Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pam_yubico-2.26-lp152.3.5 RPM for x86_64

From OpenSuSE Leap 15.2 for x86_64

Name: pam_yubico Distribution: openSUSE Leap 15.2
Version: 2.26 Vendor: openSUSE
Release: lp152.3.5 Build date: Sat May 16 19:04:18 2020
Group: Productivity/Networking/Security Build host: sheep87
Size: 165598 Source RPM: pam_yubico-2.26-lp152.3.5.src.rpm
Packager: https://bugs.opensuse.org
Url: https://developers.yubico.com/yubico-pam/
Summary: Yubico Pluggable Authentication Module (PAM)
This module allows you to use the Yubikey device to authenticate to the PAM system.

Provides

Requires

License

BSD-2-Clause

Changelog

* Fri Apr 20 2018 kbabioch@suse.com
  - Version 2.26 (released 2018-04-20)
    - Make sure to close authfile (CVE-2018-9275 bsc#1088027).
    - Fix compiler warnings.
    - Open file descriptors with O_CLOEXEC.
    - Use mkostemp() instead of mkstemp().
  - Dropped patches that are included upstream:
    - cloexec.patch
    - compiler-warnings-format-strings.patch
    - compiler-warnings-pointer.patch
    - leaking-file-descriptor.patch
    - util_test-mkdtemp.patch
* Fri Apr 13 2018 kbabioch@suse.com
  - Added patches:
    - cloexec.patch: Harden file descriptor handling (boo#1089517)
    - compiler-warnings-pointer.patch: Fix compiler warnings due to wrong pointer
      casts (boo#1089518)
    - compiler-warnings-format-strings.patch: Fix compiler warnings due to wrong
      format string specifiers (boo#1089519)
    - util_test-mkdtemp.patch: Use mkdtemp() instead of tempnam() (boo#1089520)
* Wed Apr 04 2018 kbabioch@suse.com
  - leaking-file-descriptor.patch: Close the authfile before returning
    to make sure no file descriptors are leaked (bsc#1088027).
* Tue Mar 27 2018 kbabioch@suse.com
  - Version 2.25 (released 2018-03-27):
    - Security: Storage of challenges in path with restricted permissions
    - Perform OTP validation only if token is authorized
    - Return early if the user has no authorized tokens
    - Compare OTP IDs against `yubi_attr` only
    - Add nullok support to challenge-response mode
    - Several improvements to the documentation
    - Improved debugging output and test cases
* Mon Nov 27 2017 meissner@suse.com
  - Version 2.24 (released 2016-11-25) (bsc#1067191)
    - Debug mode changed, allows file output with debug_file.
    - Fixup returning user-unknown correctly.
  - Version 2.23 (released 2016-06-15)
    - Fix an issue where a failure to set permissions was wrongly outputted.
* Thu Jun 09 2016 t.gruner@katodev.de
  - Version 2.22 (released 2016-05-23)
    - Documentation improvements.
    - Retain ownership and permission of challenge files (issue #92).
    - Make dependency on yubico-c-client 2.15 clearer.
* Mon Apr 25 2016 t.gruner@katodev.de
  - Version 2.21 (released 2016-02-19)
    - Add proxy support for yubico-c-client.
    - Check that conv is set before trying to use it fixes a crash bug with the osx loginwindow.
    - Add building of a mac installer.
* Mon Oct 05 2015 t.gruner@katodev.de
  - Version 2.20 (released 2015-09-22)
    - Add cainfo option to allow usage of a cabundle instead of path.
    - Support comments in authfile.
    - For challenge response with system-wide directory, write the files as root instead of the user.
  - add baselib.conf
* Thu Mar 26 2015 t.gruner@katodev.de
  - Version 2.19 (released 2015-03-23)
    - Add new ldap functionality ldap_bind_user and ldap_bind_password
      for authenticated binds ldap_filter for using subtree search and
      a filter ldap_cacertfile to use a specific cacert for ldaps
* Mon Feb 16 2015 t.gruner@katodev.de
  - Version 2.18 (released 2015-02-12)
    - Fix a memory leak of the pam response data.
    - Add more tests.
    - Add version flag to ykpamcfg.
  - Remove "make check" in spec-file. ( BuildRequires: perl(Net::LDAP::Server) )
* Wed Jan 21 2015 t.gruner@katodev.de
  - Move ykpamcfg from /usr/sbin to /usr/bin
* Wed Jan 07 2015 mrueckert@suse.de
  - Version 2.17 (released 2014-08-26)
    - Fix a bug with the 'urllist' parameter where urls would be
      forgotten.
    - Manpages converted to asciidoc.
  - Version 2.16 (released 2014-06-10)
    - Fix a crashbug with the new parameter 'urllist'
  - Version 2.15 (released 2014-04-30)
    - Added new parameter 'urllist'
    - Added pam_yubico(8) man page.
    - Fix memory leak.
    - Bump yubico-c-client version requirement to 2.12.
  - Version 2.14 (released 2013-09-27)
    - Don't install internal header files.
    - Don't print debug info when the "debug" parameter is not given.
    - Use PBKDF2 to process expected reply for challenge-response
      mode.
    - Fixup memory leaks and leaks of privilege.
    - Let return values reflect whether the user wasn't found or
      other error.
  - Version 2.13 (released 2013-03-01)
    - Fix a bug in the version check to support major version > 2
      (neo).  Patch from https://github.com/wwest4
    - Give ykpamcfg an option for specifying path.
  - Version 2.12 (released 2012-06-15)
    - Only use libyubikey when --with-cr is used.
    - Set correct permissions on tempfile.
    - YubiKey 2.2 contains a bug in challenge-response that makes it
      output the same response to all challenges unless HMAC_LT64 is
      set. Add warnings to ykpamcfg and a warning through conversate
      in the pam module. Keys programmed like this should be
      reprogrammed with the HMAC_LT64 flag set.
  - Version 2.11 (released 2012-02-10)
    - Fix crash-bug with challenge-response mode when button press is
      required, but button is never pressed. Reported and fixed by
      Lingzhu Xiang <xianglingzhu@gmail.com>.
    - Fix a memset() with wrong size as reported by clang, as well as
      some other problems/warnings when building on Mac OS X, thanks
      to Clemens Lang <neverpanic@gmail.com>.
    - Add prefix-matching of LDAP fetched values, so you can store
      the token-to-user mapping in a multi-value attribute with
      values like "yubikey:publicid", "other-token:something" etc.
      Patch by Remi Mollon <remi.mollon@cern.ch>.
  - Version 2.10 (released 2011-12-14)
    - Drop permissions (to the user that is trying to authenticate)
      before accessing files in the users home directory. Largely
      based on a patch by Ricky Zhou <ricky@fedoraproject.org>.
      Thanks!
    - Restore challenge-response support - version 2.7 was supposed
      to make the dependency on libykpers optional, but in reality
      accidentally disabled challenge-response for all
      configurations. As before, use --without-cr to compile
      pam_yubico without the ykpers dependency.
  - Version 2.9 (released 2011-11-17)
    - Security: Explicitly request ykclient to verify server
      signature.  ykclient <= 2.5 strangely enough defaults to
      signing requests, but not verifying signatures in responses
      when it is supplied with a client key.  Reported and patched by
      Dominic Rutherford <dominic@rutherfordfamily.co.uk>.
  - Version 2.8 (released 2011-08-26)
    - Fix big security hole: Authentication succeeded when no
      password was given, unless use_first_pass was being used.  This
      is fatal if pam_yubico is considered 'sufficient' in the PAM
      configuration.  Reported and patched by Nanakos Chrysostomos
      <nanakos@wired-net.gr>.
  - Version 2.7 (released 2011-06-07)
    - Make dependency on libykpers optional.  Use --without-cr to
      force it.  Reported by Jussi Sallinen <jussi@jus.si>.
  - Version 2.6 (released 2011-04-11)
    - This release includes lots of patches by members of our open
      source community. Thank you all!
    - Add Challenge-Response mode for offline validation (requires
      YubiKey 2.2). Patch by Tollef Fog Heen.
    - Eliminate all problems with pam_get_data by simply getting rid
      of that code completely. This seems to have caused problems for
      a lot of people.
    - Numerous LDAP bug fixes and improvements, including community
      patches by judas.iscariote and maxsanna81@gmail.com. Change to
      LDAPv3, since v2 has been declared historic for a looong time.
    - Support passing capath parameter to Yubico validation client.
      Patch by Remi Mollon.
    - Support public id's longer/shorter than 6 bytes. Patch by
      fraser.scott@gmail.com.
    - Convert documentation to Asciidoc format used in Github wiki.
    - Try to never log passwords in debug logs.
  - new build requires:
    pkg-config
    libyubikey-devel
    libykpers-devel
  - use correct license string: BSD-2-Clause
  - remove autoreconf call: no longer needed with release tarball
  - package more documentation

Files

/lib64/security/pam_yubico.so
/usr/bin/ykpamcfg
/usr/share/doc/packages/pam_yubico
/usr/share/doc/packages/pam_yubico/AUTHORS
/usr/share/doc/packages/pam_yubico/Authentication_Using_Challenge-Response.adoc
/usr/share/doc/packages/pam_yubico/MacOS_X_Challenge-Response.adoc
/usr/share/doc/packages/pam_yubico/NEWS
/usr/share/doc/packages/pam_yubico/README
/usr/share/doc/packages/pam_yubico/Two_Factor_PAM_Configuration.adoc
/usr/share/doc/packages/pam_yubico/Ubuntu_FreeRadius_YubiKey.adoc
/usr/share/doc/packages/pam_yubico/YubiKey_and_FreeRADIUS_1FA_via_PAM.adoc
/usr/share/doc/packages/pam_yubico/YubiKey_and_FreeRADIUS_via_PAM.adoc
/usr/share/doc/packages/pam_yubico/YubiKey_and_OpenVPN_via_PAM.adoc
/usr/share/doc/packages/pam_yubico/Yubikey_and_Radius_via_PAM.adoc
/usr/share/doc/packages/pam_yubico/Yubikey_and_SELinux_on_Fedora_18_and_up.adoc
/usr/share/doc/packages/pam_yubico/Yubikey_and_SSH_via_PAM.adoc
/usr/share/licenses/pam_yubico
/usr/share/licenses/pam_yubico/COPYING
/usr/share/man/man1/ykpamcfg.1.gz
/usr/share/man/man8/pam_yubico.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 9 11:51:54 2024