File duo_unix.changes of Package duo_unix
------------------------------------------------------------------- Tue Oct 21 21:33:47 UTC 2025 - Andrew Daugherity <adaugherity@tamu.edu> - Update to 2.2.1. - Replace deprecated %%patchN calls with %%autosetup. - As of 2.2.0, duo_unix supports Verified Duo Push, which generates a three- digit code you must enter into the mobile app. This is enabled with the 'verified_push' config option, which is mutually exclusive with 'autopush'. duo_unix-2.2.1: - Verified Push option is now documented in the man pages - Enrollment message now includes the URL duo_unix-2.2.0: - Added support for Verified Push - Updated the Duo API calls to use the Auth API v2 - SSL failures will cause API calls fail over to additional IPs when the host resolves to multiple addresses ------------------------------------------------------------------- Tue Aug 19 23:06:22 UTC 2025 - Andrew Daugherity <adaugherity@tamu.edu> - Update to 2.1.0 and rebase patches. - Remove irrelevant information about upstream OS support (e.g. "Added support for Fedora XX") from the changelog. duo_unix-2.1.0: - Improves certificate validation for IP hostnames to mitigate CVE-2014-0139 - Duo Unix obeys rate limiting replies from the Duo cloud service - The full path to the configuration file is logged out when Duo Unix is invoked - API calls to Duo will account for possible time drift between Duo and the local server - Adds support for new Duo certificate authorities duo_unix-2.0.4: - Fixed multiple memory allocation leaks - Removed some unused and unreachable code - Addressed multiple code cleanliness issues duo_unix-2.0.3: - Fixed AIX compilation bug - Support script now fetches correct log and PAM files for Solaris and AIX ------------------------------------------------------------------- Thu Aug 17 20:33:42 UTC 2023 - Andrew Daugherity <adaugherity@tamu.edu> - Update to 2.0.2 and rebase patches - Patch licenses path duo_unix-2.0.2: - Make check now successfully runs on Solaris duo_unix-2.0.1: - The support script collects a few additional files for troubleshooting - Duo API calls now use SHA512 instead of SHA1 as the HMAC algorithm ------------------------------------------------------------------- Wed Feb 8 22:56:22 UTC 2023 - Andrew Daugherity <adaugherity@tamu.edu> - Update to 2.0.0. Note the changed behavior in pam_duo for su between two non-root users! duo_unix-2.0.0: - Changed the behavior of `su` when the target user is not root. The target user will need to complete 2FA rather than the original user. - login_duo resets the SIGPIPE handler when it closes its connection. - Added logging when Duo is invoked, to assist troubleshooting. - Updated package signing to SHA512 duo_unix-1.12.1: - Updated Unity to 2.5.2 ------------------------------------------------------------------- Wed Jan 25 21:44:27 UTC 2023 - Andrew Daugherity <adaugherity@tamu.edu> - Merge pam_duo into main package - Add README.SUSE file - Update comments in permissions file - Misc. cleanup of spec & rpmlint ------------------------------------------------------------------- Tue Jan 24 21:24:10 UTC 2023 - Andrew Daugherity <adaugherity@tamu.edu> - Patch the build to link libduo dynamically, as SUSE policy dictates. Upstream began linking statically in 1.9.20. ------------------------------------------------------------------- Fri Feb 18 19:15:39 UTC 2022 - Andrew Daugherity <adaugherity@tamu.edu> duo_unix-1.12.0: - Switched from BSON to JSON as a data interchange format - Switched from Cram to python `unittest` for testing ------------------------------------------------------------------- Fri Aug 13 20:46:53 UTC 2021 - Andrew Daugherity <adaugherity@tamu.edu> - Fix pam_duo.conf permissions ------------------------------------------------------------------- Fri Jul 23 21:24:23 UTC 2021 - Andrew Daugherity <adaugherity@tamu.edu> - Update to 1.11.4, detailed below. - Fix paths in duo_unix_support tool. - Fix RPM group for devel pkg. - Deal with statically-linked libduo (see 1.9.20 changes). - should we patch the build to force dynamic linking? duo_unix-1.11.4: - Added support tool to collect information (e.g. logs and PAM stacks) for debugging purposes duo_unix-1.11.3: - Improved validation of BSON messages duo_unix-1.11.2: - Added recommended Kerberos configuration for Duo Unix to our documentation, found at https://help.duo.com/s/article/5085. Thanks to Neal Poole at Facebook for bringing expertise and attention to this topic. - Updated SELinux policy to allow local logins to use the pam_duo PAM module and made sshd configurable - Added support for spaces in group names when escaped with backslashes in pam_duo.conf and login_duo.conf - Test infrastructure updates duo_unix-1.11.1: - Fixed bug causing console login to fail on certain systems duo_unix-1.11.0: - Added support for GECOS field parsing based on user-supplied delimiter - Updated README to include development/testing steps - Minor test infrastructure updates duo_unix-1.10.5: - Fixed an accidental null pointer free on systems where getaddrinfo() is unsuccessful duo_unix-1.10.4: - Removed failmode decision from auth endpoint and moved it to only preauth according to standards in our other integrations - Updated Duo Unix to speak up to TLS 1.2 - Support for LibreSSL 2.7.0 and up - Minor memory leak fixes - Output message when user is locked out duo_unix-1.10.3: - Added support for http_proxy with SELinux enabled duo_unix-1.10.2: - Added default failmode values in config files duo_unix-1.10.1: - Fixed bug causing automated tests to fail on OSX - Addressed an issue which kept configuration secrets in memory for longer than necessary duo_unix-1.10.0: - Added LibreSSL support - Added additional GECOS parsing support - Increased OSX group count duo_unix-1.9.21: - PSA-2017-002: Only allow http_proxy to be defined in configuration file instead of environment duo_unix-1.9.20: - Fix installation on AIX systems - Add support for using OpenSSL 1.1.0 - Link libduo statically to address issues with the ldconfig cache and incompatibilities between versions - Fixed a bug that produced incorrect SNI when using a proxy duo_unix-1.9.19: - Restore the http_proxy environment variable after Duo is done - Added https_timeout config option to pam_duo - Handles missing shell and adds default if not specified in getpwuid - Add SNI support and a guard for systems that don't support SNI - Bug fixes for timeouts and fallback ip addresses ------------------------------------------------------------------- Fri Jun 3 03:47:45 UTC 2016 - plinnell@opensuse.org - Update to 1-9-18 *Package cleanups and remove rpmlint warnings - still needs security review - duo_unix-1.9.18: +Added HTTP proxy connection error handling +Improved compatibility with Solaris and AIX - duo_unix-1.9.17: + Fixed PAM return code issue - duo_unix-1.9.16: +Test fixes +Compilation fixes - duo_unix-1.9.15: +SELinux policy module package support +PAM module improvements +Removed deprecated SHA1 Entrust CA - duo_unix-1.9.14: +Added SELinux policy module +Improve poll(2) error handling ------------------------------------------------------------------- Mon Dec 1 20:14:45 UTC 2014 - darin@darins.net - update packaging to comply with SONAME policy - add rpmlintrc ------------------------------------------------------------------- Thu Oct 16 16:36:58 UTC 2014 - darin@darins.net - suse packaging
