%define rhrelease 21 Summary: A security tool which provides authentication for applications. Name: pam Version: 0.75 Release: 20mdk License: GPL or BSD Group: System/Libraries Source: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2 Source1: pam-redhat-%{version}-%{rhrelease}.tar.bz2 Source2: other.pamd Source3: system-auth.pamd Patch: pam-0.75-mdkconf.patch.bz2 Patch1: pam-0.75-headers.patch.bz2 Patch2: pam-0.75-accessdoc.patch.bz2 Patch3: pam-0.75-build.patch.bz2 Patch4: pam-0.75-cached.patch.bz2 Patch5: pam-0.75-const.patch.bz2 Patch6: pam-0.75-linkage.patch.bz2 Patch7: pam-0.75-mandir.patch.bz2 Patch8: pam-0.75-primary.patch.bz2 Patch9: pam-0.75-prompt.patch.bz2 Patch11: pam-0.75-return.patch.bz2 Patch12: pam-0.75-security.patch.bz2 Patch13: pam-0.75-string.patch.bz2 Patch14: pam-0.75-typo.patch.bz2 Patch15: pam-0.75-trust.patch.bz2 Patch16: pam-0.75-userdb.patch.bz2 Patch17: pam-0.75-wheeldoc.patch.bz2 Patch18: pam-0.75-wrap.patch.bz2 Patch19: pam-0.75-cracklib-distance.patch.bz2 Patch20: pam-0.75-group-reinit.patch.bz2 Patch21: pam-0.75-lastlog-utmp.patch.bz2 Patch22: pam-0.75-limits-locks.patch.bz2 Patch23: pam-0.75-null.patch.bz2 Patch24: pam-0.75-sigchld.patch.bz2 Patch25: pam-0.75-pwdb-compare.patch.bz2 Patch26: pam-0.75-securetty-pts.patch.bz2 Patch27: pam-0.75-securetty-fail.patch.bz2 Patch28: pam-0.75-syntax.patch.bz2 Patch29: pam-0.75-time.patch.bz2 Patch30: pam-0.75-issue.patch.bz2 Patch31: pam-0.75-doc-rhl.patch.bz2 Patch32: pam-0.75-bigcrypt-main.patch.bz2 Patch33: pam-0.75-cracklib-init.patch.bz2 Patch34: pam-0.75-filter-comments.patch.bz2 Patch35: pam-0.75-unixdoc.patch.bz2 Patch36: pam-0.75-unix-loop.patch.bz2 Patch37: pam-0.75-unix-preserve.patch.bz2 Patch38: pam-0.75-unix-retval.patch.bz2 Patch39: pam-0.75-unix-brokenshadow.patch.bz2 Patch40: pam-0.75-unix-nis.patch.bz2 Patch41: pam-0.75-unix-nullok.patch.bz2 Patch42: pam-0.75-wheel-usertouser.patch.bz2 Patch43: pam-0.75-mkhomedir-recurse.patch.bz2 Patch44: pam-0.75-limits-root.patch.bz2 Patch45: pam-0.75-issue-seg.patch.bz2 Patch46: pam-0.75-listfile-tty.patch.bz2 Patch47: pam-0.75-tally-init.patch.bz2 Patch48: pam-0.75-rhosts-plus.patch.bz2 Patch49: pam-0.75-limits-retval.patch.bz2 Patch50: pam-0.75-reentrant.patch.bz2 Patch51: pam-0.75-macros.patch.bz2 Patch501: pam-0.74-loop.patch.bz2 Patch502: pam-0.75-console-dead-x.patch.bz2 Patch503: Linux-PAM-0.75-devfsd.patch.bz2 Buildroot: %{_tmppath}/%{name}-%{version}-root Requires: cracklib, cracklib-dicts, pwdb >= 0.54-2, initscripts >= 3.94 BuildRequires: bison cracklib-devel db2-devel db3-devel flex glib-devel pwdb-devel BuildRequires: automake Obsoletes: pamconfig Provides: pamconfig Url: http://www.us.kernel.org/pub/linux/libs/pam/index.html %description PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. %package doc Summary: Additional documentation for %{name} Group: System/Libraries PreReq: %{name} = %version-%release BuildRequires: tetex-latex sgml-tools %package devel Summary: Development headers and libraries for %{name} Group: Development/Other PreReq: %{name} = %version-%release %description doc PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. This is the documentation package of %{name} %description devel PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. This is the devlopement librairies for %{name} %prep %setup -q -n Linux-PAM-%{version} -a 1 cp %{_datadir}/automake/install-sh . ln -sf defs/redhat.defs default.defs %patch -p1 -b .mdk %patch1 -p1 -b .headers %patch2 -p1 -b .accessdoc %patch3 -p1 -b .build %patch4 -p1 -b .cached %patch5 -p1 -b .const %patch6 -p1 -b .linkage %patch7 -p1 -b .mandir %patch8 -p1 -b .primary %patch9 -p1 -b .prompt %patch11 -p1 -b .return %patch12 -p1 -b .security %patch13 -p1 -b .string %patch14 -p1 -b .typo %patch15 -p1 -b .trust %patch16 -p1 -b .userdb %patch17 -p1 -b .wheeldoc %patch18 -p1 -b .wrap %patch19 -p1 -b .cracklib-distance %patch20 -p1 -b .group-reinit %patch21 -p1 -b .lastlog-utmp %patch22 -p1 -b .limits-locks %patch23 -p1 -b .null %patch24 -p1 -b .sigchld %patch25 -p1 -b .pwdb-compare %patch26 -p1 -b .securetty-pts %patch27 -p1 -b .securetty-fail %patch28 -p1 -b .syntax %patch29 -p1 -b .time %patch30 -p1 -b .issue %patch31 -p1 -b .doc-rhl %patch32 -p1 -b .bigcrypt-main %patch33 -p1 -b .cracklib-init %patch34 -p1 -b .filter-comments %patch35 -p1 -b .unix-doc %patch36 -p1 -b .unix-loop %patch37 -p1 -b .unix-preserve %patch38 -p1 -b .unix-retval %patch39 -p1 -b .unix-brokenshadow %patch40 -p1 -b .unix-nis %patch41 -p1 -b .unix-nullok %patch42 -p1 -b .wheel-usertouser %patch43 -p1 -b .mkhomedir-recurse %patch44 -p1 -b .limits-root %patch45 -p1 -b .issue-seg %patch46 -p1 -b .listfile-tty %patch47 -p1 -b .tally-init %patch48 -p1 -b .rhosts-plus %patch49 -p1 -b .limits-retval %patch50 -p1 -b .reentrant %patch51 -p1 -b .macros %patch501 -p1 -b .loop %patch502 -p1 -b .dead-x %patch503 -p1 -b .devfsd for readme in modules/pam_*/README ; do cp -fv ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'` done autoconf %build CFLAGS="$RPM_OPT_FLAGS -fPIC" \ ./configure \ --prefix=/ \ --infodir=%{_infodir} \ --mandir=%{_mandir} \ --enable-static-libpam \ --enable-fakeroot=$RPM_BUILD_ROOT %make %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT%{_includedir}/security mkdir -p $RPM_BUILD_ROOT/lib/security make install FAKEROOT=$RPM_BUILD_ROOT LDCONFIG=: install -d -m 755 $RPM_BUILD_ROOT/etc/pam.d install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/other install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/system-auth # Install man pages. install -d -m 755 $RPM_BUILD_ROOT/%{_mandir}/man3 install -d -m 755 $RPM_BUILD_ROOT/%{_mandir}/man8 install -m 644 doc/man/*.3 $RPM_BUILD_ROOT%{_mandir}/man3/ install -m 644 doc/man/*.8 $RPM_BUILD_ROOT%{_mandir}/man8/ # Make sure every module built. for dir in modules/pam_* ; do if [ -d ${dir} ] ; then if ! ls -1 $RPM_BUILD_ROOT/lib/security/`basename ${dir}`*.so ; then echo ERROR `basename ${dir}` module did not build. exit 1 fi fi done %clean rm -rf $RPM_BUILD_ROOT %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files %defattr(-,root,root) %dir /etc/pam.d %config(noreplace) /etc/pam.d/other %config(noreplace) /etc/pam.d/system-auth %config(noreplace) /etc/security/access.conf %config(noreplace) /etc/security/time.conf %config(noreplace) /etc/security/group.conf %config(noreplace) /etc/security/limits.conf %config(noreplace) /etc/security/pam_env.conf %config(noreplace) /etc/security/console.perms /lib/libpam.so.* /lib/libpam_misc.so.* %attr(4755,root,root) /sbin/pwdb_chkpwd /sbin/unix_chkpwd /sbin/pam_console_apply /sbin/pam_tally /lib/security %dir /etc/security/console.apps %dir /var/run/console %{_mandir}/man5/* %{_mandir}/man8/* %files devel %defattr(-,root,root) %doc Copyright /lib/libpam.so /lib/libpam_misc.so /lib/libpam_misc.a %{_includedir}/security/*.h %{_mandir}/man3/* %files doc %defattr(-,root,root) %doc doc/html doc/ps doc/txts doc/specs/rfc86.0.txt Copyright %changelog * Sun Mar 3 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.75-20mdk - really apply patch to reduce number of access to /etc/{passwd,group} (Andrej). * Tue Feb 26 2002 Pixel <pixel@mandrakesoft.com> 0.75-19mdk - add /dev/rdvd in group cdrom (modified patch pam-0.75-mdkconf.patch.bz2) (rdvd is meant to be a symlink to a raw/raw<n>) * Thu Feb 14 2002 Chmouel Boudjnah <chmouel@mandrakesoft.com> 0.75-18mdk - Fix leak in devfsd patch (Andrej). * Mon Feb 11 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.75-17mdk - updated patch503 to try to supermount triggering as much as possible and /var/lock -> /var/run. (Andrej) - console.perms: /dev/sequencer* (Andrej) * Sat Feb 2 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.75-16mdk - updated devfsd patch and BuildRequires (Andrej) * Fri Feb 1 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.75-15mdk - resync with rh 0.75-21 * Sat Jan 19 2002 David BAUDENS <baudens@mandrakesoft.com> 0.75-14mdk - Fix Group: for devel package * Wed Jan 16 2002 Chmouel Boudjnah <chmouel@mandrakesoft.com> 0.75-13mdk - Player play again compile pam_console_apply_devfsd statically. * Wed Jan 16 2002 Chmouel Boudjnah <chmouel@mandrakesoft.com> 0.75-12mdk - Revert my morning crack. * Wed Jan 16 2002 Chmouel Boudjnah <chmouel@mandrakesoft.com> 0.75-11mdk - Don't compile pam_console_apply_devfsd with libglib (it's /usr based). * Wed Jan 16 2002 David BAUDENS <baudens@mandrakesoft.com> 0.75-10mdk - Clean after build - Fix Requires: * Thu Nov 29 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.75-9mdk - apply patch from Andrej Borsenkow to build a pam_console_apply_devfsd.so * Fri Oct 05 2001 Stefan van der Eijk <stefan@eijk.nu> 0.75-8mdk - BuildRequires: db2-devel db3-devel * Mon Sep 24 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.75-7mdk - fix pam_console when the X server disapear before the session is closed. * Fri Jul 20 2001 Pixel <pixel@mandrakesoft.com> 0.75-6mdk - rebuild with new glibc that works * Thu Jul 19 2001 Daouda Lo <daouda@mandrakesoft.com> 0.75-5mdk - workaround -> symlink soname a la mano until glibc/ldconfig fix * Wed Jul 11 2001 Frederic Crozat <fcrozat@mandrakesoft.com> 0.75-4mdk - Resync with redhat pam 0.75-5 : remove patch 3 (merged) * Tue Jul 3 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.75-3mdk - recompiled for db3.2 * Tue Jun 26 2001 Frederic Crozat <fcrozat@mandrakesoft.com> 0.75-2mdk - Patch 3 : fix pam_console * Wed Jun 13 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.75-1mdk - 0.75 - added devel man pages to devel package * Wed May 16 2001 Renaud Chaillat <rchaillat@mandrakesoft.com> 0.74-7mdk - changed ttyS* group owner from uucp to tty (thanks to ygingras@eclipsys.qc.ca) * Thu Apr 12 2001 Frederic Crozat <fcrozat@mandrakesoft.com> 0.74-6mdk - Add usb to console permission file * Thu Apr 5 2001 Renaud Chaillat <rchaillat@mandrakesoft.com> 0.74-5mdk - applied patch from Debian on pam_mkhomedir module (thanks to Christian Zoffoli) * Thu Mar 15 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.74-4mdk - fix infinite loop * Wed Mar 14 2001 Giuseppe Ghibò <ghibo@mandrakesoft.com> 0.74-3mdk - removed "account required /lib/security/pam_access.so" entry in system-auth to get imap-2000 working. - added pam_tally and pam_console_apply in /sbin. * Mon Mar 12 2001 Chmouel Boudjnah <chmouel@mandrakesoft.com> 0.74-2mdk - 0.74-17 from rh. * Mon Feb 26 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.74-1mdk - 0.74. * Sat Dec 16 2000 Vincent Danen <vdanen@mandrakesoft.com> 0.72-14mdk - security fix for localuser module * Mon Dec 11 2000 Jeff Garzik <jgarzik@mandrakesoft.com> 0.72-13mdk - fix build with db1 - fix some rpmlint warnings * Mon Oct 2 2000 Frederic Lepied <flepied@mandrakesoft.com> 0.72-12mdk - added glib-devel bison flex BuildRequires. * Mon Sep 25 2000 Frederic Lepied <flepied@mandrakesoft.com> 0.72-11mdk - include system-auth (chmou sucks). * Sun Sep 24 2000 Chmouel Boudjnah <chmouel@mandrakesoft.com> 0.72-10mdk - Sync with last rh pam : - add a broken_shadow option to pam_unix - fix pam_stack debug and losing-track-of-the-result bug - rework pam_console's usage of syslog to actually be sane (#14646) - take the LOG_ERR flag off of some of pam_console's * Tue Sep 19 2000 Frederic Lepied <flepied@mandrakesoft.com> 0.72-9mdk - noreplace. - resync console.perms with the dev package. * Mon Sep 4 2000 Chmouel Boudjnah <chmouel@mandrakesoft.com> 0.72-8mdk - Add cdburner permission. - Set all sound stuff to audio group. * Sat Jul 22 2000 Chmouel Boudjnah <chmouel@mandrakesoft.com> 0.72-7mdk - Merge with latest RH changes (security fixes). * Wed Jul 19 2000 Chmouel Boudjnah <chmouel@mandrakesoft.com> 0.72-6mdk - Merge with last RH changes. - BM. * Thu May 18 2000 Pixel <pixel@mandrakesoft.com> 0.72-5mdk - fix add .so.0 * Thu May 18 2000 Pixel <pixel@mandrakesoft.com> 0.72-4mdk - add .so.0 - create -devel - move more doc to -doc * Thu Apr 27 2000 Frederic Lepied <flepied@mandrakesoft.com> 0.72-3mdk - added a BuildRequires on pwdb-devel and cracklib-devel * Sat Mar 25 2000 Pixel <pixel@mandrakesoft.com> 0.72-2mdk - new group - only keep html doc in main package. ps & txt moved to -doc * Sun Feb 20 2000 Chmouel Boudjnah <chmouel@mandrakesoft.com> 0.72-1mdk - 0.72. - Clean up %files section. * Fri Jan 28 2000 Francis Galiegue <francis@mandrakesoft.com> 0.68-4mdk - Fixed wrong user id for /sbin/pwdb_chkpwd * Tue Jan 11 2000 Pixel <pixel@mandrakesoft.com> - fix build as non-root * Tue Jan 4 2000 Chmouel Boudjnah <chmouel@mandrakesoft.com> 0.68-2mdk - don't allow '/'/ on service_name (rh). * Mon Oct 25 1999 Chmouel Boudjnah <chmouel@mandrakesoft.com> - 0.68. * Wed Jul 7 1999 Axalon Bloodstone <axalon@linux-mandrake.com> - return audio devices to pam control * Thu Jun 01 1999 Axalon Bloodstone <axalon@linux-mandrake.com> - Local user audio "hack" we no longer modify audio device permissions * Sun May 2 1999 Bernhard Rosenkraenzer <bero@mandrakesoft.com> - Fix compilation on systems that don't have pam headers installed already - Fix a bug (chmod 0755 $FAKEROOT/etc/security/console.apps, not /etc/security/console.apps !!!) * Tue Apr 27 1999 Chmouel Boudjnah <chmouel@mandrakesoft.com> - Mandrake adatations. * Sat Apr 17 1999 Michael K. Johnson <johnsonm@redhat.com> - added video4linux devices to /etc/security/console.perms * Fri Apr 16 1999 Michael K. Johnson <johnsonm@redhat.com> - added joystick lines to /etc/security/console.perms * Thu Apr 15 1999 Michael K. Johnson <johnsonm@redhat.com> - fixed a couple segfaults in pam_xauth uncovered by yesterday's fix... * Wed Apr 14 1999 Cristian Gafton <gafton@redhat.com> - use gcc -shared to link the shared libs * Wed Apr 14 1999 Michael K. Johnson <johnsonm@redhat.com> - many bug fixes in pam_xauth - pam_console can now handle broken applications that do not set the PAM_TTY item. * Tue Apr 13 1999 Michael K. Johnson <johnsonm@redhat.com> - fixed glob/regexp confusion in pam_console, added kbd and fixed fb devices - added pam_xauth module * Sat Apr 10 1999 Cristian Gafton <gafton@redhat.com> - pam_lastlog does wtmp handling now * Thu Apr 08 1999 Michael K. Johnson <johnsonm@redhat.com> - added option parsing to pam_console - added framebuffer devices to default console.perms settings * Wed Apr 07 1999 Cristian Gafton <gafton@redhat.com> - fixed empty passwd handling in pam_pwdb * Mon Mar 29 1999 Michael K. Johnson <johnsonm@redhat.com> - changed /dev/cdrom default user permissions back to 0600 in console.perms because some cdrom players open O_RDWR. * Fri Mar 26 1999 Michael K. Johnson <johnsonm@redhat.com> - added /dev/jaz and /dev/zip to console.perms * Thu Mar 25 1999 Michael K. Johnson <johnsonm@redhat.com> - changed the default user permissions for /dev/cdrom to 0400 in console.perms * Fri Mar 19 1999 Michael K. Johnson <johnsonm@redhat.com> - fixed a few bugs in pam_console * Thu Mar 18 1999 Michael K. Johnson <johnsonm@redhat.com> - pam_console authentication working - added /etc/security/console.apps directory * Mon Mar 15 1999 Michael K. Johnson <johnsonm@redhat.com> - added pam_console files to filelist * Fri Feb 12 1999 Cristian Gafton <gafton@redhat.com> - upgraded to 0.66, some source cleanups * Mon Dec 28 1998 Cristian Gafton <gafton@redhat.com> - add patch from Savochkin Andrey Vladimirovich <saw@msu.ru> for umask security risk * Fri Dec 18 1998 Cristian Gafton <gafton@redhat.com> - upgrade to ver 0.65 - build the package out of internal CVS server