Overview

File pam_ssh.spec of Package pam_ssh

#
# spec file for package pam_ssh
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


Name:           pam_ssh
Version:        2.3
Release:        150400.71.2
Summary:        PAM Module for SSH Authentication
License:        BSD-3-Clause
Group:          Productivity/Networking/SSH
URL:            http://sourceforge.net/projects/pam-ssh/
Source:         http://sourceforge.net/projects/pam-ssh/files/pam_ssh/%{version}/%{name}-%{version}.tar.xz
Source1:        http://sourceforge.net/projects/pam-ssh/files/pam_ssh/%{version}/%{name}-%{version}.tar.xz.asc
Source2:        baselibs.conf
Source3:        %{name}.keyring
Source4:        pam_ssh.tmpfiles
BuildRequires:  libtool
BuildRequires:  openssh
BuildRequires:  openssl-devel
BuildRequires:  pam-devel
BuildRequires:  xz
BuildRoot:      %{_tmppath}/%{name}-%{version}-build

%description
This module provides single sign-on behavior. The user types a
passphrase when logging in and is allowed in if it decrypts the user s
SSH private key. An ssh-agent is started and keys are added. For the
entire session, the user types no more passwords.

%prep
%setup -q

%build
autoreconf -fiv
export CFLAGS="%{optflags} -fno-strict-aliasing -fcommon"
%configure
make %{?_smp_mflags}

%install
install -d 755 %{buildroot}/%{_pam_moduledir}
install -m 755 .libs/pam_ssh.so %{buildroot}/%{_pam_moduledir}
install -d 755 %{buildroot}%{_mandir}/man8
install -m 644 pam_ssh.8 %{buildroot}%{_mandir}/man8/
install -Dm0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/%{name}.conf

%post
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf

%files
%defattr(444,root,root,755)
%doc README TODO NEWS
%{_tmpfilesdir}/%{name}.conf
%attr(555,root,root) /%{_pam_moduledir}/pam_ssh.so
%attr(444,root,root) %{_mandir}/man*/*.*

%changelog
* Wed May 18 2022 pgajdos@suse.com
- use pam macros [bsc#1190960]
* Tue Mar 15 2022 david.anes@suse.com
- Update source packages from upstream
* Sat Mar 12 2022 gmbr3@opensuse.org
- Add tmpfiles.d conf for /run/pam_ssh
* Mon Jun  8 2020 pmonrealgonzalez@suse.com
- Use -fcommon flag to build with GCC 10.
* Tue Jan 15 2019 wr@rosenauer.org
- Update to 2.3
  * cleanup some leftovers from dropping SSH1 support in code and
    documentation
* Wed Jan  9 2019 wr@rosenauer.org
- Update to 2.2
  * upstream OpenSSL 1.1 compatibility
    (drop pam_ssh-openssl11.patch)
  * upstream removed support for SSH1 and RSA1 protocols
* Fri Dec  1 2017 dimstar@opensuse.org
- Explicitly call autoreconf: an implicit call requires the same
  version automake/autoconf to be present that was used to
  originally bootstrap the tarball (version 1.13).
* Thu Nov 30 2017 vcizek@suse.com
- Add support for building with OpenSSL 1.1 (bsc#1066988)
  * partly based on https://github.com/openssh/openssh-portable/pull/48
  * add pam_ssh-openssl11.patch
* Fri Jun  5 2015 mpluskal@suse.com
- Update to 2.1
  * session/login/default keys lexical sort order
  * add ED25519 key support
  * updated openssh embedded code to 6.7p1
- Cleanup spec file with spec-cleaner
* Sun Mar  8 2015 p.drouand@gmail.com
- Update to version 2.01
  * pam_ssh.1: updated man page to reflect the current implementation
- Remove gpg-offline require and verification; OBS handles it
- Use download Url as source
* Mon Nov 18 2013 wr@rosenauer.org
- update to 2.0
  * added support for ECDSA keys
  * ssh-agent is now spawned in a different improved way
  * ssh-agent is not started anymore for users without keys
  * support try_first_password PAM option
  * still ask for passphrase even if user does not exist
  * expect keys used for login in ~/.ssh/login-keys.d directory
    (see README; this behaviour will cause old setups to fail
    since the default keys are not used anymore for auth)
  * "keyfiles" option has been removed and all found keys
    which can be opened using the provided passphrase will be
    added to the agent
  * alternative keys not used for login purposes and not named
    like the default keys will be decrypted and saved for the
    agent when placed in ~/.ssh/session-keys.d directory
  * when there is no controlling tty now use the PID to
    create the session file
  * return PAM_SESSION_ERR from within the session part
    instead of PAM_AUTH_ERR
  * honour TMPDIR for ssh-agent
  * start ssh-agent with GID of the group given at
    compile time to the new configure option
  - -with-ssh-agent-group
- switched archive to XZ
- verify detached signature
* Thu Jun  6 2013 vcizek@suse.com
- restore credentials before exitting from pam_sm_open_session
  * fixes bnc#823484
  * added James Carter's pam_ssh-1.97-no_tty_stay_as_user.patch
* Mon Apr 29 2013 wr@rosenauer.org
- update to 1.98
  * bugfix update obsoleting
  - pam_ssh-1.97-empty_passphrase_segfault.patch
  - pam_ssh-1.97-setgid.patch
  - pam_ssh-1.97-sigmask.patch
  - pam_ssh-double-free.patch
* Sat Jan 12 2013 coolo@suse.com
- remove suse_update_config
* Thu Jan 12 2012 vcizek@suse.com
- added patch that prevents segfault when empty passphrase is
  supplied (bnc#741541)
* Mon Nov 28 2011 jengelh@medozas.de
- Remove redundant/unwanted tags/section (cf. specfile guidelines)
- Use %%_smp_mflags for parallel building
* Sun Nov 27 2011 coolo@suse.com
- add libtool as buildrequire to avoid implicit dependency
* Sun Oct 30 2011 mkubecek@suse.cz
- pam_ssh-1.97-sigmask.patch:
  Clear signal mask before executing ssh-agent as pam_ssh code can
  be called from kdm with blocked TERM signal which would be
  inherited by ssh-agent (bnc#727246).
* Wed May 11 2011 vcizek@novell.com
- set gid/groups before executing ssh-agent (bnc#665061)
* Mon Apr 18 2011 vcizek@novell.com
- fix for bnc#688120 (pam_ssh double free)
* Mon Feb  1 2010 jengelh@medozas.de
- package baselibs.conf
* Wed Jun 24 2009 sbrabec@suse.cz
- Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164).
* Wed Jun 24 2009 sbrabec@suse.cz
- Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164).
* Tue Apr 14 2009 anicka@suse.cz
- update to 1.97
  * pam_get_pass.c: CVE-2009-1273
  pam_ssh used a certain prompt if a user found to exist to ask
  for the SSH passphrase explicitely depending on whether the
  username was valid or invalid, which made it easier for remote
  attackers to enumerate usernames.
- remove last patch
* Fri Apr 10 2009 anicka@suse.cz
- add fix for CVE-2009-1273 (bnc#492764) taken from Red Hat
  bugzilla (#492153)
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
  for multilib support
* Mon Jan 14 2008 anicka@suse.cz
- update to 1.96
  * pam_ssh.c (key_load_private_maybe): New wrapper for
  key_load_private() that checks whether the private key's
  passphrase is blank.
  * pam_ssh.c: if PAM returns tty_raw = NULL we shouldn't fiddle
  with a per-session file. That seems to happen if the session
  module is used for background system services (like cron).
  * pam_ssh.c: fixed double-free issue with file closing
- remove last two patches (fixed in upstream)
* Mon Mar  5 2007 anicka@suse.de
- fix crash in pam_sm_open_session [#251053]
* Fri Nov 24 2006 max@suse.de
- Fix crashes in in the session module (#223488).
* Tue Nov  7 2006 ro@suse.de
- fix manpage permissions
* Thu Aug  3 2006 stark@suse.de
- update to version 1.94 (r23)
  * improved logging
  * more recover fixes
  * root credentials weren't restored in some cases which caused
    following pam session modules to fail
* Sat Jun 24 2006 stark@suse.de
- update to version 1.93 (r18)
  * debug option works for auth and session module (#177885)
  * debug option is really available now for auth and session
    module (#177885)
  * recover better if close_session wasn't executed (#187560)
* Wed Jun  7 2006 stark@suse.de
- logging fix is integrated now
- auth handler now accepts nullok option
* Wed May 31 2006 stark@suse.de
- update to version 1.92
  * allow working as session module without authentication
    (workaround for #173803)
  * incorporated include fixes
- fixed syslog logging (part of #177885)
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Fri Oct 14 2005 ro@suse.de
- added include openssl/md5.h to cipher.c
* Mon Oct 10 2005 schubi@suse.de
- added "include <syslog.h>"
* Tue Nov  9 2004 schubi@suse.de
- Bugfixes for other architectures
* Mon Nov  8 2004 schubi@suse.de
- first version
openSUSE Build Service is sponsored by
Places