diff options
| author | Laurent Bigonville <bigon@debian.org> | 2016-05-17 17:04:29 -0700 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-08 22:12:40 -0800 |
| commit | fa4a5c961c7705f80c2026f424ec9a012ceefa55 (patch) | |
| tree | 09773e1fdbb5033e1d0d3a890eb056e8eecc35e4 /debian/patches-applied/cve-2010-4708.patch | |
| parent | 145032103cf7230bc0be74157885e5cf035ac006 (diff) | |
| parent | 3fb0d1c3c727bd5b2e01fdc3e59e8d48bc384ce3 (diff) | |
Import Debian changes 1.1.8-3.3
pam (1.1.8-3.3) unstable; urgency=low
* Non-maintainer upload.
[ Steve Langasek ]
* Updated Swedish translation to correct a typo, thanks to Anders Jonsson
and Martin Bagge. Closes: #743875
* Updated Turkish translation, thanks to Mert Dirik <mertdirik@gmail.com>.
(closes: #756756)
* d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default
soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak
<robie.basak@ubuntu.com> for the patch. Closes: #783105.
* Acknowledge security NMU.
* pam-auth-update: don't mishandle trailing whitespace in profiles.
LP: #1487103.
[ Laurent Bigonville ]
* debian/control: Fix Vcs-* and Homepage fields (Closes: #752343)
* debian/watch: Update watch file and point it to http://www.linux-pam.org
* debian/patches-applied/pam_namespace_fix_bashism.patch: Fix bashism in
namespace.init script (Closes: #624842)
* debian/control: Build-depends against debhelper (>= 9) to match the
defined debhelper compatibility
* Rename the cve-2011-4708.patch to cve-2010-4708.patch to match reality,
thanks to Jakub Wilk <jwilk@debian.org> for noticing (Closes: #761594)
* debian/control: Bump Standards-Version to 3.9.8 (no further changes)
* debian/libpam-doc.doc-base.applications-guide: Fix spelling
* debian/libpam0g-dev.examples: Do not use shell brace expansion
* debian/patches-applied/pam-loginuid-in-containers: Updated with the version
from Ubuntu, this should fix logins in containers (Closes: #726661)
* debian/patches-applied/update-motd: Updated with the version from Ubuntu:
use /run/motd.dynamic instead of /var/run/motd, nothing in the archive
uses the later (Closes: #743286)
* debian/patches-applied/make_documentation_reproducible.patch: Make the
build reproducible, removes differences when building with different
locale values (Closes: #792127)
Diffstat (limited to 'debian/patches-applied/cve-2010-4708.patch')
| -rw-r--r-- | debian/patches-applied/cve-2010-4708.patch | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/debian/patches-applied/cve-2010-4708.patch b/debian/patches-applied/cve-2010-4708.patch new file mode 100644 index 00000000..cf23e318 --- /dev/null +++ b/debian/patches-applied/cve-2010-4708.patch @@ -0,0 +1,64 @@ +Description: fix cve-2010-4708: .pam_environment privilege issue +Index: pam.debian/modules/pam_env/pam_env.c +=================================================================== +--- pam.debian.orig/modules/pam_env/pam_env.c ++++ pam.debian/modules/pam_env/pam_env.c +@@ -10,7 +10,7 @@ + #define DEFAULT_READ_ENVFILE 1 + + #define DEFAULT_USER_ENVFILE ".pam_environment" +-#define DEFAULT_USER_READ_ENVFILE 1 ++#define DEFAULT_USER_READ_ENVFILE 0 + + #include "config.h" + +Index: pam.debian/modules/pam_env/pam_env.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_env/pam_env.8.xml ++++ pam.debian/modules/pam_env/pam_env.8.xml +@@ -147,7 +147,7 @@ + <listitem> + <para> + Turns on or off the reading of the user specific environment +- file. 0 is off, 1 is on. By default this option is on. ++ file. 0 is off, 1 is on. By default this option is off. + </para> + </listitem> + </varlistentry> +Index: pam.debian/modules/pam_env/pam_env.8 +=================================================================== +--- pam.debian.orig/modules/pam_env/pam_env.8 ++++ pam.debian/modules/pam_env/pam_env.8 +@@ -2,12 +2,12 @@ + .\" Title: pam_env + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +-.\" Date: 09/19/2013 ++.\" Date: 01/15/2014 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_ENV" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ENV" "8" "01/15/2014" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +@@ -88,7 +88,7 @@ + .PP + \fBuser_readenv=\fR\fB\fI0|1\fR\fR + .RS 4 +-Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is on\&. ++Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is off\&. + .RE + .SH "MODULE TYPES PROVIDED" + .PP +@@ -138,7 +138,7 @@ + .PP + \fBpam_env.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8)\&. ++\fBpam\fR(7)\&. + .SH "AUTHOR" + .PP + pam_env was written by Dave Kinchlea <kinch@kinch\&.ark\&.com>\&. |