From 9a8fa5de189dcfe195cfe9d6aaecafe51477bc30 Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Sun, 4 Apr 2021 23:36:20 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/authselect.git#f075deae9a9f67ac4eda8355257ef0b0767b6a79 --- .gitignore | 1 + ...in-error-code-returned-by-pam_fprint.patch | 61 ------------------- ...f-settings-to-explicitly-disable-fpr.patch | 49 --------------- authselect.spec | 14 +++-- sources | 2 +- 5 files changed, 11 insertions(+), 116 deletions(-) delete mode 100644 0001-fingerprint-Retain-error-code-returned-by-pam_fprint.patch delete mode 100644 0001-minimal-add-dconf-settings-to-explicitly-disable-fpr.patch diff --git a/.gitignore b/.gitignore index bdf6580..7a50909 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ /authselect-1.2.tar.gz /authselect-1.2.1.tar.gz /authselect-1.2.2.tar.gz +/authselect-1.2.3.tar.gz diff --git a/0001-fingerprint-Retain-error-code-returned-by-pam_fprint.patch b/0001-fingerprint-Retain-error-code-returned-by-pam_fprint.patch deleted file mode 100644 index 29ac2ef..0000000 --- a/0001-fingerprint-Retain-error-code-returned-by-pam_fprint.patch +++ /dev/null @@ -1,61 +0,0 @@ -From b75a468d38598920833762a7227b06d73be20709 Mon Sep 17 00:00:00 2001 -From: Benjamin Berg -Date: Tue, 9 Mar 2021 14:34:22 +0100 -Subject: [PATCH] fingerprint: Retain error code returned by pam_fprintd.so - -pam_fprintd.so will return PAM_AUTHINFO_UNAVAIL in some situations. It -is important that the fingerprint-auth stack returns this error code, so -that users (i.e. GDM) can tell the difference between an authentication -failure vs. an immediate return because no fingers are enrolled. - -Fix this by changing sufficient to required (i.e. default=bad rather -than default=ignore) in order to ensure that the pam_fprintd.so error -code is returned. ---- - profiles/nis/fingerprint-auth | 2 +- - profiles/sssd/fingerprint-auth | 2 +- - profiles/winbind/fingerprint-auth | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/profiles/nis/fingerprint-auth b/profiles/nis/fingerprint-auth -index 756993c..f312974 100644 ---- a/profiles/nis/fingerprint-auth -+++ b/profiles/nis/fingerprint-auth -@@ -1,7 +1,7 @@ - {continue if "with-fingerprint"} - auth required pam_env.so - auth required pam_faillock.so preauth silent {include if "with-faillock"} --auth sufficient pam_fprintd.so -+auth required pam_fprintd.so - auth required pam_faillock.so authfail {include if "with-faillock"} - auth required pam_deny.so - -diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth -index fe3cac7..5ec1673 100644 ---- a/profiles/sssd/fingerprint-auth -+++ b/profiles/sssd/fingerprint-auth -@@ -2,7 +2,7 @@ - auth required pam_env.so - auth required pam_deny.so # Smartcard authentication is required {include if "with-smartcard-required"} - auth required pam_faillock.so preauth silent {include if "with-faillock"} --auth sufficient pam_fprintd.so -+auth required pam_fprintd.so - auth required pam_faillock.so authfail {include if "with-faillock"} - auth required pam_deny.so - -diff --git a/profiles/winbind/fingerprint-auth b/profiles/winbind/fingerprint-auth -index c4b8261..07fca0f 100644 ---- a/profiles/winbind/fingerprint-auth -+++ b/profiles/winbind/fingerprint-auth -@@ -1,7 +1,7 @@ - {continue if "with-fingerprint"} - auth required pam_env.so - auth required pam_faillock.so preauth silent {include if "with-faillock"} --auth sufficient pam_fprintd.so -+auth required pam_fprintd.so - auth required pam_faillock.so authfail {include if "with-faillock"} - auth required pam_deny.so - --- -2.29.2 - diff --git a/0001-minimal-add-dconf-settings-to-explicitly-disable-fpr.patch b/0001-minimal-add-dconf-settings-to-explicitly-disable-fpr.patch deleted file mode 100644 index b6de965..0000000 --- a/0001-minimal-add-dconf-settings-to-explicitly-disable-fpr.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 41197d567e0ef15cdd50b9e7658e9a0b205e6683 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Thu, 4 Mar 2021 11:59:37 +0100 -Subject: [PATCH] minimal: add dconf settings to explicitly disable fprint and - smartcard authentication - -Resolves: -https://github.com/authselect/authselect/issues/237 ---- - profiles/Makefile.am | 2 ++ - profiles/minimal/dconf-db | 3 +++ - profiles/minimal/dconf-locks | 2 ++ - 3 files changed, 7 insertions(+) - create mode 100644 profiles/minimal/dconf-db - create mode 100644 profiles/minimal/dconf-locks - -diff --git a/profiles/Makefile.am b/profiles/Makefile.am -index 5dfab8047fc956babe47180601a0336c0a55d15f..95e27147b2b0a229a76a293884d605484d3fa841 100644 ---- a/profiles/Makefile.am -+++ b/profiles/Makefile.am -@@ -9,6 +9,8 @@ dist_profile_minimal_DATA = \ - $(top_srcdir)/profiles/minimal/README \ - $(top_srcdir)/profiles/minimal/REQUIREMENTS \ - $(top_srcdir)/profiles/minimal/system-auth \ -+ $(top_srcdir)/profiles/minimal/dconf-db \ -+ $(top_srcdir)/profiles/minimal/dconf-locks \ - $(NULL) - - profile_nisdir = $(authselect_profile_dir)/nis -diff --git a/profiles/minimal/dconf-db b/profiles/minimal/dconf-db -new file mode 100644 -index 0000000000000000000000000000000000000000..a3868b794bdf9d8d6edf8363b15cb918539b8926 ---- /dev/null -+++ b/profiles/minimal/dconf-db -@@ -0,0 +1,3 @@ -+[org/gnome/login-screen] -+enable-smartcard-authentication=false -+enable-fingerprint-authentication=false -diff --git a/profiles/minimal/dconf-locks b/profiles/minimal/dconf-locks -new file mode 100644 -index 0000000000000000000000000000000000000000..8a36fa9568344338272786394aece872185d0ab3 ---- /dev/null -+++ b/profiles/minimal/dconf-locks -@@ -0,0 +1,2 @@ -+/org/gnome/login-screen/enable-smartcard-authentication -+/org/gnome/login-screen/enable-fingerprint-authentication --- -2.29.2 - diff --git a/authselect.spec b/authselect.spec index f26faa5..c83249f 100644 --- a/authselect.spec +++ b/authselect.spec @@ -2,17 +2,14 @@ %define _empty_manifest_terminate_build 0 Name: authselect -Version: 1.2.2 -Release: 6%{?dist} +Version: 1.2.3 +Release: 1%{?dist} Summary: Configures authentication and identity sources from supported profiles URL: https://github.com/authselect/authselect License: GPLv3+ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz -Patch0001: 0001-minimal-add-dconf-settings-to-explicitly-disable-fpr.patch -Patch0002: 0001-fingerprint-Retain-error-code-returned-by-pam_fprint.patch - ### Downstream Patches ### %if 0%{?rhel} Patch9001: 9001-rhel9-remove-mention-of-Fedora-Change-page-in-compat.patch @@ -302,6 +299,13 @@ exit 0 exit 0 %changelog +* Wed Mar 31 2021 Pavel Březina - 1.2.3-1 +- Rebase to 1.2.3 + +* Mon Mar 29 2021 Benjamin Berg - 1.2.2-7 +- Fix fingerprint-auth success result + The previous patch had an issue breaking fingerprint login + * Tue Mar 09 2021 Benjamin Berg - 1.2.2-6 - Add patch to make fingerprint-auth return non-failing pam_fprintd.so errors Resolves: #1935331 diff --git a/sources b/sources index 65033db..39bcdc8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (authselect-1.2.2.tar.gz) = 3d75eba6ba1771a71a9c60d817064c9cd46bf03515b75a855ac15aed28c7b2b851e33aff3ebbc8092fcb07a9d86607ebe0199208b1be9839b5bddeba68020faf +SHA512 (authselect-1.2.3.tar.gz) = bdcc1b119f482fa00bc5fc8e39074b1c5fe2d3099d3d2318751f2aba11e79c2613b0c24704799c36811b148111be1452602691b764254356c6d81bfee1b2c167