|
@@ -1,14 +1,15 @@
|
|
|
+%bcond_with systemd
|
|
|
+%define pam_redhat_version 1.1.3
|
|
|
+
|
|
|
%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
|
|
|
|
|
|
-%define pam_redhat_version 1.1.2
|
|
|
|
|
|
Summary: A security tool which provides authentication for applications
|
|
|
Summary(ja): アプリケーションに認証の仕組みを提供するセキュリティツール
|
|
|
Name: pam
|
|
|
-Version: 1.3.1
|
|
|
-Release: 1%{?_dist_release}
|
|
|
+Version: 1.4.0
|
|
|
+Release: 1%{?_dist_release}%{?with_systemd:.systemd}
|
|
|
Group: System Environment/Base
|
|
|
-
|
|
|
Vendor: Project Vine
|
|
|
Distribution: Vine Linux
|
|
|
Packager: daisuke
|
|
@@ -34,47 +35,24 @@ Source15: pamtmp.conf
|
|
|
Source16: postlogin.pamd
|
|
|
Source17: postlogin.5
|
|
|
Source18: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
|
|
-Patch1: pam-1.3.1-redhat-modules.patch
|
|
|
-Patch9: pam-1.3.1-noflex.patch
|
|
|
-Patch10: pam-1.1.3-nouserenv.patch
|
|
|
+Patch1: pam-1.4.0-redhat-modules.patch
|
|
|
+Patch9: pam-1.4.0-noflex.patch
|
|
|
+Patch10: pam-1.4.0-nouserenv.patch
|
|
|
Patch13: pam-1.1.6-limits-user.patch
|
|
|
-Patch15: pam-1.1.8-full-relro.patch
|
|
|
+Patch15: pam-1.4.0-full-relro.patch
|
|
|
# Upstreamed partially
|
|
|
-Patch29: pam-1.3.0-pwhistory-helper.patch
|
|
|
+Patch29: pam-1.4.0-pwhistory-helper.patch
|
|
|
Patch31: pam-1.1.8-audit-user-mgmt.patch
|
|
|
Patch33: pam-1.3.0-unix-nomsg.patch
|
|
|
-Patch34: pam-1.3.1-coverity.patch
|
|
|
-# https://github.com/linux-pam/linux-pam/commit/a2b72aeb86f297d349bc9e6a8f059fedf97a499a
|
|
|
-Patch36: pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch
|
|
|
-# https://github.com/linux-pam/linux-pam/commit/f7abb8c1ef3aa31e6c2564a8aaf69683a77c2016.patch
|
|
|
-Patch37: pam-1.3.1-unix-bcrypt_b.patch
|
|
|
-# https://github.com/linux-pam/linux-pam/commit/dce80b3f11b3c3aa137d18f22699809094dd64b6
|
|
|
-Patch38: pam-1.3.1-unix-gensalt-autoentropy.patch
|
|
|
-Patch39: pam-1.3.1-unix-crypt_checksalt.patch
|
|
|
-# https://github.com/linux-pam/linux-pam/commit/16bd523f85ede9fa9115f80e826f2d803d7e61d4
|
|
|
-Patch40: pam-1.3.1-unix-yescrypt.patch
|
|
|
-# To be upstreamed soon.
|
|
|
-Patch41: pam-1.3.1-unix-no-fallback.patch
|
|
|
-# https://github.com/linux-pam/linux-pam/commit/f9c9c72121eada731e010ab3620762bcf63db08f
|
|
|
-# https://github.com/linux-pam/linux-pam/commit/8eaf5570cf011148a0b55c53570df5edaafebdb0
|
|
|
-Patch42: pam-1.3.1-motd-multiple-paths.patch
|
|
|
-# https://github.com/linux-pam/linux-pam/commit/86eed7ca01864b9fd17099e57f10f2b9b6b568a1
|
|
|
-Patch43: pam-1.3.1-unix-checksalt_syslog.patch
|
|
|
-# https://github.com/linux-pam/linux-pam/commit/d8d11db2cef65da5d2afa7acf21aa9c8cd88abed
|
|
|
-Patch44: pam-1.3.1-unix-fix_checksalt_syslog.patch
|
|
|
-Patch45: pam-1.3.1-namespace-mntopts.patch
|
|
|
-Patch46: pam-1.3.1-lastlog-no-showfailed.patch
|
|
|
-Patch47: pam-1.3.1-lastlog-unlimited-fsize.patch
|
|
|
-Patch48: pam-1.3.1-unix-improve-logging.patch
|
|
|
-Patch49: pam-1.3.1-tty-audit-manfix.patch
|
|
|
-Patch50: pam-1.3.1-fds-closing.patch
|
|
|
-Patch51: pam-1.3.1-authtok-verify-fix.patch
|
|
|
-Patch52: pam-1.3.1-add-pam_usertype.patch
|
|
|
-Patch53: pam-1.3.1-add-pam_usertype-fix-backport.patch
|
|
|
-Patch54: pam-1.3.1-pam_selinux-check-unknown-objects.patch
|
|
|
-
|
|
|
-
|
|
|
-Patch1000: pam-1.3.1-ja.po.patch
|
|
|
+Patch34: pam-1.4.0-coverity.patch
|
|
|
+# https://github.com/linux-pam/linux-pam/commit/af0faf666c5008e54dfe43684f210e3581ff1bca
|
|
|
+# https://github.com/linux-pam/linux-pam/commit/0e9b286afe1224b91ff00936058b084ad4b776e4
|
|
|
+Patch57: pam-1.4.0-determine-user-exists.patch
|
|
|
+# https://github.com/linux-pam/linux-pam/commit/395915dae1571e10e2766c999974de864655ea3a
|
|
|
+Patch58: pam-1.3.1-faillock-change-file-permissions.patch
|
|
|
+
|
|
|
+
|
|
|
+Patch1000: pam-1.4.0-ja.po.patch
|
|
|
|
|
|
%define _sbindir /sbin
|
|
|
%define _moduledir /%{_lib}/security
|
|
@@ -208,33 +186,17 @@ cp %{SOURCE18} .
|
|
|
%patch31 -p1 -b .audit-user-mgmt
|
|
|
%patch33 -p1 -b .nomsg
|
|
|
%patch34 -p1 -b .coverity
|
|
|
-%patch36 -p1 -b .remove-prototype
|
|
|
-%patch37 -p1 -b .bcrypt_b
|
|
|
-%patch38 -p1 -b .gensalt-autoentropy
|
|
|
-%patch39 -p1 -b .crypt_checksalt
|
|
|
-%patch40 -p1 -b .yescrypt
|
|
|
-%patch41 -p1 -b .no-fallback
|
|
|
-%patch42 -p1 -b .multiple-paths
|
|
|
-%patch43 -p1 -b .checksalt_syslog
|
|
|
-%patch44 -p1 -b .fix_checksalt_syslog
|
|
|
-%patch45 -p1 -b .mntopts
|
|
|
-%patch46 -p1 -b .no-showfailed
|
|
|
-%patch47 -p1 -b .unlimited-fsize
|
|
|
-%patch48 -p1 -b .improve-logging
|
|
|
-%patch49 -p1 -b .tty-audit-manfix
|
|
|
-%patch50 -p1 -b .fds-closing
|
|
|
-%patch51 -p1 -b .authtok-verify-fix
|
|
|
-%patch52 -p1 -b .add-pam_usertype
|
|
|
-%patch53 -p1 -b .add-pam_usertype-backport
|
|
|
-%patch54 -p1 -b .pam_selinux-check-unknown-objects
|
|
|
+%patch57 -p1 -b .determinine-user-exists
|
|
|
+%patch58 -p1 -b .faillock-change-file-permissions
|
|
|
|
|
|
%patch1000 -p1 -b .ja
|
|
|
|
|
|
## security patch(es)
|
|
|
|
|
|
+autoreconf -i
|
|
|
+
|
|
|
|
|
|
%build
|
|
|
-autoreconf -i
|
|
|
%configure \
|
|
|
--disable-rpath \
|
|
|
--libdir=/%{_lib} \
|
|
@@ -318,12 +280,18 @@ rm -f %{buildroot}%{_moduledir}/*.la
|
|
|
# Duplicate doc file sets.
|
|
|
rm -fr %{buildroot}/usr/share/doc/pam
|
|
|
|
|
|
-# Install the file for autocreation of /var/run subdirectories on boot
|
|
|
-install -m644 -D %{SOURCE15} %{buildroot}%{_prefix}/lib/tmpfiles.d/pam.conf
|
|
|
-
|
|
|
# Create /lib/security in case it isn't the same as %{_moduledir}.
|
|
|
install -m755 -d %{buildroot}/lib/security
|
|
|
|
|
|
+%if %{with systemd}
|
|
|
+# Install the file for autocreation of /run subdirectories on boot
|
|
|
+install -m644 -D %{SOURCE15} %{buildroot}%{_prefix}/lib/tmpfiles.d/pam.conf
|
|
|
+mkdir -p %{buildroot}%{_unitdir}
|
|
|
+mv %{buildroot}/usr/lib/systemd/system/pam_namespace.service %{buildroot}%{_unitdir}/
|
|
|
+%else
|
|
|
+rm -f %{buildroot}/usr/lib/systemd/system/pam_namespace.service
|
|
|
+%endif
|
|
|
+
|
|
|
%find_lang Linux-PAM
|
|
|
|
|
|
|
|
@@ -340,6 +308,7 @@ if [ -d ${dir} ] ; then
|
|
|
%endif
|
|
|
[ ${dir} = "modules/pam_tally" ] && continue
|
|
|
[ ${dir} = "modules/pam_tally2" ] && continue
|
|
|
+ [ ${dir} = "modules/pam_cracklib" ] && continue
|
|
|
if ! ls -1 %{buildroot}%{_moduledir}/`basename ${dir}`*.so ; then
|
|
|
echo ERROR `basename ${dir}` did not build a module.
|
|
|
exit 1
|
|
@@ -377,6 +346,8 @@ if posix.access("/etc/rc.d/init.d/sshd", "x") then
|
|
|
os.execute("/etc/rc.d/init.d/sshd condrestart")
|
|
|
end
|
|
|
|
|
|
+%preun
|
|
|
+
|
|
|
%postun -p /sbin/ldconfig
|
|
|
|
|
|
%post -n compat32-%{name} -p /sbin/ldconfig
|
|
@@ -402,8 +373,9 @@ end
|
|
|
/%{_lib}/libpam.so.*
|
|
|
/%{_lib}/libpamc.so.*
|
|
|
/%{_lib}/libpam_misc.so.*
|
|
|
-%{_sbindir}/pam_console_apply
|
|
|
%{_sbindir}/faillock
|
|
|
+%{_sbindir}/pam_console_apply
|
|
|
+%{_sbindir}/pam_namespace_helper
|
|
|
%attr(4755,root,root) %{_sbindir}/pam_timestamp_check
|
|
|
%attr(4755,root,root) %{_sbindir}/unix_chkpwd
|
|
|
%attr(0700,root,root) %{_sbindir}/unix_update
|
|
@@ -416,7 +388,6 @@ end
|
|
|
%{_moduledir}/pam_access.so
|
|
|
%{_moduledir}/pam_chroot.so
|
|
|
%{_moduledir}/pam_console.so
|
|
|
-%{_moduledir}/pam_cracklib.so
|
|
|
%{_moduledir}/pam_debug.so
|
|
|
%{_moduledir}/pam_deny.so
|
|
|
%{_moduledir}/pam_echo.so
|
|
@@ -450,6 +421,7 @@ end
|
|
|
%{_moduledir}/pam_sepermit.so
|
|
|
%endif
|
|
|
%{_moduledir}/pam_securetty.so
|
|
|
+%{_moduledir}/pam_setquota.so
|
|
|
%{_moduledir}/pam_shells.so
|
|
|
%{_moduledir}/pam_stress.so
|
|
|
%{_moduledir}/pam_succeed_if.so
|
|
@@ -502,9 +474,12 @@ end
|
|
|
%endif
|
|
|
%ghost %verify(not md5 size mtime) /var/log/faillog
|
|
|
%ghost %verify(not md5 size mtime) /var/log/tallylog
|
|
|
-%{_prefix}/lib/tmpfiles.d/pam.conf
|
|
|
%{_mandir}/man5/*
|
|
|
%{_mandir}/man8/*
|
|
|
+%if %{with systemd}
|
|
|
+%{_prefix}/lib/tmpfiles.d/pam.conf
|
|
|
+%{_unitdir}/pam_namespace.service
|
|
|
+%endif
|
|
|
|
|
|
|
|
|
%files devel
|
|
@@ -529,7 +504,6 @@ end
|
|
|
%{_moduledir}/pam_access.so
|
|
|
%{_moduledir}/pam_chroot.so
|
|
|
%{_moduledir}/pam_console.so
|
|
|
-%{_moduledir}/pam_cracklib.so
|
|
|
%{_moduledir}/pam_debug.so
|
|
|
%{_moduledir}/pam_deny.so
|
|
|
%{_moduledir}/pam_echo.so
|
|
@@ -562,6 +536,7 @@ end
|
|
|
%{_moduledir}/pam_sepermit.so
|
|
|
%endif
|
|
|
%{_moduledir}/pam_securetty.so
|
|
|
+%{_moduledir}/pam_setquota.so
|
|
|
%{_moduledir}/pam_shells.so
|
|
|
%{_moduledir}/pam_stress.so
|
|
|
%{_moduledir}/pam_succeed_if.so
|
|
@@ -592,10 +567,15 @@ end
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
+* Sat Jul 04 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.4.0-1
|
|
|
+- updated to 1.4.0.
|
|
|
+- updated rawhide's patches.
|
|
|
+- updated Patch1000 (ja.po).
|
|
|
+
|
|
|
* Tue Mar 24 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.3.1-1
|
|
|
- updated to 1.3.1.
|
|
|
- updated rawhide's patches.
|
|
|
-- updated Patch1000.
|
|
|
+- updated Patch1000 (ja.po).
|
|
|
|
|
|
* Thu Nov 09 2017 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.3.0-2
|
|
|
- updated ja.po.
|