summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorAdrian Bunk <bunk@debian.org>2017-05-27 18:44:02 +0300
committerSteve Langasek <vorlon@debian.org>2019-01-08 22:12:42 -0800
commit6ff79a0bdf98e8bdc16506606cb1f6668bfb521b (patch)
treef0fb8fdccffbb827b5b3d2efd86169463605cb89 /debian
parented13e9dd8370ba974264f24333744df0c22e376f (diff)
Import Debian changes 1.1.8-3.6
pam (1.1.8-3.6) unstable; urgency=medium * Non-maintainer upload. * cve-2015-3238.patch: Add the changes in the generated pam_exec.8 and pam_unix.8 in addition to (and after) the changes to the source .xml files. This avoids unwanted rebuilds that can cause problems due to differing files on different architectures of the Multi-Arch: same libpam-modules. (Closes: #851545)
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog11
-rw-r--r--debian/patches-applied/cve-2015-3238.patch26
2 files changed, 37 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 977612a8..e0a780a9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+pam (1.1.8-3.6) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * cve-2015-3238.patch: Add the changes in the generated pam_exec.8
+ and pam_unix.8 in addition to (and after) the changes to the
+ source .xml files. This avoids unwanted rebuilds that can cause
+ problems due to differing files on different architectures of
+ the Multi-Arch: same libpam-modules. (Closes: #851545)
+
+ -- Adrian Bunk <bunk@debian.org> Sat, 27 May 2017 18:44:02 +0300
+
pam (1.1.8-3.5) unstable; urgency=medium
* Non-maintainer upload.
diff --git a/debian/patches-applied/cve-2015-3238.patch b/debian/patches-applied/cve-2015-3238.patch
index 7c75ee5c..cb5e8c06 100644
--- a/debian/patches-applied/cve-2015-3238.patch
+++ b/debian/patches-applied/cve-2015-3238.patch
@@ -152,3 +152,29 @@ index fdb45c2..abccd82 100644
pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m");
retval = PAM_AUTH_ERR;
}
+--- a/modules/pam_unix/pam_unix.8 2017-05-27 15:38:27.000000000 +0000
++++ b/modules/pam_unix/pam_unix.8 2017-05-27 15:34:49.000000000 +0000
+@@ -56,6 +56,10 @@
+ \fBnoreap\fR
+ module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\&.
+ .PP
++The maximum length of a password supported by the pam_unix module via the helper binary is
++\fIPAM_MAX_RESP_SIZE\fR
++\- currently 512 bytes\&. The rest of the password provided by the conversation function to the module will be ignored\&.
++.PP
+ The password component of this module performs the task of updating the user\*(Aqs password\&. The default encryption hash is taken from the
+ \fBENCRYPT_METHOD\fR
+ variable from
+--- a/modules/pam_exec/pam_exec.8 2017-05-27 15:38:27.000000000 +0000
++++ b/modules/pam_exec/pam_exec.8 2017-05-27 15:56:25.000000000 +0000
+@@ -65,7 +65,9 @@
+ \fBexpose_authtok\fR
+ .RS 4
+ During authentication the calling command can read the password from
+-\fBstdin\fR(3)\&.
++\fBstdin\fR(3)\&. Only first
++\fIPAM_MAX_RESP_SIZE\fR
++bytes of a password are provided to the command\&.
+ .RE
+ .PP
+ \fBlog=\fR\fB\fIfile\fR\fR