commit pam_ssh for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_ssh for openSUSE:Factory checked
in at 2020-06-09 00:07:25
Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old)
and /work/SRC/openSUSE:Factory/.pam_ssh.new.3606 (New)
Package is "pam_ssh"
Tue Jun 9 00:07:25 2020 rev:32 rq:812541 version:2.3
Changes:
--- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2019-01-21
10:56:56.799541542 +0100
+++ /work/SRC/openSUSE:Factory/.pam_ssh.new.3606/pam_ssh.changes
2020-06-09 00:09:35.06260 +0200
@@ -1,0 +2,5 @@
+Mon Jun 8 08:19:19 UTC 2020 - Pedro Monreal Gonzalez
+
+- Use -fcommon flag to build with GCC 10.
+
+---
Other differences:
--
++ pam_ssh.spec ++
--- /var/tmp/diff_new_pack.F1DVoV/_old 2020-06-09 00:09:37.166339817 +0200
+++ /var/tmp/diff_new_pack.F1DVoV/_new 2020-06-09 00:09:37.166339817 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pam_ssh
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
Summary:PAM Module for SSH Authentication
License:BSD-3-Clause
Group: Productivity/Networking/SSH
-Url:http://sourceforge.net/projects/pam-ssh/
+URL:http://sourceforge.net/projects/pam-ssh/
Source:
http://sourceforge.net/projects/pam-ssh/files/pam_ssh/%{version}/%{name}-%{version}.tar.xz
Source1:
http://sourceforge.net/projects/pam-ssh/files/pam_ssh/%{version}/%{name}-%{version}.tar.xz.asc
Source2:baselibs.conf
@@ -45,7 +45,7 @@
%build
autoreconf -fiv
-export CFLAGS="%{optflags} -fno-strict-aliasing"
+export CFLAGS="%{optflags} -fno-strict-aliasing -fcommon"
%configure --libdir=/%{_lib}
make %{?_smp_mflags}
commit pam_ssh for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_ssh for openSUSE:Factory checked
in at 2019-01-21 10:56:35
Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old)
and /work/SRC/openSUSE:Factory/.pam_ssh.new.28833 (New)
Package is "pam_ssh"
Mon Jan 21 10:56:35 2019 rev:31 rq:666321 version:2.3
Changes:
--- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2017-12-01
15:54:40.537797009 +0100
+++ /work/SRC/openSUSE:Factory/.pam_ssh.new.28833/pam_ssh.changes
2019-01-21 10:56:56.799541542 +0100
@@ -1,0 +2,15 @@
+Tue Jan 15 17:03:51 UTC 2019 - Wolfgang Rosenauer
+
+- Update to 2.3
+ * cleanup some leftovers from dropping SSH1 support in code and
+documentation
+
+---
+Wed Jan 9 11:04:46 UTC 2019 - Wolfgang Rosenauer
+
+- Update to 2.2
+ * upstream OpenSSL 1.1 compatibility
+(drop pam_ssh-openssl11.patch)
+ * upstream removed support for SSH1 and RSA1 protocols
+
+---
Old:
pam_ssh-2.1.tar.xz
pam_ssh-2.1.tar.xz.asc
pam_ssh-openssl11.patch
New:
pam_ssh-2.3.tar.xz
pam_ssh-2.3.tar.xz.asc
Other differences:
--
++ pam_ssh.spec ++
--- /var/tmp/diff_new_pack.UL4zJz/_old 2019-01-21 10:56:57.291540898 +0100
+++ /var/tmp/diff_new_pack.UL4zJz/_new 2019-01-21 10:56:57.291540898 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pam_ssh
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,12 +12,12 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: pam_ssh
-Version:2.1
+Version:2.3
Release:0
Summary:PAM Module for SSH Authentication
License:BSD-3-Clause
@@ -27,7 +27,6 @@
Source1:
http://sourceforge.net/projects/pam-ssh/files/pam_ssh/%{version}/%{name}-%{version}.tar.xz.asc
Source2:baselibs.conf
Source3:%{name}.keyring
-Patch1: pam_ssh-openssl11.patch
BuildRequires: libtool
BuildRequires: openssh
BuildRequires: openssl-devel
@@ -43,12 +42,8 @@
%prep
%setup -q
-if pkg-config --atleast-version=1.1 openssl; then
-%patch1 -p1
-fi
%build
-# Needed for patch1, but does not hurt in non-patched cases
autoreconf -fiv
export CFLAGS="%{optflags} -fno-strict-aliasing"
%configure --libdir=/%{_lib}
++ pam_ssh-2.1.tar.xz -> pam_ssh-2.3.tar.xz ++
28581 lines of diff (skipped)
commit pam_ssh for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_ssh for openSUSE:Factory checked
in at 2017-12-01 15:54:24
Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old)
and /work/SRC/openSUSE:Factory/.pam_ssh.new (New)
Package is "pam_ssh"
Fri Dec 1 15:54:24 2017 rev:30 rq:547009 version:2.1
Changes:
--- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2015-06-11
09:10:39.0 +0200
+++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2017-12-01
15:54:40.537797009 +0100
@@ -1,0 +2,14 @@
+Fri Dec 1 10:02:21 UTC 2017 - dims...@opensuse.org
+
+- Explicitly call autoreconf: an implicit call requires the same
+ version automake/autoconf to be present that was used to
+ originally bootstrap the tarball (version 1.13).
+
+---
+Thu Nov 30 14:52:54 UTC 2017 - vci...@suse.com
+
+- Add support for building with OpenSSL 1.1 (bsc#1066988)
+ * partly based on https://github.com/openssh/openssh-portable/pull/48
+ * add pam_ssh-openssl11.patch
+
+---
New:
pam_ssh-openssl11.patch
Other differences:
--
++ pam_ssh.spec ++
--- /var/tmp/diff_new_pack.lUCmH5/_old 2017-12-01 15:54:41.081777434 +0100
+++ /var/tmp/diff_new_pack.lUCmH5/_new 2017-12-01 15:54:41.081777434 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pam_ssh
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -27,6 +27,7 @@
Source1:
http://sourceforge.net/projects/pam-ssh/files/pam_ssh/%{version}/%{name}-%{version}.tar.xz.asc
Source2:baselibs.conf
Source3:%{name}.keyring
+Patch1: pam_ssh-openssl11.patch
BuildRequires: libtool
BuildRequires: openssh
BuildRequires: openssl-devel
@@ -42,8 +43,13 @@
%prep
%setup -q
+if pkg-config --atleast-version=1.1 openssl; then
+%patch1 -p1
+fi
%build
+# Needed for patch1, but does not hurt in non-patched cases
+autoreconf -fiv
export CFLAGS="%{optflags} -fno-strict-aliasing"
%configure --libdir=/%{_lib}
make %{?_smp_mflags}
++ pam_ssh-openssl11.patch ++
1277 lines (skipped)
commit pam_ssh for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_ssh for openSUSE:Factory checked
in at 2015-04-21 10:51:50
Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old)
and /work/SRC/openSUSE:Factory/.pam_ssh.new (New)
Package is pam_ssh
Changes:
--- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2013-11-22
07:25:03.0 +0100
+++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2015-04-21
10:51:52.0 +0200
@@ -1,0 +2,8 @@
+Sun Mar 8 23:48:59 UTC 2015 - p.drou...@gmail.com
+
+- Update to version 2.01
+ * pam_ssh.1: updated man page to reflect the current implementation
+- Remove gpg-offline require and verification; OBS handles it
+- Use download Url as source
+
+---
Old:
pam_ssh-2.0.tar.xz
pam_ssh-2.0.tar.xz.asc
New:
pam_ssh-2.01.tar.xz
pam_ssh-2.01.tar.xz.asc
Other differences:
--
++ pam_ssh.spec ++
--- /var/tmp/diff_new_pack.pwFs0l/_old 2015-04-21 10:51:52.0 +0200
+++ /var/tmp/diff_new_pack.pwFs0l/_new 2015-04-21 10:51:52.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pam_ssh
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,17 +22,14 @@
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: xz
-%if %suse_version 1220
-BuildRequires: gpg-offline
-%endif
-Version:2.0
+Version:2.01
Release:0
Summary:PAM Module for SSH Authentication
License:BSD-3-Clause
Group: Productivity/Networking/SSH
Url:http://sourceforge.net/projects/pam-ssh/
-Source: %{name}-%{version}.tar.xz
-Source1:%{name}-%{version}.tar.xz.asc
+Source:
http://sourceforge.net/projects/pam-ssh/files/pam_ssh/%{version}/%{name}-%{version}.tar.xz
+Source1:
http://sourceforge.net/projects/pam-ssh/files/pam_ssh/%{version}/%{name}-%{version}.tar.xz.asc
Source2:baselibs.conf
Source3:%{name}.keyring
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -44,9 +41,6 @@
entire session, the user types no more passwords.
%prep
-%if 0%{?gpg_verify:1}
-%gpg_verify %{S:1}
-%endif
%setup -q
%build
++ pam_ssh-2.0.tar.xz - pam_ssh-2.01.tar.xz ++
1812 lines of diff (skipped)
retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/pam_ssh-2.0/ChangeLog new/pam_ssh-2.01/ChangeLog
--- old/pam_ssh-2.0/ChangeLog 2013-11-18 11:25:42.0 +0100
+++ new/pam_ssh-2.01/ChangeLog 2014-05-24 09:33:39.0 +0200
@@ -1,3 +1,12 @@
+Version 2.01 released
+=
+
+2014-05-24 Wolfgang Rosenauer
+
+ * changelog format cleanup
+ * pam_ssh.1: updated man page to reflect the current implementation
+
+
Version 2.0 released
@@ -10,52 +19,52 @@
2013-11-10 Wolfgang Rosenauer
-imported Debian patches
- * update openssh embedded code
- The upstream source embeds code from OpenSSH,
- this embedded code is updated against OpenSSH-6.0p1
- code; then ECDSA keys can be supported.
- Basically files containing the used code are
- brought in from the OpenSSH-6.0p1 and then
- the unused code is commented out by hand.
- Ideally the involved code may be invoked through
- a share library, but unfortunately such a library
- does not exist.
-
- * pam_ssh.c: fix missing syslog include
-
- * pam_ssh.c: safe spawn of the ssh-agent
-
- * pam_ssh.c: inexistent configuration directory handling
- Short cut the session phase if no configuration directory exists:
- it is meant to prevent meangningless ssh-agent launches for users
- that obviously never use ssh.
-
- * pam_ssh.c: let ssh-agent to determine the appropriate shell style
-
- * pam_get_pass.c, pam_get_pass.h, pam_ssh.c:
- try_first_password implementation and specific login keys
- Implement the intended semantics of try_first_password as described in
- in the manual page (and PAM).
- Ask for SSH passphrase even if user does not exist.
- Look for SSH keys in $HOME/.ssh/login-keys.d/, given that SSH keys
-
commit pam_ssh for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_ssh for openSUSE:Factory checked
in at 2013-11-22 07:25:02
Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old)
and /work/SRC/openSUSE:Factory/.pam_ssh.new (New)
Package is pam_ssh
Changes:
--- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2013-06-19
14:55:50.0 +0200
+++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2013-11-22
07:25:03.0 +0100
@@ -1,0 +2,29 @@
+Mon Nov 18 11:26:01 UTC 2013 - w...@rosenauer.org
+
+- update to 2.0
+ * added support for ECDSA keys
+ * ssh-agent is now spawned in a different improved way
+ * ssh-agent is not started anymore for users without keys
+ * support try_first_password PAM option
+ * still ask for passphrase even if user does not exist
+ * expect keys used for login in ~/.ssh/login-keys.d directory
+(see README; this behaviour will cause old setups to fail
+since the default keys are not used anymore for auth)
+ * keyfiles option has been removed and all found keys
+which can be opened using the provided passphrase will be
+added to the agent
+ * alternative keys not used for login purposes and not named
+like the default keys will be decrypted and saved for the
+agent when placed in ~/.ssh/session-keys.d directory
+ * when there is no controlling tty now use the PID to
+create the session file
+ * return PAM_SESSION_ERR from within the session part
+instead of PAM_AUTH_ERR
+ * honour TMPDIR for ssh-agent
+ * start ssh-agent with GID of the group given at
+compile time to the new configure option
+--with-ssh-agent-group
+- switched archive to XZ
+- verify detached signature
+
+---
Old:
pam_ssh-1.97-no_tty_stay_as_user.patch
pam_ssh-1.98.tar.bz2
New:
pam_ssh-2.0.tar.xz
pam_ssh-2.0.tar.xz.asc
pam_ssh.keyring
Other differences:
--
++ pam_ssh.spec ++
--- /var/tmp/diff_new_pack.UB0GZv/_old 2013-11-22 07:25:04.0 +0100
+++ /var/tmp/diff_new_pack.UB0GZv/_new 2013-11-22 07:25:04.0 +0100
@@ -21,15 +21,20 @@
BuildRequires: openssh
BuildRequires: openssl-devel
BuildRequires: pam-devel
-Version:1.98
+BuildRequires: xz
+%if %suse_version 1220
+BuildRequires: gpg-offline
+%endif
+Version:2.0
Release:0
Summary:PAM Module for SSH Authentication
License:BSD-3-Clause
Group: Productivity/Networking/SSH
Url:http://sourceforge.net/projects/pam-ssh/
-Source: %{name}-%{version}.tar.bz2
+Source: %{name}-%{version}.tar.xz
+Source1:%{name}-%{version}.tar.xz.asc
Source2:baselibs.conf
-Patch: pam_ssh-1.97-no_tty_stay_as_user.patch
+Source3:%{name}.keyring
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -39,14 +44,14 @@
entire session, the user types no more passwords.
%prep
+%if 0%{?gpg_verify:1}
+%gpg_verify %{S:1}
+%endif
%setup -q
-%patch
%build
-#autoreconf --verbose --force --install
export CFLAGS=$RPM_OPT_FLAGS -fno-strict-aliasing
-%configure --libdir=/%{_lib} \
---with-pamdir=/%{_lib}/security
+%configure --libdir=/%{_lib}
make %{?_smp_mflags}
%install
++ pam_ssh.keyring ++
pub 1024D/3EDE742E 2001-02-18
uid Wolfgang Rosenauer wolfg...@rosenauer.org
sub 1024g/AB30A1D1 2001-02-18
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v2.0.19 (GNU/Linux)
mQGiBDqPsTURBACtpJWNHRmkBQcnF2DZdYXl+CYOSQeQ0d91X1ZKHztnwKQgAHLe
yXqwbiY8V2yFB1EFp9PRxg+EU9wfLJzM8+Y+tVzlMZ9TR2wZ3g7O+LDHmgiVxKHP
zS+UBhasB+roi3x7UeuLbCmUa0QSUgOEG/Drj07dRDbRj8INjDPTD24OxwCglAwr
zXz0qeg9avEayqEigO04CbMD/0EfSWdRCt5aRkPgHhYdk5fG5kduRUw577oW7ayY
Wx39rHvFnT5RuX77/rFU/8si6kRPGviWCZl/KmjST99/17Za6JQzwxNWcKcPQGIn
NbkPV0n5k8YFNejGqmyGCWFuLKV2/rENzAiWj+C+A3BZz24wgAR9BVkEhJulm0zh
G+j9A/92Vq8ZSwKiECQH9gX9qf4AwNqJbQqMBeea0Yqi971NFqygKwKYw2H+wn3U
mxe6f3FPsz7AwBDB3VnI+I37AVFj8rIUDSuz/ytldcDM3wbz5Dc6xXykljT81KaO
05z2Lw5QQxIDAnX1N7EXxpBFuvMM2D0DAjt6ap8/h6De5sdwLbQrV29sZmdhbmcg
Um9zZW5hdWVyIDx3b2xmZ2FuZ0Byb3NlbmF1ZXIub3JnPohXBBMRAgAXBQI6j7E1
BQsHCgMEAxUDAgMWAgECF4AACgkQGA9qWz7edC6wzwCeINLI1NPBz86J6DTtt67C
ZDHIGYIAoJNY1+n+f8F/+9/L8v1u88JE3bFFiEYEEBECAAYFAjqPsWYACgkQ7ymF
bkmPczDnsgCbBAkxqQVlc9x45BS/EfQDciOErJYAoMOc1qzkGcp+QXvKPTfAXvLl
uap+iEYEExECAAYFAj9mtU0ACgkQO7NMHilOjPG3xgCfUNo/GzjcD03k9kkDFSeJ
m4LH8P0An1F8nJ/csrihkpp9NwlJNR9z1FcNiEYEExECAAYFAkHevvgACgkQGxrH
qXFCPVkTGgCfUwF6YMapCLCPXPqzi3LGmtouNywAmgJAbkpUqVFqTh8tjMZleKa9
aASeiHMEEBECADMFAkPouRQFgwHhM4AmGmh0dHA6Ly93d3cuY2FjZXJ0Lm9yZy9p
bmRleC5waHA/aWQ9MTAACgkQ0rsNAWXQ/VjRfgCfYpCtiI3n7zvr8hsq+ZjKaO/q
FVwAn29o0gZ3RmdcwYLUpbaraMoz5rQ1iEYEExECAAYFAkWvuqgACgkQaPNY9sE5
commit pam_ssh for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_ssh for openSUSE:Factory checked
in at 2013-06-19 14:55:49
Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old)
and /work/SRC/openSUSE:Factory/.pam_ssh.new (New)
Package is pam_ssh
Changes:
--- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2013-05-13
15:10:59.0 +0200
+++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2013-06-19
14:55:50.0 +0200
@@ -1,0 +2,7 @@
+Thu Jun 6 09:17:42 UTC 2013 - vci...@suse.com
+
+- restore credentials before exitting from pam_sm_open_session
+ * fixes bnc#823484
+ * added James Carter's pam_ssh-1.97-no_tty_stay_as_user.patch
+
+---
New:
pam_ssh-1.97-no_tty_stay_as_user.patch
Other differences:
--
++ pam_ssh.spec ++
--- /var/tmp/diff_new_pack.xJYfXc/_old 2013-06-19 14:55:50.0 +0200
+++ /var/tmp/diff_new_pack.xJYfXc/_new 2013-06-19 14:55:50.0 +0200
@@ -29,6 +29,7 @@
Url:http://sourceforge.net/projects/pam-ssh/
Source: %{name}-%{version}.tar.bz2
Source2:baselibs.conf
+Patch: pam_ssh-1.97-no_tty_stay_as_user.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -39,6 +40,7 @@
%prep
%setup -q
+%patch
%build
#autoreconf --verbose --force --install
++ pam_ssh-1.97-no_tty_stay_as_user.patch ++
Index: pam_ssh.c
===
--- pam_ssh.c.orig 2013-04-29 12:24:46.0 +0200
+++ pam_ssh.c 2013-06-06 11:26:36.227623175 +0200
@@ -632,6 +632,7 @@ pam_sm_open_session(pam_handle_t *pamh,
pam_ssh_log(LOG_ERR, stat() failed on %s, per_agent);
pam_set_data(pamh, ssh_agent_env_agent, NULL, NULL);
fclose(env_read);
+openpam_restore_cred(pamh);
return retval;
}
file_ctime = stat_buf.st_mtime;
@@ -875,6 +876,7 @@ pam_sm_open_session(pam_handle_t *pamh,
* with the per-session file */
if (!tty_raw) {
pam_ssh_log(LOG_DEBUG, session has no tty);
+openpam_restore_cred(pamh);
return PAM_SUCCESS;
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam_ssh for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_ssh for openSUSE:Factory checked
in at 2013-05-13 15:10:57
Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old)
and /work/SRC/openSUSE:Factory/.pam_ssh.new (New)
Package is pam_ssh
Changes:
--- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2013-01-14
11:14:41.0 +0100
+++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2013-05-13
15:10:59.0 +0200
@@ -1,0 +2,10 @@
+Mon Apr 29 10:39:54 UTC 2013 - w...@rosenauer.org
+
+- update to 1.98
+ * bugfix update obsoleting
+- pam_ssh-1.97-empty_passphrase_segfault.patch
+- pam_ssh-1.97-setgid.patch
+- pam_ssh-1.97-sigmask.patch
+- pam_ssh-double-free.patch
+
+---
Old:
pam_ssh-1.97-empty_passphrase_segfault.patch
pam_ssh-1.97-setgid.patch
pam_ssh-1.97-sigmask.patch
pam_ssh-1.97.tar.bz2
pam_ssh-double-free.patch
New:
pam_ssh-1.98.tar.bz2
Other differences:
--
++ pam_ssh.spec ++
--- /var/tmp/diff_new_pack.yEAJS6/_old 2013-05-13 15:11:00.0 +0200
+++ /var/tmp/diff_new_pack.yEAJS6/_new 2013-05-13 15:11:00.0 +0200
@@ -21,7 +21,7 @@
BuildRequires: openssh
BuildRequires: openssl-devel
BuildRequires: pam-devel
-Version:1.97
+Version:1.98
Release:0
Summary:PAM Module for SSH Authentication
License:BSD-3-Clause
@@ -29,11 +29,6 @@
Url:http://sourceforge.net/projects/pam-ssh/
Source: %{name}-%{version}.tar.bz2
Source2:baselibs.conf
-Patch0: pam_ssh-double-free.patch
-Patch1: pam_ssh-1.97-setgid.patch
-Patch2: pam_ssh-1.97-sigmask.patch
-# PATCH-FIX-OPENSUSE crashed on EOF passphrase (bnc#741541)
-Patch3: pam_ssh-1.97-empty_passphrase_segfault.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -44,13 +39,9 @@
%prep
%setup -q
-%patch0 -p1
-%patch1 -p1
-%patch2 -p0
-%patch3 -p1
%build
-autoreconf --verbose --force --install
+#autoreconf --verbose --force --install
export CFLAGS=$RPM_OPT_FLAGS -fno-strict-aliasing
%configure --libdir=/%{_lib} \
--with-pamdir=/%{_lib}/security
++ pam_ssh-1.97.tar.bz2 - pam_ssh-1.98.tar.bz2 ++
53544 lines of diff (skipped)
retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/pam_ssh-1.97/ChangeLog new/pam_ssh-1.98/ChangeLog
--- old/pam_ssh-1.97/ChangeLog 2009-04-11 21:37:43.0 +0200
+++ new/pam_ssh-1.98/ChangeLog 2013-04-29 12:24:46.0 +0200
@@ -1,3 +1,26 @@
+Version 1.98 released
+=
+2013-04-29 Wolfgang Rosenauer
+
+ * pam_ssh.c: Under some conditions, there is a double-free bug
+ in pam_ssh. The data of the ssh_agent_env_agent
+ pam_handle_t's item may have been free'd without being
+ nullified, which trigger a bug on the cleanup phase.
+ (ticket #13 double-free bug with pam_ssh-1.97)
+
+ * pam_ssh.c: Before executing ssh-agent, pam_ssh restores root
+ privileges with openpam_restore_cred, then uses only setuid
+ to adjust privileges. Thus ssh-agent runs with gid 0.
+ (ticket #12 pam_ssh doesn't set gid/groups before executing ssh-agent)
+
+ * pam_ssh.c: Clear signal mask before executing ssh-agent as
+ pam_ssh code can be called from kdm with blocked TERM signal
+ which would be inherited by ssh-agent
+
+ * pam_get_pass.c: fixed crash caused by EOF password
+ (ticket 14 pam_ssh segfaults on abort with empty password)
+
+
Version 1.97 released
=
2009-04-11 Wolfgang Rosenauer
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/pam_ssh-1.97/NEWS new/pam_ssh-1.98/NEWS
--- old/pam_ssh-1.97/NEWS 2009-04-11 21:43:44.0 +0200
+++ new/pam_ssh-1.98/NEWS 2013-04-29 12:24:46.0 +0200
@@ -1,9 +1,28 @@
-$Id: NEWS,v 1.12 2009/04/11 19:43:44 rosenauer Exp $
+Version 1.98
+
+
+Fixed some possible crashes and minor issues:
+
+* Under some conditions, there is a double-free bug
+ in pam_ssh. The data of the ssh_agent_env_agent
+ pam_handle_t's item may have been free'd without being
commit pam_ssh for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_ssh for openSUSE:Factory checked
in at 2013-01-14 11:14:40
Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old)
and /work/SRC/openSUSE:Factory/.pam_ssh.new (New)
Package is pam_ssh, Maintainer is vci...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2012-01-19
09:43:48.0 +0100
+++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2013-01-14
11:14:41.0 +0100
@@ -1,0 +2,5 @@
+Sat Jan 12 19:18:08 UTC 2013 - co...@suse.com
+
+- remove suse_update_config
+
+---
Other differences:
--
++ pam_ssh.spec ++
--- /var/tmp/diff_new_pack.6SfY9X/_old 2013-01-14 11:14:42.0 +0100
+++ /var/tmp/diff_new_pack.6SfY9X/_new 2013-01-14 11:14:42.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pam_ssh
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -42,13 +42,6 @@
SSH private key. An ssh-agent is started and keys are added. For the
entire session, the user types no more passwords.
-
-
-Authors:
-
-Andrew J. Korty a...@iu.edu
-Roderick Schertler
-
%prep
%setup -q
%patch0 -p1
@@ -57,7 +50,6 @@
%patch3 -p1
%build
-%{suse_update_config -f}
autoreconf --verbose --force --install
export CFLAGS=$RPM_OPT_FLAGS -fno-strict-aliasing
%configure --libdir=/%{_lib} \
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam_ssh for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_ssh for openSUSE:Factory checked
in at 2012-01-19 09:43:46
Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old)
and /work/SRC/openSUSE:Factory/.pam_ssh.new (New)
Package is pam_ssh, Maintainer is vci...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2011-11-28
12:55:33.0 +0100
+++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2012-01-19
09:43:48.0 +0100
@@ -1,0 +2,12 @@
+Thu Jan 12 15:57:39 UTC 2012 - vci...@suse.com
+
+- added patch that prevents segfault when empty passphrase is
+ supplied (bnc#741541)
+
+---
+Mon Nov 28 11:47:01 UTC 2011 - jeng...@medozas.de
+
+- Remove redundant/unwanted tags/section (cf. specfile guidelines)
+- Use %_smp_mflags for parallel building
+
+---
New:
pam_ssh-1.97-empty_passphrase_segfault.patch
Other differences:
--
++ pam_ssh.spec ++
--- /var/tmp/diff_new_pack.phklDF/_old 2012-01-19 09:43:49.0 +0100
+++ /var/tmp/diff_new_pack.phklDF/_new 2012-01-19 09:43:49.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pam_ssh
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,20 +16,24 @@
#
-
Name: pam_ssh
-BuildRequires: libtool openssh openssl-devel pam-devel
-License:BSD3c(or similar)
-Group: Productivity/Networking/SSH
+BuildRequires: libtool
+BuildRequires: openssh
+BuildRequires: openssl-devel
+BuildRequires: pam-devel
Version:1.97
Release:0
Summary:PAM Module for SSH Authentication
+License:BSD-3-Clause
+Group: Productivity/Networking/SSH
Url:http://sourceforge.net/projects/pam-ssh/
Source: %{name}-%{version}.tar.bz2
Source2:baselibs.conf
Patch0: pam_ssh-double-free.patch
Patch1: pam_ssh-1.97-setgid.patch
Patch2: pam_ssh-1.97-sigmask.patch
+# PATCH-FIX-OPENSUSE crashed on EOF passphrase (bnc#741541)
+Patch3: pam_ssh-1.97-empty_passphrase_segfault.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -50,16 +54,15 @@
%patch0 -p1
%patch1 -p1
%patch2 -p0
+%patch3 -p1
%build
%{suse_update_config -f}
autoreconf --verbose --force --install
-CFLAGS=$RPM_OPT_FLAGS -fno-strict-aliasing \
-./configure --libdir=/%{_lib} \
---with-pamdir=/%{_lib}/security \
---prefix=%{_prefix} \
- --mandir=%{_mandir}
-make
+export CFLAGS=$RPM_OPT_FLAGS -fno-strict-aliasing
+%configure --libdir=/%{_lib} \
+--with-pamdir=/%{_lib}/security
+make %{?_smp_mflags}
%install
install -d 755 $RPM_BUILD_ROOT/%{_lib}/security
@@ -67,9 +70,6 @@
install -d 755 $RPM_BUILD_ROOT%{_mandir}/man8
install -m 644 pam_ssh.8 $RPM_BUILD_ROOT%{_mandir}/man8/
-%clean
-rm -rf $RPM_BUILD_ROOT
-
%files
%defattr(444,root,root,755)
%doc README TODO NEWS
++ pam_ssh-1.97-empty_passphrase_segfault.patch ++
--- pam_ssh-1.92.orig/pam_get_pass.c2004-02-19 19:59:05.0 +0100
+++ pam_ssh-1.92/pam_get_pass.c 2009-04-18 13:51:10.0 +0200
@@ -63,6 +63,8 @@
retval = conv-conv(1, msgs, resp, conv-appdata_ptr);
if (retval != PAM_SUCCESS)
return retval;
+ if (resp[0].resp == NULL)
+ return PAM_AUTHTOK_RECOVERY_ERR;
retval = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp);
if (retval != PAM_SUCCESS)
return retval;
++ pam_ssh-1.97-sigmask.patch ++
--- /var/tmp/diff_new_pack.phklDF/_old 2012-01-19 09:43:49.0 +0100
+++ /var/tmp/diff_new_pack.phklDF/_new 2012-01-19 09:43:49.0 +0100
@@ -1,7 +1,8 @@
-diff -up pam_ssh.c.orig-sigmask pam_ssh.c
pam_ssh.c.orig-sigmask 2011-10-30 16:38:41.365415881 +0100
-+++ pam_ssh.c 2011-10-30 16:39:09.396068291 +0100
-@@ -554,6 +554,7 @@ pam_sm_open_session(pam_handle_t *pamh,
+Index: pam_ssh.c
+===
+--- pam_ssh.c.orig 2012-01-12 12:20:00.108458104 +0100
pam_ssh.c 2012-01-12 16:00:01.650388767 +0100
+@@ -554,6 +554,7 @@
time_t file_ctime; /* creation time of per-agent file */
time_t time_now;/* current time */
time_t time_up; /* uptime */
@@ -9,7 +10,7 @@
memset(options, 0, sizeof options);
commit pam_ssh for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_ssh for openSUSE:Factory checked
in at 2011-11-28 12:55:32
Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old)
and /work/SRC/openSUSE:Factory/.pam_ssh.new (New)
Package is pam_ssh, Maintainer is vci...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2011-11-02
12:11:29.0 +0100
+++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2011-11-28
12:55:33.0 +0100
@@ -1,0 +2,5 @@
+Sun Nov 27 06:54:30 UTC 2011 - co...@suse.com
+
+- add libtool as buildrequire to avoid implicit dependency
+
+---
Other differences:
--
++ pam_ssh.spec ++
--- /var/tmp/diff_new_pack.mILK1H/_old 2011-11-28 12:55:34.0 +0100
+++ /var/tmp/diff_new_pack.mILK1H/_new 2011-11-28 12:55:34.0 +0100
@@ -15,16 +15,14 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
Name: pam_ssh
-BuildRequires: openssh openssl-devel pam-devel
+BuildRequires: libtool openssh openssl-devel pam-devel
License:BSD3c(or similar)
Group: Productivity/Networking/SSH
-AutoReqProv:on
Version:1.97
-Release:13
+Release:0
Summary:PAM Module for SSH Authentication
Url:http://sourceforge.net/projects/pam-ssh/
Source: %{name}-%{version}.tar.bz2
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam_ssh for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_ssh for openSUSE:Factory checked
in at 2011-11-02 12:11:28
Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old)
and /work/SRC/openSUSE:Factory/.pam_ssh.new (New)
Package is pam_ssh, Maintainer is vci...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2011-09-23
12:21:36.0 +0200
+++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2011-11-02
12:11:29.0 +0100
@@ -1,0 +2,8 @@
+Sun Oct 30 16:55:04 UTC 2011 - mkube...@suse.cz
+
+- pam_ssh-1.97-sigmask.patch:
+ Clear signal mask before executing ssh-agent as pam_ssh code can
+ be called from kdm with blocked TERM signal which would be
+ inherited by ssh-agent (bnc#727246).
+
+---
New:
pam_ssh-1.97-sigmask.patch
Other differences:
--
++ pam_ssh.spec ++
--- /var/tmp/diff_new_pack.9k9Pqo/_old 2011-11-02 12:11:30.0 +0100
+++ /var/tmp/diff_new_pack.9k9Pqo/_new 2011-11-02 12:11:30.0 +0100
@@ -31,6 +31,7 @@
Source2:baselibs.conf
Patch0: pam_ssh-double-free.patch
Patch1: pam_ssh-1.97-setgid.patch
+Patch2: pam_ssh-1.97-sigmask.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -50,6 +51,7 @@
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p0
%build
%{suse_update_config -f}
++ pam_ssh-1.97-sigmask.patch ++
diff -up pam_ssh.c.orig-sigmask pam_ssh.c
--- pam_ssh.c.orig-sigmask 2011-10-30 16:38:41.365415881 +0100
+++ pam_ssh.c 2011-10-30 16:39:09.396068291 +0100
@@ -554,6 +554,7 @@ pam_sm_open_session(pam_handle_t *pamh,
time_t file_ctime; /* creation time of per-agent file */
time_t time_now;/* current time */
time_t time_up; /* uptime */
+ sigset_t sigmask; /* blocked signal mask */
memset(options, 0, sizeof options);
pam_std_option(options, other_options, argc, argv);
@@ -708,6 +709,10 @@ pam_sm_open_session(pam_handle_t *pamh,
_exit(EX_OSERR);
}
}
+
+ sigemptyset(sigmask);
+ sigprocmask(SIG_SETMASK, sigmask, NULL);
+
arg[0] = ssh-agent;
arg[1] = -s;
arg[2] = NULL;
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pam_ssh for openSUSE:Factory
Hello community,
here is the log from the commit of package pam_ssh for openSUSE:Factory
checked in at Tue Jun 28 09:53:13 CEST 2011.
--- pam_ssh/pam_ssh.changes 2010-02-01 13:21:25.0 +0100
+++ /mounts/work_src_done/STABLE/pam_ssh/pam_ssh.changes2011-05-11
17:07:20.0 +0200
@@ -1,0 +2,10 @@
+Wed May 11 15:02:57 UTC 2011 - vci...@novell.com
+
+- set gid/groups before executing ssh-agent (bnc#665061)
+
+---
+Mon Apr 18 13:53:35 UTC 2011 - vci...@novell.com
+
+- fix for bnc#688120 (pam_ssh double free)
+
+---
calling whatdependson for head-i586
New:
pam_ssh-1.97-setgid.patch
pam_ssh-double-free.patch
Other differences:
--
++ pam_ssh.spec ++
--- /var/tmp/diff_new_pack.oD0DNz/_old 2011-06-28 09:49:01.0 +0200
+++ /var/tmp/diff_new_pack.oD0DNz/_new 2011-06-28 09:49:01.0 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package pam_ssh (Version 1.97)
+# spec file for package pam_ssh
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,11 +24,13 @@
Group: Productivity/Networking/SSH
AutoReqProv:on
Version:1.97
-Release:3
+Release:13
Summary:PAM Module for SSH Authentication
Url:http://sourceforge.net/projects/pam-ssh/
Source: %{name}-%{version}.tar.bz2
Source2:baselibs.conf
+Patch0: pam_ssh-double-free.patch
+Patch1: pam_ssh-1.97-setgid.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -46,6 +48,8 @@
%prep
%setup -q
+%patch0 -p1
+%patch1 -p1
%build
%{suse_update_config -f}
++ pam_ssh-1.97-setgid.patch ++
Index: pam_ssh-1.97/pam_ssh.c
===
--- pam_ssh-1.97.orig/pam_ssh.c
+++ pam_ssh-1.97/pam_ssh.c
@@ -684,7 +684,8 @@ pam_sm_open_session(pam_handle_t *pamh,
_exit(EX_OSERR);
/* NOTREACHED */
case PAM_SUCCESS:
- if (setuid(pwent-pw_uid) == -1) {
+ if (initgroups(pwent-pw_name, pwent-pw_gid)
== -1 ||
+ setgid(pwent-pw_gid) == -1 ||
setuid(pwent-pw_uid) == -1) {
pam_ssh_log(LOG_ERR,
can't drop privileges: %m,
pwent-pw_uid);
++ pam_ssh-double-free.patch ++
Index: pam_ssh-1.97/pam_ssh.c
===
--- pam_ssh-1.97.orig/pam_ssh.c
+++ pam_ssh-1.97/pam_ssh.c
@@ -627,7 +627,7 @@ pam_sm_open_session(pam_handle_t *pamh,
* than the file creation time */
if (retval = stat(per_agent, stat_buf)) {
pam_ssh_log(LOG_ERR, stat() failed on %s, per_agent);
-free(per_agent);
+pam_set_data(pamh, ssh_agent_env_agent, NULL, NULL);
fclose(env_read);
return retval;
}
@@ -646,7 +646,7 @@ pam_sm_open_session(pam_handle_t *pamh,
if (start_agent) {
if ((env_write = open(per_agent, O_CREAT | O_WRONLY, S_IRUSR |
S_IWUSR)) 0) {
pam_ssh_log(LOG_ERR, can't write to %s, per_agent);
-free(per_agent);
+pam_set_data(pamh, ssh_agent_env_agent, NULL, NULL);
openpam_restore_cred(pamh);
return PAM_SERVICE_ERR;
}
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
