| |
@@ -3,7 +3,7 @@
|
| |
Summary: An extensible library which provides authentication for applications
|
| |
Name: pam
|
| |
Version: 1.5.1
|
| |
- Release: 3%{?dist}
|
| |
+ Release: 5%{?dist}
|
| |
# The library is BSD licensed with option to relicense as GPLv2+
|
| |
# - this option is redundant as the BSD license allows that anyway.
|
| |
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
| |
@@ -361,7 +361,30 @@
|
| |
%doc doc/txts
|
| |
%doc doc/sag/*.txt doc/sag/html
|
| |
|
| |
+ %posttrans
|
| |
+
|
| |
+ # For people upgrading from older Fedora versions, authselect might not be
|
| |
+ # enabled or unable to do anything due to e.g. a modified nsswitch.conf.
|
| |
+ # The following snippets apply important fixes in those cases.
|
| |
+
|
| |
+ # Change pam_fprintd.so in fingerprint-auth from sufficient to [success=done default=bad]
|
| |
+ # in order for PAM_AUTHINFO_UNAVAIL error codes to be propagated.
|
| |
+ FILE="$(readlink -f %{_sysconfdir}/pam.d/fingerprint-auth || echo %{_sysconfdir}/pam.d/fingerprint-auth)"
|
| |
+ test "$FILE" != %{_sysconfdir}/authselect/fingerprint-auth && \
|
| |
+ %__grep -q '^auth[[:space:]]\+sufficient[[:space:]]\+pam_fprintd.so' $FILE && \
|
| |
+ %__sed -i.bak -e 's/^auth[[:space:]]\+sufficient[[:space:]]\+pam_fprintd.so\(.*\)/auth [success=done default=bad] pam_fprintd.so\1/g' $FILE
|
| |
+
|
| |
+ exit 0
|
| |
+
|
| |
%changelog
|
| |
+ * Fri Apr 16 2021 Benjamin Berg <bberg@redhat.com> - 1.5.1-5
|
| |
+ - Add script to avoid fingerprint-auth issues for long term Fedora users
|
| |
+ Resolves: #1942443
|
| |
+
|
| |
+ * Mon Apr 12 2021 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-4
|
| |
+ - Change fingerprint-auth.pamd to return PAM_AUTHINFO_UNAVAIL from pam_fprintd.so
|
| |
+ - Clean auto-generated message from pam stack files
|
| |
+
|
| |
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.1-3
|
| |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
| |
|
| |
Pull in pam_fprintd.so fixes into F34 and add scriptlet to fix users upgrading from old Fedora releases (it is not quite clear how old, but some people are upgrading since F27 or even older).
Note that #1942443 is an accepted freeze exception.
It is important that anyone upgrading from F33 will get the scriptlet executed. I suspect we don't need it in F35 as a direct F33 -> F35 upgrade is not supported.
CC: @pbrezina