Пакет pam: Specfile

Name: pam
Version: 0.99.6.3
Release: alt2

%define rhver 0.80-1
%define helperdir /sbin

Summary: Pluggable Authentication Modules
License: GPL or BSD-style
Group: System/Base
Url: http://www.kernel.org/pub/linux/libs/pam/index.html
Packager: Dmitry V. Levin <ldv@altlinux.org>

%define srcname Linux-PAM-%version

%def_disable static

# Linux-PAM name suffix
%define _pam_name_suffix	0

# Used for pam module package naming.
%define	make_pam_name()	pam%{_pam_name_suffix}_%{1}
%define	set_pam_name()	%global pam_name %(n='%{1}'; s="${n#pam_}"; [ "$n" = "$s" ] && echo -n "$n" || echo -n "pam%{_pam_name_suffix}_$s")

# Linux-PAM modules directory.
%define	_pam_modules_dir	/%_lib/security

# Linux-PAM library soname suffix.
%define _pam_so_suffix		%{nil}

# Linux-PAM library package name, used for tracking package dependencies.
%define	libpam			libpam%{_pam_name_suffix}

Source0: ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/%srcname.tar
Source2: pam-redhat-%rhver.tar
Source3: pam_sameuid-0.99.0.3.tar
Source4: pam_listfile.c
Source5: PAM-Policy.ALT
Source6: linux-pam.macros

Patch: Linux-PAM-%version-%release.patch

# Owl-specific patches.
Patch100: Linux-PAM-0.99.2.1-owl-const.patch
Patch101: Linux-PAM-0.99.2.1-owl-pam_limits-acct.patch
Patch102: Linux-PAM-0.99.2.1-owl-pam_mkhomedir-acct.patch
Patch103: Linux-PAM-0.99.6.2-owl-pam_wheel-use_uid.patch

# ALT-specific patches.
Patch201: Linux-PAM-0.99.0.3-alt-limits.conf.patch
Patch202: Linux-PAM-0.80-alt-pam_xauth-check_acl.patch
Patch203: Linux-PAM-0.99.6.2-alt-pam_xauth-wildcards.patch
Patch211: pam-redhat-0.99.6.3-alt-makefile.patch
Patch212: pam-redhat-0.80-alt-pam_console-config.patch
Patch213: pam-redhat-0.99.0.3-alt-pam_console-chmod.patch
Patch214: pam-redhat-0.99.0.3-alt-pam_chroot.patch
Patch215: pam-redhat-0.99.6.3-alt-log.patch

# Debian patches
Patch301: Linux-PAM-0.79-deb-pam_time.patch

Requires: %libpam = %version-%release, pam-common >= 1.1
Obsoletes: pamconfig

BuildRequires: rpm-build >= 0:4.0.4-alt55

# Required for pam_console.
BuildRequires: flex glib-devel

# Required for pam_userdb.
BuildRequires: libdb4-devel

# Required for docs.
BuildRequires: docbook-dtds docbook-style-xsl xsltproc w3m

%define _pamdir %_sysconfdir/pam.d
%define _secdir %_sysconfdir/security

%package -n %libpam
Summary: Shared libraries for running PAM-based software
Group: System/Libraries
PreReq: pam-common
Provides: libpam(include)
Provides: libpam = %version-%release
Obsoletes: libpam

%package -n %libpam-devel
Summary: Libraries and header files for developing PAM-aware software
Group: Development/C
Requires: %libpam = %version-%release
Provides: libpam-devel = %version-%release, pam-devel = %version-%release
Obsoletes: libpam-devel, pam-devel
Conflicts: libpam2-devel

%package -n %libpam-devel-static
Summary: Static libraries for developing PAM-aware software
Group: Development/C
Requires: %libpam-devel = %version-%release
Provides: libpam-devel-static = %version-%release
Obsoletes: libpam-devel-static
Conflicts: libpam2-devel-static

%package doc
Summary: Linux-PAM documentation
Group: Development/C
Requires: pam = %version-%release

%package -n %{make_pam_name console}
Summary: Controls permissions for users at the system console
Group: System/Base
Requires: pam = %version-%release
Provides: pam_console = %version-%release
Obsoletes: pam_console, pam_console0
Provides: %_secdir/console.apps

%package -n %{make_pam_name timestamp}
Summary: Authenticate using cached successful authentication attempts
Group: System/Base
Requires: pam = %version-%release
Provides: pam_timestamp = %version-%release
Obsoletes: pam_timestamp, pam_timestamp0

%description
Linux-PAM (Pluggable Authentication Modules for Linux) is a suite of
libraries that enable the local system administrator to choose how
PAM-aware applications authenticate users, without having to recompile
those applications.

%description -n %libpam
Linux-PAM (Pluggable Authentication Modules for Linux) is a suite of
libraries that enable the local system administrator to choose how
PAM-aware applications authenticate users, without having to recompile
those applications.

This package contains shared libraries required for running both
PAM-aware applications and modules for use with Linux-PAM.

%description -n %libpam-devel
Linux-PAM (Pluggable Authentication Modules for Linux) is a suite of
libraries that enable the local system administrator to choose how
PAM-aware applications authenticate users, without having to recompile
those applications.

This package contains header files and development libraries used for
building both PAM-aware applications and modules for use with Linux-PAM.

%description -n %libpam-devel-static
Linux-PAM (Pluggable Authentication Modules for Linux) is a suite of
libraries that enable the local system administrator to choose how
PAM-aware applications authenticate users, without having to recompile
those applications.

This package contains static libraries used for building statically
linked PAM-aware applications for use with Linux-PAM.

%description doc
Linux-PAM (Pluggable Authentication Modules for Linux) is a suite of
libraries that enable the local system administrator to choose how
PAM-aware applications authenticate users, without having to recompile
those applications.

This package contains detailed Linux-PAM documentation.

%description -n %{make_pam_name console}
The pam_console module exists to change file permissions when users
log on at the console, and to change them back when they log out of
the console.

See pam_console(8) for details.

%description -n %{make_pam_name timestamp}
The pam_timestamp module implements sudo-style authentication
timestamps.

See pam_timestamp(8) for details.

%prep
%setup -q -n %srcname -a2 -a3
%patch -p1

# Replace pam_listfile.
install -pm644 %_sourcedir/pam_listfile.c modules/pam_listfile/

# Owl-specific patches.
%patch100 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1

# ALT-specific patches.
%patch201 -p1
%patch202 -p1
%patch203 -p1
%patch211 -p1
%patch212 -p1
%patch213 -p1
%patch214 -p1
%patch215 -p1

# Debian patches.
%patch301 -p1

find -type f \( -name .cvsignore -o -name \*~ -o -name \*.orig \) -delete -print

# Replace _pam_aconf.h with config.h
grep -FZl _pam_aconf.h modules/*/*.c |
	xargs -r0 sed -i 's/_pam_aconf\.h/config.h/' --

# Complete pammodutil rename.
grep -FZl _pammodutil modules/pam_*/*.* |
	xargs -r0 sed -i 's,_pammodutil,pam_modutil,g' --
grep -FZl /_pam_modutil modules/pam_*/*.* |
	xargs -r0 sed -i 's,/_pam_modutil,/pam_modutil,g' --

# Unlink unwanted modules.
for d in pam_cracklib pam_keyinit pam_namespace pam_radius pam_selinux pam_unix; do
	sed -i "s,modules/$d/Makefile,," configure.in
	sed -i "s/ $d / /" modules/Makefile.am
done
find modules -type f -name Makefile -delete

# Additional console.perms tweaks are necessary because we are not ready
# for console.perms.d migration.
cat modules/pam_console/50-default.perms >>modules/pam_console/console.perms
> modules/pam_console/50-default.perms
sed -i '/console\.perms\.d/d' modules/pam_console/console.perms

%build
%define docdir %_docdir/%srcname

aclocal -I m4
libtoolize -f
autoconf
autoheader
automake -a

export ac_cv_lib_ndbm_dbm_store=no \
	ac_cv_lib_db_dbm_store=no \
	ac_cv_lib_selinux_getfilecon=no \
	ac_cv_lib_audit_audit_log_user_message=no \
	ac_cv_lib_crack_FascistCheck=no \
	#

%configure \
	--prefix=/ \
	--exec-prefix=/ \
	--libdir=/%_lib \
	--sbindir=/sbin \
	--includedir=%_includedir/security \
	--disable-nls \
	--disable-read-both-confs \
	--enable-fakeroot=%buildroot \
	--enable-suplementedir=%helperdir \
	--enable-docdir=%_docdir/%srcname \
	%{subst_enable static} \
	#
# SMP-incompatible build.
%__make

%install
%make_install install DESTDIR=%buildroot
mkdir -p %buildroot{%_secdir/console.apps,/var/run/console}

# Relocate development libraries from /%_lib/ to %_libdir/.
mkdir -p %buildroot%_libdir
mv %buildroot/%_lib/*.*a %buildroot%_libdir/
/sbin/ldconfig -nv %buildroot/%_lib
for f in %buildroot/%_lib/*.so; do
	t=`objdump -p "$f" |awk '/SONAME/ {print $2}'`
	[ -n "$t" ]
	ln -s ../../%_lib/"$t" "%buildroot%_libdir/${f##*/}"
	rm -f "$f"
done
rm -f %buildroot%_pam_modules_dir/*.la

chmod go-rw %buildroot%helperdir/*
chmod 700 %buildroot/sbin/{pam_console_apply,pam_timestamp_check}
chmod 755 %buildroot/sbin/pam_tally %buildroot%_pam_modules_dir/pam_filter/upperLOWER
chmod a-x %buildroot/%_lib{,/security}/*.so*

# Make sure that all modules are built.
>check.log
for d in modules/pam_*; do
	[ -d "$d" -a -s "$d/Makefile" ] || continue
	m="${d##*/}"
	! ls -1 "%buildroot%_pam_modules_dir/$m"*.so 2>/dev/null || continue
	echo "ERROR: $m module did not build." >&2
	echo "$m" >>check.log
done
! [ -s check.log ] || exit 1

# Make sure that no module exports symbols beyond standard set.
>check.log
for d in modules/pam_*; do
	[ -d "$d" ] || continue
	m="${d##*/}"
	readelf -Ws "%buildroot%_pam_modules_dir/$m"*.so |
		grep -w GLOBAL |
		grep -Ewv 'UND|pam_sm_(acct_mgmt|authenticate|chauthtok|close_session|open_session|setcred)'  ||
			continue
	echo "ERROR: $m module exports symbol(s) beyond standard set." >&2
	echo "$m" >>check.log
done
! [ -s check.log ] || exit 1

# Make sure that no shared object has undefined symbols.
>check.log
for f in %buildroot/%_lib/lib*.so.0 %buildroot%_pam_modules_dir/pam*.so; do
	LD_LIBRARY_PATH="%buildroot/%_lib" ldd -r "$f" 2>&1 >/dev/null |
		tee -a check.log
done
! [ -s check.log ] || exit 1

# Linux-PAM-specific rpm macros.
install -pDm644 %_sourcedir/linux-pam.macros \
	%buildroot%_sysconfdir/rpm/macros.d/pam

# Documentation
mkdir -p %buildroot%docdir/modules
for f in modules/pam_*/README; do
	d="${f%%/*}"
	[ -s "$d/Makefile" ] || continue
	install -pm644 "$f" "%buildroot%docdir/modules/${d##*/}"
done
install -pm644 %_sourcedir/PAM-Policy.ALT AUTHORS NEWS ChangeLog CHANGELOG \
	Copyright pgp.keys.asc %buildroot%docdir/
find %buildroot%docdir/ -type f -size +4k \( -iname changelog -or -name \*.txt -or -name \*.ps \) -print0 |
	xargs -r0 bzip2 -9f --

mkdir -p %buildroot%_sysconfdir/buildreqs/packages/substitute.d
for n in libpam{,-devel%{?_enable_static:{,-static}}}; do
	echo $n >"%buildroot%_sysconfdir/buildreqs/packages/substitute.d/%libpam${n#libpam}"
done

%post -n %libpam -p %post_ldconfig
%postun -n %libpam -p %postun_ldconfig

%post -n %{make_pam_name console}
%helperdir/pam_console_apply

%triggerpostun -n %{make_pam_name console} -- pam, pam_console
f=%_secdir/console.perms
if [ ! -f "$f" ]; then
	if [ -f "$f.rpmsave" ]; then
		%__cp -pf "$f.rpmsave" "$f"
	elif [ -f "$f.rpmnew" ]; then
		%__cp -pf "$f.rpmnew" "$f"
	fi
fi
%helperdir/pam_console_apply

%triggerpostun -n %{make_pam_name console} -- %{make_pam_name console} < 0:0.79
if [ -f /var/run/console.lock -a ! -f /var/run/console/console.lock ]; then
	%__mv /var/run/console.lock /var/run/console/ &&
		%helperdir/pam_console_apply ||:
fi

%files -n %libpam
%config %_sysconfdir/buildreqs/packages/substitute.d/%libpam
/%_lib/*.so.*
%_pam_modules_dir/pam_deny.so
%_pam_modules_dir/pam_permit.so
%dir %docdir
%docdir/AUTHORS*
%docdir/Copyright*
%docdir/NEWS*

%files -n %libpam-devel
%config %_sysconfdir/buildreqs/packages/substitute.d/%libpam-devel
%config %_sysconfdir/rpm/macros.d/pam
%_libdir/*.so
%_includedir/*
%_man3dir/*
%dir %docdir
%docdir/C[hH]*
%docdir/PAM*

%if_enabled static
%files -n %libpam-devel-static
%config %_sysconfdir/buildreqs/packages/substitute.d/%libpam-devel-static
%_libdir/*.a
%endif # enabled static

%files
%helperdir/pam_tally
%config(noreplace) %_secdir/access.conf
%config(noreplace) %attr(640,root,wheel) %_secdir/chroot.conf
%config(noreplace) %_secdir/time.conf
%config(noreplace) %attr(640,root,wheel) %_secdir/group.conf
%config(noreplace) %_secdir/limits.conf
%config(noreplace) %_secdir/pam_env.conf
%config(noreplace) %_sysconfdir/environment
%_pam_modules_dir/*
%exclude %_pam_modules_dir/pam_deny.so
%exclude %_pam_modules_dir/pam_permit.so
%exclude %_pam_modules_dir/pam_console.so
%exclude %_pam_modules_dir/pam_timestamp.so
%_mandir/man[58]/*.*
%exclude %_mandir/man[58]/*console*
%exclude %_mandir/man[58]/pam_timestamp*

%files -n %{make_pam_name console}
%attr(600,root,root) %config(noreplace) %_secdir/console.perms
%attr(700,root,root) %dir %_secdir/console.perms.d
%attr(600,root,root) %config(noreplace) %_secdir/console.perms.d/*
%attr(600,root,root) %config(noreplace) %_secdir/console.handlers
%attr(711,root,root) %dir %_secdir/console.apps
%attr(700,root,root) %helperdir/pam_console_apply
%_pam_modules_dir/pam_console.so
%_mandir/man[58]/*console*
%dir %attr(711,root,root) /var/run/console

%files -n %{make_pam_name timestamp}
%attr(700,root,root) %helperdir/pam_timestamp_check
%_pam_modules_dir/pam_timestamp.so
%_mandir/man[58]/pam_timestamp*

%files doc
%dir %docdir
%docdir/[a-z]*

%changelog
* Wed Apr 11 2007 Dmitry V. Levin <ldv@altlinux.org> 0.99.6.3-alt2
- Backported several fixes from Linux-PAM 0.99.7.1.

* Sun Sep 10 2006 Dmitry V. Levin <ldv@altlinux.org> 0.99.6.3-alt1
- Updated Linux-PAM to 0.99.6.3.
- Packaged %_sysconfdir/environment file.

* Sun Aug 27 2006 Dmitry V. Levin <ldv@altlinux.org> 0.99.6.2-alt1
- Updated Linux-PAM to 0.99.6.2:
- pam_umask: Enabled packaging.
- pam_rhosts: New module which replaces pam_rhosts_auth.
- Enhanced documentation for PAM functions and modules.

* Tue Jun 06 2006 Dmitry V. Levin <ldv@altlinux.org> 0.99.4.0-alt2
- Updated Linux-PAM to cvs snapshot 20060523.

* Fri May 05 2006 Dmitry V. Levin <ldv@altlinux.org> 0.99.4.0-alt1
- Updated Linux-PAM to 0.99.4.0.

* Mon Mar 20 2006 Dmitry V. Levin <ldv@altlinux.org> 0.99.3.0-alt2
- Backported a few fixes from cvs.

* Mon Jan 16 2006 Dmitry V. Levin <ldv@altlinux.org> 0.99.3.0-alt1
- Updated Linux-PAM to 0.99.3.0.

* Thu Jan 12 2006 Dmitry V. Levin <ldv@altlinux.org> 0.99.2.1-alt2
- Updated Linux-PAM to cvs snapshot 20060111.
- Rebuilt for new style PAM dependencies generated by rpm-build-4.0.4-alt55.

* Tue Dec 13 2005 Dmitry V. Levin <ldv@altlinux.org> 0.99.2.1-alt1
- Updated Linux-PAM to 0.99.2.1.
- Updated %%_pam_modules_dir (fixes #8630).

* Thu Nov 24 2005 Dmitry V. Levin <ldv@altlinux.org> 0.99.2.0-alt1
- Updated Linux-PAM to cvs snapshot 20051124.

* Fri Nov 18 2005 Dmitry V. Levin <ldv@altlinux.org> 0.99.1.0-alt4
- Updated Linux-PAM to cvs snapshot 20051118.

* Mon Oct 03 2005 Dmitry V. Levin <ldv@altlinux.org> 0.99.1.0-alt3
- Updated Linux-PAM to cvs snapshot 20051004.
- Merged upstream patches:
  owl-strdup-cleanup

* Fri Sep 30 2005 Dmitry V. Levin <ldv@altlinux.org> 0.99.1.0-alt2
- Updated Linux-PAM to cvs snapshot 20050930.
- Fixed several memory leaks in few modules.

* Mon Sep 26 2005 Dmitry V. Levin <ldv@altlinux.org> 0.99.1.0-alt1
- Updated Linux-PAM to 0.99.1.0.
- Merged upstream patches:
  owl-pam_mail
  owl-pam_nologin
  owl-pam_xauth

* Wed Sep 21 2005 Dmitry V. Levin <ldv@altlinux.org> 0.99.0.3-alt6
- Updated Linux-PAM to cvs snapshot 20050921.
- Merged upstream patches:
  owl-attribute
  owl-pam_issue
  owl-pam_lastlog-fixes
  owl-pam_limits
  owl-pam_userdb
  owl-sprintf
- Fixed pam_xauth.

* Mon Sep 19 2005 Dmitry V. Levin <ldv@altlinux.org> 0.99.0.3-alt5
- Updated Linux-PAM to cvs snapshot 20050918.
- Merged upstream patches:
  owl-pam_access
  owl-pammodutil-makefile
- Fixed pam_mail and pam_nologin.

* Sun Sep 18 2005 Dmitry V. Levin <ldv@altlinux.org> 0.99.0.3-alt4
- Updated Linux-PAM to cvs snapshot 20050917.
- Merged upstream patches:
  owl-conv-warning
  owl-pam_deny
  owl-pam_env
  owl-pam_motd
  owl-pam_permit
  owl-pam_start
  owl-pam_warn
- Fixed pam_issue.

* Fri Sep 16 2005 Dmitry V. Levin <ldv@altlinux.org> 0.99.0.3-alt3
- Updated Linux-PAM to cvs snapshot 20050915.
- Merged upstream patches:
  owl-pam_ext
  owl-libpam_misc-makefile
  owl-pam_filter-upperLOWER
  owl-pam_ftp
  owl-pam_lastlog
  owl-pam_tally
  owl-pam_time
  owl-pam_userdb
- Enhanced errors diagnostics.
- Fixed compilation warnings.

* Fri Sep 10 2005 Dmitry V. Levin <ldv@altlinux.org> 0.99.0.3-alt2
- Added more const and attribute tags to function prototypes.
- Fixed pam_lastlog.

* Wed Sep 07 2005 Dmitry V. Levin <ldv@altlinux.org> 0.99.0.3-alt1
- Updated Linux-PAM to cvs snapshot 20050906.
- Merged upstream patches:
  owl-tmp,
  owl-pam_get_user-cache-failures,
  owl-man,
  owl-pam_securetty,
  owl-pam_limits,
  owl-pam_motd,
  owl-configure,
  owl-pam_filter,
  owl-pammodutil-attribute.
- Updated patches.
- Disabled packaging of the static library.
- Finished Linux-PAM migration to pam_syslog/pam_prompt.

* Fri Aug 26 2005 Dmitry V. Levin <ldv@altlinux.org> 0.80-alt2
- pam0_console: fixed console.handlers (#7752).

* Wed Aug 17 2005 Dmitry V. Levin <ldv@altlinux.org> 0.80-alt1
- Restricted list of global symbols exported by libraries.

* Fri Aug 12 2005 Dmitry V. Levin <ldv@altlinux.org> 0.80-alt0.3
- Cleaned up conversation wrappers.
- Raised nprocs limits in limits.conf (#5636).
- Added pam_sm_acct_mgmt for pam_mkhomedir module (#6989).

* Thu Aug 11 2005 Dmitry V. Levin <ldv@altlinux.org> 0.80-alt0.2
- Changed modules logging to eliminate disunion in behaviour and
  avoid openlog/closelog calls for each logging function invocation.
- Restricted list of global symbols exported by PAM modules to
  standard set of six pam_sm_* functions.

* Mon Jul 18 2005 Dmitry V. Levin <ldv@altlinux.org> 0.80-alt0.1
- Updated Linux-PAM to 0.80.
- Updated pam-redhat to 0.80-1.
- Disabled build and packaging of the pam_stack module.
- Reviewed patches, removed obsolete ones, updated all the rest.

* Thu Feb 10 2005 Dmitry V. Levin <ldv@altlinux.org> 0.75-alt28
- Fixed multilib (closes #5091).

* Tue Aug 03 2004 Dmitry V. Levin <ldv@altlinux.org> 0.75-alt27
- pam_console: Fixed /dev/sg* permissions (#4742).
- Added multilib support (#4891).

* Wed May 05 2004 Dmitry V. Levin <ldv@altlinux.org> 0.75-alt26
- console.perms: added /dev/dri/* to <dri> (#2507).
- console.perms: fixed typo in <console> (#3343).
- pam_userdb: build with libdb4 (#4080).

* Thu Nov 06 2003 Dmitry V. Levin <ldv@altlinux.org> 0.75-alt25
- Build with %%optflags_shared.

* Sat Sep 27 2003 Dmitry V. Levin <ldv@altlinux.org> 0.75-alt24
- /etc/rpm/macros.d/pam: reverted previous change.

* Fri Sep 26 2003 Dmitry V. Levin <ldv@altlinux.org> 0.75-alt23
- pam_limits: don't invoke setrlimit(2) on limits which are not
  set explicitly as simply resetting RLIMIT_FSIZE to what
  appears to be its current value may decrease the actual
  limit with LFS (Owl).
- Added buildreq substitution rules.
- /etc/rpm/macros.d/pam: updated (#3050).

* Wed Jul 30 2003 Dmitry V. Levin <ldv@altlinux.org> 0.75-alt22
- pam_wheel: patched to never rely on getlogin(3).
- pam_console: added "/dev/snd/*" to console.perms <sound> list.
- Renamed:
  pam_console0 -> pam0_console
  pam_stack0 -> pam0_stack
  pam_timestamp0 -> pam0_timestamp
- Updated PAM Policy file.
- Updated rpm macros file.

* Thu May 29 2003 Dmitry V. Levin <ldv@altlinux.org> 0.75-alt21
- Renamed:
  libpam -> libpam0
  libpam-devel -> libpam0-devel
  libpam-devel-static -> libpam0-devel-static
  pam_console -> pam_console0
  pam_stack -> pam_stack0
  pam_timestamp -> pam_timestamp0
- Relocated /etc/pam.d/other from this package to pam-common.
- Relocated pam_{deny,permit}.so modules to libpam0 subpackage.
- Added Linux-PAM-specific rpm macros file.
- Updated PAM Policy file.

* Fri May 23 2003 Dmitry V. Levin <ldv@altlinux.org> 0.75-alt20
- Implemented pam include config support.
- Moved pam_stack to separate subpackage.

* Fri May 23 2003 Dmitry V. Levin <ldv@altlinux.org> 0.75-alt19
- Cleaned up build a bit.
- Build with --disable-read-both-confs
 (when /etc/pam.d/ exists, don't look at /etc/pam.conf).
- Moved pam_timestamp to separate subpackage.
- Relocated Linux-PAM documentation to %docdir.

* Thu Feb 13 2003 Dmitry V. Levin <ldv@altlinux.org> 0.75-alt18
- Updated pam_xauth to pam-redhat-0.75-48.
- pam_xauth: removed wildcards support introduced in pam-redhat-0.75-48.

* Sun Sep 01 2002 Dmitry V. Levin <ldv@altlinux.org> 0.75-alt17
- Patched pam_motd to behave on errors (Owl).
- Updated pam_timestamp* to pam-redhat-0.75-40.
- Fixed library symlinks generation.
- Use subst instead of perl for build.
- Updated devel-static requirements.

* Wed Jul 31 2002 Dmitry V. Levin <ldv@altlinux.org> 0.75-alt16
- Simplified read_string patch.
- Readded documentation in PostScript format.
- Dropped buildrequires on libcrypt.so.1(GLIBC_2.2.2), no longer needed
  since we don't build pam_unix/pam_pwdb.
- Added patches from Owl:
  + Moved pam.d and pam.conf man pages to section 5 where they belong.
  + pam_limits: support stacking for account management (as well as for
    session setup), be fail-close on configuration file reads, report the
    "too many logins" via PAM conversation rather than direct printf(3).
- Updated pam-redhat to -38:
  + pam_xauth: fix cases where DISPLAY is "localhost:screen" and
    the xauth key is actually stored using the system's hostname;
  + pam_timestamp fixes;
  + added pam_timestamp_check.

* Thu Mar 21 2002 Dmitry V. Levin <ldv@alt-linux.org> 0.75-alt15
- Updated console.perms <dri> rules.
- Relaxed %_secdir/console.apps permissions a bit.

* Wed Mar 20 2002 Dmitry V. Levin <ldv@alt-linux.org> 0.75-alt14
- Fixed pam_console %%triggerpostun script.
- Fixed %_secdir/console.* permissions.

* Fri Mar 15 2002 Dmitry V. Levin <ldv@alt-linux.org> 0.75-alt13
- Updated pam-redhat to -27 (added pam_timestamp).
- Relocated helpers back to /sbin/.
- Updated console.perms to new scheme.
- Moved pam_console stuff to separate subpackage.
- Run %helperdir/pam_console_apply in pam_console %%post.

* Thu Dec 13 2001 Dmitry V. Levin <ldv@alt-linux.org> 0.75-alt12
- Merged RH patches (rh release 20).
- Merged Owl patches (owl release 14).
- Dropped: pam_unix, pam_pwdb, pam_cracklib.

* Wed Sep 26 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt11
- Merged RH patches (rh release 12, pam_stack still from 5).
- console.perms: corrected console class description.
- Moved cracklib module to separate subpackage.
- fixed and relocated docs.

* Thu Sep 13 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt10
- pam_stack: revert to old version (from rh release 5) for now.

* Mon Sep 10 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt9
- Moved changable system-auth config to pam-config package.

* Fri Sep 07 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt8
- Relocated helper programs to %helperdir.
- Rebuilt to get more dependencies.

* Wed Aug 22 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt7
- Moved %_lockdir/console /var/run/console.
- Merged RH patches (rh release 10).
- Removed versioned dependence on glibc package.
- Added requires on libcrypt.so.1(GLIBC_2.2.1).

* Mon Jun 04 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt6
- More sanity checks in pam_unix_passwd.c

* Tue May 29 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt5
- Fixed more errors in pam_console/chmod.c

* Tue May 29 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt4
- Fixed recent typo in pam_unix/support.h

* Tue May 22 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt3
- 0.75 (rh release 2).
- Attempt to fix loop in pam_console.

* Thu May 17 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt2
- Fixed pam_unix-chkpwd helper.

* Tue May 15 2001 Dmitry V. Levin <ldv@altlinux.ru> 0.75-alt1
- 0.75 (rh release 1).
- Moved static libraries to devel-static subpackage.

* Thu Mar 01 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl5mdk
- Merged RH patches (rh release 12).
- Libification.

* Sat Feb 24 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl4mdk
- Merged RH patches (rh release 10).

* Fri Feb 23 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl3mdk
- changed console.perms:
  <console> 0600 <burner> 0600 root.cdwriter

* Sun Feb 11 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl2mdk
- Enhanced unix_chkpwd to support LOGNAME environment variable.
- Merged RH patches (rh release 5).

* Wed Jan 31 2001 Dmitry V. Levin <ldv@fandra.org> 0.74-ipl1mdk
- 0.74 (sync with Linux-PAM and pam-redhat).
- Moved development libraries from /lib to %_libdir.

* Fri Jan 12 2001 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl16mdk
- Use libc_crypt as crypt function (glibc >= 2.2.1-ipl0.3mdk).

* Wed Jan 10 2001 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl15mdk
- Integrated new feaures of glibc >= 2.2.1-ipl0.2mdk:
  + added blowfish crypt support for pam_unix (libcrypt);
  + dropped BSDIcrypt support for pam_unix (it was never used);
  + set default crypt to blowfish in system-auth.

* Fri Jan 05 2001 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl14mdk
- Updated console.perms patch.
- Built with db2.

* Wed Dec 06 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl13mdk
- Merge RH changes (26-->37).

* Tue Oct 17 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl12mdk
- Added pam_sameuid module.

* Fri Oct 06 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl11mdk
- Merge last RH changes (by Nalin Dahyabhai <nalin@redhat.com>):
  + clean up logging in pam_xauth;
  + mova README.* files in txt subdirectory;
  + add pam_tally's application to allow counts to be reset;
  + move pam_filter modules to /lib/security/pam_filter;
  + add DRI and nvidia devices to console.perms.
- Fixed:
  + pam_stack now passes delay back.

* Wed Sep 27 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl10mdk
- Added:
  + BSDIcrypt support for pam_unix;
  + pam_limits in system-auth.

* Tue Sep 26 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl9mdk
- Merge last RH changes (by Nalin Dahyabhai <nalin@redhat.com>):
  + add a broken_shadow option to pam_unix;
  + add all module README files to the documentation list;
  + fix pam_stack debug and losing-track-of-the-result bug;
  + rework pam_console's usage of syslog to actually be sane (#14646);
  + take the LOG_ERR flag off of some of pam_console's new messages.
- Merge last MDK changes:
  + set all sound stuff to audio group;
  + add cdburner permissions;
  + add %_pamdir/system-auth;
  + noreplace configs.

* Mon Sep 04 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl8mdk
- Merge with last MDK changes.

* Fri Jul 21 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl7mdk
- Merge with last RH changes.
- Added: BSDIcrypt support.

* Wed May 31 2000 Dmitry V. Levin <ldv@fandra.org> 0.72-ipl6mdk
- Package split into pam, pam-devel and pam-doc packages
- RE adaptions.

* Tue Feb 22 2000 Dmitry V. Levin <ldv@fandra.org>
- Fixes:
  + read_string bugfix
  + real buildroot packaging
- more documentation included
- Fandra adaptions.

* Sat Feb 05 2000 Nalin Dahyabhai <nalin@redhat.com>
- Fix pam_xauth bug #6191.

* Thu Feb 03 2000 Elliot Lee <sopwith@redhat.com>
- Add a patch to accept 'pts/N' in /etc/securetty as a match for tty '5'
  (which is what other pieces of the system think it is). Fixes bug #7641.

* Mon Jan 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- argh, turn off gratuitous debugging

* Wed Jan 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 0.72
- fix pam_unix password-changing bug
- fix pam_unix's cracklib support
- change package URL

* Mon Jan 03 2000 Cristian Gafton <gafton@redhat.com>
- don't allow '/' on service_name

* Thu Oct 21 1999 Cristian Gafton <gafton@redhat.com>
- enhance the pam_userdb module some more

* Fri Sep 24 1999 Cristian Gafton <gafton@redhat.com>
- add documenatation

* Tue Sep 21 1999 Michael K. Johnson <johnsonm@redhat.com>
- a tiny change to pam_console to make it not loose track of console users

* Mon Sep 20 1999 Michael K. Johnson <johnsonm@redhat.com>
- a few fixes to pam_xauth to make it more robust

* Wed Jul 14 1999 Michael K. Johnson <johnsonm@redhat.com>
- pam_console: added <xconsole> to manage /dev/console

* Thu Jul 01 1999 Michael K. Johnson <johnsonm@redhat.com>
- pam_xauth: New refcounting implementation based on idea from Stephen Tweedie

* Sat Apr 17 1999 Michael K. Johnson <johnsonm@redhat.com>
- added video4linux devices to /etc/security/console.perms

* Fri Apr 16 1999 Michael K. Johnson <johnsonm@redhat.com>
- added joystick lines to /etc/security/console.perms

* Thu Apr 15 1999 Michael K. Johnson <johnsonm@redhat.com>
- fixed a couple segfaults in pam_xauth uncovered by yesterday's fix...

* Wed Apr 14 1999 Cristian Gafton <gafton@redhat.com>
- use gcc -shared to link the shared libs

* Wed Apr 14 1999 Michael K. Johnson <johnsonm@redhat.com>
- many bug fixes in pam_xauth
- pam_console can now handle broken applications that do not set
  the PAM_TTY item.

* Tue Apr 13 1999 Michael K. Johnson <johnsonm@redhat.com>
- fixed glob/regexp confusion in pam_console, added kbd and fixed fb devices
- added pam_xauth module

* Sat Apr 10 1999 Cristian Gafton <gafton@redhat.com>
- pam_lastlog does wtmp handling now

* Thu Apr 08 1999 Michael K. Johnson <johnsonm@redhat.com>
- added option parsing to pam_console
- added framebuffer devices to default console.perms settings

* Wed Apr 07 1999 Cristian Gafton <gafton@redhat.com>
- fixed empty passwd handling in pam_pwdb

* Mon Mar 29 1999 Michael K. Johnson <johnsonm@redhat.com>
- changed /dev/cdrom default user permissions back to 0600 in console.perms
  because some cdrom players open O_RDWR.

* Fri Mar 26 1999 Michael K. Johnson <johnsonm@redhat.com>
- added /dev/jaz and /dev/zip to console.perms

* Thu Mar 25 1999 Michael K. Johnson <johnsonm@redhat.com>
- changed the default user permissions for /dev/cdrom to 0400 in console.perms

* Fri Mar 19 1999 Michael K. Johnson <johnsonm@redhat.com>
- fixed a few bugs in pam_console

* Thu Mar 18 1999 Michael K. Johnson <johnsonm@redhat.com>
- pam_console authentication working
- added /etc/security/console.apps directory

* Mon Mar 15 1999 Michael K. Johnson <johnsonm@redhat.com>
- added pam_console files to filelist

* Fri Feb 12 1999 Cristian Gafton <gafton@redhat.com>
- upgraded to 0.66, some source cleanups

* Mon Dec 28 1998 Cristian Gafton <gafton@redhat.com>
- add patch from Savochkin Andrey Vladimirovich <saw@msu.ru> for umask
  security risk

* Fri Dec 18 1998 Cristian Gafton <gafton@redhat.com>
- upgrade to ver 0.65
- build the package out of internal CVS server