diff options
| author | Steve Langasek <vorlon@debian.org> | 2008-08-08 11:14:15 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 17:28:23 -0800 |
| commit | 3b5828bda8784d0663bcb204b5a4555b1f39b558 (patch) | |
| tree | d52e01631bf48613a9b37dd01d93fbf9988aefcf /debian | |
| parent | aaedf7c7f0cc87f3a4ed8c65d437747e52b20512 (diff) | |
| parent | 59dce91733b7b144d77949330f3d68a98450522d (diff) | |
merge from trunk
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 14 | ||||
| -rw-r--r-- | debian/control | 1 | ||||
| -rw-r--r-- | debian/patches-applied/054_pam_security_abstract_securetty_handling | 9 |
3 files changed, 17 insertions, 7 deletions
diff --git a/debian/changelog b/debian/changelog index 93a81c7b..153e21ff 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -pam (1.0.1-2) UNRELEASED; urgency=low +pam (1.0.1-2) unstable; urgency=low * 007_modules_pam_unix: update the documentation to correctly document the default minimum password length is 6, not 1. @@ -11,8 +11,16 @@ pam (1.0.1-2) UNRELEASED; urgency=low * Drop various bits of unused cruft from the debian/ directory. * Drop libpam-runtime.preinst, only used for upgrades from woody to sarge to deal with modified conffiles. - - -- Steve Langasek <vorlon@debian.org> Wed, 30 Jul 2008 00:55:10 -0700 + * Build-Conflict with libdb4.2-dev, which satisfies the libdb-dev + build-dependency but causes pam_userdb to be silently omitted. + Closes: #493574. + * 054_pam_security_abstract_securetty_handling: move the warning log about + an insecure tty back to pam_securetty proper; we don't want to generate + log messages every time pam_unix is called as non-root. + Closes: #493283. As a side-effect, pam_unix no longer logs any warnings + about NULL password + insecure tty, but I don't think this is critical. + + -- Steve Langasek <vorlon@debian.org> Fri, 08 Aug 2008 10:47:26 -0700 pam (1.0.1-1) unstable; urgency=low diff --git a/debian/control b/debian/control index ae2acce2..4f181e92 100644 --- a/debian/control +++ b/debian/control @@ -7,6 +7,7 @@ Standards-Version: 3.8.0 Build-Depends: libcrack2-dev (>= 2.8), bzip2, debhelper, quilt, flex, libdb-dev, libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64 !netbsd-i386], po-debconf Build-Depends-Indep: xsltproc, libxml2-utils, docbook-xml, docbook-xsl, w3m Build-Conflicts-Indep: fop +Build-Conflicts: libdb4.2-dev Vcs-Bzr: http://bzr.debian.org/bzr/pkg-pam/debian/sid/ Homepage: http://pam.sourceforge.net/ diff --git a/debian/patches-applied/054_pam_security_abstract_securetty_handling b/debian/patches-applied/054_pam_security_abstract_securetty_handling index cd98a914..76318c43 100644 --- a/debian/patches-applied/054_pam_security_abstract_securetty_handling +++ b/debian/patches-applied/054_pam_security_abstract_securetty_handling @@ -33,7 +33,7 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c /* log a trail for debugging */ if (ctrl & PAM_DEBUG_ARG) { -@@ -101,63 +97,10 @@ +@@ -101,63 +97,13 @@ return PAM_SERVICE_ERR; } @@ -98,6 +98,9 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c + if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG)) { + pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'", + username, uttyname); ++ } else if (retval != PAM_SUCCESS) { ++ pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !", ++ uttyname); } return retval; @@ -105,7 +108,7 @@ Index: pam.deb/modules/pam_securetty/tty_secure.c =================================================================== --- /dev/null +++ pam.deb/modules/pam_securetty/tty_secure.c -@@ -0,0 +1,92 @@ +@@ -0,0 +1,90 @@ +/* + * A function to determine if a particular line is in /etc/securetty + */ @@ -191,8 +194,6 @@ Index: pam.deb/modules/pam_securetty/tty_secure.c + fclose(ttyfile); + + if(retval) { -+ pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !", -+ uttyname); + retval = PAM_AUTH_ERR; + } + |