Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pam_pkcs11-0.6.13-160000.2.2 RPM for s390x

From OpenSuSE Leap 16.0 for s390x

Name: pam_pkcs11 Distribution: SUSE Linux 16
Version: 0.6.13 Vendor: SUSE LLC <https://www.suse.com/>
Release: 160000.2.2 Build date: Mon May 19 11:44:11 2025
Group: Productivity/Security Build host: reproducible
Size: 1254363 Source RPM: pam_pkcs11-0.6.13-160000.2.2.src.rpm
Packager: https://www.suse.com/
Url: https://github.com/OpenSC/pam_pkcs11
Summary: PKCS #11 PAM Module
 
This Linux PAM module allows X.509 a certificate-based user
authentication. The certificate and its dedicated private key are
thereby accessed by means of an appropriate PKCS #11 module. For the
verification of the users' certificates, locally stored CA certificates
as well as online or locally accessible CRLs are used.

Additionally, the package includes pam_pkcs11-related tools:

* pkcs11_eventmgr: Generates actions on card insert, removal, or
  time-out events

* pklogin_finder: Gets the login name that maps to a certificate

* pkcs11_inspect: Inspects the contents of a certificate

* make_hash_links: Creates hash link directories for storing CAs and
CRLs

Provides

Requires

License

LGPL-2.1-or-later

Changelog

* Mon May 19 2025 valentin.lefebvre@suse.com
  - Removes pam_env from auth stack for security reason [bsc#1243226]
* Thu Feb 06 2025 angel.yankov@suse.com
  - Update to 0.6.13
    * Added pkcs11-eventmgr systemd service unit.
    * Updated Russian translations for pam_pkcs11 (thx Max Kosmach      and Andrey Cherepanov).
    * Fixed possible authentication bypass (CVE-2025-24032):
    * Use signatures to verify authentication by default      (thx Frank Morgner).
    * Fixed possible authentication bypass (CVE-2025-24531):
    * Restoring the original card_only / wait_for_card behavior      (thx Matthias Gerstner, Frank Morgner).
    * Move pam_securetty.so upward in the example PAM config.
    * Set 'slot_num' configuration parameter to 0 by default     (thx Jpereyra316).
    * Print details about configuration parse errors (thx Jpereyra316).
    * Add Chinese (Simplified) translation.
    * Capitalize all PAM messages (thx Alynx Zhou).
    * Made pkcs11_make_hash_link support whitespaces in file names
    * Drop 0001-Set-slot_num-configuration-parameter-to-0-by-default.patch
    * Drop 0001-memory-leak-fixes.patch
    * Rebase pam_pkcs11-0.5.3-nss-conf.patch
    * Rebase pam_pkcs11-0.6.0-nss-autoconf.patch
* Wed Jan 22 2025 dimstar@opensuse.org
  - Drop rcFOO symlinks for CODE16 (PED-266).
* Tue Sep 24 2024 simon.vogl@gmx.net
  - Fix for boo#1230870:
    * Add patch 0001-memory-leak-fixes.patch
  - Add -Wno-implicit-function-declaration to CFLAGS to fix build
    with gcc14 and newer
* Tue May 07 2024 davide.benini@suse.com
  - Fix for bsc#1221255:
    * Add patch 0001-Set-slot_num-configuration-parameter-to-0-by-default.patch
* Thu Feb 29 2024 dimstar@opensuse.org
  - Use %autosetup macro. Allows to eliminate the usage of deprecated
    %patchN.
* Mon Jan 16 2023 schubi@suse.com
  - Migration of PAM settings to /usr/lib/pam.d.
* Fri Jul 29 2022 pgajdos@suse.com
  -  use pam rpm macros [bsc#1190957]
* Sat Jan 15 2022 andreas.stieger@gmx.de
  - update to 0.6.12:
    * Limit signature length to 65536 bytes
    * A number of bug fixes and OpenSSL compatibility updates
    * console output color updates
    * Add support of ECDSA signature in addition to RSA
* Thu Oct 14 2021 jsegitz@suse.com
  - Added hardening to systemd service(s) (bsc#1181400). Modified:
    * pkcs11_eventmgr.service
* Tue Jan 29 2019 sbrabec@suse.com
  - Update to version 0.6.10:
    * Fix some security issues (thx @frankmorgner):
      https://www.x41-dsec.de/lab/advisories/x41-2018-003-pam_pkcs11/
      (drop 0001-verify-using-a-nonce-from-the-system-not-the-card.patch,
      0002-fixed-buffer-overflow-with-long-home-directory.patch,
      0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch).
    * Fix buffer overflow with long home directory.
    * Fix wiping secrets (now using OpenSSL_cleanse()).
    * Verify using a nonce from the system, not the card.
    * Fix segfalt when checking CRLs
      (drop pam_pkcs11-crl-check.patch).
  - Add rcpkcs11_eventmgr service symlink.
* Fri Aug 17 2018 vcizek@suse.com
  - Address security issues found by X41 D-Sec audit (bsc#1105012)
    * Authentication Replay
    * Buffer Overflow
    * Memory not cleaned properly before free()
  - add patches:
    * 0001-verify-using-a-nonce-from-the-system-not-the-card.patch
    * 0002-fixed-buffer-overflow-with-long-home-directory.patch
    * 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch
* Mon Jul 23 2018 sbrabec@suse.com
  - Fix segfault and fetch problems when checking CRLs
    (pam_pkcs11-crl-check.patch).
* Sun Sep 10 2017 jengelh@inai.de
  - Repair bulletpoint that skidded in description.
    Trim description of %name-devel-doc, it does not cotain
    the programs.
* Wed Aug 09 2017 astieger@suse.com
  - add service file bsc#1049219
* Thu Jul 20 2017 sbrabec@suse.com
  - Updated to version 0.6.9:
    * Upstream web moved.
    * pkcs11_listcerts: Do not fail on certificate error.
    * Do not fail if card was already unlocked.
    * Other bug fixes.
    * Translation updates.
  - Drop upstreamed pam_pkcs11-0.6.8-fix-crypto-cflags.patch.
  - Work around incorrect upstream release process not calling
    "make dist".
  - Split API documentation into a separate package
    pam_pkcs11-devel-doc.
  - Add pam_pkcs11-fsf-address.patch.
* Tue Feb 09 2016 antoine.belvire@laposte.net
  - Fix build for Tumbleweed:
    * Add pam_pkcs11-0.6.8-fix-crypto-cflags.patch
    * Rebuild configure with the bootstrap script (add libtool as
      build dependency)
* Tue Jul 10 2012 sbrabec@suse.cz
  - Updated to version 0.6.8:
    * Code cleanup.
    * Bug fixes.
    * Translation updates.
* Tue Feb 28 2012 sbrabec@suse.cz
  - Change nssdb path to /etc/pki/nssdb (bnc#463469).
  - Make libdir paths in pam_pkcs11.conf biarch-wise.
* Wed Jan 05 2011 sbrabec@suse.cz
  - Updated to version 0.6.6:
    * Compatible with pcsc-lite-1.6.
    * New mapper API.
    * Minor fixes.
    * Translaton updates.
* Mon Feb 01 2010 jengelh@medozas.de
  - package baselibs.conf
* Wed Aug 05 2009 sbrabec@suse.cz
  - Updated to version 0.6.1:
    * Added functions to API.
    * Fixes from openSUSE packages upstreamed.
    * Minor fixes.
    * Translaton updates.
* Thu Jun 25 2009 sbrabec@suse.cz
  - Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164).
* Wed Oct 15 2008 sbrabec@suse.cz
  - Fixed all implicit declarations.
* Tue Sep 23 2008 sbrabec@suse.cz
  - Fixed uninitialized variable (bnc#351207).
* Thu Apr 10 2008 ro@suse.de
  - added baselibs.conf file to build xxbit packages
    for multilib support
* Thu Sep 06 2007 jberkman@novell.com
  - use the same directory for nssdb as the kerberos pkinit plugin
* Tue Jul 31 2007 sbrabec@suse.cz
  - Build with NSS instead of openssl.
  - Applied patches from Jacob Berkman: MS UPN OID and NSS
    configuration.
  - Fixed implicit declaration.
* Thu Jul 26 2007 sbrabec@suse.cz
  - Updated to version 0.6.0:
    * compiler warning fixes
    * I18N support
    * new configuration options
    * support for new environment variables
    * new tool pkcs11_setup
    * support for the NSS crypto libraries (off by default)
    * for more changes see ChangeLog.svn
* Fri May 12 2006 sbrabec@suse.cz
  - New SuSE package, version 0.5.3.

Files

/etc/pam_pkcs11
/etc/pam_pkcs11/cacerts
/etc/pam_pkcs11/card_eventmgr.conf
/etc/pam_pkcs11/crls
/etc/pam_pkcs11/pam_pkcs11.conf
/etc/pam_pkcs11/pkcs11_eventmgr.conf
/usr/bin/card_eventmgr
/usr/bin/pkcs11_eventmgr
/usr/bin/pkcs11_inspect
/usr/bin/pkcs11_listcerts
/usr/bin/pkcs11_make_hash_link
/usr/bin/pkcs11_setup
/usr/bin/pklogin_finder
/usr/lib/pam.d/common-auth-smartcard
/usr/lib/systemd/system/pkcs11_eventmgr.service
/usr/lib64/pam_pkcs11
/usr/lib64/pam_pkcs11/ldap_mapper.so
/usr/lib64/pam_pkcs11/opensc_mapper.so
/usr/lib64/pam_pkcs11/openssh_mapper.so
/usr/lib64/security/pam_pkcs11.so
/usr/share/doc/packages/pam_pkcs11
/usr/share/doc/packages/pam_pkcs11/AUTHORS
/usr/share/doc/packages/pam_pkcs11/COPYING
/usr/share/doc/packages/pam_pkcs11/ChangeLog
/usr/share/doc/packages/pam_pkcs11/ChangeLog.git
/usr/share/doc/packages/pam_pkcs11/NEWS
/usr/share/doc/packages/pam_pkcs11/README
/usr/share/doc/packages/pam_pkcs11/README.autologin
/usr/share/doc/packages/pam_pkcs11/README.mappers
/usr/share/doc/packages/pam_pkcs11/README.md
/usr/share/doc/packages/pam_pkcs11/TODO
/usr/share/doc/packages/pam_pkcs11/card_eventmgr.conf.example
/usr/share/doc/packages/pam_pkcs11/digest_mapping.example
/usr/share/doc/packages/pam_pkcs11/mail_mapping.example
/usr/share/doc/packages/pam_pkcs11/mappers_api.html
/usr/share/doc/packages/pam_pkcs11/pam.d_login.example
/usr/share/doc/packages/pam_pkcs11/pam_pkcs11.conf.example
/usr/share/doc/packages/pam_pkcs11/pam_pkcs11.html
/usr/share/doc/packages/pam_pkcs11/pkcs11_eventmgr.conf.example
/usr/share/doc/packages/pam_pkcs11/subject_mapping.example
/usr/share/locale/de/LC_MESSAGES/pam_pkcs11.mo
/usr/share/locale/fr/LC_MESSAGES/pam_pkcs11.mo
/usr/share/locale/it/LC_MESSAGES/pam_pkcs11.mo
/usr/share/locale/nl/LC_MESSAGES/pam_pkcs11.mo
/usr/share/locale/pl/LC_MESSAGES/pam_pkcs11.mo
/usr/share/locale/pt_BR/LC_MESSAGES/pam_pkcs11.mo
/usr/share/locale/ru/LC_MESSAGES/pam_pkcs11.mo
/usr/share/locale/tr/LC_MESSAGES/pam_pkcs11.mo
/usr/share/locale/zh_CN/LC_MESSAGES/pam_pkcs11.mo
/usr/share/man/man1/card_eventmgr.1.gz
/usr/share/man/man1/pkcs11_eventmgr.1.gz
/usr/share/man/man1/pkcs11_inspect.1.gz
/usr/share/man/man1/pkcs11_listcerts.1.gz
/usr/share/man/man1/pkcs11_make_hash_link.1.gz
/usr/share/man/man1/pkcs11_setup.1.gz
/usr/share/man/man1/pklogin_finder.1.gz
/usr/share/man/man8/pam_pkcs11.8.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Oct 27 22:56:30 2025