From e51cf51a7b403d17d51a61e85046260753f64ce00f6ea157e5d50fc8b7461f05 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Tue, 4 Jun 2019 15:40:12 +0000
Subject: [PATCH] Accepting request 707602 from home:kbabioch:branches:security

- Version 1.0.8 (released 2019-06-04)
  * Fix insecure debug file handling CVE-2019-12209 (bsc#1135729).
  * Fix debug file descriptor leak CVE-2019-12210 (bsc#1135727).
  * Fix a non-critical buffer oob access.
- Applied spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/707602
OBS-URL: https://build.opensuse.org/package/show/security/pam_u2f?expand=0&rev=14
---
 pam_u2f-1.0.7.tar.gz     |   3 ---
 pam_u2f-1.0.7.tar.gz.sig | Bin 310 -> 0 bytes
 pam_u2f-1.0.8.tar.gz     |   3 +++
 pam_u2f-1.0.8.tar.gz.sig | Bin 0 -> 310 bytes
 pam_u2f.changes          |   9 +++++++++
 pam_u2f.spec             |  15 +++++++--------
 6 files changed, 19 insertions(+), 11 deletions(-)
 delete mode 100644 pam_u2f-1.0.7.tar.gz
 delete mode 100644 pam_u2f-1.0.7.tar.gz.sig
 create mode 100644 pam_u2f-1.0.8.tar.gz
 create mode 100644 pam_u2f-1.0.8.tar.gz.sig

diff --git a/pam_u2f-1.0.7.tar.gz b/pam_u2f-1.0.7.tar.gz
deleted file mode 100644
index 2ec6ca6..0000000
--- a/pam_u2f-1.0.7.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:034aad8e29b159443dd6c1b7740006addc83d0659304fc4b0b4fb592f768e7cf
-size 378513
diff --git a/pam_u2f-1.0.7.tar.gz.sig b/pam_u2f-1.0.7.tar.gz.sig
deleted file mode 100644
index 5cf2467897b96c54d11aa495f57a0dc4e9333ef6bfa378cfa6e6e58262453b5b..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 310
zcmV-60m=S}0W$;u0SEvc79j*FI1mGUEqh)HZ88Or%LH4~nMVNy0$Tc@FaQb(5Rl6R
zThp0G0gdSg|58_Ga=P*t(rtoW3E779gUvR=*cK%dUu>_DhY8xX^|r-V{P2=;O{;gk
za2--uw@79qmvOk|pq`>lZ89l&mH3FQ_IpFeo@!Py*^Ez>M@4Q}0w`d_@cL8W|1Mv;
zFi)-6rlLpLsP**k6r-<?OU<%6@9m#TY~#m-FFSXwy%w^I#Um93Tf@exCGCC=2)qUF
zc{$0s1V0QgPsNb;SiCOQ&~HzT&n4VLq!9bT(Skaslm9)<(tssX2WLjlM(^QjYU4|?
zj2lU?G8ZyTbENPzh^3SC;DmL*GWDNpe7M1JGI$*!&{Pr?9p*~ZgSAb9$mcFBRac#1
IuSo`M+HuvA8~^|S

diff --git a/pam_u2f-1.0.8.tar.gz b/pam_u2f-1.0.8.tar.gz
new file mode 100644
index 0000000..9820977
--- /dev/null
+++ b/pam_u2f-1.0.8.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:52a203a6fab6160e06c1369ff104afed62007ca3ffbb40c297352232fa975c99
+size 384163
diff --git a/pam_u2f-1.0.8.tar.gz.sig b/pam_u2f-1.0.8.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..73a9d3c5709c24ae70287f25d1d923df34a2ffc25b440c133a85613d0271daa6
GIT binary patch
literal 310
zcmV-60m=S}0W$;u0SEvc79j*FI1mGUEqh)HZ88Or%LH4~nMVNy0$lb`ng9w35Rl6R
zThp0G0S*ZV|5<%wCI+(4K3>v93H7T6UNrNFCsPf#D=XMKW;!>;Y{zW=jcX`zXz`BA
zv||!EdZie#0#AN=w)(&>PyXd>jBz6>;qa+g*Oe|xgb{F{!aC`XT0kVyskpit@~`2t
zhoA+g@7XevQW}GMv&s?>lQf=ARUE{pvkI^=vPRLL<$NDT_OiWM+UW3nuY2r0Jo>n6
z0~x})u-lAlL%XtMx{Nu5-8%M!YHy+<Q1LL@?sQxeY{;0~cgfldV^RupzGZ)bTRDBc
z)zH@$5wP9r#@dB@$87m5`ULIhU@uQ%DA@b8jvUphLH<csbO#%C;vOFOw6!n&5ASwM
Ibq695O;t^glK=n!

literal 0
HcmV?d00001

diff --git a/pam_u2f.changes b/pam_u2f.changes
index 3954f5f..12daec1 100644
--- a/pam_u2f.changes
+++ b/pam_u2f.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Tue Jun  4 13:19:36 UTC 2019 - Karol Babioch <kbabioch@suse.de>
+
+- Version 1.0.8 (released 2019-06-04)
+  * Fix insecure debug file handling CVE-2019-12209 (bsc#1135729).
+  * Fix debug file descriptor leak CVE-2019-12210 (bsc#1135727).
+  * Fix a non-critical buffer oob access.
+- Applied spec-cleaner
+
 -------------------------------------------------------------------
 Tue May 15 09:04:06 UTC 2018 - kbabioch@suse.com
 
diff --git a/pam_u2f.spec b/pam_u2f.spec
index 2669169..10cc3ba 100644
--- a/pam_u2f.spec
+++ b/pam_u2f.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package pam_u2f
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,25 +12,24 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 Name:           pam_u2f
-Version:        1.0.7
+Version:        1.0.8
 Release:        0
 Summary:        U2F authentication integration into PAM
 License:        BSD-2-Clause
 Group:          Productivity/Networking/Security
-Url:            https://developers.yubico.com
+URL:            https://developers.yubico.com
 Source0:        https://developers.yubico.com/pam-u2f/Releases/%{name}-%{version}.tar.gz
 Source1:        https://developers.yubico.com/pam-u2f/Releases/%{name}-%{version}.tar.gz.sig
 Source2:        baselib.conf
 BuildRequires:  pam-devel
-BuildRequires:  pkg-config
+BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(u2f-host)
 BuildRequires:  pkgconfig(u2f-server)
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
 The PAM U2F module provides a way to integrate the Yubikey
@@ -49,8 +48,8 @@ make %{?_smp_mflags}
 find %{buildroot} -type f -name "*.la" -delete -print
 
 %files
-%defattr(-,root,root,-)
-%doc AUTHORS COPYING NEWS ChangeLog README
+%license COPYING
+%doc AUTHORS NEWS ChangeLog README
 %{_bindir}/pamu2fcfg
 %{_mandir}/man?/*
 /%{_lib}/security/pam_u2f.so