diff --git a/pam_u2f-1.0.7.tar.gz b/pam_u2f-1.0.7.tar.gz deleted file mode 100644 index 2ec6ca6..0000000 --- a/pam_u2f-1.0.7.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:034aad8e29b159443dd6c1b7740006addc83d0659304fc4b0b4fb592f768e7cf -size 378513 diff --git a/pam_u2f-1.0.7.tar.gz.sig b/pam_u2f-1.0.7.tar.gz.sig deleted file mode 100644 index 5cf2467..0000000 Binary files a/pam_u2f-1.0.7.tar.gz.sig and /dev/null differ diff --git a/pam_u2f-1.0.8.tar.gz b/pam_u2f-1.0.8.tar.gz new file mode 100644 index 0000000..9820977 --- /dev/null +++ b/pam_u2f-1.0.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:52a203a6fab6160e06c1369ff104afed62007ca3ffbb40c297352232fa975c99 +size 384163 diff --git a/pam_u2f-1.0.8.tar.gz.sig b/pam_u2f-1.0.8.tar.gz.sig new file mode 100644 index 0000000..73a9d3c Binary files /dev/null and b/pam_u2f-1.0.8.tar.gz.sig differ diff --git a/pam_u2f.changes b/pam_u2f.changes index 3954f5f..12daec1 100644 --- a/pam_u2f.changes +++ b/pam_u2f.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Jun 4 13:19:36 UTC 2019 - Karol Babioch + +- Version 1.0.8 (released 2019-06-04) + * Fix insecure debug file handling CVE-2019-12209 (bsc#1135729). + * Fix debug file descriptor leak CVE-2019-12210 (bsc#1135727). + * Fix a non-critical buffer oob access. +- Applied spec-cleaner + ------------------------------------------------------------------- Tue May 15 09:04:06 UTC 2018 - kbabioch@suse.com diff --git a/pam_u2f.spec b/pam_u2f.spec index 2669169..10cc3ba 100644 --- a/pam_u2f.spec +++ b/pam_u2f.spec @@ -1,7 +1,7 @@ # # spec file for package pam_u2f # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,25 +12,24 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: pam_u2f -Version: 1.0.7 +Version: 1.0.8 Release: 0 Summary: U2F authentication integration into PAM License: BSD-2-Clause Group: Productivity/Networking/Security -Url: https://developers.yubico.com +URL: https://developers.yubico.com Source0: https://developers.yubico.com/pam-u2f/Releases/%{name}-%{version}.tar.gz Source1: https://developers.yubico.com/pam-u2f/Releases/%{name}-%{version}.tar.gz.sig Source2: baselib.conf BuildRequires: pam-devel -BuildRequires: pkg-config +BuildRequires: pkgconfig BuildRequires: pkgconfig(u2f-host) BuildRequires: pkgconfig(u2f-server) -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The PAM U2F module provides a way to integrate the Yubikey @@ -49,8 +48,8 @@ make %{?_smp_mflags} find %{buildroot} -type f -name "*.la" -delete -print %files -%defattr(-,root,root,-) -%doc AUTHORS COPYING NEWS ChangeLog README +%license COPYING +%doc AUTHORS NEWS ChangeLog README %{_bindir}/pamu2fcfg %{_mandir}/man?/* /%{_lib}/security/pam_u2f.so