forked from kravietz/pam_tacplus
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpam_tacplus.spec.in
114 lines (93 loc) · 3.46 KB
/
pam_tacplus.spec.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#
# spec file for package 'name' (version 'v')
#
# The following software is released as specified below.
# This spec file is released to the public domain.
# (c) Lincom Software Team
# Basic Information
Name: pam_tacplus
Version: @VERSION@
Release: 1%{?dist}
Summary: PAM Tacacs+ module
Group: System
License: LGPLv3
URL: https://github.com/kravietz/pam_tacplus/
# Packager Information
Packager: NRB
# Build Information
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
# Source Information
Source0: https://github.com/kravietz/pam_tacplus/archive/@[email protected]
# Dependency Information
BuildRequires: gcc binutils pam-devel gnulib-devel
Requires: pam
%description
PAM Tacacs+ module based on code produced by Pawel Krawczyk <[email protected]> and Jeroen Nijhof <[email protected]>
%package devel
Group: Development/Libraries
Summary: Development files for pam_tacplus
Requires: pam_tacplus
%description devel
Development files for pam_tacplus.
%prep
%setup -q -a 0
%build
gnulib-tool --makefile-name=Makefile.gnulib --libtool --import \
fcntl crypto/md5 array-list list xlist getrandom realloc-posix \
explicit_bzero xalloc getopt-gnu
autoreconf -fi
./configure
make
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
mkdir -p $RPM_BUILD_ROOT/%{_lib}/security
install -m 755 .libs/pam_tacplus.so \
$RPM_BUILD_ROOT/%{_lib}/security/
install -m 644 sample.pam $RPM_BUILD_ROOT/etc/pam.d/tacacs
chmod 755 $RPM_BUILD_ROOT/%{_lib}/security/*.so*
make install DESTDIR=$RPM_BUILD_ROOT
chmod 755 $RPM_BUILD_ROOT/usr/local/include/libtac
%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%attr(0755,root,root) /%{_lib}/security/*.so
%attr(0755,root,root) /usr/local/lib/*.so.*
%attr(0644,root,root) %config(noreplace) /etc/pam.d/tacacs
%doc AUTHORS COPYING README.md ChangeLog
%files devel
%defattr(-,root,root,-)
%attr(755,root,root) /usr/local/bin/*
%attr(644,root,root) /usr/local/include/*
%attr(755,root,root) /usr/local/lib/*.so
%attr(755,root,root) /usr/local/lib/*.la
%attr(755,root,root) /usr/local/lib/security/*
%attr(644,root,root) /usr/local/lib/pkgconfig/*
%doc /usr/local/share/doc/*
%changelog
* Mon Oct 31 2022 - Pawel Krawczyk <[email protected]>
- libtac: Refactored the complex and overengineered TACACS+ session
id generation, replacing it with getrandom(2).
- libtac: gnulib now provides implementation of missing functions.
- libtac: Removed legacy MD5 code and replaced it with gnulib.
- libtac: Legacy data structures such as attribute lists were replaced
with gnulib structures.
- libtac: CHAP implementation used a fixed challenge in contradiction
with the RFC 1994 requirement. This was replaced with a pseudo-random
challenge generated using getrandom(2).
- libtac: ABI version set to 5:0:0. From now on, this is the only way to
version the library. The legacy static variables tac_ver_ were removed
as confusing.
- pam_tacplus: Calling process PID is now used as the task_id attribute
in TACACS+ accounting session. This replaces an overengineered
cryptographically random tasks identifiers.
- libtac: Fix CVE-2016-20014. Closes: #1009966
* Tue Oct 27 2022 - Pawel Krawczyk <[email protected]>
- Fix CVE-2020-27743.
- Allow selection of source addresses.
- Support for DSCP marking packets.
- Make most network requests timeout aware.
- Fix Debian build scripts.
- OpenSSL licensing clarifications.
- Use more neutral terminology.