Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pam-devel-1.7.0-2.1 RPM for i586

From OpenSuSE Ports Tumbleweed for i586

Name: pam-devel Distribution: openSUSE Tumbleweed
Version: 1.7.0 Vendor: openSUSE
Release: 2.1 Build date: Thu Dec 5 13:44:33 2024
Group: Development/Libraries/C and C++ Build host: reproducible
Size: 51464 Source RPM: pam-1.7.0-2.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://github.com/linux-pam/linux-pam
Summary: Include Files and Libraries for PAM Development
PAM (Pluggable Authentication Modules) is a system security tool which
allows system administrators to set authentication policy without
having to recompile programs which do authentication.

This package contains header files and static libraries used for
building both PAM-aware applications and modules for use with PAM.

Provides

Requires

License

GPL-2.0-or-later OR BSD-3-Clause

Changelog

* Thu Dec 05 2024 Valentin Lefebvre <[email protected]>
  - pam_access: rework resolving of tokens as hostname
    - separate resolving of IP addresses from hostnames. Don't resolve TTYs or
      display variables as hostname.
    - Add "nodns" option to disallow resolving of tokens as hostname.
    - [pam_access-rework-resolving-of-tokens-as-hostname.patch, bsc#1233078,
    CVE-2024-10963]
* Thu Oct 24 2024 Thorsten Kukuk <[email protected]>
  - Update to version 1.7.0
    - build: changed build system from autotools to meson.
    - libpam_misc: use ECHOCTL in the terminal input
    - pam_access: support UID and GID in access.conf
    - pam_env: install environment file in vendordir if vendordir is enabled
    - pam_issue: only count class user if logind support is enabled
    - pam_limits: use systemd-logind instead of utmp if logind support is enabled
    - pam_unix: compare password hashes in constant time
    - Multiple minor bug fixes, build fixes, portability fixes,
      documentation improvements, and translation updates.
  - Drop upstream patches:
    - pam-bsc1194818-cursor-escape.patch
    - pam_limits-systemd.patch
    - pam_issue-systemd.patch
* Thu Sep 12 2024 Thorsten Kukuk <[email protected]>
  - baselibs.conf: add pam-userdb
* Tue Sep 10 2024 Thorsten Kukuk <[email protected]>
  - pam_limits-systemd.patch: update to final PR
* Fri Sep 06 2024 Thorsten Kukuk <[email protected]>
  - Add systemd-logind support to pam_limits (pam_limits-systemd.patch)
  - Remove /usr/etc/pam.d, everything should be migrated
  - Remove pam_limits from default common-sessions* files. pam_limits
    is now part of pam-extra and not in our default generated config.
  - pam_issue-systemd.patch: only count class user sessions
* Wed Aug 07 2024 Stanislav Brabec <[email protected]>
  - Prevent cursor escape from the login prompt [bsc#1194818]
    * Added: pam-bsc1194818-cursor-escape.patch
* Wed Apr 10 2024 Thorsten Kukuk <[email protected]>
  - Update to version 1.6.1
    - pam_env: fixed --disable-econf --enable-vendordir support.
    - pam_unix: do not warn if password aging is disabled.
    - pam_unix: try to set uid to 0 before unix_chkpwd invocation.
    - pam_unix: allow empty passwords with non-empty hashes.
    - Multiple minor bug fixes, build fixes, portability fixes,
      documentation improvements, and translation updates.
  - Remove backports:
    - pam_env-fix_vendordir.patch
    - pam_env-fix-enable-vendordir-fallback.patch
    - pam_env-remove-escaped-newlines.patch
    - pam_unix-fix-password-aging-disabled.patch
* Thu Feb 22 2024 Valentin Lefebvre <[email protected]>
  - Use autosetup to prepare for RPM 4.20.
* Wed Feb 07 2024 Thorsten Kukuk <[email protected]>
  - pam.tmpfiles: Make sure the content of the /run directories get
    removed in case of a soft-reboot
* Tue Jan 30 2024 Thorsten Kukuk <[email protected]>
  - Enable pam_canonicalize_user.so
* Fri Jan 19 2024 Thorsten Kukuk <[email protected]>
  - Add post 1.6.0 release fixes for pam_env and pam_unix:
    - pam_env-fix-enable-vendordir-fallback.patch
    - pam_env-fix_vendordir.patch
    - pam_env-remove-escaped-newlines.patch
    - pam_unix-fix-password-aging-disabled.patch
  - Update to version 1.6.0
    - Added support of configuration files with arbitrarily long lines.
    - build: fixed build outside of the source tree.
    - libpam: added use of getrandom(2) as a source of randomness if available.
    - libpam: fixed calculation of fail delay with very long delays.
    - libpam: fixed potential infinite recursion with includes.
    - libpam: implemented string to number conversions validation when parsing
      controls in configuration.
    - pam_access: added quiet_log option.
    - pam_access: fixed truncation of very long group names.
    - pam_canonicalize_user: new module to canonicalize user name.
    - pam_echo: fixed file handling to prevent overflows and short reads.
    - pam_env: added support of '\' character in environment variable values.
    - pam_exec: allowed expose_authtok for password PAM_TYPE.
    - pam_exec: fixed stack overflow with binary output of programs.
    - pam_faildelay: implemented parameter ranges validation.
    - pam_listfile: changed to treat \r and \n exactly the same in configuration.
    - pam_mkhomedir: hardened directory creation against timing attacks.
    - Please note that using *at functions leads to more open file handles
      during creation.
    - pam_namespace: fixed potential local DoS (CVE-2024-22365).
    - pam_nologin: fixed file handling to prevent short reads.
    - pam_pwhistory: helper binary is now built only if SELinux support is
      enabled.
    - pam_pwhistory: implemented reliable usernames handling when remembering
      passwords.
    - pam_shells: changed to allow shell entries with absolute paths only.
    - pam_succeed_if: fixed treating empty strings as numerical value 0.
    - pam_unix: added support of disabled password aging.
    - pam_unix: synchronized password aging with shadow.
    - pam_unix: implemented string to number conversions validation.
    - pam_unix: fixed truncation of very long user names.
    - pam_unix: corrected rounds retrieval for configured encryption method.
    - pam_unix: implemented reliable usernames handling when remembering
      passwords.
    - pam_unix: changed to always run the helper to obtain shadow password
      entries.
    - pam_unix: unix_update helper binary is now built only if SELinux support
      is enabled.
    - pam_unix: added audit support to unix_update helper.
    - pam_userdb: added gdbm support.
    - Multiple minor bug fixes, portability fixes, documentation improvements,
      and translation updates.
  - The following patches are obsolete with the update:
    - pam_access-doc-IPv6-link-local.patch
    - pam_access-hostname-debug.patch
    - pam_shells-fix-econf-memory-leak.patch
    - pam_shells-fix-econf-memory-leak.patch
    - disable-examples.patch
  - pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS
    is no longer used.
* Wed Aug 23 2023 Thorsten Kukuk <[email protected]>
  - Fix building without SELinux
* Mon Aug 07 2023 Thorsten Kukuk <[email protected]>
  - pam_access backports from upstream:
    - pam_access-doc-IPv6-link-local.patch:
      Document only partial supported IPv6 link local addresses
    - pam_access-hostname-debug.patch:
      Don't print error if we cannot resolve a hostname, does not
      need to be a hostname
    - pam_shells-fix-econf-memory-leak.patch:
      Free econf keys variable
    - disable-examples.patch:
      Don't build examples
* Tue May 09 2023 Thorsten Kukuk <[email protected]>
  - Update to final 1.5.3 release:
    - configure: added --enable-logind option to use logind instead of utmp
      in pam_issue and pam_timestamp.
    - pam_modutil_getlogin: changed to use getlogin() from libc instead of
      parsing utmp.
    - Added libeconf support to pam_env and pam_shells.
    - Added vendor directory support to pam_access, pam_env, pam_group,
      pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit,
      pam_shells, and pam_time.
    - pam_limits: changed to not fail on missing config files.
    - pam_pwhistory: added conf= option to specify config file location.
    - pam_pwhistory: added file= option to specify password history file
      location.
    - pam_shells: added shells.d support when libeconf and vendordir are enabled.
    - Deprecated pam_lastlog: this module is no longer built by default because
      it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe,
      even on 64bit architectures.
      pam_lastlog will be removed in one of the next releases, consider using
      pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or
      pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead.
    - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply()
      macros provided by _pam_macros.h; the memory override performed by these
      macros can be optimized out by the compiler and therefore can no longer
      be relied upon.
* Thu Apr 20 2023 Thorsten Kukuk <[email protected]>
  - pam-extra: add split provide
* Wed Apr 12 2023 Thorsten Kukuk <[email protected]>
  - pam-userdb: add split provide
* Tue Apr 11 2023 Thorsten Kukuk <[email protected]>
  - Drop pam-xauth_ownership.patch, got fixed in sudo itself
  - Drop pam-bsc1177858-dont-free-environment-string.patch, was a
    fix for above patch
* Thu Apr 06 2023 Thorsten Kukuk <[email protected]>
  - Use bcond selinux to disable SELinux
  - Remove old pam_unix_* compat symlinks
  - Move pam_userdb to own pam-userdb sub-package
  - pam-extra contains now modules having extended dependencies like
    libsystemd
  - Update to 1.5.3.90 git snapshot
  - Drop merged patches:
    - pam-git.diff
    - docbook5.patch
    - pam_pwhistory-docu.patch
    - pam_xauth_data.3.xml.patch
  - Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all
    documentation anyways and don't use the prebuild versions
  - Move all devel manual pages to pam-manpages, too. Fixes the
    problem that adjusted defaults not shown correct.
* Mon Mar 20 2023 Thorsten Kukuk <[email protected]>
  - Add common-session-nonlogin and postlogin-* pam.d config files
    for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2
    and upcoming pam_wtmpdb.
* Fri Mar 10 2023 Giuliano Belinassi <[email protected]>
  - Enable livepatching support on x86_64.
* Tue Jan 24 2023 Valentin Lefebvre <[email protected]>
  - Use rpm macros for pam dist conf dir (/usr/etc/security)
* Wed Jan 18 2023 Stefan Schubert <[email protected]>
  - Moved following files/dirs in /etc/security to vendor directory:
    access.conf, limits.d, sepermit.conf, time.conf, namespace.conf,
    namespace.d, namespace.init
* Sat Dec 24 2022 Dominique Leuenberger <[email protected]>
  - Also obsolete pam_unix-32bit to have clean upgrade path.
* Fri Dec 16 2022 Thorsten Kukuk <[email protected]>
  - Merge pam_unix back into pam, seperate package not needed anymore
* Thu Dec 15 2022 Thorsten Kukuk <[email protected]>
  - Update pam-git.diff to current upstream
    - pam_env: Use vendor specific pam_env.conf and environment as fallback
    - pam_shells: Use the vendor directory
    obsoletes pam_env_econf.patch
  - Refresh docbook5.patch
* Tue Dec 06 2022 Thorsten Kukuk <[email protected]>
  - pam_pwhistory-docu.patch, docbook5.patch: convert docu to
    docbook5
* Thu Dec 01 2022 Thorsten Kukuk <[email protected]>
  - pam-git.diff: update to current git
    - obsoletes pam-hostnames-in-access_conf.patch
    - obsoletes tst-pam_env-retval.c
  - pam_env_econf.patch refresh
* Tue Nov 22 2022 Thorsten Kukuk <[email protected]>
  - Move pam_env config files below /usr/etc
* Tue Oct 11 2022 Stefan Schubert <[email protected]>
  - pam_env: Using libeconf for reading configuration and environment
    files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c)
* Fri Jun 17 2022 Thorsten Kukuk <[email protected]>
  - Keep old directory in filelist for migration
* Wed Jun 01 2022 Thorsten Kukuk <[email protected]>
  - Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d
* Fri Mar 11 2022 Thorsten Kukuk <[email protected]>
  - pam-hostnames-in-access_conf.patch: update with upstream
    submission. Fixes several bugs including memory leaks.
* Wed Feb 09 2022 Thorsten Kukuk <[email protected]>
  - Move group.conf and faillock.conf to /usr/etc/security
* Mon Feb 07 2022 Thorsten Kukuk <[email protected]>
  - Update to current git for enhanced vendordir support (pam-git.diff)
    Obsoletes:
    - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
    - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
    - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
* Mon Dec 13 2021 Thorsten Kukuk <[email protected]>
  - Drop pam_umask-usergroups-login_defs.patch, does more harm
    than helps. If not explizit specified as module option, we
    use UMASK from login.defs unmodified.
* Thu Nov 25 2021 Thorsten Kukuk <[email protected]>
  - Don't define doc/manpages packages in main build
* Wed Nov 24 2021 Thorsten Kukuk <[email protected]>
  - Add missing recommends and split provides
* Wed Nov 24 2021 Thorsten Kukuk <[email protected]>
  - Use multibuild to build docu with correct paths and available
    features.
* Mon Nov 22 2021 Thorsten Kukuk <[email protected]>
  - common-session: move pam_systemd to first position as if the
    file would have been generated with pam-config
  - Add vendordir fixes and enhancements from upstream:
    - pam_xauth_data.3.xml.patch
    - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
    - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
    - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
  - For buggy bot: Makefile-pam_unix-nis.diff belonged to the other
    spec file.
* Wed Nov 17 2021 Stanislav Brabec <[email protected]>
  - Update pam-login_defs-check.sh regexp and
    login_defs-support-for-pam symbol to version 1.5.2
    (new variable HMAC_CRYPTO_ALGO).
* Tue Nov 02 2021 Callum Farmer <[email protected]>
  - Add /run/pam_timestamp to pam.tmpfiles
* Tue Oct 12 2021 Josef Möllers <[email protected]>
  - Corrected macro definition of %_pam_moduledir:
    %_pam_moduledir %{_libdir}/security
    [macros.pam]
* Wed Oct 06 2021 Josef Möllers <[email protected]>
  - Prepend a slash to the expansion of %{_lib} in macros.pam as
    this are defined without a leading slash!
* Wed Sep 15 2021 Thorsten Kukuk <[email protected]>
  - Rename motd.tmpfiles to pam.tmpfiles
    - Add /run/faillock directory
* Fri Sep 10 2021 Thorsten Kukuk <[email protected]>
  - pam-login_defs-check.sh: adjust for new login.defs variable usages
* Mon Sep 06 2021 Josef Möllers <[email protected]>
  - Update to 1.5.2
    Noteworthy changes in Linux-PAM 1.5.2:
    * pam_exec: implemented quiet_log option.
    * pam_mkhomedir: added support of HOME_MODE and UMASK from
      /etc/login.defs.
    * pam_timestamp: changed hmac algorithm to call openssl instead
      of the bundled sha1 implementation if selected, added option
      to select the hash algorithm to use with HMAC.
    * Added pkgconfig files for provided libraries.
    * Added --with-systemdunitdir configure option to specify systemd
      unit directory.
    * Added --with-misc-conv-bufsize configure option to specify the
      buffer size in libpam_misc's misc_conv() function, raised the
      default value for this parameter from 512 to 4096.
    * Multiple minor bug fixes, portability fixes, documentation
      improvements, and translation updates.
    pam_tally2 has been removed upstream, remove pam_tally2-removal.patch
    pam_cracklib has been removed from the upstream sources. This
    obsoletes pam-pam_cracklib-add-usersubstr.patch and
    pam_cracklib-removal.patch.
    The following patches have been accepted upstream and, so,
    are obsolete:
    - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch
    - pam_securetty-don-t-complain-about-missing-config.patch
    - bsc1184358-prevent-LOCAL-from-being-resolved.patch
    - revert-check_shadow_expiry.diff
    [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc,
    Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc,
    pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch,
    pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch,
    pam_securetty-don-t-complain-about-missing-config.patch,
    bsc1184358-prevent-LOCAL-from-being-resolved.patch,
    revert-check_shadow_expiry.diff]
* Thu Aug 12 2021 Thorsten Kukuk <[email protected]>
  - pam_umask-usergroups-login_defs.patch: Deprecate pam_umask
    explicit "usergroups" option and instead read it from login.def's
    "USERGROUP_ENAB" option if umask is only defined there.
    [bsc#1189139]
* Tue Aug 03 2021 [email protected]
  - package man5/motd.5 as a man-pages link to man8/pam_motd.8
    [bsc#1188724]
* Tue Jul 13 2021 Thorsten Kukuk <[email protected]>
  - revert-check_shadow_expiry.diff: revert wrong
    CRYPT_SALT_METHOD_LEGACY check.
* Fri Jun 25 2021 Callum Farmer <[email protected]>
  - Create /run/motd.d
* Wed Jun 09 2021 Ludwig Nussel <[email protected]>
  - Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff)
  - Backport patch to not install /usr/etc/securetty (boo#1033626) ie
    no distro defaults and don't complain about it missing
    (pam_securetty-don-t-complain-about-missing-config.patch)
  - add debug bcond to be able to build pam with debug output easily
  - add macros file to allow other packages to stop hardcoding
    directory names. Compatible with Fedora.
* Mon May 10 2021 Josef Möllers <[email protected]>
  - In the 32-bit compatibility package for 64-bit architectures,
    require "systemd-32bit" to be also installed as it contains
    pam_systemd.so for 32 bit applications.
    [bsc#1185562, baselibs.conf]
* Wed Apr 07 2021 Josef Möllers <[email protected]>
  - If "LOCAL" is configured in access.conf, and a login attempt from
    a remote host is made, pam_access tries to resolve "LOCAL" as
    a hostname and logs a failure.
    Checking explicitly for "LOCAL" and rejecting access in this case
    resolves this issue.
    [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch]
* Wed Mar 31 2021 Josef Möllers <[email protected]>
  - pam_limits: "unlimited" is not a legitimate value for "nofile"
    (see setrlimit(2)). So, when "nofile" is set to one of the
    "unlimited" values, it is set to the contents of
    "/proc/sys/fs/nr_open" instead.
    Also changed the manpage of pam_limits to express this.
    [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch]
* Thu Feb 18 2021 Thorsten Kukuk <[email protected]>
  - Add missing conflicts for pam_unix-nis
* Tue Feb 16 2021 Thorsten Kukuk <[email protected]>
  - Split out pam_unix module and build without NIS support

Files

/usr/include/security
/usr/include/security/_pam_compat.h
/usr/include/security/_pam_macros.h
/usr/include/security/_pam_types.h
/usr/include/security/pam_appl.h
/usr/include/security/pam_client.h
/usr/include/security/pam_ext.h
/usr/include/security/pam_filter.h
/usr/include/security/pam_misc.h
/usr/include/security/pam_modules.h
/usr/include/security/pam_modutil.h
/usr/lib/libpam.so
/usr/lib/libpam_misc.so
/usr/lib/libpamc.so
/usr/lib/pkgconfig/pam.pc
/usr/lib/pkgconfig/pam_misc.pc
/usr/lib/pkgconfig/pamc.pc
/usr/lib/rpm/macros.d/macros.pam


Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Dec 9 23:31:48 2024