Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/authselect.git#f075deae9a9f67ac4eda8355257ef0b0767b6a79
2021-04-04 23:36:20 +00:00 · 2021-04-04 23:36:20 +00:00 · 9a8fa5de18
parent fe0de896be
commit 9a8fa5de18
5 changed files with 11 additions and 116 deletions
--- a/.gitignore
+++ b/.gitignore
@ -13,3 +13,4 @@
 /authselect-1.2.tar.gz
 /authselect-1.2.1.tar.gz
 /authselect-1.2.2.tar.gz
+/authselect-1.2.3.tar.gz
--- a/0001-fingerprint-Retain-error-code-returned-by-pam_fprint.patch
+++ b/0001-fingerprint-Retain-error-code-returned-by-pam_fprint.patch
@ -1,61 +0,0 @@
-From b75a468d38598920833762a7227b06d73be20709 Mon Sep 17 00:00:00 2001
-From: Benjamin Berg <bberg@redhat.com>
-Date: Tue, 9 Mar 2021 14:34:22 +0100
-Subject: [PATCH] fingerprint: Retain error code returned by pam_fprintd.so
-
-pam_fprintd.so will return PAM_AUTHINFO_UNAVAIL in some situations. It
-is important that the fingerprint-auth stack returns this error code, so
-that users (i.e. GDM) can tell the difference between an authentication
-failure vs. an immediate return because no fingers are enrolled.
-
-Fix this by changing sufficient to required (i.e. default=bad rather
-than default=ignore) in order to ensure that the pam_fprintd.so error
-code is returned.
---
- profiles/nis/fingerprint-auth     | 2 +-
- profiles/sssd/fingerprint-auth    | 2 +-
- profiles/winbind/fingerprint-auth | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/profiles/nis/fingerprint-auth b/profiles/nis/fingerprint-auth
-index 756993c..f312974 100644
--- a/profiles/nis/fingerprint-auth
-+++ b/profiles/nis/fingerprint-auth
-@@ -1,7 +1,7 @@
- {continue if "with-fingerprint"}
- auth        required                                     pam_env.so
- auth        required                                     pam_faillock.so preauth silent                         {include if "with-faillock"}
-auth        sufficient                                   pam_fprintd.so
-+auth        required                                     pam_fprintd.so
- auth        required                                     pam_faillock.so authfail                               {include if "with-faillock"}
- auth        required                                     pam_deny.so
- 
-diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth
-index fe3cac7..5ec1673 100644
--- a/profiles/sssd/fingerprint-auth
-+++ b/profiles/sssd/fingerprint-auth
-@@ -2,7 +2,7 @@
- auth        required                                     pam_env.so
- auth        required                                     pam_deny.so # Smartcard authentication is required     {include if "with-smartcard-required"}
- auth        required                                     pam_faillock.so preauth silent                         {include if "with-faillock"}
-auth        sufficient                                   pam_fprintd.so
-+auth        required                                     pam_fprintd.so
- auth        required                                     pam_faillock.so authfail                               {include if "with-faillock"}
- auth        required                                     pam_deny.so
- 
-diff --git a/profiles/winbind/fingerprint-auth b/profiles/winbind/fingerprint-auth
-index c4b8261..07fca0f 100644
--- a/profiles/winbind/fingerprint-auth
-+++ b/profiles/winbind/fingerprint-auth
-@@ -1,7 +1,7 @@
- {continue if "with-fingerprint"}
- auth        required                                     pam_env.so
- auth        required                                     pam_faillock.so preauth silent                         {include if "with-faillock"}
-auth        sufficient                                   pam_fprintd.so
-+auth        required                                     pam_fprintd.so
- auth        required                                     pam_faillock.so authfail                               {include if "with-faillock"}
- auth        required                                     pam_deny.so
- 
-- 
-2.29.2
-
--- a/0001-minimal-add-dconf-settings-to-explicitly-disable-fpr.patch
+++ b/0001-minimal-add-dconf-settings-to-explicitly-disable-fpr.patch
@ -1,49 +0,0 @@
-From 41197d567e0ef15cdd50b9e7658e9a0b205e6683 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Thu, 4 Mar 2021 11:59:37 +0100
-Subject: [PATCH] minimal: add dconf settings to explicitly disable fprint and
- smartcard authentication
-
-Resolves:
-https://github.com/authselect/authselect/issues/237
---
- profiles/Makefile.am         | 2 ++
- profiles/minimal/dconf-db    | 3 +++
- profiles/minimal/dconf-locks | 2 ++
- 3 files changed, 7 insertions(+)
- create mode 100644 profiles/minimal/dconf-db
- create mode 100644 profiles/minimal/dconf-locks
-
-diff --git a/profiles/Makefile.am b/profiles/Makefile.am
-index 5dfab8047fc956babe47180601a0336c0a55d15f..95e27147b2b0a229a76a293884d605484d3fa841 100644
--- a/profiles/Makefile.am
-+++ b/profiles/Makefile.am
-@@ -9,6 +9,8 @@ dist_profile_minimal_DATA = \
-     $(top_srcdir)/profiles/minimal/README \
-     $(top_srcdir)/profiles/minimal/REQUIREMENTS \
-     $(top_srcdir)/profiles/minimal/system-auth \
-+    $(top_srcdir)/profiles/minimal/dconf-db \
-+    $(top_srcdir)/profiles/minimal/dconf-locks \
-     $(NULL)
- 
- profile_nisdir = $(authselect_profile_dir)/nis
-diff --git a/profiles/minimal/dconf-db b/profiles/minimal/dconf-db
-new file mode 100644
-index 0000000000000000000000000000000000000000..a3868b794bdf9d8d6edf8363b15cb918539b8926
--- /dev/null
-+++ b/profiles/minimal/dconf-db
-@@ -0,0 +1,3 @@
-+[org/gnome/login-screen]
-+enable-smartcard-authentication=false
-+enable-fingerprint-authentication=false
-diff --git a/profiles/minimal/dconf-locks b/profiles/minimal/dconf-locks
-new file mode 100644
-index 0000000000000000000000000000000000000000..8a36fa9568344338272786394aece872185d0ab3
--- /dev/null
-+++ b/profiles/minimal/dconf-locks
-@@ -0,0 +1,2 @@
-+/org/gnome/login-screen/enable-smartcard-authentication
-+/org/gnome/login-screen/enable-fingerprint-authentication
-- 
-2.29.2
-
--- a/authselect.spec
+++ b/authselect.spec
@ -2,17 +2,14 @@
 %define _empty_manifest_terminate_build 0

 Name:           authselect
-Version:        1.2.2
-Release:        6%{?dist}
+Version:        1.2.3
+Release:        1%{?dist}
 Summary:        Configures authentication and identity sources from supported profiles
 URL:            https://github.com/authselect/authselect

 License:        GPLv3+
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz

-Patch0001: 0001-minimal-add-dconf-settings-to-explicitly-disable-fpr.patch
-Patch0002: 0001-fingerprint-Retain-error-code-returned-by-pam_fprint.patch
-
 ### Downstream Patches ###
 %if 0%{?rhel}
 Patch9001: 9001-rhel9-remove-mention-of-Fedora-Change-page-in-compat.patch
@ -302,6 +299,13 @@ exit 0
 exit 0

 %changelog
+* Wed Mar 31 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.3-1
+- Rebase to 1.2.3
+
+* Mon Mar 29 2021 Benjamin Berg <bberg@redhat.com> - 1.2.2-7
+- Fix fingerprint-auth success result
+  The previous patch had an issue breaking fingerprint login
+
 * Tue Mar 09 2021 Benjamin Berg <bberg@redhat.com> - 1.2.2-6
 - Add patch to make fingerprint-auth return non-failing pam_fprintd.so errors
  Resolves: #1935331
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (authselect-1.2.2.tar.gz) = 3d75eba6ba1771a71a9c60d817064c9cd46bf03515b75a855ac15aed28c7b2b851e33aff3ebbc8092fcb07a9d86607ebe0199208b1be9839b5bddeba68020faf
+SHA512 (authselect-1.2.3.tar.gz) = bdcc1b119f482fa00bc5fc8e39074b1c5fe2d3099d3d2318751f2aba11e79c2613b0c24704799c36811b148111be1452602691b764254356c6d81bfee1b2c167