diff options
| author | Steve Langasek <vorlon@debian.org> | 2008-07-26 19:56:10 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 17:01:55 -0800 |
| commit | fe177a4cc394567465a75ed4899e0f67024a52fb (patch) | |
| tree | 4423bfb418b9a89c9387d1db1f6c1f6dbef7a6e5 /debian/changelog | |
| parent | 1ee085e4abdbe67fc98116e87c18296bf2edd7b0 (diff) | |
New patch pam_unix_fix_sgid_shadow_auth.patch, fixing an upstream
regression which prevents sgid shadow apps from being able to authenticate
any more because the module forces use of the helper and the helper won't
allow authentication of arbitrary users. This change does mean we're
going to be noisier for the time being in an SELinux environment, which
should be addressed but is not a regression on Debian.
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index d41d33c5..b5d3ca5d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -31,6 +31,12 @@ pam (0.99.10.0-1) UNRELEASED; urgency=low * New patch no_helper_for_nis+.patch, which restores the behavior of doing in-process NIS+ account checking instead of unconditionally passing it off to the unix_chkpwd helper; if it wasn't broke, don't fix it. + * New patch pam_unix_fix_sgid_shadow_auth.patch, fixing an upstream + regression which prevents sgid shadow apps from being able to authenticate + any more because the module forces use of the helper and the helper won't + allow authentication of arbitrary users. This change does mean we're + going to be noisier for the time being in an SELinux environment, which + should be addressed but is not a regression on Debian. * The password-changing helper functionality for SELinux systems has been split out into a separate unix_update binary, so at long last we can change unix_chkpwd to be sgid shadow instead of suid root. |