Add login.defs safety check pam-login_defs-check.sh (bsc#1121197). - When comparing an incoming IP address with an entry in access.conf that only specified a single host (ie no netmask), the incoming IP address was used rather than the IP address from access.conf, effectively comparing the incoming address with itself. (Also fixed a small typo while I was at it) {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953] - Upgrade to 1.3.1 * pam_motd: add support for a motd.d directory * pam_umask: Fix documentation to align with order of loading umask * pam_get_user.3: Fix missing word in documentation * pam_tally2 --reset: avoid creating a missing tallylog file * pam_mkhomedir: Allow creating parent of homedir under / * access.conf.5: Add note about spaces around ':' * pam.8: Workaround formatting problem * pam_unix: Check return value of malloc used for setcred data * pam_cracklib: Drop unused prompt macros * pam_tty_audit: Support matching users by uid range * pam_access: support parsing files in /etc/security/access.d/*.conf * pam_localuser: Correct documentation * pam_issue: Fix no prompting in parse escape codes mode * Unification and cleanup of syslog log levels Also: removed nproc limit, referred to systemd instead. Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more. [bsc#1112508, pam-fix-config-order-in-manpage.patch] - Add libdb as build-time dependency to enable pam_userdb module. This module is useful for implementing virtual user support for vsftpd and possibly other daemons, too. [bsc#929711, fate#322538] - Install empty directory /etc/security/namespace.d for pam_namespace.so iscript. - pam_umask.8 needed to be patched as well. [bsc#1089884, pam-fix-config-order-in-manpage.patch] - Changed order of configuration files to reflect actual code. [bsc#1089884, pam-fix-config-order-in-manpage.patch] - Use %license (boo#1082318) - Prerequire group(shadow), user(root) - Allow symbolic hostnames in access.conf file. [pam-hostnames-in-access_conf.patch, boo#1019866] - Increased nproc limits for non-privileged users to 4069/16384. Removed limits for "root". [pam-limit-nproc.patch, bsc#1012494, bsc#1013706] - pam-limit-nproc.patch: increased process limit to help Chrome/Chromuim users with really lots of tabs. New limit gets closer to UserTasksMax parameter in logind.conf - Add doc directory to filelist. - Remove obsolete README.pam_tally [bsc#977973] - Update Linux-PAM to version 1.3.0 - Rediff encryption_method_nis.diff - Link pam_unix against libtirpc and external libnsl to enable IPv6 support. - Add /sbin/unix2_chkpwd (moved from pam-modules) - Remove (since accepted upstream): - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch - 0002-Remove-enable-static-modules-option-and-support-from.patch - 0003-fix-nis-checks.patch - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch - Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch - Replace IPv4 only functions - Fix typo in common-account.pamd [bnc#959439] - Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch - readd PAM_EXTERN for external PAM modules - Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch - Add 0002-Remove-enable-static-modules-option-and-support-from.patch - Add 0003-fix-nis-checks.patch - Add folder /etc/security/limits.d as mentioned in 'man pam_limits' - Update to version 1.2.1 - security update for CVE-2015-3238 - Update to version 1.2.0 - obsoletes Linux-PAM-git-20150109.diff - Re-add lost patch encryption_method_nis.diff [bnc#906660] - Update to current git: - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff - obsoletes pam_loginuid-log_write_errors.diff - obsoletes pam_xauth-sigpipe.diff - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch - increase process limit to 1200 to help chromium users with many tabs - limit number of processes to 700 to harden against fork-bombs Add pam-limit-nproc.patch - Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433) bug-870433_pam_timestamp-fix-directory-traversal.patch - adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664) - Add pam_loginuid-log_write_errors.diff: log significant loginuid write errors - pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to xauth process - Update to current git (Linux-PAM-git-20140127.diff), which obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and Linux-PAM-git-20140109.diff. - Fix gratuitous use of strdup and x_strdup - pam_xauth: log fatal errors preventing xauth process execution - pam_loginuid: cleanup loginuid buffer initialization - libpam_misc: fix an inconsistency in handling memory allocation errors - pam_limits: fix utmp->ut_user handling - pam_mkhomedir: check and create home directory for the same user - pam_limits: detect and ignore stale utmp entries - Disable pam_userdb (remove db-devel from build requires) - Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid - Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc - Update to current git (Linux-PAM-git-20140109.diff, which replaces pam_unix.diff and encryption_method_nis.diff) - pam_access: fix debug level logging - pam_warn: log flags passed to the module - pam_securetty: check return value of fgets - pam_lastlog: fix format string - pam_loginuid: If the correct loginuid is already set, skip writing it - common-session.pamd: add missing newline - Remove libtrpc support to solve dependency/build cycles, plain glibc is enough for now. - Add encryption_method_nis.diff: - implement pam_unix2 functionality to use another hash for NIS passwords. - Add pam_unix.diff: - fix if /etc/login.defs uses DES - ask always for old password if a NIS password will be changed - fix manpages links (bnc#842872) [fix-man-links.dif] - Explicitly add pam_systemd.so to list of modules in common-session.pamd (bnc#812462) - Update to official release 1.1.8 (1.1.7 + git-20130916.diff) - Remove needless pam_tally-deprecated.diff patch - Replace fix-compiler-warnings.diff with current git snapshot (git-20130916.diff) for pam_unix.so: - fix glibc warnings - fix syntax error in SELinux code - fix crash at login - Remove pam_unix-login.defs.diff, not needed anymore - Update to version 1.1.7 (bugfix release) - Drop missing-DESTDIR.diff and pam-fix-includes.patch - fix-compiler-warnings.diff: fix unchecked setuid return code - adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516) - Fix typo in common-password [bnc#821526] - Added libtool as BuildRequire, and autoreconf -i option to fix build with new automake - Update pam_unix-login.defs.diff patch to the final upstream version. - Adjust URL - Add set_permission macro and PreReq - Read default encryption method from /etc/login.defs (pam_unix-login.defs.diff) - Remove deprecated pam_tally.so module, it's too buggy and can destroy config and log files. - Sync common-*.pamd config with pam-config (use pam_unix.so as default). - Fix building in Factory (add patch missing-DESTDIR.diff) - Update to Linux-PAM 1.1.6 - Update translations - pam_cracklib: Add more checks for weak passwords - pam_lastlog: Never lock out root - Lot of bug fixes and smaller enhancements - Include correct headers for getrlimit (add patch pam-fix-includes.patch). - Update homepage URL in specfile - Update to new upstream release 1.1.5 * pam_env: Fix CVE-2011-3148: correctly count leading whitespace when parsing environment file in pam_env * Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in pam_env * pam_access: Add hostname resolution cache - pam_tally2: remove invalid options from manpage (bnc#726071) - fix possible overflow and DOS in pam_env (bnc#724480) CVE-2011-3148, CVE-2011-3149 - Update to version 1.1.4 * pam_securetty: Honour console= kernel option, add noconsole option * pam_limits: Add %group syntax, drop change_uid option, add set_all option * Lot of small bug fixes * Add support for libtirpc - Build against libtirpc - license update: GPL-2.0+ or BSD-3-Clause Updating to spdx.org/licenses syntax as legal-auto for some reason did not accept the previous spec file license - Remove libxcrypt-devel from BuildRequires - bnc#673826 rework * manpage is left intact, as it was * correct parsing of "quiet" option - fix for bnc#673826 (pam_listfile) * removed unnecessary logging when listfile is missing and quiet option is specified * manpage is also updated, to reflect that all option require values - Update to Linux-PAM 1.1.3 - fixes CVE-2010-3853, CVE-2010-3431, CVE-2010-3430 - pam_unix: Add minlen option, change default from 6 to 0 - Update to Linux-PAM 1.1.2 - use %_smp_mflags - Update to current CVS version (pam_rootok: Add support for chauthtok and acct_mgmt, [bnc#533249]) - Install correct documentation - Update to Linux-PAM 1.1.1 (bug fix release) - add baselibs.conf as a source - enable parallel building - Add fixes from CVS - Update to final version 1.1.0 (spelling fixes) - Update to version 1.0.92: * Update translations * pam_succeed_if: Use provided username * pam_mkhomedir: Fix handling of options - Remove cracklib-dict-full and pwdutils BuildRequires again. - Update to version 1.0.91 aka 1.1 Beta2: * Changes in the behavior of the password stack. Results of PRELIM_CHECK are not used for the final run. * Redefine LOCAL keyword of pam_access configuration file * Add support for try_first_pass and use_first_pass to pam_cracklib * New password quality tests in pam_cracklib * Add support for passing PAM_AUTHTOK to stdin of helpers from pam_exec * New options for pam_lastlog to show last failed login attempt and to disable lastlog update * New pam_pwhistory module to store last used passwords * New pam_tally2 module similar to pam_tally with wordsize independent tally data format, obsoletes pam_tally * Make libpam not log missing module if its type is prepended with '-' * New pam_timestamp module for authentication based on recent successful login. * Add blowfish support to pam_unix. * Add support for user specific environment file to pam_env. * Add pam_get_authtok to libpam as Linux-PAM extension. - use sr@latin instead of sr@Latn - Log failures of setrlimit in pam_limits [bnc#448314] - Fix using of requisite in password stack [bnc#470337] - Regenerate documentation [bnc#448314] - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade (bnc#437293) - obsolete old -XXbit packages (bnc#437293) - enhance the man page for limits.conf (bnc#448314) - pam_time: fix parsing if '|' is used [bdo#326407] - pam_xauth: update last patch - pam_pwhistory: add missing type option - pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment (bnc#441314) - Add pam_tally2 - Regenerate Documentation - Enhance pam_lastlog with status output - Add pam_pwhistory as tech preview - pam_tally: fix fd leak - pam_mail: fix "quiet" option - Update to version 1.0.2 (fix SELinux regression) - enhance pam_tally [FATE#303753] - Backport fixes from CVS - enabled SELinux support [Fate#303662] - Update to version 1.0.1: - Fixes regression in pam_set_item(). - added baselibs.conf file to build xxbit packages for multilib support - Remove devfs lines from securetty [bnc#372241] - Update to version 1.0.0: - Official first "stable" release - bug fixes - translation updates - Update to version 0.99.10.0: - New substack directive in config file syntax - New module pam_tty_audit.so for enabling and disabling tty auditing - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA - Improved functionality of pam_namespace.so module (method flags, namespace.d configuration directory, new options). - Finaly removed deprecated pam_rhosts_auth module. - Update to version 0.99.9.0: - misc_conv no longer blocks SIGINT; applications that don't want user-interruptable prompts should block SIGINT themselves - Merge fixes from Debian - Fix parser for pam_group and pam_time - Update to version 0.99.8.1: - Fix regression in pam_audit - Update to version 0.99.8.0: - Add translations for ar, ca, da, ru, sv and zu. - Update hungarian translation. - Add support for limits.d directory to pam_limits. - Add minclass option to pam_cracklib - Add new group syntax to pam_access - move the documentation into a seperate package (pam-doc) [partly fixes Bug #265733] - add flex and bison BuildRequires - add %verify_permissions for /sbin/unix_chkpwd [#237625] - Update to Version 0.99.7.1 (security fix) - Update to Version 0.99.7.0 * Add manual page for pam_unix.so. * Add pam_faildelay module to set pam_fail_delay() value. * Fix possible seg.fault in libpam/pam_set_data(). * Cleanup of configure options. * Update hungarian translation, fix german translation. - install unix_chkpwd setuid root instead of setgid shadow (#216816) - pam_unix.so/unix_chkpwd: teach about blowfish [#213929] - pam_namespace.so: Fix two possible buffer overflow - link against libxcrypt - Update hungarian translation [#210091] - Don't remove pam_unix.so - Use cracklib again (goes lost with one of the last cleanups) - Add pam_umask.so to common-session [Fate#3621] - Update to Linux-PAM 0.99.6.3 (merges all patches) - Update to Linux-PAM 0.99.6.2 (incorporate last change) - Add pam_loginuid and fixes from CVS [Fate#300486] - Fix seg.fault in pam_cracklib if retyped password is empty - Remove use_first_pass from pam_unix2.so in password section - Update to Linux-PAM 0.99.6.1 (big documentation update) - Add missing namespace.init script - Reenable audit subsystem [Fate#300486] - Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM modules: pam_keyinit, pam_namespace, pam_rhosts) - Update to current CVS (lot of new manual pages and docu) - Update to Linux-PAM 0.99.4.0 (merge all patches and translations) - Fix problems found by Coverity - Don't strip binaries. - Fix pam_tally LFS support [#172492] - Update fr.po and pl.po - Update km.po - Remove obsolete pam-laus from the system - Update translations for pt, pl, fr, fi and cs - Add translation for uk - Update hu.po - Add translation for tr - Fix order of NULL checks in pam_get_user - Fix comment in pam_lastlog for translators to be visible in pot file - Docu update, remove pam_selinux docu - Update km translation - pam_lastlog: - Initialize correct struct member [SF#1427401] - Mark strftime fmt string for translation [SF#1428269] - Update more manual pages - really disable audit if header file not present - Update fi.po - Add km.po - Update pl.po - Update with better manual pages - Add translation for nl, update pt translation - Move devel manual pages to -devel package - Mark PAM config files as noreplace - Mark /etc/securetty as noreplace - Run ldconfig - Fix libdb/ndbm compat detection with gdbm - Adjust german translation - Add all services to pam_listfile - converted neededforbuild to BuildRequires - Update to Linux-PAM 0.99.3.0 release candiate tar balls (new translations) - Fix NULL handling for LSB-pam test suite [#141240] - Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR - NULL is allowed as thirs argument for pam_get_item [#141240] - Add fixes from CVS - Fix pam_lastlog: don't report error on first login - Update to 0.99.2.1 - Add /etc/environment to avoid warnings in syslog - disable SELinux - Update getlogin() fix to final one - Fix PAM getlogin() implementation - Update to official 0.99.2.0 release - Update to new snapshot - Enable original pam_wheel module - Update to current CVS - Compile libpam_misc with -fno-strict-aliasing - Update to current CVS - Fix compiling of pammodutil with -fPIC - Update to current CVS - Update to new snapshot (Major version is back to 0) - Update to Linux-PAM 0.99.0.3 snapshot - Add pam_umask - Update to current CVS snapshot - Update to current CVS snapshot - Add pam_loginuid - Update to current CVS snapshot - Don't reset priority [#81690] - Fix creating of symlinks - Update to current CVS snapshot - Real fix for [#82687] (don't include kernel header files) - Bug 82687 - pam_client.h redefines __u8 and __u32 - Apply lot of fixes from CVS (including SELinux support) - Update to final 0.79 release - Apply patch for pam_xauth to preserve DISPLAY variable [#66885] - Compile with large file support - Made patch of latest CVS tree - Removed patch pam_handler.diff ( included in CVS now ) - moved Linux-PAM-0.78.dif to pam_group_time.diff - Fix seg.fault, if a PAM config line is incomplete - Update to final 0.78 - Add pam_env.so to common-auth - Add pam_limit.so to common-session - Update to 0.78-Beta1 - Create pam.d/common-{auth,account,password,session} and include them in pam.d/other - Update to current CVS version of upcoming 0.78 release - Update "code cleanup" patch - Disable reading of /etc/environment in pam_env.so per default - Reenable a "fixed" version of "code cleanup" patch - Use pam_wheel from pam-modules package - Disable "code cleanup" patch (no more comments about security fixes) - Apply big "code cleanup" patch [Bug #39673] - pam_wheel: Use original getlogin again, PAM internal does not work without application help [Bug #35682] - We no longer have pam in the buildsystem, so we need some buildroot magic flags for the dlopen tests. - Cleanup neededforbuild - Add manual pages from SLES8 - Fix installing manual pages of modules - Remove pthread check (db is now linked against pthread) - Merge with current CVS - Apply bug fixes from bugtracking system - Build as normal user - Compile with noexecstack - Fix pam_securetty CVS patch - Sync with current CVS version - Add patch to implement "include" statement in pamd files - added ttyS1 (VT220) to securetty on s390* (bug #29239) - Apply lot of fixes for various problems - Fix getlogin handling in pam_wheel.so - added cracklib-devel to neededforbuild - Update pam_localuser and pam_xauth. - Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) - changed neededforbuild to - changed securetty / use extra file - 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty - Call password checking helper from pam_unix.so whenever the passwd field is invalid. - Don't build ps and pdf documentation - pam-devel requires pam [Bug #17543] - Remove explicit requires - Update to Linux-PAM 0.76 - Remove reentrant patch for original PAM modules (needs to be rewritten for new PAM version) - Add docu in PDF format - Fix build on different partitions - Fix to not own /usr/shar/man/man3 - Add /usr/include/security to pam-devel filelist - tar option for bz2 is "j" - Fix last pam_securetty patch - Use reentrant getpwnam functions for most modules - Fix unresolved symbols in pam_access and pam_userdb - libpam_misc: Don't handle Ctrl-D as error. - Remove SuSEconfig.pam - Update pam_localuser and pam_xauth - Add new READMEs about blowfish and cracklib - Remove pam_unix.so (is part of pam-modules) - Move extra PAM modules to separate package - Require pam-modules package - Move susehelp config file to susehelp package - changed neededforbuild to - Fixes wrong symlink handling of pam_homecheck [Bug #3905] - Sync pam_homecheck and pam_unix2 fixes from 7.2 - Always ask for the old password if it is expired - Cleanup Patches, make tar archive from extra pam modules - Use LOG_NOTICE for trace option [Bug #7673] - Linux-PAM: link pam_access against libnsl - Add pam.conf for susehelp/pam html docu - Linux-PAM: Update to version 0.75 - Linux-PAM: link libpam_misc against libpam [Bug #6890] - Linux-PAM: Fix manual pages (.so reference) - pam_pwcheck: fix Makefile - Update for Linux-PAM 0.74 - Drop pwdb subpackage - pam_unix2: Create temp files with permission 0600 - pam_issue.c: include time.h to make it compile - Don't print error message about failed initialization from pam_limits with kernel 2.2 [Bug #5198] - Adjust docu for pam_limits - Adjust docu for pam_pwcheck - Add fix for pam_limits from 0.73 - Add db-devel to need for build - Don't link PAM modules against old libpam library - Create new "devel" subpackage - Add SuSEconfig.pam - Fix problems with new gcc and glibc 2.2 header files - Fix problem with passwords longer then PASS_MAX_LEN - Add missing PAM modules to filelist - Fix seg.fault in pam_pwcheck [BUG #3894] - Clean spec file - Lot of bug fixes in pam_unix2 and pam_pwcheck - compress postscript docu - Move docu to /usr/share/doc/pam - Fix some bugs in pam_unix2 and pam_pwcheck - Add pam_homecheck Module - Add devfs devices to /etc/securetty - Fix handling of changing passwords to empty one - Set correct attr for unix_chkpwd and pwdb_chkpwd - Update pam_pwcheck - Update pam_unix2 - pwdb: Update to 0.61 - Add config files and README for md5 passwords - Update pam_pwcheck - Update pam_unix2 - Update pam_unix2 - New: pam_pwcheck - Update to Linux-PAM 0.72 - pam_pwdb: Add security fixes from RedHat - Update to Linux-PAM 0.70 - Update to pwdb-0.60 - Fix more pam_unix2 shadow bugs - Add more PAM fixes - Implement Password changing request (sp_lstchg == 0) - ran old prepare_spec on spec file to switch to new prepare_spec. - Add pam_wheel to file list - pam_wheel: Minor fixes - pam_unix2: root is allowed to change passwords with wrong password aging information - pam_unix2: Fix typo - Linux-PAM: Update to version 0.69 - pam_unix2: Root is allowed to use the old password again. - pam_unix2: Allow root to set an empty password. - Add HP-UX password aging to pam_unix2. - Don't install .cvsignore files - Make sure, /etc/shadow has the correct rights - Update to Linux-PAM 0.68 - pam_unix2: more bug fixes - pam_unix2: Fix "inactive" password - pam_warn: Add missing functions - other.pamd: Update - Add more doku - Add securetty config file - Fix Debian pam_env patch - Update to Linux-PAM 0.67 - Add Debian pam_env patch - pam_ftp malloc (core dump) fix - pam_unix2 fixes - First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 OBS-URL: https://build.opensuse.org/request/show/933489 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=256 --- pam.changes | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pam.changes b/pam.changes index 85d70cf..1e4313f 100644 --- a/pam.changes +++ b/pam.changes @@ -15,9 +15,12 @@ Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk - common-session: move pam_systemd to first position as if the file would have been generated with pam-config - Add vendordir fixes and enhancements from upstream: + - pam_xauth_data.3.xml.patch - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch +- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other + spec file. ------------------------------------------------------------------- Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec From 4b7b9d93e4bed978da581975971cd696fc19e1a173cef1a93aec087786d4f56b Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 29 Nov 2021 09:46:08 +0000 Subject: [PATCH 4/4] Accepting request 934493 from home:kukuk:tiu - Don't define doc/manpages packages in main build OBS-URL: https://build.opensuse.org/request/show/934493 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=257 --- pam.changes | 5 +++++ pam.spec | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/pam.changes b/pam.changes index 1e4313f..a11b844 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk + +- Don't define doc/manpages packages in main build + ------------------------------------------------------------------- Wed Nov 24 13:45:22 UTC 2021 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index a123cfd..6ca6d85 100644 --- a/pam.spec +++ b/pam.spec @@ -129,6 +129,8 @@ This package contains useful extra modules eg pam_userdb which is used to verify a username/password pair against values stored in a Berkeley DB database. +%if %{build_doc} + %package -n pam-doc Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML @@ -157,6 +159,8 @@ having to recompile programs that do authentication. This package contains the manual pages. +%endif + %package devel Summary: Include Files and Libraries for PAM Development Group: Development/Libraries/C and C++