pam:

- update to 1.1.8
- add default password-auth, fingerprint-auth, smartcard-auth and postlogin
- enable audit
- build with libdb

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@8578 ec354946-7b23-47d6-9f5a-488ba84defc7

p/pam/pam-vl.spec

@@ -1,32 +1,51 @@
 %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
 
-%define pam_redhat_version 0.99.10-1
+%define pam_redhat_version 0.99.11
 
 Summary: A security tool which provides authentication for applications
 Summary(ja): アプリケーションに認証の仕組みを提供するセキュリティツール
 Name: pam
-Version: 1.1.1
-Release: 8%{?_dist_release}
+Version: 1.1.8
+Release: 1%{?_dist_release}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+
 License: BSD and GPLv2+
 Group: System Environment/Base
-Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
-Source1: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign
+URL: http://www.us.kernel.org/pub/linux/libs/pam/index.html
+
+Source0: http://www.linux-pam.org/library/Linux-PAM-%{version}.tar.bz2
 Source2: https://fedorahosted.org/releases/p/a/pam-redhat/pam-redhat-%{pam_redhat_version}.tar.bz2
 Source5: other.pamd
 Source6: system-auth.pamd
-Source7: config-util.pamd
-Source8: dlopen.sh
-Source9: system-auth.5
-Source10: config-util.5
-Source11: 90-nproc.conf
+Source7: password-auth.pamd
+Source8: fingerprint-auth.pamd
+Source9: smartcard-auth.pamd
+Source10: config-util.pamd
+Source11: dlopen.sh
+Source12: system-auth.5
+Source13: config-util.5
+Source14: 90-nproc.conf
+Source15: pamtmp.conf
+Source16: postlogin.pamd
+Source17: postlogin.5
 Patch1:  pam-1.0.90-redhat-modules.patch
-Patch2:  pam-1.0.91-std-noclose.patch
+Patch2:  pam-1.1.6-std-noclose.patch
 Patch4:  pam-1.1.0-console-nochmod.patch
 Patch5:  pam-1.1.0-notally.patch
-Patch7:  pam-1.1.0-console-fixes.patch
-Patch8:  pam-1.1.1-authtok-prompt.patch
+Patch9:  pam-1.1.6-noflex.patch
+Patch10: pam-1.1.3-nouserenv.patch
+Patch13: pam-1.1.6-limits-user.patch
+Patch15: pam-1.1.6-full-relro.patch
+# FIPS related - non upstreamable
+Patch20: pam-1.1.5-unix-no-fallback.patch
+# Upstreamed partially
+Patch31: pam-1.1.6-use-links.patch
+Patch32: pam-1.1.7-tty-audit-init.patch
+Patch33: pam-1.1.8-translation-updates.patch
+Patch34: pam-1.1.8-canonicalize-username.patch
+Patch35: pam-1.1.8-cve-2013-7041.patch
+Patch36: pam-1.1.8-cve-2014-2583.patch
+Patch37: pam-1.1.8-loginuid-container.patch
 
 Patch700: pam-0.99.9-sg-dev.patch
 
@@ -43,16 +62,11 @@ Patch1030: pam-1.1.1_CVE-2011-3149.patch
 %define _secconfdir %{_sysconfdir}/security
 %define _pamconfdir %{_sysconfdir}/pam.d
 
-%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
-%define WITH_SELINUX 1
-%endif
-%if %{?WITH_AUDIT:0}%{!?WITH_AUDIT:1}
-%define WITH_AUDIT 1
-%endif
-
 # VINE
 %define WITH_SELINUX 0
-%define WITH_AUDIT 0
+%define WITH_AUDIT 1
+
+%global _performance_build 1
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: cracklib, cracklib-dicts >= 2.8
@@ -76,13 +90,13 @@ Requires: glibc >= 2.3.90-37
 # Following deps are necessary only to build the pam library documentation.
 BuildRequires: linuxdoc-tools, w3m, libxslt
 BuildRequires: docbook-style-xsl, docbook-dtds
-BuildRequires: db4-devel
+BuildRequires: libdb-devel
 # pam.d/login in old util-linux uses obsolete pam module.
 Conflicts: util-linux < 2.14
 
-URL: http://www.us.kernel.org/pub/linux/libs/pam/index.html
 Vendor: Project Vine
 Distribution: Vine Linux
+Packager: daisuke
 
 %description
 PAM (Pluggable Authentication Modules) is a system security tool that
@@ -170,22 +184,26 @@ mv pam-redhat-%{pam_redhat_version}/* modules
 %patch2 -p1 -b .std-noclose
 %patch4 -p1 -b .nochmod
 %patch5 -p1 -b .notally
-%patch7 -p1 -b .console-fixes
-%patch8 -p0 -b .prompt
+%patch9 -p1 -b .noflex
+%patch10 -p1 -b .nouserenv
+%patch13 -p1 -b .limits
+%patch15 -p1 -b .relro
+%patch20 -p1 -b .no-fallback
+%patch31 -p1 -b .links
+%patch32 -p1 -b .tty-audit-init
+%patch33 -p2 -b .translations
+%patch34 -p1 -b .canonicalize
+%patch35 -p1 -b .case
+%patch36 -p1 -b .timestamp-ruser
+%patch37 -p1 -b .container
 
 %patch700 -p1
 
 ## security patch(es)
-%patch1009 -p1 -b .drop-privs
-%patch1010 -p1 -b .execle
-%patch1020 -p1 -b .CVE-2011-3148
-%patch1030 -p1 -b .CVE-2011-3149
-
-libtoolize -f
-autoreconf
 
 
 %build
+autoreconf -i
 %configure \
 	--libdir=/%{_lib} \
 	--includedir=%{_includedir}/security \
@@ -196,7 +214,10 @@ autoreconf
 %if ! %{WITH_AUDIT}
 	--disable-audit \
 %endif
-	--enable-isadir=../../%{_moduledir}
+	--disable-static \
+	--enable-isadir=../../%{_moduledir} \
+	--disable-prelude
+make -C po update-gmo
 make
 # we do not use _smp_mflags because the build of sources in yacc/flex fails
 
@@ -226,15 +247,19 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment
 install -d -m 755 $RPM_BUILD_ROOT%{_pamconfdir}
 install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pamconfdir}/other
 install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pamconfdir}/system-auth
-install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
-install -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{_secconfdir}/limits.d/90-nproc.conf
+install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/password-auth
+install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_pamconfdir}/fingerprint-auth
+install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_pamconfdir}/smartcard-auth
+install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
+install -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{_pamconfdir}/postlogin
+install -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_secconfdir}/limits.d/90-nproc.conf
 install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
 install -d -m 755 $RPM_BUILD_ROOT/var/log
 install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/faillog
 install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
 
 # Install man pages.
-install -m 644 %{SOURCE9} %{SOURCE10} $RPM_BUILD_ROOT%{_mandir}/man5/
+install -m 644 %{SOURCE12} %{SOURCE13} ${SOURCE17} $RPM_BUILD_ROOT%{_mandir}/man5/
 
 for phase in auth acct passwd session ; do
 	ln -sf pam_unix.so $RPM_BUILD_ROOT%{_moduledir}/pam_unix_${phase}.so 
@@ -255,6 +280,9 @@ rm -f $RPM_BUILD_ROOT%{_moduledir}/*.la
 # Duplicate doc file sets.
 rm -fr $RPM_BUILD_ROOT/usr/share/doc/pam
 
+# Install the file for autocreation of /var/run subdirectories on boot
+install -m644 -D %{SOURCE15} $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/pam.conf
+
 # Create /lib/security in case it isn't the same as %{_moduledir}.
 install -m755 -d $RPM_BUILD_ROOT/lib/security
 
@@ -285,7 +313,7 @@ done
 /sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}
 for module in $RPM_BUILD_ROOT%{_moduledir}/pam*.so ; do
 	if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
-		 %{SOURCE8} -ldl -lpam -L$RPM_BUILD_ROOT/%{_libdir} ${module} ; then
+		 %{SOURCE11} -ldl -lpam -L$RPM_BUILD_ROOT/%{_libdir} ${module} ; then
 		echo ERROR module: ${module} cannot be loaded.
 		exit 1
 	fi
@@ -322,7 +350,11 @@ end
 %dir %{_pamconfdir}
 %config(noreplace) %{_pamconfdir}/other
 %config(noreplace) %{_pamconfdir}/system-auth
+%config(noreplace) %{_pamconfdir}/password-auth
+%config(noreplace) %{_pamconfdir}/fingerprint-auth
+%config(noreplace) %{_pamconfdir}/smartcard-auth
 %config(noreplace) %{_pamconfdir}/config-util
+%config(noreplace) %{_pamconfdir}/postlogin
 %doc Copyright
 %doc doc/txts
 %doc doc/sag/*.txt doc/sag/html
@@ -422,6 +454,7 @@ end
 %endif
 %ghost %verify(not md5 size mtime) /var/log/faillog
 %ghost %verify(not md5 size mtime) /var/log/tallylog
+%{_prefix}/lib/tmpfiles.d/pam.conf
 %{_mandir}/man5/*
 %{_mandir}/man8/*
 
@@ -433,7 +466,6 @@ end
 %{_libdir}/libpam.so
 %{_libdir}/libpamc.so
 %{_libdir}/libpam_misc.so
-%doc doc/mwg/*.txt doc/mwg/html
 %doc doc/adg/*.txt doc/adg/html
 
 
@@ -512,6 +544,10 @@ end
 
 
 %changelog
+* Tue Jun 17 2014 Daisuke SUZUKI <daisuke@vinelinux.org> 1.1.8-1
+- update to 1.1.8
+- add default password-auth, fingerprint-auth, smartcard-auth and postlogin
+
 * Wed Oct 26 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.1.1-8
 - add patch1020 for fix CVE-2011-3148 (parsing environment)
 - add patch1030 for fix CVE-2011-3149 (parsing environment)
@@ -613,7 +649,7 @@ end
 * Mon Jan 14 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-15
 - merge review fixes (#226228)
 
-* Wed Jan  8 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-14
+* Tue Jan  8 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-14
 - support for sha256 and sha512 password hashes
 - account expiry checks moved to unix_chkpwd helper
 
@@ -713,10 +749,10 @@ end
 - revert to old euid and not ruid when setting euid in pam_keyinit (#219486)
 - rename selinux-namespace patch to namespace-level
 
-* Thu Dec 1 2006 Dan Walsh <dwalsh@redhat.com> 0.99.6.2-7
+* Fri Dec 1 2006 Dan Walsh <dwalsh@redhat.com> 0.99.6.2-7
 - fix selection of role
 
-* Thu Dec 1 2006 Dan Walsh <dwalsh@redhat.com> 0.99.6.2-6
+* Fri Dec 1 2006 Dan Walsh <dwalsh@redhat.com> 0.99.6.2-6
 - add possibility to pam_namespace to only change MLS component
 - Resolves: Bug #216184
 
@@ -1111,10 +1147,10 @@ support)
 * Tue May 18 2004 Phil Knirsch <pknirsch@redhat.com> 0.77-41
 - Fixed 64bit segfault in pam_succeed_if module.
 
-* Thu Apr 14 2004 Dan Walsh <dwalsh@redhat.com> 0.77-40
+* Wed Apr 14 2004 Dan Walsh <dwalsh@redhat.com> 0.77-40
 - Apply changes from audit.
 
-* Tue Apr 12 2004 Dan Walsh <dwalsh@redhat.com> 0.77-39
+* Mon Apr 12 2004 Dan Walsh <dwalsh@redhat.com> 0.77-39
 - Change to only report failure on relabel if debug
 
 * Wed Mar 3 2004 Dan Walsh <dwalsh@redhat.com> 0.77-38
@@ -1132,7 +1168,7 @@ support)
 * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
 - rebuilt
 
-* Tue Feb 12 2004 Nalin Dahyabhai <nalin@redhat.com>
+* Thu Feb 12 2004 Nalin Dahyabhai <nalin@redhat.com>
 - pam_unix: also log successful password changes when using shadowed passwords
 
 * Tue Feb 10 2004 Dan Walsh <dwalsh@redhat.com> 0.77-33
@@ -1384,7 +1420,7 @@ support)
 * Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-21
 - pam_userdb: build with db4 instead of db3
 
-* Wed Nov 22 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-20
+* Thu Nov 22 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-20
 - pam_stack: fix some memory leaks (reported by Fernando Trias)
 - pam_chroot: integrate Owl patch to report the more common causes of failures
 
@@ -1671,7 +1707,7 @@ support)
 * Mon Dec 18 2000 Nalin Dahyabhai <nalin@redhat.com>
 - refresh from CVS -- some weird stuff crept into pam_unix
 
-* Wed Dec 12 2000 Nalin Dahyabhai <nalin@redhat.com>
+* Tue Dec 12 2000 Nalin Dahyabhai <nalin@redhat.com>
 - fix handling of "nis" when changing passwords by adding the checks for the
   data source to the password-updating module in pam_unix
 - add the original copyright for pam_access (fix from Michael Gerdts)
@@ -1764,10 +1800,10 @@ support)
 - add a broken_shadow option to pam_unix
 - add all module README files to the documentation list (#16456)
 
-* Wed Jul 25 2000 Nalin Dahyabhai <nalin@redhat.com>
+* Tue Jul 25 2000 Nalin Dahyabhai <nalin@redhat.com>
 - fix pam_stack debug and losing-track-of-the-result bug
 
-* Tue Jul 24 2000 Nalin Dahyabhai <nalin@redhat.com>
+* Mon Jul 24 2000 Nalin Dahyabhai <nalin@redhat.com>
 - rework pam_console's usage of syslog to actually be sane (#14646)
 
 * Sat Jul 22 2000 Nalin Dahyabhai <nalin@redhat.com>