rpms/pam_abl/FC-3 pam_abl-0.2.3-fixes.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 pam_abl.spec, 1.1, 1.2 sources, 1.2, 1.3 README.Fedora, 1.1, NONE
Alexander Dalloz (adalloz)
fedora-extras-commits at redhat.com
Tue Jul 18 23:14:30 UTC 2006
Author: adalloz
Update of /cvs/extras/rpms/pam_abl/FC-3
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24556
Modified Files:
.cvsignore pam_abl.spec sources
Added Files:
pam_abl-0.2.3-fixes.patch
Removed Files:
README.Fedora
Log Message:
upgrade to version 0.2.3
README.Fedora obsoleted by QUICKSTART
pam_abl-0.2.3-fixes.patch:
--- NEW FILE pam_abl-0.2.3-fixes.patch ---
Patch by Robert Scheck <robert at fedoraproject.org> for pam_abl 0.2.3, changes:
* pam_abl/pam_abl.c
- Fixed compiler warning "dereferencing type-punned pointer will break
strict-aliasing rules"
* pam_abl/Makefile
- Always honor $RPM_OPT_FLAGS when available
- Fixed the make warning "jobserver unavailable: using -j1. Add `+' to
parent make rule"
* pam_abl/tools/Makefile
- Always honor $RPM_OPT_FLAGS when available
* pam_abl/doc/pam_abl.1
- Initial version of a pam_abl man page based on the current docs
* pam_abl/CONFIGURATION
- Initial version of a pam_abl text documentation based on the HTML files
* pam_abl/conf/system-auth
- Removed use of /lib/security/$ISA, because it will break on any 64 bit
system having /lib64 instead of /lib; should fix sf.net Bug ID #1325837
* pam_abl/doc/index.html
- Never ever use /lib/security, will break any 64 bit compatibility
* pam_abl/QUICKSTART
- Quickstart guide heavily based on README.fedora written by the Fedora
Extras maintainer Alexander Dalloz <alex {%} dalloz {*} de>
Following patch was sent upstream at Sat, 17 Jun 2006 21:24:50 +0200 and it
was confirmed by the upstream maintainer, that this patch will be added to
the next pam_abl release - but unfortunately nothing happened, yet.
--- pam_abl/pam_abl.c 2005-10-12 21:22:26.000000000 +0200
+++ pam_abl/pam_abl.c.rsc 2006-06-17 18:36:44.000000000 +0200
@@ -168,7 +168,7 @@
const char *rhost;
int err;
- if (err = pam_get_item(args->pamh, PAM_RHOST, (const void **) &rhost), PAM_SUCCESS != err) {
+ if (err = pam_get_item(args->pamh, PAM_RHOST, (const void **)( const void*) &rhost), PAM_SUCCESS != err) {
log_pam_error(args, err, "getting PAM_RHOST");
return err;
}
@@ -187,7 +187,7 @@
if (NULL != args->user_db) {
const char *user;
int err;
- if (err = pam_get_item(args->pamh, PAM_USER, (const void **) &user), PAM_SUCCESS != err) {
+ if (err = pam_get_item(args->pamh, PAM_USER, (const void **) (const void*) &user), PAM_SUCCESS != err) {
log_pam_error(args, err, "getting PAM_USER");
return err;
}
@@ -285,7 +285,7 @@
if (NULL != args->host_db) {
const char *rhost;
int err;
- if (err = pam_get_item(args->pamh, PAM_RHOST, (const void **) &rhost), PAM_SUCCESS != err) {
+ if (err = pam_get_item(args->pamh, PAM_RHOST, (const void **) (const void*) &rhost), PAM_SUCCESS != err) {
log_pam_error(args, err, "getting PAM_RHOST");
return err;
}
@@ -316,12 +316,12 @@
const char *user;
const char *service;
- if (err = pam_get_item(args->pamh, PAM_USER, (const void **) &user), PAM_SUCCESS != err) {
+ if (err = pam_get_item(args->pamh, PAM_USER, (const void **) (const void*) &user), PAM_SUCCESS != err) {
log_pam_error(args, err, "getting PAM_USER");
return err;
}
- if (err = pam_get_item(args->pamh, PAM_SERVICE, (const void **) &service), PAM_SUCCESS != err) {
+ if (err = pam_get_item(args->pamh, PAM_SERVICE, (const void **) (const void*) &service), PAM_SUCCESS != err) {
log_pam_error(args, err, "getting PAM_SERVICE");
return err;
}
@@ -374,9 +374,9 @@
check_attempt(args, &rv);
if (rv) {
const char *rhost, *user, *service;
- if (PAM_SUCCESS == pam_get_item(args->pamh, PAM_RHOST, (const void **) &rhost ) &&
- PAM_SUCCESS == pam_get_item(args->pamh, PAM_USER, (const void **) &user ) &&
- PAM_SUCCESS == pam_get_item(args->pamh, PAM_SERVICE, (const void **) &service)) {
+ if (PAM_SUCCESS == pam_get_item(args->pamh, PAM_RHOST, (const void **) (const void*) &rhost ) &&
+ PAM_SUCCESS == pam_get_item(args->pamh, PAM_USER, (const void **) (const void*) &user ) &&
+ PAM_SUCCESS == pam_get_item(args->pamh, PAM_SERVICE, (const void **) (const void*) &service)) {
log_info(args, "Blocking access from %s to service %s, user %s", rhost, service, user);
}
return PAM_AUTH_ERR;
--- pam_abl/Makefile 2005-10-12 21:22:25.000000000 +0200
+++ pam_abl/Makefile.rsc 2006-06-17 18:45:43.000000000 +0200
@@ -1,7 +1,7 @@
# Makefile
# $Id: Makefile,v 1.1.1.1 2005/10/12 19:22:25 tagishandy Exp $
-CFLAGS=-Wall -fPIC
+CFLAGS=-Wall -fPIC $(RPM_OPT_FLAGS)
PAMDIR=/lib/security
CONFDIR=/etc/security
DBDIR=/var/lib/abl
@@ -11,26 +11,26 @@
SUBDIRS=tools
all : $(MODULE)
- for d in $(SUBDIRS) ; do cd $$d && make $@ && cd .. ; done
+ for d in $(SUBDIRS) ; do cd $$d && $(MAKE) $@ && cd .. ; done
$(MODULE) : $(OBJ)
ld -x --shared $(LIBS) -o $@ $^
clean :
rm -f $(MODULE) $(OBJ)
- for d in $(SUBDIRS) ; do cd $$d && make $@ && cd .. ; done
+ for d in $(SUBDIRS) ; do cd $$d && $(MAKE) $@ && cd .. ; done
install : $(MODULE)
install --mode=755 --strip $(MODULE) $(PAMDIR)
#install --mode=644 conf/pam_abl.conf $(CONFDIR)
install -d --mode=755 $(DBDIR)
- for d in t $(SUBDIRS) ; do cd $$d && make $@ && cd .. ; done
+ for d in t $(SUBDIRS) ; do cd $$d && $(MAKE) $@ && cd .. ; done
depend :
cc -MM *.c > deps
- for d in $(SUBDIRS) ; do cd $$d && make $@ && cd .. ; done
+ for d in $(SUBDIRS) ; do cd $$d && $(MAKE) $@ && cd .. ; done
test :
- cd t && make && cd ..
+ cd t && $(MAKE) && cd ..
include deps
--- pam_abl/tools/Makefile 2005-10-12 21:22:27.000000000 +0200
+++ pam_abl/tools/Makefile.rsc 2006-06-17 19:15:25.000000000 +0200
@@ -1,6 +1,6 @@
# Makefile
-CFLAGS=-Wall
+CFLAGS=-Wall -fPIC $(RPM_OPT_FLAGS)
LIBS=-ldb -lpthread
TARGET=pam_abl
OBJ=log.o config.o rule.o pam_abl.o
--- pam_abl/doc/pam_abl.1 1970-01-01 01:00:00.000000000 +0100
+++ pam_abl/doc/pam_abl.1.rsc 2006-06-17 20:02:44.000000000 +0200
@@ -0,0 +1,52 @@
+.TH pam_abl 1 "Oct 13, 2005"
+.LO 1
+.SH NAME
+pam_abl - query or purge the databases used by the pam_abl module
+.SH OVERVIEW
+\fBpam_abl\fR [ \fIOPTIONS \fR] [ \fICONFIG \fR]
+.SH DESCRIPTION
+Performs maintenance on the databases used by the pam_abl (auto blacklist) module. CONFIG is the name of the pam_abl config file (/etc/security/pam_abl.conf). The config file is read to discover the names of the pam_abl databases and the rules that control purging of old data from them.
+.SH OPTIONS
+.TP
+.B -h, --help
+See a help message
+.TP
+.B -p, --purge
+Purge databases according to purge rules in config
+.TP
+.B -r, --relative
+Display times relative to now otherwise absolute times will be displayed
+.TP
+.B -v, --verbose
+Verbose output
+.TP
+.B --okuser=USER
+Unblock USER
+.TP
+.B --okhost=HOST
+Unblock HOST
+.SH EXAMPLES
+.TP
+Obtain a list of failed hosts and users:
+$ pam_abl
+.TP
+Obtain a full list of failures listing times relative to now:
+$ pam_abl -rv
+.br
+$ pam_abl --relative --verbose
+.TP
+Purge old data:
+$ pam_abl -p
+.br
+$ pam_abl --purge
+.TP
+Unblock all example.com, somewhere.com hosts:
+$ pam_abl -v --okhost=*.example.com --okhost=*.somewhere.com
+.SH AUTHOR
+Andy Armstrong <andy at hexten.net>
+.SH SEE ALSO
+/usr/share/doc/pam_abl-*/CONFIGURATION
+.SH REPORT BUGS
+Please report bugs in English language to the author.
+.SH COPYRIGHT
+pam_abl is licensed under GNU General Public License, the complete license you can get at: http://www.gnu.org/copyleft/gpl.html
--- pam_abl/CONFIGURATION 1970-01-01 01:00:00.000000000 +0100
+++ pam_abl/CONFIGURATION.rsc 2006-06-17 20:02:44.000000000 +0200
@@ -0,0 +1,251 @@
+The Auto Blacklist Module: pam_abl
+
+Synopsis
+
+Module name:
+ pam_abl
+Author:
+ Andy Armstrong <andy at hexten.net>
+Maintainer:
+ Andy Armstrong <andy at hexten.net>
+Management groups provided:
+ auth
+Cryptographically sensitive:
+ No.
+Security rating:
+Clean code base:
+ Clean.
+System dependencies:
+ Requires Berkeley DB (tested with 4.3.21 and 4.2.50).
+ Requires a configuration file (by convention /etc/security/pam_abl.conf)
+Network aware:
+ No.
+
+Overview of module
+
+Provides auto blacklisting of hosts and users responsible for repeated failed
+authentication attempts. Generally configured so that blacklisted users still
+see normal login prompts but are guaranteed to fail to authenticate.
+
+This functionality is only available to services which call PAM as root. If
+pam_abl is called for uid != 0 it will silently succeed.
+
+Auth component
+
+Recognised arguments:
+
+ Name Arguments Description
+ debug None Enable debug output to syslog.
+ expose_account None Ignored
+ no_warn None Disable warnings which are otherwise output
+ to syslog.
+ try_first_pass None Ignored
+ use_first_pass None Ignored
+ use_mapped_pass None Ignored
+ The configuration file contains additional
+ arguments. In order for the pam_abl command
+ Path to the line tool to work correctly most of the
+ config configuration configuration should be placed in the config
+ file. file rather than being provided by arguments.
+ The format of the config file is described
+ below.
+ Path to host Path to the Berkeley DB which is used to log
+ host_db database the host responsible for failed
+ file. authentication attempts.
+ Purge time Defines how long failed hosts are retained in
+ host_purge for the host the host database. Defaults to 1 day.
+ database.
+ Rule for host The rule (see below for format) which defines
+ host_rule blacklisting. the conditions under which a failed hosts
+ will be blackisted.
+ Path to user Path to the Berkeley DB which is used to log
+ user_db database the user responsible for failed
+ file. authentication attempts.
+ Purge time Defines how long failed users are retained in
+ user_purge for the user the user database. Defaults to 1 day.
+ database.
+ Rule for user The rule (see below for format) which defines
+ user_rule blacklisting. the conditions under which a failed users
+ will be blackisted.
+
+Description:
+
+ Brute force password discovery attacks involve repeated attempts to
+ authenticate against a service using a dictionary of common passwords.
+ While it is desirable to enforce strong passwords for users this is not
+ always possible and in cases where a weak password has been used brute
+ force attacks can be effective.
+
+ The pam_abl module monitors failed authentication attempts and
+ automatically blacklists those hosts (and accounts) that are responsible
+ for large numbers of failed attempts. Once a host is blacklisted it is
+ guaranteed to fail authentication even if the correct credentials are
+ provided.
+
+ Blacklisting is triggered when the number of failed authentication attempts
+ in a particular period of time exceeds a predefined limit. Hosts which stop
+ attempting to authenticate will, after a period of time, be un-blacklisted.
+
+ This functionality is only available to services which call PAM as root. If
+ pam_abl is called for uid != 0 it will silently succeed. If this was not
+ the case it would be possible for a malicious local user to poison the
+ pam_abl data by, for example, discovering the names of the hosts from which
+ root typically logs in and then constructing PAM authentication code to
+ lock out root login attempts from those hosts.
+
+Usage:
+
+ Typically pam_abl.so is added to the auth stack as a required module just
+ before whatever modules actually peform authentication. Here's a fragment
+ of the PAM config for a production server that is running pam_abl:
+
+ auth required pam_env.so
+ auth required pam_abl.so config=/etc/security/pam_abl.conf
+ auth sufficient pam_unix.so try_first_pass nullok
+ auth required pam_deny.so
+
+ Although all of accepted arguments can be supplied here they will usually
+ be placed in a separate config file and linked to using the config argument
+ as in the above example. The pam_abl command line tool reads the external
+ config file (/etc/security/pam_abl.conf in this case) to find the databases
+ so in order for it work correctly an external config should be used.
+
+Config file syntax:
+
+ The config file can contain any arguments that would be supplied via PAM
+ config. In the config file arguments are placed on separate lines. Comments
+ may be included after a '#' and line continuation is possible by placing a
+ back slash at the end of the line to be continued. Here is a sample /etc/
+ security/pam_abl.conf:
+
+ # /etc/security/pam_abl.conf
+ debug
+ host_db=/var/lib/abl/hosts.db
+ host_purge=2d
+ host_rule=*:10/1h,30/1d
+ user_db=/var/lib/abl/users.db
+ user_purge=2d
+ user_rule=!root:10/1h,30/1d
+
+ All of the standard PAM arguments (debug, expose_account, no_warn,
+ try_first_pass, use_first_pass, use_mapped_pass) are accepted; with the
+ exception of debug and no_warn these are ignored.
+
+ The arguments that are specific to pam_abl are as follows:
+
+ Specify the name of the databases that will be used to log
+ failed authentication attempts. The host database is used to
+ host_db, log the hostname responsible for a failed auth and the user
+ user_db database is used to log the requested username. If host_db or
+ user_db is omitted the corresponding auto blacklisting will be
+ disabled.
+ Specify the length of time for which failed attempts should be
+ kept in the databases. For rules to work correctly this must be
+ at least as long as the longest period specified in a
+ corresponding rule. You may wish to retain information about
+ failed attempts for longer than this so that the pam_abl
+ command line tool can report information over a longer period
+ host_purge, of time. The format for this item is a number with an optional
+ user_purge multiplier suffix, 's', 'm', 'h' or 'd' which correspond with
+ seconds, minutes, hours and days. To specify seven days for
+ example one would use '7d'. Note that in normal operation
+ pam_abl will only purge the logged data for a particular host
+ or user if it happens to be updating it, i.e. if that host or
+ user makes another failed attempt. To purge all old entries the
+ pam_abl command line tool should be used.
+ These are the rules which determine the circumstances under
+ which accounts are auto-blacklisted. The host_rule is used to
+ host_rule, block access to hosts that are responsible for excessive
+ user_rule authentication failures and the user_rule is used to disable
+ accounts for which there have been excessive authentication
+ failures. The rule syntax is described in full below.
+
+Rule syntax:
+
+ Each rule consists of a number of space separated 'user clauses'. A user
+ clause specifies the user (and service) names to match and a set of
+ triggers. A simple example would be
+
+ *:10/1h
+
+ which means 'block any user (*) if they are responsible for ten or more
+ failed authentication attempts in the last hour'. In place of the '*' which
+ matches any user a list of usernames can be supplied like this
+
+ root|dba|admin:10/1h
+
+ which means 'block the users root, dba and admin if they are responsible
+ for ten or more failed authentication attempts in the last hour'. You can
+ also specify a service name to match against like this
+
+ root/sshd|dba/*:3/1d
+
+ which means 'block the users root for service 'sshd' and dba for any
+ service if they are responsible for three or more failed authentication
+ attempts in the last day'. Finally you can specify multiple triggers like
+ this
+
+ root:10/1h,20/1d
+
+ which means 'block the user root if they are responsible for ten or more
+ failed attempts in the last hour or twenty or more failed attempts in the
+ last day.
+
+ Multiple rules can be provided separated by spaces like this
+
+ *:10/1h root:5/1h,10/1d
+
+ in which case all rules that match a particular user and service will be
+ checked. The user or host will be blocked if any of the rule triggers
+ matches. The sense of the user matching can be inverted by placing a '!' in
+ front of the rule so that
+
+ !root:20/1d
+
+ is a rule which would match for all users apart from root. It is important
+ to treat root as a special case in the user_rule otherwise excessive
+ attempts to authenticate as root will result in the root account being
+ locked out even for valid holders of root credentials.
+
+ Here is the full syntax for rules:
+
+ word ::= /[^\s\|\/\*]+/
+ name ::= word | '*'
+ username ::= name
+ servicename ::= name
+ userservice ::= username
+ | username '/' servicename
+ namelist ::= userservice
+ | userservice '|' namelist
+ userspec ::= namelist
+ | '!' namelist
+ multiplier ::= 's' | 'm' | 'h' | 'd'
+ number ::= /\d+/
+ period ::= number
+ | number multiplier
+ trigger ::= number '/' period
+ triglist ::= trigger
+ | trigger ',' triglist
+ userclause ::= userspec ':' triglist
+ rule ::= userclause
+ | userclause /\s+/ rule
+
+Examples/suggested usage:
+
+ Sample PAM config fragment:
+
+ auth required pam_env.so
+ auth required pam_abl.so config=/etc/security/pam_abl.conf
+ auth sufficient pam_unix.so try_first_pass nullok
+ auth required pam_deny.so
+
+ Sample /etc/security/pam_abl.conf:
+
+ # /etc/security/pam_abl.conf
+ debug
+ host_db=/var/lib/abl/hosts.db
+ host_purge=2d
+ host_rule=*:10/1h,30/1d
+ user_db=/var/lib/abl/users.db
+ user_purge=2d
+ user_rule=!root:10/1h,30/1d
--- pam_abl/conf/system-auth 2006-06-17 20:02:05.000000000 +0200
+++ pam_abl/conf/system-auth.rsc 2006-06-17 20:07:49.000000000 +0200
@@ -1,15 +1,14 @@
#%PAM-1.0
-auth required /lib/security/$ISA/pam_env.so
-auth required /lib/security/$ISA/pam_abl.so config=/etc/security/pam_abl.conf
-auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
-auth required /lib/security/$ISA/pam_deny.so
+auth required pam_env.so
+auth required pam_abl.so config=/etc/security/pam_abl.conf
+auth sufficient pam_unix.so try_first_pass nullok
+auth required pam_deny.so
-account required /lib/security/$ISA/pam_unix.so
+account required pam_unix.so
-password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
-password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
-password required /lib/security/$ISA/pam_deny.so
+password required pam_cracklib.so try_first_pass retry=3
+password sufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow
+password required pam_deny.so
-session required /lib/security/$ISA/pam_limits.so
-session required /lib/security/$ISA/pam_abl.so
-session required /lib/security/$ISA/pam_unix.so
+session required pam_limits.so
+session required pam_unix.so
--- pam_abl/doc/index.html 2005-10-12 21:22:27.000000000 +0200
+++ pam_abl/doc/index.html.rsc 2006-06-17 20:23:22.000000000 +0200
@@ -171,10 +171,10 @@
<p>Typically pam_abl.so is added to the auth stack as a required module just before whatever modules actually peform authentication. Here's a fragment of the PAM config for a production server that is running pam_abl:</p>
<table class="config">
- <tr><td>auth</td><td>required</td><td>/lib/security/pam_env.so</td></tr>
- <tr><td>auth</td><td>required</td><td>/lib/security/pam_abl.so config=/etc/security/pam_abl.conf</td></tr>
- <tr><td>auth</td><td>sufficient</td><td>/lib/security/pam_unix.so likeauth nullok</td></tr>
- <tr><td>auth</td><td>required</td><td>/lib/security/pam_deny.so</td></tr>
+ <tr><td>auth</td><td>required</td><td>pam_env.so</td></tr>
+ <tr><td>auth</td><td>required</td><td>pam_abl.so config=/etc/security/pam_abl.conf</td></tr>
+ <tr><td>auth</td><td>sufficient</td><td>pam_unix.so try_first_pass nullok</td></tr>
+ <tr><td>auth</td><td>required</td><td>pam_deny.so</td></tr>
</table>
<p>Although all of accepted arguments can be supplied here they will usually be placed in a separate config file and linked to using the config argument as in the above example. The <a href="pam_abl.html">pam_abl command line tool</a> reads the external config file (/etc/security/pam_abl.conf in this case) to find the databases so in order for it work correctly an external config should be used.</p>
@@ -282,10 +282,10 @@
<p>Sample PAM config fragment:</p>
<table class="config">
- <tr><td>auth</td><td>required</td><td>/lib/security/pam_env.so</td></tr>
- <tr><td>auth</td><td>required</td><td>/lib/security/pam_abl.so config=/etc/security/pam_abl.conf</td></tr>
- <tr><td>auth</td><td>sufficient</td><td>/lib/security/pam_unix.so likeauth nullok</td></tr>
- <tr><td>auth</td><td>required</td><td>/lib/security/pam_deny.so</td></tr>
+ <tr><td>auth</td><td>required</td><td>pam_env.so</td></tr>
+ <tr><td>auth</td><td>required</td><td>pam_abl.so config=/etc/security/pam_abl.conf</td></tr>
+ <tr><td>auth</td><td>sufficient</td><td>pam_unix.so try_first_pass nullok</td></tr>
+ <tr><td>auth</td><td>required</td><td>pam_deny.so</td></tr>
</table>
<p>Sample /etc/security/pam_abl.conf:</p>
--- pam_abl/QUICKSTART 1970-01-01 01:00:00.000000000 +0100
+++ pam_abl/QUICKSTART.rsc 2006-06-17 20:34:27.000000000 +0200
@@ -0,0 +1,23 @@
+QUICKSTART GUIDE
+
+------------------------------------------------------------------------
+Any time changes to the PAM configuration are done by hand, they have
+to be done with great care to avoid disabling system access by accident.
+------------------------------------------------------------------------
+
+To activate the use of pam_abl.so you need to add a PAM rule like
+
+ auth required pam_abl.so config=/etc/security/pam_abl.conf
+
+i.e. in /etc/pam.d/system-auth. Doing so please be aware that
+/etc/pam.d/system-auth is auto-generated at e.g. Fedora Core and Red
+Hat Enterprise Linux systems and that user changes will be destroyed
+the next time authconfig is run, thus this step has to be redone.
+
+You are able to customize the pam_abl.so behaviour by editing
+/etc/security/pam_abl.conf. For detailed instructions please read
+the application's page online at
+
+ http://www.hexten.net/sw/pam_abl/doc/index.html
+
+or have a look to the index.html and pam_abl.html documentation.
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/pam_abl/FC-3/.cvsignore,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- .cvsignore 19 Jul 2005 17:05:09 -0000 1.2
+++ .cvsignore 18 Jul 2006 23:14:27 -0000 1.3
@@ -1 +1 @@
-pam_abl-20050110-0.2.2.tar.gz
+pam_abl-0.2.3.tar.gz
Index: pam_abl.spec
===================================================================
RCS file: /cvs/extras/rpms/pam_abl/FC-3/pam_abl.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- pam_abl.spec 19 Jul 2005 17:05:09 -0000 1.1
+++ pam_abl.spec 18 Jul 2006 23:14:27 -0000 1.2
@@ -1,14 +1,12 @@
-%define reldate 20050110
-
Name: pam_abl
Summary: A Pluggable Authentication Module (PAM) for auto blacklisting
-Version: 0.2.2
-Release: 2%{?dist}
+Version: 0.2.3
+Release: 1%{?dist}
License: GPL
Group: System Environment/Base
URL: http://www.hexten.net/sw/pam_abl/
-Source0: http://www.hexten.net/sw/pam_abl/pam_abl-%{reldate}-%{version}.tar.gz
-Source1: README.Fedora
+Source0: http://dl.sourceforge.net/sourceforge/pam-abl/%{name}-%{version}.tar.gz
+Patch0: pam_abl-0.2.3-fixes.patch
BuildRequires: db4-devel, pam-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -20,12 +18,11 @@
databases used by the pam_abl module.
%prep
-%setup -q -n %{name}-%{reldate}-%{version}
-# temporary fix for an outdated document instruction
-sed -i -e '/pam_abl.so$/d' conf/system-auth
+%setup -q -n %{name}
+%patch0 -p1
%build
-make %{?_smp_mflags} all
+make %{?_smp_mflags}
%install
rm -rf %{buildroot}
@@ -33,29 +30,37 @@
install -D -m 644 conf/pam_abl.conf %{buildroot}%{_sysconfdir}/security/pam_abl.conf
install -D -m 755 tools/pam_abl %{buildroot}%{_sbindir}/pam_abl
install -d -m 755 %{buildroot}%{_localstatedir}/lib/abl
-install -m 644 %{SOURCE1} README.Fedora
-rm -f doc/._pam_abl.html
+install -D -m 644 doc/pam_abl.1 %{buildroot}%{_mandir}/man1/pam_abl.1
+rm -rf doc/{CVS,._pam_abl.html,pam_abl.1}
%clean
rm -rf %{buildroot}
%files
%defattr(644,root,root,755)
-%doc README.Fedora Copyright doc conf
+%doc AUTHORS CONFIGURATION COPYING NEWS QUICKSTART THANKS
+%doc Copyright conf/system-auth doc
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/security/pam_abl.conf
/%{_lib}/security/pam_abl.so
%{_sbindir}/pam_abl
%{_localstatedir}/lib/abl/
+%{_mandir}/man?/%{name}.*
%changelog
+* Sun Jul 16 2006 Alexander Dalloz <alex {%} dalloz {*} de> - 0.2.3-1
+- Upgrade to 0.2.3
+ - fixes #165817, #174932, #185866, #192614
+- Added manpage, improved documentation
+ (big thanks to Robert Scheck)
+
* Fri Jul 15 2005 Alexander Dalloz <alex {%} dalloz {*} de> - 0.2.2-2
-- Defined %{reldate} and made macro usage consistent
+- Defined %%{reldate} and made macro usage consistent
- pam_abl moved to /usr/sbin.
* Wed Jul 13 2005 Alexander Dalloz <alex {%} dalloz {*} de> - 0.2.2-1
- Changes following review:
- - added %{?dist} tag
+ - added %%{?dist} tag
- set Group to System Environment/Base
- set Source0 to be an absolute URL
- changed BuildPrereq to be BuildRequires
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/pam_abl/FC-3/sources,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- sources 19 Jul 2005 17:05:09 -0000 1.2
+++ sources 18 Jul 2006 23:14:27 -0000 1.3
@@ -1 +1 @@
-5c51d8339682e1ebde3c2c7d120e769b pam_abl-20050110-0.2.2.tar.gz
+fbcf97067e9647fa1d9257d4e6133cba pam_abl-0.2.3.tar.gz
--- README.Fedora DELETED ---
More information about the fedora-extras-commits
mailing list