|
|
@@ -5,8 +5,8 @@
|
|
|
Summary: A security tool which provides authentication for applications
|
|
|
Summary(ja): アプリケーションに認証の仕組みを提供するセキュリティツール
|
|
|
Name: pam
|
|
|
-Version: 1.1.8
|
|
|
-Release: 2%{?_dist_release}
|
|
|
+Version: 1.3.0
|
|
|
+Release: 1%{?_dist_release}
|
|
|
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
|
|
|
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+
|
|
|
License: BSD and GPLv2+
|
|
|
@@ -28,34 +28,23 @@ Source14: 90-nproc.conf
|
|
|
Source15: pamtmp.conf
|
|
|
Source16: postlogin.pamd
|
|
|
Source17: postlogin.5
|
|
|
-Patch1: pam-1.0.90-redhat-modules.patch
|
|
|
-Patch2: pam-1.1.6-std-noclose.patch
|
|
|
+Patch1: pam-1.2.0-redhat-modules.patch
|
|
|
Patch4: pam-1.1.0-console-nochmod.patch
|
|
|
Patch5: pam-1.1.0-notally.patch
|
|
|
+Patch7: pam-1.2.1-faillock.patch
|
|
|
+Patch8: pam-1.2.1-faillock-admin-group.patch
|
|
|
Patch9: pam-1.1.6-noflex.patch
|
|
|
Patch10: pam-1.1.3-nouserenv.patch
|
|
|
Patch13: pam-1.1.6-limits-user.patch
|
|
|
-Patch15: pam-1.1.6-full-relro.patch
|
|
|
+Patch15: pam-1.1.8-full-relro.patch
|
|
|
# FIPS related - non upstreamable
|
|
|
-Patch20: pam-1.1.5-unix-no-fallback.patch
|
|
|
+Patch20: pam-1.2.0-unix-no-fallback.patch
|
|
|
+Patch28: pam-1.1.1-console-errmsg.patch
|
|
|
# Upstreamed partially
|
|
|
-Patch31: pam-1.1.6-use-links.patch
|
|
|
-Patch32: pam-1.1.7-tty-audit-init.patch
|
|
|
-Patch33: pam-1.1.8-translation-updates.patch
|
|
|
-Patch34: pam-1.1.8-canonicalize-username.patch
|
|
|
-Patch35: pam-1.1.8-cve-2013-7041.patch
|
|
|
-Patch36: pam-1.1.8-cve-2014-2583.patch
|
|
|
-Patch37: pam-1.1.8-loginuid-container.patch
|
|
|
-
|
|
|
-Patch700: pam-0.99.9-sg-dev.patch
|
|
|
-
|
|
|
-## security patch(es)
|
|
|
-# fix CVE-2010-3435 and CVE-2010-3316
|
|
|
-Patch1009: pam-1.1.1-drop-privs.patch
|
|
|
-# fix CVE-2010-3853
|
|
|
-Patch1010: pam-1.1.1-cve-2010-3853.patch
|
|
|
-Patch1020: pam-1.1.1_CVE-2011-3148.patch
|
|
|
-Patch1030: pam-1.1.1_CVE-2011-3149.patch
|
|
|
+Patch29: pam-1.3.0-pwhistory-helper.patch
|
|
|
+Patch31: pam-1.1.8-audit-user-mgmt.patch
|
|
|
+Patch32: pam-1.2.1-console-devname.patch
|
|
|
+Patch33: pam-1.3.0-unix-nomsg.patch
|
|
|
|
|
|
%define _sbindir /sbin
|
|
|
%define _moduledir /%{_lib}/security
|
|
|
@@ -80,7 +69,6 @@ BuildRequires: cracklib, cracklib-dicts >= 2.8
|
|
|
BuildRequires: perl, pkgconfig, gettext
|
|
|
%if %{WITH_AUDIT}
|
|
|
BuildRequires: audit-libs-devel >= 1.0.8
|
|
|
-Requires: audit-libs >= 1.0.8
|
|
|
%endif
|
|
|
%if %{WITH_SELINUX}
|
|
|
BuildRequires: libselinux-devel >= 1.33.2
|
|
|
@@ -182,23 +170,20 @@ PAM (Pluggable Authentication Modules) は,システム管理者が
|
|
|
mv pam-redhat-%{pam_redhat_version}/* modules
|
|
|
|
|
|
%patch1 -p1 -b .redhat-modules
|
|
|
-%patch2 -p1 -b .std-noclose
|
|
|
%patch4 -p1 -b .nochmod
|
|
|
%patch5 -p1 -b .notally
|
|
|
+%patch7 -p1 -b .faillock
|
|
|
+%patch8 -p1 -b .admin-group
|
|
|
%patch9 -p1 -b .noflex
|
|
|
%patch10 -p1 -b .nouserenv
|
|
|
%patch13 -p1 -b .limits
|
|
|
%patch15 -p1 -b .relro
|
|
|
%patch20 -p1 -b .no-fallback
|
|
|
-%patch31 -p1 -b .links
|
|
|
-%patch32 -p1 -b .tty-audit-init
|
|
|
-%patch33 -p2 -b .translations
|
|
|
-%patch34 -p1 -b .canonicalize
|
|
|
-%patch35 -p1 -b .case
|
|
|
-%patch36 -p1 -b .timestamp-ruser
|
|
|
-%patch37 -p1 -b .container
|
|
|
-
|
|
|
-%patch700 -p1
|
|
|
+%patch28 -p1 -b .errmsg
|
|
|
+%patch29 -p1 -b .pwhhelper
|
|
|
+%patch31 -p1 -b .audit-user-mgmt
|
|
|
+%patch32 -p1 -b .devname
|
|
|
+%patch33 -p1 -b .nomsg
|
|
|
|
|
|
## security patch(es)
|
|
|
|
|
|
@@ -206,6 +191,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
|
|
|
%build
|
|
|
autoreconf -i
|
|
|
%configure \
|
|
|
+ --disable-rpath \
|
|
|
--libdir=/%{_lib} \
|
|
|
--includedir=%{_includedir}/security \
|
|
|
--enable-isadir=../..%{_moduledir} \
|
|
|
@@ -216,7 +202,6 @@ autoreconf -i
|
|
|
--disable-audit \
|
|
|
%endif
|
|
|
--disable-static \
|
|
|
- --enable-isadir=../../%{_moduledir} \
|
|
|
--disable-prelude
|
|
|
make -C po update-gmo
|
|
|
make
|
|
|
@@ -365,10 +350,12 @@ end
|
|
|
/%{_lib}/libpam_misc.so.*
|
|
|
%{_sbindir}/pam_console_apply
|
|
|
%{_sbindir}/pam_tally2
|
|
|
+%{_sbindir}/faillock
|
|
|
%attr(4755,root,root) %{_sbindir}/pam_timestamp_check
|
|
|
%attr(4755,root,root) %{_sbindir}/unix_chkpwd
|
|
|
%attr(0700,root,root) %{_sbindir}/unix_update
|
|
|
%attr(0755,root,root) %{_sbindir}/mkhomedir_helper
|
|
|
+%attr(0755,root,root) %{_sbindir}/pwhistory_helper
|
|
|
%if %{_lib} != lib
|
|
|
%dir /lib/security
|
|
|
%endif
|
|
|
@@ -383,6 +370,7 @@ end
|
|
|
%{_moduledir}/pam_env.so
|
|
|
%{_moduledir}/pam_exec.so
|
|
|
%{_moduledir}/pam_faildelay.so
|
|
|
+%{_moduledir}/pam_faillock.so
|
|
|
%{_moduledir}/pam_filter.so
|
|
|
%{_moduledir}/pam_ftp.so
|
|
|
%{_moduledir}/pam_group.so
|
|
|
@@ -545,6 +533,11 @@ end
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
+* Sat Sep 09 2017 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.3.0-1
|
|
|
+- updated to 1.3.0.
|
|
|
+- dropped all patches.
|
|
|
+- imported patches from rawhide.
|
|
|
+
|
|
|
* Sat Feb 13 2016 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.1.8-2
|
|
|
- add Requires: libpwquality
|
|
|
|
tomop