rpms/pam_pkcs11/devel pam_pkcs11-0.5.3-l10n.patch, NONE, 1.1 pam_pkcs11-0.5.3-nss.patch, 1.2, 1.3 pam_pkcs11-0.5.3-ocsp.patch, 1.2, 1.3 pam_pkcs11.spec, 1.15, 1.16 rh_pam_pkcs11.conf, 1.5, 1.6

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Sep 6 18:43:11 UTC 2006


Author: rrelyea

Update of /cvs/dist/rpms/pam_pkcs11/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15083/devel

Modified Files:
	pam_pkcs11-0.5.3-nss.patch pam_pkcs11-0.5.3-ocsp.patch 
	pam_pkcs11.spec rh_pam_pkcs11.conf 
Added Files:
	pam_pkcs11-0.5.3-l10n.patch 
Log Message:
auto-import pam_pkcs11-0.5.3-15 on branch devel from pam_pkcs11-0.5.3-15.src.rpm

pam_pkcs11-0.5.3-l10n.patch:
 ABOUT-NLS                   |  996 +
 ChangeLog                   |   37 
 Makefile.am                 |    6 
 Makefile.in                 |   36 
 aclocal.m4                  | 1081 +
 aclocal/Makefile            |  371 
 aclocal/Makefile.am         |    2 
 aclocal/Makefile.am~        |    5 
 aclocal/Makefile.in         |   25 
 aclocal/codeset.m4          |   21 
 aclocal/gettext.m4          |  549 
 aclocal/glibc2.m4           |   30 
 aclocal/glibc21.m4          |   30 
 aclocal/iconv.m4            |  101 
 aclocal/intdiv0.m4          |   70 
 aclocal/intmax.m4           |   30 
 aclocal/inttypes-pri.m4     |   30 
 aclocal/inttypes.m4         |   25 
 aclocal/inttypes_h.m4       |   26 
 aclocal/isc-posix.m4        |   24 
 aclocal/lcmessage.m4        |   30 
 aclocal/lib-ld.m4           |  110 
 aclocal/lib-link.m4         |  553 
 aclocal/lib-prefix.m4       |  153 
 aclocal/longdouble.m4       |   28 
 aclocal/longlong.m4         |   23 
 aclocal/nls.m4              |   51 
 aclocal/po.m4               |  429 
 aclocal/printf-posix.m4     |   44 
 aclocal/progtest.m4         |   92 
 aclocal/signed.m4           |   17 
 aclocal/size_max.m4         |   59 
 aclocal/stdint_h.m4         |   26 
 aclocal/uintmax_t.m4        |   30 
 aclocal/ulonglong.m4        |   23 
 aclocal/wchar_t.m4          |   20 
 aclocal/wint_t.m4           |   20 
 aclocal/xsize.m4            |   13 
 config.h.in                 |    3 
 config.rpath                |  571 
 configure                   |29747 +++++++++++++++++++++++---------------------
 configure.in                |   50 
 doc/Makefile.in             |   23 
 etc/Makefile.in             |   23 
 mkinstalldirs               |  150 
 po/ChangeLog                |   12 
 po/Makefile.in              |  384 
 po/Makefile.in.in           |  384 
 po/Makevars                 |   41 
 po/POTFILES                 |    1 
 po/POTFILES.in              |    2 
 po/Rules-quot               |   47 
 po/boldquot.sed             |   10 
 po/en at boldquot.header       |   25 
 po/en at quot.header           |   22 
 po/insert-header.sin        |   23 
 po/pam_pkcs11.pot           |   38 
 po/quot.sed                 |    6 
 po/remove-potcdate.sin      |   19 
 po/stamp-po                 |    1 
 src/Makefile.in             |   23 
 src/common/Makefile.in      |   23 
 src/mappers/Makefile.in     |   23 
 src/pam_pkcs11/Makefile.in  |   23 
 src/pam_pkcs11/pam_pkcs11.c |   29 
 src/scconf/Makefile.in      |   23 
 src/tools/Makefile.in       |   22 
 tools/Makefile.in           |   23 
 68 files changed, 22639 insertions(+), 14348 deletions(-)

--- NEW FILE pam_pkcs11-0.5.3-l10n.patch ---
--- /dev/null	2006-09-01 14:59:55.285545433 -0700
+++ ./aclocal/codeset.m4	2006-09-05 10:10:51.636702000 -0700
@@ -0,0 +1,21 @@
+# codeset.m4 serial AM1 (gettext-0.10.40)
+dnl Copyright (C) 2000-2002 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+AC_DEFUN([AM_LANGINFO_CODESET],
+[
+  AC_CACHE_CHECK([for nl_langinfo and CODESET], am_cv_langinfo_codeset,
+    [AC_TRY_LINK([#include <langinfo.h>],
+      [char* cs = nl_langinfo(CODESET);],
+      am_cv_langinfo_codeset=yes,
+      am_cv_langinfo_codeset=no)
+    ])
+  if test $am_cv_langinfo_codeset = yes; then
+    AC_DEFINE(HAVE_LANGINFO_CODESET, 1,
+      [Define if you have <langinfo.h> and nl_langinfo(CODESET).])
+  fi
+])
--- /dev/null	2006-09-01 14:59:55.285545433 -0700
+++ ./aclocal/gettext.m4	2006-09-05 10:10:51.682700000 -0700
@@ -0,0 +1,549 @@
+# gettext.m4 serial 37 (gettext-0.14.4)
+dnl Copyright (C) 1995-2005 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Authors:
+dnl   Ulrich Drepper <drepper at cygnus.com>, 1995-2000.
+dnl   Bruno Haible <haible at clisp.cons.org>, 2000-2003.
+
+dnl Macro to add for using GNU gettext.
+
+dnl Usage: AM_GNU_GETTEXT([INTLSYMBOL], [NEEDSYMBOL], [INTLDIR]).
+dnl INTLSYMBOL can be one of 'external', 'no-libtool', 'use-libtool'. The
+dnl    default (if it is not specified or empty) is 'no-libtool'.
+dnl    INTLSYMBOL should be 'external' for packages with no intl directory,
+dnl    and 'no-libtool' or 'use-libtool' for packages with an intl directory.
+dnl    If INTLSYMBOL is 'use-libtool', then a libtool library
+dnl    $(top_builddir)/intl/libintl.la will be created (shared and/or static,
+dnl    depending on --{enable,disable}-{shared,static} and on the presence of
+dnl    AM-DISABLE-SHARED). If INTLSYMBOL is 'no-libtool', a static library
+dnl    $(top_builddir)/intl/libintl.a will be created.
+dnl If NEEDSYMBOL is specified and is 'need-ngettext', then GNU gettext
+dnl    implementations (in libc or libintl) without the ngettext() function
+dnl    will be ignored.  If NEEDSYMBOL is specified and is
+dnl    'need-formatstring-macros', then GNU gettext implementations that don't
+dnl    support the ISO C 99 <inttypes.h> formatstring macros will be ignored.
+dnl INTLDIR is used to find the intl libraries.  If empty,
+dnl    the value `$(top_builddir)/intl/' is used.
+dnl
+dnl The result of the configuration is one of three cases:
+dnl 1) GNU gettext, as included in the intl subdirectory, will be compiled
+dnl    and used.
+dnl    Catalog format: GNU --> install in $(datadir)
+dnl    Catalog extension: .mo after installation, .gmo in source tree
+dnl 2) GNU gettext has been found in the system's C library.
+dnl    Catalog format: GNU --> install in $(datadir)
+dnl    Catalog extension: .mo after installation, .gmo in source tree
+dnl 3) No internationalization, always use English msgid.
+dnl    Catalog format: none
+dnl    Catalog extension: none
+dnl If INTLSYMBOL is 'external', only cases 2 and 3 can occur.
+dnl The use of .gmo is historical (it was needed to avoid overwriting the
+dnl GNU format catalogs when building on a platform with an X/Open gettext),
+dnl but we keep it in order not to force irrelevant filename changes on the
+dnl maintainers.
+dnl
+AC_DEFUN([AM_GNU_GETTEXT],
+[
+  dnl Argument checking.
+  ifelse([$1], [], , [ifelse([$1], [external], , [ifelse([$1], [no-libtool], , [ifelse([$1], [use-libtool], ,
+    [errprint([ERROR: invalid first argument to AM_GNU_GETTEXT
+])])])])])
+  ifelse([$2], [], , [ifelse([$2], [need-ngettext], , [ifelse([$2], [need-formatstring-macros], ,
+    [errprint([ERROR: invalid second argument to AM_GNU_GETTEXT
+])])])])
+  define([gt_included_intl], ifelse([$1], [external], [no], [yes]))
+  define([gt_libtool_suffix_prefix], ifelse([$1], [use-libtool], [l], []))
+
+  AC_REQUIRE([AM_PO_SUBDIRS])dnl
+  ifelse(gt_included_intl, yes, [
+    AC_REQUIRE([AM_INTL_SUBDIR])dnl
+  ])
+
+  dnl Prerequisites of AC_LIB_LINKFLAGS_BODY.
+  AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+  AC_REQUIRE([AC_LIB_RPATH])
+
+  dnl Sometimes libintl requires libiconv, so first search for libiconv.
+  dnl Ideally we would do this search only after the
+  dnl      if test "$USE_NLS" = "yes"; then
+  dnl        if test "$gt_cv_func_gnugettext_libc" != "yes"; then
+  dnl tests. But if configure.in invokes AM_ICONV after AM_GNU_GETTEXT
+  dnl the configure script would need to contain the same shell code
+  dnl again, outside any 'if'. There are two solutions:
+  dnl - Invoke AM_ICONV_LINKFLAGS_BODY here, outside any 'if'.
+  dnl - Control the expansions in more detail using AC_PROVIDE_IFELSE.
+  dnl Since AC_PROVIDE_IFELSE is only in autoconf >= 2.52 and not
+  dnl documented, we avoid it.
+  ifelse(gt_included_intl, yes, , [
+    AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY])
+  ])
+
+  dnl Sometimes, on MacOS X, libintl requires linking with CoreFoundation.
+  gt_INTL_MACOSX
+
+  dnl Set USE_NLS.
+  AM_NLS
+
+  ifelse(gt_included_intl, yes, [
+    BUILD_INCLUDED_LIBINTL=no
+    USE_INCLUDED_LIBINTL=no
+  ])
+  LIBINTL=
+  LTLIBINTL=
+  POSUB=
+
+  dnl If we use NLS figure out what method
+  if test "$USE_NLS" = "yes"; then
+    gt_use_preinstalled_gnugettext=no
+    ifelse(gt_included_intl, yes, [
+      AC_MSG_CHECKING([whether included gettext is requested])
+      AC_ARG_WITH(included-gettext,
+        [  --with-included-gettext use the GNU gettext library included here],
+        nls_cv_force_use_gnu_gettext=$withval,
+        nls_cv_force_use_gnu_gettext=no)
+      AC_MSG_RESULT($nls_cv_force_use_gnu_gettext)
+
+      nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext"
+      if test "$nls_cv_force_use_gnu_gettext" != "yes"; then
+    ])
+        dnl User does not insist on using GNU NLS library.  Figure out what
+        dnl to use.  If GNU gettext is available we use this.  Else we have
+        dnl to fall back to GNU NLS library.
+
+        dnl Add a version number to the cache macros.
+        define([gt_api_version], ifelse([$2], [need-formatstring-macros], 3, ifelse([$2], [need-ngettext], 2, 1)))
+        define([gt_cv_func_gnugettext_libc], [gt_cv_func_gnugettext]gt_api_version[_libc])
+        define([gt_cv_func_gnugettext_libintl], [gt_cv_func_gnugettext]gt_api_version[_libintl])
+
+        AC_CACHE_CHECK([for GNU gettext in libc], gt_cv_func_gnugettext_libc,
+         [AC_TRY_LINK([#include <libintl.h>
+]ifelse([$2], [need-formatstring-macros],
+[#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
+#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1)
+#endif
+changequote(,)dnl
+typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1];
+changequote([,])dnl
+], [])[extern int _nl_msg_cat_cntr;
+extern int *_nl_domain_bindings;],
+            [bindtextdomain ("", "");
+return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], [])[ + _nl_msg_cat_cntr + *_nl_domain_bindings],
+            gt_cv_func_gnugettext_libc=yes,
+            gt_cv_func_gnugettext_libc=no)])
+
+        if test "$gt_cv_func_gnugettext_libc" != "yes"; then
+          dnl Sometimes libintl requires libiconv, so first search for libiconv.
+          ifelse(gt_included_intl, yes, , [
+            AM_ICONV_LINK
+          ])
+          dnl Search for libintl and define LIBINTL, LTLIBINTL and INCINTL
+          dnl accordingly. Don't use AC_LIB_LINKFLAGS_BODY([intl],[iconv])
+          dnl because that would add "-liconv" to LIBINTL and LTLIBINTL
+          dnl even if libiconv doesn't exist.
+          AC_LIB_LINKFLAGS_BODY([intl])
+          AC_CACHE_CHECK([for GNU gettext in libintl],
+            gt_cv_func_gnugettext_libintl,
+           [gt_save_CPPFLAGS="$CPPFLAGS"
+            CPPFLAGS="$CPPFLAGS $INCINTL"
+            gt_save_LIBS="$LIBS"
+            LIBS="$LIBS $LIBINTL"
+            dnl Now see whether libintl exists and does not depend on libiconv.
+            AC_TRY_LINK([#include <libintl.h>
+]ifelse([$2], [need-formatstring-macros],
+[#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
+#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1)
+#endif
+changequote(,)dnl
+typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1];
+changequote([,])dnl
+], [])[extern int _nl_msg_cat_cntr;
+extern
[...40805 lines suppressed...]
+    ;;
+esac
+
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"`
+shlibext=`echo "$shrext" | sed -e 's,^\.,,'`
+escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
+
+LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <<EOF
+
+# How to pass a linker flag through the compiler.
+wl="$escaped_wl"
+
+# Static library suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally "so").
+shlibext="$shlibext"
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec="$escaped_hardcode_libdir_flag_spec"
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator="$hardcode_libdir_separator"
+
+# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct="$hardcode_direct"
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L="$hardcode_minus_L"
+
+EOF
--- /dev/null	2006-09-01 14:59:55.285545433 -0700
+++ ./mkinstalldirs	2006-09-05 10:10:54.861690000 -0700
@@ -0,0 +1,150 @@
+#! /bin/sh
+# mkinstalldirs --- make directory hierarchy
+
+scriptversion=2004-02-15.20
+
+# Original author: Noah Friedman <friedman at prep.ai.mit.edu>
+# Created: 1993-05-16
+# Public domain.
+#
+# This file is maintained in Automake, please report
+# bugs to <bug-automake at gnu.org> or send patches to
+# <automake-patches at gnu.org>.
+
+errstatus=0
+dirmode=""
+
+usage="\
+Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ...
+
+Create each directory DIR (with mode MODE, if specified), including all
+leading file name components.
+
+Report bugs to <bug-automake at gnu.org>."
+
+# process command line arguments
+while test $# -gt 0 ; do
+  case $1 in
+    -h | --help | --h*)         # -h for help
+      echo "$usage"
+      exit 0
+      ;;
+    -m)                         # -m PERM arg
+      shift
+      test $# -eq 0 && { echo "$usage" 1>&2; exit 1; }
+      dirmode=$1
+      shift
+      ;;
+    --version)
+      echo "$0 $scriptversion"
+      exit 0
+      ;;
+    --)                         # stop option processing
+      shift
+      break
+      ;;
+    -*)                         # unknown option
+      echo "$usage" 1>&2
+      exit 1
+      ;;
+    *)                          # first non-opt arg
+      break
+      ;;
+  esac
+done
+
+for file
+do
+  if test -d "$file"; then
+    shift
+  else
+    break
+  fi
+done
+
+case $# in
+  0) exit 0 ;;
+esac
+
+# Solaris 8's mkdir -p isn't thread-safe.  If you mkdir -p a/b and
+# mkdir -p a/c at the same time, both will detect that a is missing,
+# one will create a, then the other will try to create a and die with
+# a "File exists" error.  This is a problem when calling mkinstalldirs
+# from a parallel make.  We use --version in the probe to restrict
+# ourselves to GNU mkdir, which is thread-safe.
+case $dirmode in
+  '')
+    if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
+      echo "mkdir -p -- $*"
+      exec mkdir -p -- "$@"
+    else
+      # On NextStep and OpenStep, the `mkdir' command does not
+      # recognize any option.  It will interpret all options as
+      # directories to create, and then abort because `.' already
+      # exists.
+      test -d ./-p && rmdir ./-p
+      test -d ./--version && rmdir ./--version
+    fi
+    ;;
+  *)
+    if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 &&
+       test ! -d ./--version; then
+      echo "mkdir -m $dirmode -p -- $*"
+      exec mkdir -m "$dirmode" -p -- "$@"
+    else
+      # Clean up after NextStep and OpenStep mkdir.
+      for d in ./-m ./-p ./--version "./$dirmode";
+      do
+        test -d $d && rmdir $d
+      done
+    fi
+    ;;
+esac
+
+for file
+do
+  set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
+  shift
+
+  pathcomp=
+  for d
+  do
+    pathcomp="$pathcomp$d"
+    case $pathcomp in
+      -*) pathcomp=./$pathcomp ;;
+    esac
+
+    if test ! -d "$pathcomp"; then
+      echo "mkdir $pathcomp"
+
+      mkdir "$pathcomp" || lasterr=$?
+
+      if test ! -d "$pathcomp"; then
+	errstatus=$lasterr
+      else
+	if test ! -z "$dirmode"; then
+	  echo "chmod $dirmode $pathcomp"
+	  lasterr=""
+	  chmod "$dirmode" "$pathcomp" || lasterr=$?
+
+	  if test ! -z "$lasterr"; then
+	    errstatus=$lasterr
+	  fi
+	fi
+      fi
+    fi
+
+    pathcomp="$pathcomp/"
+  done
+done
+
+exit $errstatus
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
--- ./config.h.in.l10n	2006-09-05 10:13:40.962192000 -0700
+++ ./config.h.in	2006-09-05 10:14:26.298057000 -0700
@@ -3,6 +3,9 @@
 /* Define to 1 if you want to include debugging code. */
 #undef DEBUG
 
+/* Define to 1 if you want l10n support. */
+#undef ENABLE_NLS
+
 /* Define to 1 if you have the <curl/curl.h> header file. */
 #undef HAVE_CURL_CURL_H
 

pam_pkcs11-0.5.3-nss.patch:
 Makefile.in                  |    6 
 aclocal/Makefile.in          |    6 
 configure                    |  224 +++++++++++--
 configure.in                 |   36 ++
 doc/Makefile.in              |    6 
 etc/Makefile.in              |    6 
 src/Makefile.in              |    6 
 src/common/Makefile.am       |    6 
 src/common/Makefile.in       |   14 
 src/common/NSPRerrs.h        |  153 +++++++++
 src/common/SECerrs.h         |  506 +++++++++++++++++++++++++++++++
 src/common/SSLerrs.h         |  371 ++++++++++++++++++++++
 src/common/alg_st.h          |   52 +++
 src/common/algorithm.c       |   77 ++++
 src/common/cert_info.c       |  195 +++++++++++
 src/common/cert_info.h       |    4 
 src/common/cert_st.h         |   41 ++
 src/common/cert_vfy.c        |   58 +++
 src/common/cert_vfy.h        |    2 
 src/common/error.h           |    7 
 src/common/pkcs11.c          |  699 ++++++++++++++++++++++++++++++++++++++++++-
 src/common/pkcs11.h          |   48 --
 src/common/secutil.h         |  424 ++++++++++++++++++++++++++
 src/common/smartcard.h       |   55 +++
 src/mappers/Makefile.am      |    2 
 src/mappers/Makefile.in      |    8 
 src/mappers/cn_mapper.c      |    8 
 src/mappers/digest_mapper.c  |   20 -
 src/mappers/generic_mapper.c |    6 
 src/mappers/krb_mapper.c     |    8 
 src/mappers/ldap_mapper.c    |    2 
 src/mappers/mail_mapper.c    |    6 
 src/mappers/mapper.h         |    2 
 src/mappers/ms_mapper.c      |    8 
 src/mappers/null_mapper.c    |    2 
 src/mappers/opensc_mapper.c  |   12 
 src/mappers/openssh_mapper.c |   12 
 src/mappers/pwent_mapper.c   |   10 
 src/mappers/subject_mapper.c |   12 
 src/mappers/uid_mapper.c     |    8 
 src/pam_pkcs11/Makefile.am   |    4 
 src/pam_pkcs11/Makefile.in   |   10 
 src/pam_pkcs11/mapper_mgr.c  |    2 
 src/pam_pkcs11/mapper_mgr.h  |    3 
 src/pam_pkcs11/pam_config.c  |    8 
 src/pam_pkcs11/pam_config.h  |    1 
 src/pam_pkcs11/pam_pkcs11.c  |  123 +++----
 src/scconf/Makefile.in       |    6 
 src/tools/Makefile.am        |    4 
 src/tools/Makefile.in        |   10 
 src/tools/pkcs11_eventmgr.c  |  257 ++++++++++++++-
 src/tools/pkcs11_inspect.c   |   70 +---
 src/tools/pklogin_finder.c   |   70 +---
 tools/Makefile.in            |    6 
 54 files changed, 3371 insertions(+), 331 deletions(-)

Index: pam_pkcs11-0.5.3-nss.patch
===================================================================
RCS file: /cvs/dist/rpms/pam_pkcs11/devel/pam_pkcs11-0.5.3-nss.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- pam_pkcs11-0.5.3-nss.patch	11 Jul 2006 20:19:42 -0000	1.2
+++ pam_pkcs11-0.5.3-nss.patch	6 Sep 2006 18:43:08 -0000	1.3
@@ -2311,7 +2311,7 @@
 +
 +    /* NSS already check all the revocation info with OCSP and crls */
 +    DBG2("Verifying Cert: %s (%s)", x509->nickname, x509->subjectName);
-+    rv = CERT_VerifyCertNow(handle, x509, PR_TRUE, certUsageEmailSigner,
++    rv = CERT_VerifyCertNow(handle, x509, PR_TRUE, certUsageSSLClient,
 +		NULL);
 +    if (rv != SECSuccess) {
 +	DBG1("Couldn't verify Cert: %s", SECU_Strerror(PR_GetError()));
@@ -2692,7 +2692,7 @@
 +    }
 +
 +    /* only want signing certs */
-+    rv = CERT_FilterCertListByUsage(certList,  certUsageEmailSigner, PR_FALSE);
++    rv = CERT_FilterCertListByUsage(certList,  certUsageSSLClient, PR_FALSE);
 +    if (rv != SECSuccess) {
 +    	CERT_DestroyCertList(certList);
 +        DBG1("Couldn't filter out email certs: %s", 

pam_pkcs11-0.5.3-ocsp.patch:
 common/cert_vfy.c       |    9 +++++++--
 common/cert_vfy.h       |    2 +-
 pam_pkcs11/pam_config.c |    4 ++++
 pam_pkcs11/pam_config.h |    1 +
 pam_pkcs11/pam_pkcs11.c |    4 +++-
 tools/pkcs11_inspect.c  |    4 +++-
 tools/pklogin_finder.c  |    4 +++-
 7 files changed, 22 insertions(+), 6 deletions(-)

Index: pam_pkcs11-0.5.3-ocsp.patch
===================================================================
RCS file: /cvs/dist/rpms/pam_pkcs11/devel/pam_pkcs11-0.5.3-ocsp.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- pam_pkcs11-0.5.3-ocsp.patch	26 Aug 2006 00:19:06 -0000	1.2
+++ pam_pkcs11-0.5.3-ocsp.patch	6 Sep 2006 18:43:08 -0000	1.3
@@ -31,7 +31,7 @@
 +
      /* NSS already check all the revocation info with OCSP and crls */
      DBG2("Verifying Cert: %s (%s)", x509->nickname, x509->subjectName);
-     rv = CERT_VerifyCertNow(handle, x509, PR_TRUE, certUsageEmailSigner,
+     rv = CERT_VerifyCertNow(handle, x509, PR_TRUE, certUsageSSLClient,
 @@ -290,7 +295,7 @@
    return (rv == -1);
  }


Index: pam_pkcs11.spec
===================================================================
RCS file: /cvs/dist/rpms/pam_pkcs11/devel/pam_pkcs11.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- pam_pkcs11.spec	29 Aug 2006 02:23:48 -0000	1.15
+++ pam_pkcs11.spec	6 Sep 2006 18:43:08 -0000	1.16
@@ -6,7 +6,7 @@
 
 Name:           pam_pkcs11
 Version:        0.5.3
-Release:        14
+Release:        15
 Summary:        PKCS #11/NSS PAM login module
 
 Group:          System Environment/Base
@@ -22,6 +22,7 @@
 Patch5:		pam_pkcs11-0.5.3-ocsp.patch
 Patch6:		pam_pkcs11-0.5.3-wait-for-card.patch
 Patch7:		pam_pkcs11-0.5.3-reject_unloaded_module.patch
+Patch8:		pam_pkcs11-0.5.3-l10n.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  pam-devel
@@ -58,6 +59,7 @@
 %patch5 -p0 -b .ocsp
 %patch6 -p1 -b .wait-for-card
 %patch7 -p0 -b .reject-unloaded-module
+%patch8 -p0 -b .l10n
 
 %build
 
@@ -74,7 +76,6 @@
 %endif
 %configure  \
     --with-nss \
-    --without-pcsclite \
     --with-debug  \
     --disable-dependency-tracking  \
     %{curl_flags} %{ldap_flags} 
@@ -147,6 +148,12 @@
 %doc %{_datadir}/%{name}/pkcs11_eventmgr.conf.example
 
 %changelog
+* Mon Sep 1 2006 Robert Relyea <rrelyea at redhat.com> 0.5.3-15
+- add l10n support
+- correct mapper order.
+- login should allow SSL Client Auth certs rather than restricting to Email
+  Signing certs.
+
 * Mon Aug 28 2006 Robert Relyea <rrelyea at redhat.com> 0.5.3-14
 - use implicit paths to load the PKCS #11 module
 


Index: rh_pam_pkcs11.conf
===================================================================
RCS file: /cvs/dist/rpms/pam_pkcs11/devel/rh_pam_pkcs11.conf,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- rh_pam_pkcs11.conf	29 Aug 2006 02:23:48 -0000	1.5
+++ rh_pam_pkcs11.conf	6 Sep 2006 18:43:08 -0000	1.6
@@ -124,7 +124,7 @@
   # If used null mapper should be the last in the list :-)
   # Also you should select at least one mapper, otherwise
   # certificate will not match :-)
-  use_mappers = cn, pwent, uid, null;
+  use_mappers = cn, uid, pwent, null;
 
   # When no absolute path or module info is provided, use this
   # value as module search path




More information about the fedora-cvs-commits mailing list