rpms/pam_pkcs11/devel pam_pkcs11-0.5.3-l10n.patch, NONE, 1.1 pam_pkcs11-0.5.3-nss.patch, 1.2, 1.3 pam_pkcs11-0.5.3-ocsp.patch, 1.2, 1.3 pam_pkcs11.spec, 1.15, 1.16 rh_pam_pkcs11.conf, 1.5, 1.6
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Sep 6 18:43:11 UTC 2006
- Previous message (by thread): rpms/selinux-policy/devel .cvsignore, 1.85, 1.86 policy-20060829.patch, 1.11, 1.12 selinux-policy.spec, 1.273, 1.274 sources, 1.89, 1.90
- Next message (by thread): rpms/selinux-policy/devel policy-20060829.patch,1.12,1.13
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rrelyea
Update of /cvs/dist/rpms/pam_pkcs11/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15083/devel
Modified Files:
pam_pkcs11-0.5.3-nss.patch pam_pkcs11-0.5.3-ocsp.patch
pam_pkcs11.spec rh_pam_pkcs11.conf
Added Files:
pam_pkcs11-0.5.3-l10n.patch
Log Message:
auto-import pam_pkcs11-0.5.3-15 on branch devel from pam_pkcs11-0.5.3-15.src.rpm
pam_pkcs11-0.5.3-l10n.patch:
ABOUT-NLS | 996 +
ChangeLog | 37
Makefile.am | 6
Makefile.in | 36
aclocal.m4 | 1081 +
aclocal/Makefile | 371
aclocal/Makefile.am | 2
aclocal/Makefile.am~ | 5
aclocal/Makefile.in | 25
aclocal/codeset.m4 | 21
aclocal/gettext.m4 | 549
aclocal/glibc2.m4 | 30
aclocal/glibc21.m4 | 30
aclocal/iconv.m4 | 101
aclocal/intdiv0.m4 | 70
aclocal/intmax.m4 | 30
aclocal/inttypes-pri.m4 | 30
aclocal/inttypes.m4 | 25
aclocal/inttypes_h.m4 | 26
aclocal/isc-posix.m4 | 24
aclocal/lcmessage.m4 | 30
aclocal/lib-ld.m4 | 110
aclocal/lib-link.m4 | 553
aclocal/lib-prefix.m4 | 153
aclocal/longdouble.m4 | 28
aclocal/longlong.m4 | 23
aclocal/nls.m4 | 51
aclocal/po.m4 | 429
aclocal/printf-posix.m4 | 44
aclocal/progtest.m4 | 92
aclocal/signed.m4 | 17
aclocal/size_max.m4 | 59
aclocal/stdint_h.m4 | 26
aclocal/uintmax_t.m4 | 30
aclocal/ulonglong.m4 | 23
aclocal/wchar_t.m4 | 20
aclocal/wint_t.m4 | 20
aclocal/xsize.m4 | 13
config.h.in | 3
config.rpath | 571
configure |29747 +++++++++++++++++++++++---------------------
configure.in | 50
doc/Makefile.in | 23
etc/Makefile.in | 23
mkinstalldirs | 150
po/ChangeLog | 12
po/Makefile.in | 384
po/Makefile.in.in | 384
po/Makevars | 41
po/POTFILES | 1
po/POTFILES.in | 2
po/Rules-quot | 47
po/boldquot.sed | 10
po/en at boldquot.header | 25
po/en at quot.header | 22
po/insert-header.sin | 23
po/pam_pkcs11.pot | 38
po/quot.sed | 6
po/remove-potcdate.sin | 19
po/stamp-po | 1
src/Makefile.in | 23
src/common/Makefile.in | 23
src/mappers/Makefile.in | 23
src/pam_pkcs11/Makefile.in | 23
src/pam_pkcs11/pam_pkcs11.c | 29
src/scconf/Makefile.in | 23
src/tools/Makefile.in | 22
tools/Makefile.in | 23
68 files changed, 22639 insertions(+), 14348 deletions(-)
--- NEW FILE pam_pkcs11-0.5.3-l10n.patch ---
--- /dev/null 2006-09-01 14:59:55.285545433 -0700
+++ ./aclocal/codeset.m4 2006-09-05 10:10:51.636702000 -0700
@@ -0,0 +1,21 @@
+# codeset.m4 serial AM1 (gettext-0.10.40)
+dnl Copyright (C) 2000-2002 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+AC_DEFUN([AM_LANGINFO_CODESET],
+[
+ AC_CACHE_CHECK([for nl_langinfo and CODESET], am_cv_langinfo_codeset,
+ [AC_TRY_LINK([#include <langinfo.h>],
+ [char* cs = nl_langinfo(CODESET);],
+ am_cv_langinfo_codeset=yes,
+ am_cv_langinfo_codeset=no)
+ ])
+ if test $am_cv_langinfo_codeset = yes; then
+ AC_DEFINE(HAVE_LANGINFO_CODESET, 1,
+ [Define if you have <langinfo.h> and nl_langinfo(CODESET).])
+ fi
+])
--- /dev/null 2006-09-01 14:59:55.285545433 -0700
+++ ./aclocal/gettext.m4 2006-09-05 10:10:51.682700000 -0700
@@ -0,0 +1,549 @@
+# gettext.m4 serial 37 (gettext-0.14.4)
+dnl Copyright (C) 1995-2005 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Authors:
+dnl Ulrich Drepper <drepper at cygnus.com>, 1995-2000.
+dnl Bruno Haible <haible at clisp.cons.org>, 2000-2003.
+
+dnl Macro to add for using GNU gettext.
+
+dnl Usage: AM_GNU_GETTEXT([INTLSYMBOL], [NEEDSYMBOL], [INTLDIR]).
+dnl INTLSYMBOL can be one of 'external', 'no-libtool', 'use-libtool'. The
+dnl default (if it is not specified or empty) is 'no-libtool'.
+dnl INTLSYMBOL should be 'external' for packages with no intl directory,
+dnl and 'no-libtool' or 'use-libtool' for packages with an intl directory.
+dnl If INTLSYMBOL is 'use-libtool', then a libtool library
+dnl $(top_builddir)/intl/libintl.la will be created (shared and/or static,
+dnl depending on --{enable,disable}-{shared,static} and on the presence of
+dnl AM-DISABLE-SHARED). If INTLSYMBOL is 'no-libtool', a static library
+dnl $(top_builddir)/intl/libintl.a will be created.
+dnl If NEEDSYMBOL is specified and is 'need-ngettext', then GNU gettext
+dnl implementations (in libc or libintl) without the ngettext() function
+dnl will be ignored. If NEEDSYMBOL is specified and is
+dnl 'need-formatstring-macros', then GNU gettext implementations that don't
+dnl support the ISO C 99 <inttypes.h> formatstring macros will be ignored.
+dnl INTLDIR is used to find the intl libraries. If empty,
+dnl the value `$(top_builddir)/intl/' is used.
+dnl
+dnl The result of the configuration is one of three cases:
+dnl 1) GNU gettext, as included in the intl subdirectory, will be compiled
+dnl and used.
+dnl Catalog format: GNU --> install in $(datadir)
+dnl Catalog extension: .mo after installation, .gmo in source tree
+dnl 2) GNU gettext has been found in the system's C library.
+dnl Catalog format: GNU --> install in $(datadir)
+dnl Catalog extension: .mo after installation, .gmo in source tree
+dnl 3) No internationalization, always use English msgid.
+dnl Catalog format: none
+dnl Catalog extension: none
+dnl If INTLSYMBOL is 'external', only cases 2 and 3 can occur.
+dnl The use of .gmo is historical (it was needed to avoid overwriting the
+dnl GNU format catalogs when building on a platform with an X/Open gettext),
+dnl but we keep it in order not to force irrelevant filename changes on the
+dnl maintainers.
+dnl
+AC_DEFUN([AM_GNU_GETTEXT],
+[
+ dnl Argument checking.
+ ifelse([$1], [], , [ifelse([$1], [external], , [ifelse([$1], [no-libtool], , [ifelse([$1], [use-libtool], ,
+ [errprint([ERROR: invalid first argument to AM_GNU_GETTEXT
+])])])])])
+ ifelse([$2], [], , [ifelse([$2], [need-ngettext], , [ifelse([$2], [need-formatstring-macros], ,
+ [errprint([ERROR: invalid second argument to AM_GNU_GETTEXT
+])])])])
+ define([gt_included_intl], ifelse([$1], [external], [no], [yes]))
+ define([gt_libtool_suffix_prefix], ifelse([$1], [use-libtool], [l], []))
+
+ AC_REQUIRE([AM_PO_SUBDIRS])dnl
+ ifelse(gt_included_intl, yes, [
+ AC_REQUIRE([AM_INTL_SUBDIR])dnl
+ ])
+
+ dnl Prerequisites of AC_LIB_LINKFLAGS_BODY.
+ AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+ AC_REQUIRE([AC_LIB_RPATH])
+
+ dnl Sometimes libintl requires libiconv, so first search for libiconv.
+ dnl Ideally we would do this search only after the
+ dnl if test "$USE_NLS" = "yes"; then
+ dnl if test "$gt_cv_func_gnugettext_libc" != "yes"; then
+ dnl tests. But if configure.in invokes AM_ICONV after AM_GNU_GETTEXT
+ dnl the configure script would need to contain the same shell code
+ dnl again, outside any 'if'. There are two solutions:
+ dnl - Invoke AM_ICONV_LINKFLAGS_BODY here, outside any 'if'.
+ dnl - Control the expansions in more detail using AC_PROVIDE_IFELSE.
+ dnl Since AC_PROVIDE_IFELSE is only in autoconf >= 2.52 and not
+ dnl documented, we avoid it.
+ ifelse(gt_included_intl, yes, , [
+ AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY])
+ ])
+
+ dnl Sometimes, on MacOS X, libintl requires linking with CoreFoundation.
+ gt_INTL_MACOSX
+
+ dnl Set USE_NLS.
+ AM_NLS
+
+ ifelse(gt_included_intl, yes, [
+ BUILD_INCLUDED_LIBINTL=no
+ USE_INCLUDED_LIBINTL=no
+ ])
+ LIBINTL=
+ LTLIBINTL=
+ POSUB=
+
+ dnl If we use NLS figure out what method
+ if test "$USE_NLS" = "yes"; then
+ gt_use_preinstalled_gnugettext=no
+ ifelse(gt_included_intl, yes, [
+ AC_MSG_CHECKING([whether included gettext is requested])
+ AC_ARG_WITH(included-gettext,
+ [ --with-included-gettext use the GNU gettext library included here],
+ nls_cv_force_use_gnu_gettext=$withval,
+ nls_cv_force_use_gnu_gettext=no)
+ AC_MSG_RESULT($nls_cv_force_use_gnu_gettext)
+
+ nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext"
+ if test "$nls_cv_force_use_gnu_gettext" != "yes"; then
+ ])
+ dnl User does not insist on using GNU NLS library. Figure out what
+ dnl to use. If GNU gettext is available we use this. Else we have
+ dnl to fall back to GNU NLS library.
+
+ dnl Add a version number to the cache macros.
+ define([gt_api_version], ifelse([$2], [need-formatstring-macros], 3, ifelse([$2], [need-ngettext], 2, 1)))
+ define([gt_cv_func_gnugettext_libc], [gt_cv_func_gnugettext]gt_api_version[_libc])
+ define([gt_cv_func_gnugettext_libintl], [gt_cv_func_gnugettext]gt_api_version[_libintl])
+
+ AC_CACHE_CHECK([for GNU gettext in libc], gt_cv_func_gnugettext_libc,
+ [AC_TRY_LINK([#include <libintl.h>
+]ifelse([$2], [need-formatstring-macros],
+[#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
+#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1)
+#endif
+changequote(,)dnl
+typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1];
+changequote([,])dnl
+], [])[extern int _nl_msg_cat_cntr;
+extern int *_nl_domain_bindings;],
+ [bindtextdomain ("", "");
+return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], [])[ + _nl_msg_cat_cntr + *_nl_domain_bindings],
+ gt_cv_func_gnugettext_libc=yes,
+ gt_cv_func_gnugettext_libc=no)])
+
+ if test "$gt_cv_func_gnugettext_libc" != "yes"; then
+ dnl Sometimes libintl requires libiconv, so first search for libiconv.
+ ifelse(gt_included_intl, yes, , [
+ AM_ICONV_LINK
+ ])
+ dnl Search for libintl and define LIBINTL, LTLIBINTL and INCINTL
+ dnl accordingly. Don't use AC_LIB_LINKFLAGS_BODY([intl],[iconv])
+ dnl because that would add "-liconv" to LIBINTL and LTLIBINTL
+ dnl even if libiconv doesn't exist.
+ AC_LIB_LINKFLAGS_BODY([intl])
+ AC_CACHE_CHECK([for GNU gettext in libintl],
+ gt_cv_func_gnugettext_libintl,
+ [gt_save_CPPFLAGS="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS $INCINTL"
+ gt_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBINTL"
+ dnl Now see whether libintl exists and does not depend on libiconv.
+ AC_TRY_LINK([#include <libintl.h>
+]ifelse([$2], [need-formatstring-macros],
+[#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
+#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1)
+#endif
+changequote(,)dnl
+typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1];
+changequote([,])dnl
+], [])[extern int _nl_msg_cat_cntr;
+extern
[...40805 lines suppressed...]
+ ;;
+esac
+
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"`
+shlibext=`echo "$shrext" | sed -e 's,^\.,,'`
+escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
+
+LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <<EOF
+
+# How to pass a linker flag through the compiler.
+wl="$escaped_wl"
+
+# Static library suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally "so").
+shlibext="$shlibext"
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec="$escaped_hardcode_libdir_flag_spec"
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator="$hardcode_libdir_separator"
+
+# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct="$hardcode_direct"
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L="$hardcode_minus_L"
+
+EOF
--- /dev/null 2006-09-01 14:59:55.285545433 -0700
+++ ./mkinstalldirs 2006-09-05 10:10:54.861690000 -0700
@@ -0,0 +1,150 @@
+#! /bin/sh
+# mkinstalldirs --- make directory hierarchy
+
+scriptversion=2004-02-15.20
+
+# Original author: Noah Friedman <friedman at prep.ai.mit.edu>
+# Created: 1993-05-16
+# Public domain.
+#
+# This file is maintained in Automake, please report
+# bugs to <bug-automake at gnu.org> or send patches to
+# <automake-patches at gnu.org>.
+
+errstatus=0
+dirmode=""
+
+usage="\
+Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ...
+
+Create each directory DIR (with mode MODE, if specified), including all
+leading file name components.
+
+Report bugs to <bug-automake at gnu.org>."
+
+# process command line arguments
+while test $# -gt 0 ; do
+ case $1 in
+ -h | --help | --h*) # -h for help
+ echo "$usage"
+ exit 0
+ ;;
+ -m) # -m PERM arg
+ shift
+ test $# -eq 0 && { echo "$usage" 1>&2; exit 1; }
+ dirmode=$1
+ shift
+ ;;
+ --version)
+ echo "$0 $scriptversion"
+ exit 0
+ ;;
+ --) # stop option processing
+ shift
+ break
+ ;;
+ -*) # unknown option
+ echo "$usage" 1>&2
+ exit 1
+ ;;
+ *) # first non-opt arg
+ break
+ ;;
+ esac
+done
+
+for file
+do
+ if test -d "$file"; then
+ shift
+ else
+ break
+ fi
+done
+
+case $# in
+ 0) exit 0 ;;
+esac
+
+# Solaris 8's mkdir -p isn't thread-safe. If you mkdir -p a/b and
+# mkdir -p a/c at the same time, both will detect that a is missing,
+# one will create a, then the other will try to create a and die with
+# a "File exists" error. This is a problem when calling mkinstalldirs
+# from a parallel make. We use --version in the probe to restrict
+# ourselves to GNU mkdir, which is thread-safe.
+case $dirmode in
+ '')
+ if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
+ echo "mkdir -p -- $*"
+ exec mkdir -p -- "$@"
+ else
+ # On NextStep and OpenStep, the `mkdir' command does not
+ # recognize any option. It will interpret all options as
+ # directories to create, and then abort because `.' already
+ # exists.
+ test -d ./-p && rmdir ./-p
+ test -d ./--version && rmdir ./--version
+ fi
+ ;;
+ *)
+ if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 &&
+ test ! -d ./--version; then
+ echo "mkdir -m $dirmode -p -- $*"
+ exec mkdir -m "$dirmode" -p -- "$@"
+ else
+ # Clean up after NextStep and OpenStep mkdir.
+ for d in ./-m ./-p ./--version "./$dirmode";
+ do
+ test -d $d && rmdir $d
+ done
+ fi
+ ;;
+esac
+
+for file
+do
+ set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
+ shift
+
+ pathcomp=
+ for d
+ do
+ pathcomp="$pathcomp$d"
+ case $pathcomp in
+ -*) pathcomp=./$pathcomp ;;
+ esac
+
+ if test ! -d "$pathcomp"; then
+ echo "mkdir $pathcomp"
+
+ mkdir "$pathcomp" || lasterr=$?
+
+ if test ! -d "$pathcomp"; then
+ errstatus=$lasterr
+ else
+ if test ! -z "$dirmode"; then
+ echo "chmod $dirmode $pathcomp"
+ lasterr=""
+ chmod "$dirmode" "$pathcomp" || lasterr=$?
+
+ if test ! -z "$lasterr"; then
+ errstatus=$lasterr
+ fi
+ fi
+ fi
+ fi
+
+ pathcomp="$pathcomp/"
+ done
+done
+
+exit $errstatus
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
--- ./config.h.in.l10n 2006-09-05 10:13:40.962192000 -0700
+++ ./config.h.in 2006-09-05 10:14:26.298057000 -0700
@@ -3,6 +3,9 @@
/* Define to 1 if you want to include debugging code. */
#undef DEBUG
+/* Define to 1 if you want l10n support. */
+#undef ENABLE_NLS
+
/* Define to 1 if you have the <curl/curl.h> header file. */
#undef HAVE_CURL_CURL_H
pam_pkcs11-0.5.3-nss.patch:
Makefile.in | 6
aclocal/Makefile.in | 6
configure | 224 +++++++++++--
configure.in | 36 ++
doc/Makefile.in | 6
etc/Makefile.in | 6
src/Makefile.in | 6
src/common/Makefile.am | 6
src/common/Makefile.in | 14
src/common/NSPRerrs.h | 153 +++++++++
src/common/SECerrs.h | 506 +++++++++++++++++++++++++++++++
src/common/SSLerrs.h | 371 ++++++++++++++++++++++
src/common/alg_st.h | 52 +++
src/common/algorithm.c | 77 ++++
src/common/cert_info.c | 195 +++++++++++
src/common/cert_info.h | 4
src/common/cert_st.h | 41 ++
src/common/cert_vfy.c | 58 +++
src/common/cert_vfy.h | 2
src/common/error.h | 7
src/common/pkcs11.c | 699 ++++++++++++++++++++++++++++++++++++++++++-
src/common/pkcs11.h | 48 --
src/common/secutil.h | 424 ++++++++++++++++++++++++++
src/common/smartcard.h | 55 +++
src/mappers/Makefile.am | 2
src/mappers/Makefile.in | 8
src/mappers/cn_mapper.c | 8
src/mappers/digest_mapper.c | 20 -
src/mappers/generic_mapper.c | 6
src/mappers/krb_mapper.c | 8
src/mappers/ldap_mapper.c | 2
src/mappers/mail_mapper.c | 6
src/mappers/mapper.h | 2
src/mappers/ms_mapper.c | 8
src/mappers/null_mapper.c | 2
src/mappers/opensc_mapper.c | 12
src/mappers/openssh_mapper.c | 12
src/mappers/pwent_mapper.c | 10
src/mappers/subject_mapper.c | 12
src/mappers/uid_mapper.c | 8
src/pam_pkcs11/Makefile.am | 4
src/pam_pkcs11/Makefile.in | 10
src/pam_pkcs11/mapper_mgr.c | 2
src/pam_pkcs11/mapper_mgr.h | 3
src/pam_pkcs11/pam_config.c | 8
src/pam_pkcs11/pam_config.h | 1
src/pam_pkcs11/pam_pkcs11.c | 123 +++----
src/scconf/Makefile.in | 6
src/tools/Makefile.am | 4
src/tools/Makefile.in | 10
src/tools/pkcs11_eventmgr.c | 257 ++++++++++++++-
src/tools/pkcs11_inspect.c | 70 +---
src/tools/pklogin_finder.c | 70 +---
tools/Makefile.in | 6
54 files changed, 3371 insertions(+), 331 deletions(-)
Index: pam_pkcs11-0.5.3-nss.patch
===================================================================
RCS file: /cvs/dist/rpms/pam_pkcs11/devel/pam_pkcs11-0.5.3-nss.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- pam_pkcs11-0.5.3-nss.patch 11 Jul 2006 20:19:42 -0000 1.2
+++ pam_pkcs11-0.5.3-nss.patch 6 Sep 2006 18:43:08 -0000 1.3
@@ -2311,7 +2311,7 @@
+
+ /* NSS already check all the revocation info with OCSP and crls */
+ DBG2("Verifying Cert: %s (%s)", x509->nickname, x509->subjectName);
-+ rv = CERT_VerifyCertNow(handle, x509, PR_TRUE, certUsageEmailSigner,
++ rv = CERT_VerifyCertNow(handle, x509, PR_TRUE, certUsageSSLClient,
+ NULL);
+ if (rv != SECSuccess) {
+ DBG1("Couldn't verify Cert: %s", SECU_Strerror(PR_GetError()));
@@ -2692,7 +2692,7 @@
+ }
+
+ /* only want signing certs */
-+ rv = CERT_FilterCertListByUsage(certList, certUsageEmailSigner, PR_FALSE);
++ rv = CERT_FilterCertListByUsage(certList, certUsageSSLClient, PR_FALSE);
+ if (rv != SECSuccess) {
+ CERT_DestroyCertList(certList);
+ DBG1("Couldn't filter out email certs: %s",
pam_pkcs11-0.5.3-ocsp.patch:
common/cert_vfy.c | 9 +++++++--
common/cert_vfy.h | 2 +-
pam_pkcs11/pam_config.c | 4 ++++
pam_pkcs11/pam_config.h | 1 +
pam_pkcs11/pam_pkcs11.c | 4 +++-
tools/pkcs11_inspect.c | 4 +++-
tools/pklogin_finder.c | 4 +++-
7 files changed, 22 insertions(+), 6 deletions(-)
Index: pam_pkcs11-0.5.3-ocsp.patch
===================================================================
RCS file: /cvs/dist/rpms/pam_pkcs11/devel/pam_pkcs11-0.5.3-ocsp.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- pam_pkcs11-0.5.3-ocsp.patch 26 Aug 2006 00:19:06 -0000 1.2
+++ pam_pkcs11-0.5.3-ocsp.patch 6 Sep 2006 18:43:08 -0000 1.3
@@ -31,7 +31,7 @@
+
/* NSS already check all the revocation info with OCSP and crls */
DBG2("Verifying Cert: %s (%s)", x509->nickname, x509->subjectName);
- rv = CERT_VerifyCertNow(handle, x509, PR_TRUE, certUsageEmailSigner,
+ rv = CERT_VerifyCertNow(handle, x509, PR_TRUE, certUsageSSLClient,
@@ -290,7 +295,7 @@
return (rv == -1);
}
Index: pam_pkcs11.spec
===================================================================
RCS file: /cvs/dist/rpms/pam_pkcs11/devel/pam_pkcs11.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- pam_pkcs11.spec 29 Aug 2006 02:23:48 -0000 1.15
+++ pam_pkcs11.spec 6 Sep 2006 18:43:08 -0000 1.16
@@ -6,7 +6,7 @@
Name: pam_pkcs11
Version: 0.5.3
-Release: 14
+Release: 15
Summary: PKCS #11/NSS PAM login module
Group: System Environment/Base
@@ -22,6 +22,7 @@
Patch5: pam_pkcs11-0.5.3-ocsp.patch
Patch6: pam_pkcs11-0.5.3-wait-for-card.patch
Patch7: pam_pkcs11-0.5.3-reject_unloaded_module.patch
+Patch8: pam_pkcs11-0.5.3-l10n.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: pam-devel
@@ -58,6 +59,7 @@
%patch5 -p0 -b .ocsp
%patch6 -p1 -b .wait-for-card
%patch7 -p0 -b .reject-unloaded-module
+%patch8 -p0 -b .l10n
%build
@@ -74,7 +76,6 @@
%endif
%configure \
--with-nss \
- --without-pcsclite \
--with-debug \
--disable-dependency-tracking \
%{curl_flags} %{ldap_flags}
@@ -147,6 +148,12 @@
%doc %{_datadir}/%{name}/pkcs11_eventmgr.conf.example
%changelog
+* Mon Sep 1 2006 Robert Relyea <rrelyea at redhat.com> 0.5.3-15
+- add l10n support
+- correct mapper order.
+- login should allow SSL Client Auth certs rather than restricting to Email
+ Signing certs.
+
* Mon Aug 28 2006 Robert Relyea <rrelyea at redhat.com> 0.5.3-14
- use implicit paths to load the PKCS #11 module
Index: rh_pam_pkcs11.conf
===================================================================
RCS file: /cvs/dist/rpms/pam_pkcs11/devel/rh_pam_pkcs11.conf,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- rh_pam_pkcs11.conf 29 Aug 2006 02:23:48 -0000 1.5
+++ rh_pam_pkcs11.conf 6 Sep 2006 18:43:08 -0000 1.6
@@ -124,7 +124,7 @@
# If used null mapper should be the last in the list :-)
# Also you should select at least one mapper, otherwise
# certificate will not match :-)
- use_mappers = cn, pwent, uid, null;
+ use_mappers = cn, uid, pwent, null;
# When no absolute path or module info is provided, use this
# value as module search path
- Previous message (by thread): rpms/selinux-policy/devel .cvsignore, 1.85, 1.86 policy-20060829.patch, 1.11, 1.12 selinux-policy.spec, 1.273, 1.274 sources, 1.89, 1.90
- Next message (by thread): rpms/selinux-policy/devel policy-20060829.patch,1.12,1.13
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list