Accepting request 707602 from home:kbabioch:branches:security

- Version 1.0.8 (released 2019-06-04) * Fix insecure debug file handling CVE-2019-12209 (bsc#1135729). * Fix debug file descriptor leak CVE-2019-12210 (bsc#1135727). * Fix a non-critical buffer oob access. - Applied spec-cleaner OBS-URL: https://build.opensuse.org/request/show/707602 OBS-URL: https://build.opensuse.org/package/show/security/pam_u2f?expand=0&rev=14
2019-06-04 15:40:12 +00:00 · 2019-06-04 15:40:12 +00:00 · e51cf51a7b
commit e51cf51a7b
parent 0c4675d82d
6 changed files with 19 additions and 11 deletions
--- a/pam_u2f-1.0.7.tar.gz
+++ b/pam_u2f-1.0.7.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:034aad8e29b159443dd6c1b7740006addc83d0659304fc4b0b4fb592f768e7cf
-size 378513
--- a/pam_u2f-1.0.7.tar.gz.sig
+++ b/pam_u2f-1.0.7.tar.gz.sig
--- a/pam_u2f-1.0.8.tar.gz
+++ b/pam_u2f-1.0.8.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:52a203a6fab6160e06c1369ff104afed62007ca3ffbb40c297352232fa975c99
+size 384163
--- a/pam_u2f-1.0.8.tar.gz.sig
+++ b/pam_u2f-1.0.8.tar.gz.sig
--- a/pam_u2f.changes
+++ b/pam_u2f.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Tue Jun  4 13:19:36 UTC 2019 - Karol Babioch <kbabioch@suse.de>
+
+- Version 1.0.8 (released 2019-06-04)
+  * Fix insecure debug file handling CVE-2019-12209 (bsc#1135729).
+  * Fix debug file descriptor leak CVE-2019-12210 (bsc#1135727).
+  * Fix a non-critical buffer oob access.
+- Applied spec-cleaner
+
 -------------------------------------------------------------------
 Tue May 15 09:04:06 UTC 2018 - kbabioch@suse.com

--- a/pam_u2f.spec
+++ b/pam_u2f.spec
@ -1,7 +1,7 @@
 #
 # spec file for package pam_u2f
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -12,25 +12,24 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


 Name:           pam_u2f
-Version:        1.0.7
+Version:        1.0.8
 Release:        0
 Summary:        U2F authentication integration into PAM
 License:        BSD-2-Clause
 Group:          Productivity/Networking/Security
-Url:            https://developers.yubico.com
+URL:            https://developers.yubico.com
 Source0:        https://developers.yubico.com/pam-u2f/Releases/%{name}-%{version}.tar.gz
 Source1:        https://developers.yubico.com/pam-u2f/Releases/%{name}-%{version}.tar.gz.sig
 Source2:        baselib.conf
 BuildRequires:  pam-devel
-BuildRequires:  pkg-config
+BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(u2f-host)
 BuildRequires:  pkgconfig(u2f-server)
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
 The PAM U2F module provides a way to integrate the Yubikey
@ -49,8 +48,8 @@ make %{?_smp_mflags}
 find %{buildroot} -type f -name "*.la" -delete -print

 %files
-%defattr(-,root,root,-)
-%doc AUTHORS COPYING NEWS ChangeLog README
+%license COPYING
+%doc AUTHORS NEWS ChangeLog README
 %{_bindir}/pamu2fcfg
 %{_mandir}/man?/*
 /%{_lib}/security/pam_u2f.so